You are viewing 'email security'

Hack the Vote

Chris Camejo

October 18, 2016 - Posted by Chris Camejo to Security Insight


The news has been rife with headlines about voting hacks, with the FBI revealing that state voter registration databases have been compromised and warning of ongoing attacks. Meanwhile, one of the major parties has already suffered two known breaches and WikiLeaks continues to post Clinton campaign emails on a regular basis. So far, signs are pointing to operators inside Russia as the culprits for all of the above.

Many of us in the information security... read more >

Emails and Encryption

Improving email security and privacy

Jacob Faires

October 23, 2015 - Posted by Jacob Faires to Security Insight


It’s been a little over two years since Edward Snowden broke news about massive government surveillance in the United States and abroad. Since then, major applications have begun tightening security. It was made well known that the government has the ability to read your emails and listen to your phone calls by getting a court order or a subpoena and paying a small fee.

So, what changes have been enacted on the digital front? In this blog I’m going to focus on one area in particular, email.

Before mid-2013 emails were, for the most part, unencrypted, passed in clear text, and stored in clear text. After Snowden, changes started to occur almost immediately. The question is how far have they come?

a. Perfect Forward Secrecy (Nov 2014)

b. Transport Layer Security (TLS) (inbound and outbound as of Nov 2014)

c. Two-factor Authentication (Oct 2014). You have to enable this for... read more >

Stop, Think, then (Carefully) Connect

Reminders of Important Cybersecurity Basics

Bob Bybee

October 02, 2015 - Posted by Bob Bybee to Security Insight


During this first week of National Cyber Security Awareness Month (NCSAM), the theme is STOP. THINK. CONNECT.™ This year marks the fifth anniversary of this global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online. A coalition of private companies, non-profits and government organizations, with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG), developed STOP. THINK. CONNECT. to provide a unified message for online safety. The STOP. THINK. CONNECT. website contains a large number of resources targeted toward different groups, from kids to senior citizens, businesspersons to business owners, to help everyone become more... read more >

FBI Warns Businesses About Email Scams

CEO fraud cost more than $1 billion worldwide

Joseph (JB) Blankenship

September 01, 2015 - Posted by Joseph (JB) Blankenship to Security Insight

Email Scam

Last week, the FBI released an alert warning businesses about Business Email Compromise (BEC) scams that are a growing threat to businesses worldwide. Also known as “CEO fraud,” these scams target business executives in attempts to initiate unauthorized wire transfers. Losses to individual victims range from hundreds of thousands of dollars to millions of dollars. The FBI figures suggest that the average loss per victim is $100,000.

Losses from these scams, however, can be significantly more. Blogger Brian Krebs reports that Ubiquiti Networks reported a $46.7 million loss because of a BEC scam. In another scam, an Omaha, Nebraska-based company with 800 employees lost $17.2 million after a company executive wired money overseas after receiving emails ordering the transfers.

BEC scams are nothing new. The FBI began keeping statistics on them in 2013.

Since the FBI’s Internet Crime Complaint Center (IC3) began tracking BEC scams in late 2013,... read more >

Windows 10 Upgrade Spawns Phishing Campaign

Attackers using new Microsoft OS to distribute ransomware

Joseph (JB) Blankenship

August 04, 2015 - Posted by Joseph (JB) Blankenship to Security News


Malicious actors are well-known to take advantage of breaking news, holidays and events to lure unsuspecting victims into downloading malware. The recent release of Microsoft’s highly-anticipated Windows 10 operation system is being used by cybercriminals in phishing campaigns designed to distribute ransomware. Since users have to wait to be notified by Microsoft that they are now eligible to download the new OS, they are more likely to be fooled by this attack.

Talos researchers described the attack in a recent blog post. The attacker is impersonating Microsoft, sending phishing emails from the spoofed email address with the subject line “Windows 10 Free Update.” Clicking on the links in the email will prompt the download of a zip file – – which then executes, installing the ... read more >

1 | 2 | 3 | 4 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)