Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Email Security

FBI email hack highlights danger of account takeover

On Saturday November 13th, hundreds of thousands of recipients received an email from the FBI with the subject line of “Urgent: Threat actor in systems.” Thankfully for the recipients, it turned out the threat described in these emails wasn’t real as, unfortunately, the FBI had suffered an external email breach resulting in fake warning messages being sent out.

First ransomware, now killware. Can it be stopped?

Ransomware has quite rightly been one of biggest ongoing stories of 2021 – and not just in the world of cybersecurity. The biggest ransomware cases where major companies have been forced to a halt until they pay a ransom have made global, headline news. The impact to victim organizations is usually financial loss and reputational damage. However, in cases such as the Colonial Pipelines attack, ransomware has caused real-world impacts on the general public too.

Google takes a bold step toward securing your Gmail, but not without many complaints

Many Gmail users were recently greeted with a message that alerted them that 2-step verification will be required to log into their accounts starting on November 9th (today). While many in the security community have been advising people to turn on 2-factor, 2-step, or any other secondary security method on every account as a way to protect the login process, the Twitterverse showed that many people were unhappy with Google’s implementation of this mandatory change.

Could your kids spot this mobile phish?

I realized early on that if I didn’t teach my kids how to identify and avoid likely attacks on their laptops and phones, that no one would. Nevertheless, when I see an opportunity for a “teachable security moment” I grab it, and last week this mobile phishes appeared on my phone. I captured a screen shot to share with my children and we played a little “spot the phish” game, where they would point out all the things that made this text suspicious.

Tracking Exchange Online Powershell Access Into Microsoft 365 Environments

Most users are familiar with Microsoft Exchange Online only as an application for accessing their email inboxes. However, by default, all users also have access to a system called Exchange Online PowerShell. This feature, designed primarily to assist IT administrators, allows a user to programmatically perform actions on a Microsoft 365 (M365) tenant. The specific actions a user can perform depend entirely on the user’s assigned roles.

CIS Control 09: Email and Web Browser Protections

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful attack could give an attacker an entry point within an organization.

How does encryption remove risk for auditors?

For those in the security space or at C-level, you’ve likely seen a recommendation about how to manage encryption and corresponding keys. Or at least something about encryption needing further consideration. Chances are, if you’re reading this you have at least an interest in the topic and are researching relevant products.

Top Email Security Gateway Services

With the ever-evolving landscape of email security services comes the ‘question’… ‘what are the top email security gateway services’? Our website analytics show that this term is searched for more regularly than most other general searches. A key indicator is that many top email gateway services brands have been tried and tested previously…market research is required to check for innovation – Is there anything you haven’t tried?