email – SSL and internet security news

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

April 9, 2024 infossl

china, email, hacking, microsoft, privacy, Security technology, Uncategorized

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred. The Board … Read More “US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack” »

Security Vulnerability of HTML Emails

April 8, 2024 infossl

email, Security technology, spoofing, Uncategorized, vulnerabilities

This is a newly discovered email vulnerability: The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. All that email was supposed to achieve was being forwarded to you. However, the moment the email appeared in your inbox, it changed. The innocent pretext … Read More “Security Vulnerability of HTML Emails” »

Business Email Compromise (BEC) Criminal Ring

July 10, 2020 infossl

cybercrime, email, hacking, malware, phishing, russia, Security technology

A criminal group called Cosmic Lynx seems to be based in Russia: Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations in 46 countries. Cosmic Lynx specializes in topical, tailored … Read More “Business Email Compromise (BEC) Criminal Ring” »

New iPhone Zero-Day Discovered

April 22, 2020 infossl

email, exploits, iphone, patching, Security technology, zeroday

Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said “we were a bit surprised about who was targeted.” He … Read More “New iPhone Zero-Day Discovered” »

Deep Learning to Find Malicious Email Attachments

February 28, 2020 infossl

email, gmail, google, machinelearning, malware, phishing, Security technology

Google presented its system of using deep-learning techniques to identify malicious email attachments: At the RSA security conference in San Francisco on Tuesday, Google’s security and anti-abuse research lead Elie Bursztein will present findings on how the new deep-learning scanner for documents is faring against the 300 billion attachments it has to process each week. … Read More “Deep Learning to Find Malicious Email Attachments” »

Companies that Scrape Your Email

February 12, 2020 infossl

apple, datamining, email, espionage, marketing, Security technology, surveillance

Motherboard has a long article on apps — Edison, Slice, and Cleanfox — that spy on your email by scraping your screen, and then sell that information to others: Some of the companies listed in the J.P. Morgan document sell data sourced from “personal inboxes,” the document adds. A spokesperson for J.P. Morgan Research, the … Read More “Companies that Scrape Your Email” »

US Journalist Detained When Returning to US

July 4, 2019 infossl

borders, email, lawenforcement, privacy, searches, Security technology, surveillance

Pretty horrible story of a US journalist who had his computer and phone searched at the border when returning to the US from Mexico. After I gave him the password to my iPhone, Moncivias spent three hours reviewing hundreds of photos and videos and emails and calls and texts, including encrypted messages on WhatsApp, Signal, … Read More “US Journalist Detained When Returning to US” »

Using Gmail “Dot Addresses” to Commit Fraud

February 6, 2019 infossl

creditcards, email, fraud, gmail, scams, Security technology

In Gmail addresses, the dots don’t matter. The account “bruceschneier@gmail.com” maps to the exact same address as “bruce.schneier@gmail.com” and “b.r.u.c.e.schneier@gmail.com” — and so on. (Note: I own none of those addresses, if they are actually valid.) This fact can be used to commit fraud: Recently, we observed a group of BEC actors make extensive use … Read More “Using Gmail “Dot Addresses” to Commit Fraud” »

Real-Time Attacks Against Two-Factor Authentication

December 14, 2018 infossl

authentication, email, maninthemiddleattacks, phishing, Security technology, twofactorauthentication

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets’ level of operational security, researchers with security firm Certfa Lab said in a blog post. The emails contained a hidden image that … Read More “Real-Time Attacks Against Two-Factor Authentication” »

Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising

October 2, 2018 infossl

academicpapers, adware, authentication, email, facebook, phones, privacy, Security technology, socialmedia

From Kashmir Hill: Facebook is not content to use the contact information you willingly put into your Facebook profile for advertising. It is also using contact information you handed over for security purposes and contact information you didn’t hand over at all, but that was collected from other people’s contact books, a hidden layer of … Read More “Facebook Is Using Your Two-Factor Authentication Phone Number to Target Advertising” »