BEC Gang Exploits G Suite, Long Domain Names in Cyberattacks

Business email compromise BEC attacks continue to be a thorn in companies’ sides, with the FBI in its IC3 annual cybercrime report saying that the attacks cost victims $1.7 billion in 2019. Making matters worse, BEC cybergangs are turning to new tactics and tricks to avoid detection and capitaliz...

Trend Micro Cloud App Security Blocked 12.7 Million High-Risk Email Threats in 2019 – in addition to those detected by cloud email services’ built-in security

On March 3, 2020, the cyber division of Federal Bureau of Investigation FBI issued a private industry notification calling out Business Email Compromise BEC scams through exploitation of cloud-based email services. Microsoft Office 365 and Google G Suite, the two largest cloud-based email service...

This Week in Security News: Trend Micro Detects a 10 Percent Rise in Ransomware in 2019 and New Wi-Fi Encryption Vulnerability Affects Over a Billion Devices

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about how Trend Micro detected a 10 percent rise in ransomware attacks in 2019. Also, learn about a new Wi-Fi encryption vulnerability...

Cybergang Favors G Suite and Physical Checks For BEC Attacks

Researchers have uncovered a new business email compromise BEC threat actor, which they call Exaggerated Lion, targeting thousands of U.S. companies with money pilfering scams. The cybercrime ring is unique in its leveraging of Google’s cloud-based productivity suite, G Suite, and for its use of...

BitDam Study Exposes High Miss Rates of Leading Email Security Systems

Imagine receiving an email from US VP Mike Pence's official email account asking for help because he has been stranded in the Philippines. Actually, you don't have to. This actually happened. Pence's email was hacked when he was still the governor of Indiana, and his account was used to attempt t...

News Wrap: Which Companies Are Doing Privacy Right and Which Aren't?

The Threatpost team breaks down the top data privacy-related news this week, including: Google’s acknowledgement that G Suite passwords had been stored in plaintext – since 2005. The database of golfing app Game Golf left misconfigured, exposing millions of data points on games played plus...

Google says it stored some G Suite passwords in plain text for 14 years

By Uzair Amir This issue is linked with G Suite users only while free consumer Google accounts remained unharmed. A couple of days ago it was reported that Google has been using Gmail to secretly store its users' purchase history for years. Now, the company has revealed that its team recently...

Google Stored G Suite Passwords in Plaintext Since 2005

Google stored G Suite passwords in plaintext for almost 15 years, the cloud giant acknowledged on Tuesday evening. G Suite, Google’s brand of cloud computing, productivity and collaboration tools, software and products, has more than 5 million users as of February. Google said that it recently...

Google Stored G Suite Users' Passwords in Plain-Text for 14 Years

After Facebook and Twitter, Google becomes the latest technology giant to have accidentally stored its users' passwords unprotected in plaintext on its servers—meaning any Google employee who has access to the servers could have read them. In a blog post published Tuesday, Google revealed that it...

Hit the Easy Button for Your Organization’s Gmail Security

Fifteen years ago, Gmail was launched by Google. The web-based service now has 1.5 billion users a month. In addition to being the extremely popular personal email service, Gmail is also a key component of G Suite for organizations. One of the many reasons of Gmail’s popularity is its security...

Bitcoin Giveaway Scam Balloons, with Google the Latest Victim

Google’s official G Suite Twitter account, which has more than 800,000 followers, on Tuesday became the latest victim of an increasingly widespread Bitcoin scam, according to researchers. The growing size and scope of the scam — as well as the cybercriminals’ success in hijacking high-profile,...

Google's New Tool Lets You Easily Backup & Sync Your Entire PC to the Cloud

Soon you will be able to auto backup and sync your whole computer on Google Drive. Yes, you heard that right. By the end of this month, Google will launch Backup and Sync — a new, simple tool that has been designed to help you backup not only your documents and photos in the cloud but your entire...

Google SSRF vulnerability analysis: the use of Google application tool found inside Google DNS information-vulnerability warning-the black bar safety net

! 1 the end of the month, I found the Google applications Suite G Suite website toolbox. googleapps. com the presence of SSRF vulnerability through the vulnerability can further query the Google internal DNS server, access to Google's internal IP address, DNS records and a variety of server host...

This domain is my domain - G Suite A record vulnerability

In part two of G Suite vulnerability discussion, I am writing about a simple but quite serious vulnerability in yet another part of G Suite Application. In general, G Suite is a major application of Google with multiple features. Its primary security relies on the concept of Domain Ownership...

I got emails - G Suite Vulnerability

After recent finding about Uber and SendGrid bug, I decided to check other third party applications that were also used for similar cases. During the investigation, some third party applications were found to be vulnerable including G Suite. The initial research of this vulnerability started when...