Listen to this blog post below

 

Here is a helpful compilation of noteworthy developments in the email security landscape which you might have overlooked.

 

VEC Campaign Targets Critical Infrastructure Organizations with Invoice Fraud Attack

According to new research by Abnormal Security, a single threat group infiltrated five vendor email accounts. They then used the compromised accounts to send invoice fraud emails to 15 individuals in five critical infrastructure organizations. The targeted establishments included a manufacturing organization, two logistics groups, and two healthcare establishments.

‘Abnormal’ says that although the emails contained grammatical errors, they possessed some features that made them look legitimate and bypass traditional security defenses. It is a classic example of a vendor email compromise (VEC) fraud attack. ‘Abnormal’ further added that it blocked the emails for its customers but other organizations might not have been so lucky.

 

Zimbra Warns of a Critical Zero-Day Vulnerability in Its E-mail Software

Zimbra recently warned that its email software had a critical zero-day vulnerability that malicious actors were actively exploiting. The security flaw (CVE-2023-34192) allowed a remote authenticated attacker to execute an arbitrary code. Since the specifics of the vulnerability are undisclosed, experts are concerned about its potential implications.

 

zero day attack

 

The vulnerability impacts Zimbra Collaboration Suite (ZCS) v.8.8.15, used by numerous businesses, government agencies, and universities. Following the discovery, Zimbra sent instructions to apply a manual fix and eliminate the attack vector. It urged its customers to update to the patched version of ZCS as soon as possible.

 

Microsoft Cloud Attack Potentially Exposed More Than Just Outlook E-mails

Researchers at Wiz, a cloud security startup, warned organizations running Microsoft’s M365 platform about a stolen Microsoft security key that can give Chinese threat actors access to their data.

Wiz researcher Shir Tamari said their researchers discovered that the perpetrators could use the compromised MSA key to create fake access tokens for various Azure Active Directory applications, like SharePoint, OneDrive, and Teams.

He added that the threat actors could also access Microsoft customer applications supporting the “Login with Microsoft” functionality. Therefore, Wiz has urged organizations using Microsoft services and Azure to immediately assess any potential impact that is more than breached email security.

 

A Typo Causes ‘Millions of E-mails’ For US Military to Get Routed To .ml Addresses

According to a recent finding, millions of emails meant for .mil US military addresses got redirected to .ml addresses, a top-level domain of Mali (Africa), for a decade! As a result of the typographical error, maps of military installations, identity documents, bookings for high-ranking military leaders, travel itineraries, medical data, and other important information were sent to the .ml addresses rather than the .mil ones.

 

data stole

 

Responding to questions about why the US military could not detect the email leaks for so long, the US Department of Defense said it was aware of the mistake and considered any disclosures of Controlled National Security Information or Controlled Unclassified Information by unauthorized parties seriously.

 

Google to Restrict Internet Access to Employees for Reducing Cyber Attack Risk

Google recently started a new campaign to restrict employees to internet-free desktop PCs. Initially, Google selected around 2,500 employees to participate but later revised the campaign to allow employees to opt-out or volunteers to enter.

The selected desktops will not have internet access, but Google-owned websites like Gmail, Google Drive, and internal web-based tools will work. Employees who need the internet for doing their jobs will be exempted, Google said in a report. The organization is running the program to reduce cyberattack risks for its employees.

 

Chinese Espionage Group Responsible for Advanced Android Spyware

Cybersecurity firm ‘Lookout’ recently said that APT 41 (a Chinese espionage group) was behind the advanced Android spyware dubbed DragonEgg and WyrmSpy. Also called Barium and Winnti, the Chinese spyware group has been active since 2012.

 

Android spyware

 

They have been targeting multiple private entities for financial gain and government organizations for espionage. The experts opine that if an advanced Chinese spyware group like APT 41 focuses on mobile devices, it shows that they are high-value targets with coveted data.

Pin It on Pinterest

Share This