You are viewing 'email security'
The news has been rife with headlines about voting hacks, with the FBI revealing that state voter registration databases have been compromised and warning of ongoing attacks. Meanwhile, one of the major parties has already suffered two known breaches and WikiLeaks continues to post Clinton campaign emails on a regular basis. So far, signs are pointing to operators inside Russia as the culprits for all of the above.
Many of us in the information security... read more >
Improving email security and privacy
It’s been a little over two years since Edward Snowden broke news about massive government surveillance in the United States and abroad. Since then, major applications have begun tightening security. It was made well known that the government has the ability to read your emails and listen to your phone calls by getting a court order or a subpoena and paying a small fee.
So, what changes have been enacted on the digital front? In this blog I’m going to focus on one area in particular, email.
Before mid-2013 emails were, for the most part, unencrypted, passed in clear text, and stored in clear text. After Snowden, changes started to occur almost immediately. The question is how far have they come?
a. Perfect Forward Secrecy (Nov 2014)
b. Transport Layer Security (TLS) (inbound and outbound as of Nov 2014)
c. Two-factor Authentication (Oct 2014). You have to enable this for... read more >
Reminders of Important Cybersecurity Basics
During this first week of National Cyber Security Awareness Month (NCSAM), the theme is STOP. THINK. CONNECT.™ This year marks the fifth anniversary of this global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online. A coalition of private companies, non-profits and government organizations, with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG), developed STOP. THINK. CONNECT. to provide a unified message for online safety. The STOP. THINK. CONNECT. website contains a large number of resources targeted toward different groups, from kids to senior citizens, businesspersons to business owners, to help everyone become more... read more >
CEO fraud cost more than $1 billion worldwide
Last week, the FBI released an alert warning businesses about Business Email Compromise (BEC) scams that are a growing threat to businesses worldwide. Also known as “CEO fraud,” these scams target business executives in attempts to initiate unauthorized wire transfers. Losses to individual victims range from hundreds of thousands of dollars to millions of dollars. The FBI figures suggest that the average loss per victim is $100,000.
Losses from these scams, however, can be significantly more. Blogger Brian Krebs reports that Ubiquiti Networks reported a $46.7 million loss because of a BEC scam. In another scam, an Omaha, Nebraska-based company with 800 employees lost $17.2 million after a company executive wired money overseas after receiving emails ordering the transfers.
BEC scams are nothing new. The FBI began keeping statistics on them in 2013.Since the FBI’s Internet Crime Complaint Center (IC3) began tracking BEC scams in late 2013,... read more >
Attackers using new Microsoft OS to distribute ransomware
Malicious actors are well-known to take advantage of breaking news, holidays and events to lure unsuspecting victims into downloading malware. The recent release of Microsoft’s highly-anticipated Windows 10 operation system is being used by cybercriminals in phishing campaigns designed to distribute ransomware. Since users have to wait to be notified by Microsoft that they are now eligible to download the new OS, they are more likely to be fooled by this attack.
Talos researchers described the attack in a recent blog post. The attacker is impersonating Microsoft, sending phishing emails from the spoofed email address firstname.lastname@example.org with the subject line “Windows 10 Free Update.” Clicking on the links in the email will prompt the download of a zip file – Win10Installer.zip – which then executes, installing the ... read more >