Hackers Exploit Twitter Vulnerability to Exposes 5.4 Million Accounts
Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform
Stay secure with the latest email security updates, best practices, and threat alerts to protect your inbox and sensitive information.
Search across headline titles and summaries.
Background for this topic.
Email is a system for exchanging digital messages, typically using mail servers and clients over a network. In security, it includes both the messages and the accounts, servers, domains, and authentication mechanisms that handle them. Email commonly carries phishing links, malicious attachments, and fraudulent requests for payments or credentials; compromised accounts can also be used to impersonate trusted people and conduct further attacks.
Defenses include filtering and malware scanning, phishing-resistant multifactor authentication, careful handling of links and attachments, and monitoring for unusual login or sending activity. Domain controls such as SPF, DKIM, and DMARC help receiving systems detect messages that are forged or sent without authorization, while encryption protects message contents in transit or at rest when correctly implemented. Security teams should preserve relevant headers and mailbox activity so suspicious messages can be investigated, removed, and used to identify affected accounts and other recipients.
Twitter on Friday revealed that a now-patched zero-day bug was used to link phone numbers and emails to user accounts on the social media platform
A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Experian accounts simply by signing up for new accounts using the victim’s personal information and a different email address.
With names, email addresses, and mobile numbers from underground databases, one person in five is at risk of account compromise even with SMS two-factor authentication in place.
Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a recently disclosed high-severity vulnerability in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation
Securing email communication has never been more critical for organizations, and it has never been more challenging to do so. Attack volumes have increased and become more sophisticated.
Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters. In this case, the woman figured out she was being scammed before embarking for the bank, but her story is a chilling reminder of how far crooks will go these days to rip people off.
The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack. [...]
Simple to exploit, enough to pocket $3,000 A Danish ethical hacker was able to work his way uninvited into a closed Cloudflare beta and found a vulnerability that could have been exploited by a cybercriminal to hijack and steal someone else's email.…
A new large-scale phishing campaign targeting credentials for Microsoft email services use a custom proxy-based phishing kit to bypass multi-factor authentication. [...]
Most of the targeted organizations were located in the US, UK, New Zealand and Australia
A new, large-scale phishing campaign has been observed using adversary-in-the-middle (AitM) techniques to get around security protections and compromise enterprise email accounts
DMARC analysis by Proofpoint shows that institutions in the U.S. have among some of the poorest protections to prevent domain spoofing and lack protections to block fraudulent emails.
The campaign uses adversary-in-the-middle techniques to bypass multifactor authentication, evade detection.
Leading US and Aussie unis also sub-par on email security
Microsoft says the Outlook email client will crash when opening and reading emails with tables such as Uber receipt emails. [...]