91 matches found
How to Test and Improve Your Domain's Email Security?
No matter which type of business you are in, whether small, medium, or large, email has become an irrefutable tool for communicating with your employees, partners, and customers. Emails are sent and received each day in bulk by companies from various sources. In addition, organizations may also...
Tax Phish Swims Past Google Workspace Email Security
A W2 tax email scam is circulating in the U.S. using Typeform, a popular software that specializes in online surveys and form building. The campaign is aimed at harvesting victims’ email account credentials, researchers said. According to Armorblox, the campaign also bypasses native Google...
How to Fight Business Email Compromise (BEC) with Email Authentication?
An ever-evolving and rampant form of cybercrime that targets emails as the potential medium to conduct fraud is known as Business Email Compromise. Targeting commercial, government as well as non-profit organizations, BEC can lead to huge amounts of data loss, security breach, and compromised...
Lightweight Directory Access Protocol (LDAP) Injection
is-user-valid is vulnerable to Lightweight Directory Access Protocol LDAP Injection. The vulnerability exists due to an unsanitized validate function when authenticating the email in the getEmail function...
How DMARC Can Stop Criminals Sending Fake Emails on Behalf of Your Domain
21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that 65% of US-based companies were vulnerable to email phishing and impersonation attacks. This calls for upgrading your organization's...
OPENSUSE-SU-2020:2127-1 Security update for neomutt
This update for neomutt fixes the following issues: Update neomutt to 20201120. Address boo1179035, CVE-2020-28896. Security - imap: close connection on all failures Features - alias: add function to Alias/Query dialogs - config: add validators for imap,smtp,popauthenticators - config: warn when...
University Email Hijacking Attacks Push Phishing, Malware
Cybercriminals are hijacking legitimate email accounts from more than a dozen universities – including Purdue University, University of Oxford in the U.K. and Stanford University – and using the accounts to bypass detection and trick victims into handing over their email credentials or installing...
CISA Insights: Email-Based Attacks on Elections-Related Entities
The Cybersecurity and Infrastructure Security Agency CISA has released CISA Insights: Actions to Counter Email-Based Attacks on Elections-Related Entities in light of increased sophisticated phishing operations targeting individuals and groups involved in the upcoming U.S. elections. CISA strongl...
GitLab Authorization Issues Vulnerability (CNVD-2020-46490)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab versions prior ...
A 'New Age' of Sophisticated Business Email Compromise is Coming
A newly discovered, sophisticated threat group that targets organizations without DMARC implemented and relies on business email compromise is heralding what researchers call “a new age” of business email compromise. The group, called Cosmic Lynx, is the first reported Russian BEC cybercriminal...
GitLab Data Forgery Issue Vulnerability
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab Enterprise...
Longbrothers Digital OKLOK Code Issue Vulnerability
Longbrothers Digital Fingerprint Bluetooth Padlock FB50 and OKLOK are both products of Longbrothers Digital China.Fingerprint Bluetooth Padlock FB50 is a fingerprint round The Fingerprint Bluetooth Padlock FB50 is a fingerprint round padlock that supports fingerprint unlocking, remote unlocking...
CVE-2020-12272
OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message. This is caused by incorrect parsing and interpretation of SPF/DKIM authentication results, as demonstrated by the...
GitLab Authorization Issues Vulnerability (CNVD-2020-12719)
GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. An authorization issue vulnerability exists in GitLab...
ThreatList: DMARC Adoption Nonexistent at 80% of Orgs
About 80 percent of company web domains don’t have standard email authentication protections in place. That’s according to 250ok’s Global DMARC Adoption 2019 report, which analyzed 25,700 domains in the education, e-commerce, legal, financial services, SaaS and nonprofit sectors, as well as the...
Secure your journey to the cloud with free DMARC monitoring for Office 365
Not knowing who is sending email “from” your organization is an enormous problem for IT managers for two reasons. One problem is “shadow IT”—cloud services that employees have signed up for without IT oversight. Many of these services send mail—to employees, customers, or marketing prospects—whic...
Automattic: Insufficient DKIM record with RSA 512-bit key used on WordPress.com
What is DomainKeys Identified Mail DKIM ? DKIM allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It achieves this by affixing a digital signature, linked to a domain name, to each outgoing email message. The...
FTC Releases Alert with Cybersecurity Resources for Non-Profits and Small Businesses
The Federal Trade Commission FTC has released an alert with new cybersecurity resources for non-profits and small businesses. These resources, which cover topics such as ransomware, phishing, and email authentication, aim to help organizations protect their network and information. NCCIC encourag...
Coalition, Inc.: No authentication on email address for password reset functionality/ https://platform.thecoalition.com/forgot-password
NOTE! Thanks for submitting a report! Please replace all the square sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary: It was observed that the forgo...
Security update for MozillaThunderbird (important)
This update for MozillaThunderbird to version 52.3 fixes security issues and bugs. The following vulnerabilities were fixed: - CVE-2017-7798: XUL injection in the style editor in devtools - CVE-2017-7800: Use-after-free in WebSockets during disconnection - CVE-2017-7801: Use-after-free with marqu...