As technology adoption has shifted to be employee-led, just in time, and from any location or device, IT and security teams have found themselves contending with an ever-sprawling SaaS attack surface, much of which is often unknown or unmanaged. This greatly increases the risk of identity-based threats, and according to a recent report from CrowdStrike, 80% of breaches today use compromised
SMTP Smuggling: New Flaw Lets Attackers Bypass Security and Spoof Emails
A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures.
“Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from arbitrary email addresses, allowing targeted phishing attacks,” Timo Longin, a senior security
“Threat actors could abuse vulnerable SMTP servers worldwide to send malicious emails from arbitrary email addresses, allowing targeted phishing attacks,” Timo Longin, a senior security
DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation
The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule (TSR).
In addition to prohibiting the company from violating the law, the stipulated order requires it to meet other compliance measures,
In addition to prohibiting the company from violating the law, the stipulated order requires it to meet other compliance measures,
Steam drops support for Windows 7 and 8.1 to boost security
Steam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system. […]
Orbit Chain loses $86 million in the last fintech hack of 2023
Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin. […]
Online museum collections down after cyberattack on service provider
Museum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week. […]
Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data
The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation. […]
Google Groups is ending support for Usenet to combat spam
Google has officially announced it’s ceasing support for Usenet groups on its Google Groups platform, a move partly attributed to the platform’s increasing struggle with spam content. […]
Victoria court recordings exposed in reported ransomware attack
Australia’s Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack. […]
The Definitive Enterprise Browser Buyer’s Guide
Security stakeholders have come to realize that the prominent role the browser has in the modern corporate environment requires a re-evaluation of how it is managed and protected. While not long-ago web-borne risks were still addressed by a patchwork of endpoint, network, and cloud solutions, it is now clear that the partial protection these solutions provided is no longer sufficient. Therefore,