Russian hackers stole Microsoft corporate emails in month-long breach
Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. [...]
Stay secure with the latest email security updates, best practices, and threat alerts to protect your inbox and sensitive information.
Search across headline titles and summaries.
Background for this topic.
Email is a system for exchanging digital messages, typically using mail servers and clients over a network. In security, it includes both the messages and the accounts, servers, domains, and authentication mechanisms that handle them. Email commonly carries phishing links, malicious attachments, and fraudulent requests for payments or credentials; compromised accounts can also be used to impersonate trusted people and conduct further attacks.
Defenses include filtering and malware scanning, phishing-resistant multifactor authentication, careful handling of links and attachments, and monitoring for unusual login or sending activity. Domain controls such as SPF, DKIM, and DMARC help receiving systems detect messages that are forged or sent without authorization, while encryption protects message contents in transit or at rest when correctly implemented. Security teams should preserve relevant headers and mailbox activity so suspicious messages can be investigated, removed, and used to identify affected accounts and other recipients.
Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard. [...]
Information-Stealing Malware Continues to Amass Fresh Credentials, Experts WarnThe appearance of Naz.api - a massive collection of online credentials harvested by information-stealing malware that contains 71 million unique email addresses - illustrates the scale at which such data is being collected, shared and sold, security experts warn.
Just like you and me, cyberattackers returned from winter break and immediately started sending thousands of emails.
The threat hunters believe COLDRIVER has used SPICA since at least November 2022 Russian cyberspies linked to the Kremlin's Federal Security Service (FSB) are moving beyond their usual credential phishing antics and have developed a custom backdoor that they started delivering via email as far back as November 2022, according to Google's Threat Analysis Group.…
Pen-tester accessed more than 650,000 sensitive messages, and still can, at Indian outfit using Toyota SaaS Toyota Tsusho Insurance Broker India (TTIBI), an Indo-Japanese joint insurance venture, operated a misconfigured server that exposed more than 650,000 Microsoft-hosted email messages to customers, a security researcher has found.…
Here's the latest Trend Vision One™ platform integration addressing the growing need for collaboration in business email security space.
Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service. [...]
Abnormal Security also noted a 71% surge in BEC attacks against the same sector
Leadership Transition Comes After 21 Years Under Peter Bauer as CEOMimecast, the cloud security firm specializing in email and cyber resilience, appointed a new CEO after co-founder Peter Bauer served in the chief executive role since its inception in 2003. The leadership transition comes less than two years after the company went private.
In its latest Email Security Risk Report, Egress found that businesses were 10% more negatively affected by phishing attacks in 2023 than in 2022