Emotet malware now distributed in Microsoft OneNote files to evade defenses
The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. [...]
Stay secure with the latest email security updates, best practices, and threat alerts to protect your inbox and sensitive information.
Search across headline titles and summaries.
Background for this topic.
Email is a system for exchanging digital messages, typically using mail servers and clients over a network. In security, it includes both the messages and the accounts, servers, domains, and authentication mechanisms that handle them. Email commonly carries phishing links, malicious attachments, and fraudulent requests for payments or credentials; compromised accounts can also be used to impersonate trusted people and conduct further attacks.
Defenses include filtering and malware scanning, phishing-resistant multifactor authentication, careful handling of links and attachments, and monitoring for unusual login or sending activity. Domain controls such as SPF, DKIM, and DMARC help receiving systems detect messages that are forged or sent without authorization, while encryption protects message contents in transit or at rest when correctly implemented. Security teams should preserve relevant headers and mailbox activity so suspicious messages can be investigated, removed, and used to identify affected accounts and other recipients.
The Emotet malware is now distributed using Microsoft OneNote email attachments, aiming to bypass Microsoft security restrictions and infect more targets. [...]
Business email compromise overtakes ransomware
Mozilla has announced the integration of Firefox Relay, an email protection system that helps users evade trackers and spammers, directly into the Firefox browser. [...]
Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email. [...]
Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.
An email you haven't even looked at yet could be used to trick Outlook into helping crooks to logon as you.
AT&T, PayPal, and Microsoft top the list of domains that victims visit following a link in a phishing email, as firms fight to prevent fraud and credential harvesting.
Microsoft will soon fast-track multi-factor authentication (MFA) adoption for its Microsoft 365 cloud productivity platform by adding MFA capabilities to the Outlook email client. [...]