The Iranian government-backed actor known as Charming Kitten has added a new tool to its malware arsenal that allows it to retrieve user data from Gmail, Yahoo!, and Microsoft Outlook accounts. Dubbed HYPERSCRAPE by Google Threat Analysis Group (TAG), the actively in-development malicious software is said to have been used against less than two dozen accounts in Iran, with the … [Read more...] about Google Uncovers Tool Used by Iranian Hackers to Steal Data from Email Accounts
New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials
A new high-severity vulnerability has been disclosed in the Zimbra email suite that, if successfully exploited, enables an unauthenticated attacker to steal cleartext passwords of users sans any user interaction. "With the consequent access to the victims' mailboxes, attackers can potentially escalate their access to targeted organizations and gain access to various internal … [Read more...] about New Zimbra Email Vulnerability Could Let Attackers Steal Your Login Credentials
New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email
A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction," SonarSource said in a … [Read more...] about New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email
Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware
A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IcedID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking (also known as thread hijacking)," Israeli company Intezer said in a … [Read more...] about Hackers Hijack Email Reply Chains on Unpatched Exchange Servers to Spread Malware
Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users
A threat actor, likely Chinese in origin, is actively attempting to exploit a zero-day vulnerability in the Zimbra open-source email platform as part of spear-phishing campaigns that commenced in December 2021. The espionage operation — codenamed "EmailThief" — was detailed by cybersecurity company Volexity in a technical report published Thursday, noting that successful … [Read more...] about Hackers Exploited 0-Day Vulnerability in Zimbra Email Platform to Spy on Users
How Does MTA-STS Improve Your Email Security?
Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage (e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old now), and therefore security was not an important consideration. As a result, in most email systems encryption is still … [Read more...] about How Does MTA-STS Improve Your Email Security?
Email Security Recommendations You Should Consider from 2021
With contributions from Jamal “Jay” Bethea, Cisco Secure Email Product Marketing Manager Think email security is not complicated; think again. Not only is email the #1 attack vector, but regulatory compliance requirements across sectors make it difficult to know which data protection laws are for your industry. Now mix in architectural changes that support cloud productivity … [Read more...] about Email Security Recommendations You Should Consider from 2021
A Visual Take on Email Authentication and Security
There is a saying that goes something like, "Do not judge a book by its cover." Yet, we all know we can not help but do just that - especially when it comes to online security. Logos play a significant role in whether or not we open an email and how we assess the importance of each message. Brand Indicators for Message Identification, or BIMI, aims to make it easier for us to … [Read more...] about A Visual Take on Email Authentication and Security
Small Business and the Importance of Simplified Email Security
Cisco Secure Email Cloud Mailbox was built with one guiding principle – simplicity. Of course, it’s easy for us to talk about the benefits of our cloud-native email security product and how easy it is to use. But don’t just take it from us! Every day, our customers are reaping the benefits of enhanced email security, which in turn increases productivity, profitability, and … [Read more...] about Small Business and the Importance of Simplified Email Security
Industry Recognition for Cisco Secure Email Cloud Mailbox
CRN has released its list of the Ten Hottest New Cloud Security Tools of 2020 and I am incredibly proud to say that Cloud Mailbox is featured on the list. After all of the work I’ve seen poured into the project in the lead-up to the launch, it is wonderful to see industry recognition and to share it with the talented group of Cisco folks who made it happen. One small step for … [Read more...] about Industry Recognition for Cisco Secure Email Cloud Mailbox