The Importance of Email Security for the Education Sector

The Importance of Email Security for the Education Sector

The education sector is often a lucrative and easy target for malicious actors as they provide various access points and vast volumes of data. Moreover, the student body often keeps changing, making it difficult to train them in email security. A successful cyber-attack can damage the brand name and cause a substantial financial impact. Hence, maintaining a robust email security posture is essential to provide adequate protection for students and staff from email threats and attacks. This article looks at the various email security threats the educational sector faces and steps to prevent them.

(more…)

Cyber Security News Update – Week 2 of 2022

Cyber Security News Update – Week 2 of 2022

The first week of the year is not without cybersecurity updates, and we bring to you the most relevant of these security headlines. Here are the updates from this past week.

 

Supply Chain Attacks Target Real Estate Websites

Supply chain attacks are known to sabotage organizational networks, and these attacks have increased late. The most recent targets of these attacks are real estate websites. Popular real estate listing website Sotheby’s was a victim of a supply chain attack where attackers deployed a skimmer on the cloud video platform it uses – Brightcove. Consequently, all videos projected on its website (via Brightcove video player) were infected. All websites importing real estate property videos from Sotheby also had their websites compromised by the payment card details stealing skimmer. Interestingly, this scam has been ongoing for a year and has only recently come to light.

(more…)

Cybersecurity And Email Security Trends To Look Out For in 2022

Cybersecurity And Email Security Trends To Look Out For in 2022

One more year is over, and there is no respite from cybercrimes across the globe yet. It is a never-ending battle, and 2022 opens up yet another chapter in the cybersecurity space. Ransomware attacks continued to cause havoc for businesses in 2021, along with the infamous attacks, such as the SolarWinds hack and the Log4j vulnerability. This article examines the cybersecurity and email security trends to watch out for in 2022.  (more…)

Cyber Security News Update – Week 1 of 2022

Cyber Security News Update – Week 1 of 2022

Here are the top cybersecurity headlines this week to help you understand what’s going on in the cyber world and how you can plan to strengthen your organization’s security posture in 2022.

 

K-12 Cybersecurity Act Becomes Law

US President Joe Biden recently signed the K-12 Cybersecurity Act into law which will add to the efforts at strengthening the cybersecurity of the K-12 educational institutions. The newly passed law will require the CISA director to analyze the cybersecurity risks facing K-12 schools within 120 days of the act being passed. The CISA director will also have to explore the possible cybersecurity challenges faced by these K-12 schools, including securing information systems, implementing cybersecurity protocols, and protecting sensitive employee and student and employee data.

(more…)

Aspects Your Email MSP Business Needs to Consider to Attract And Retain Clients

Aspects Your Email MSP Business Needs to Consider to Attract And Retain Clients

The global managed services market is expected to hit $274 billion by 2026. With over 40,000 operational managed service providers (MSPs) in the US alone, there can be intense competition among providers at times. If you are an MSP business or plan to offer managed email security, this article discusses some crucial aspects of managed service offerings to help you do a profitable business.

(more…)

Apache Log4j Zero-day Vulnerability: How to Detect it & Precautions You Need to Take

Apache Log4j Zero-day Vulnerability: How to Detect it & Precautions You Need to Take

A zero-day vulnerability was recently detected in the popular logging library, Apache Log4j. Such an attack on your organization would enable the perpetrators to remotely carry out a complete code execution. While you must have already invested in anti-phishing services and other solutions, you need to consult professional IT teams to keep your digital assets secure from such new forms of cyber threats, too.

(more…)

Cyber Security News Update – Week 51-2 of 2021

Cyber Security News Update – Week 51-2 of 2021

This week’s major cyber news headlines reflect the cybersecurity warnings being circulated ahead of the Christmas holidays and a host of other significant updates. Here are the most important of those security updates.

 

Imperva Reports a Surge in Web Application Attacks

Renowned security vendor Imperva recently released a cybersecurity analysis report highlighting that there have been over 4.7 million web application attacks since October 2019. Imperva’s findings reveal that web-app attacks are increasing by 22% every quarter. Data breaches in the UK have increased significantly because of the rising attacks on businesses (increased by 250% between October 2019 and the present day).

(more…)

Microsoft Exchange Servers Best Practices to Ensure a Robust Email Security Posture

Microsoft Exchange Servers Best Practices to Ensure a Robust Email Security Posture

Microsoft Exchange Server primarily helps organizations send, receive, and store organizational email messages. However, there are many more functions that Microsoft Exchange Server provides to its users. It is deployed on the Windows Server Operating System and is primarily used for business purposes.

A few of the leading collaborative features are calendaring and integrating with other Microsoft applications. Microsoft Exchange Server is widely used by organizations around the world, which makes it highly vulnerable to malicious actors, who are always on the lookout to exploit one vulnerability or another. For instance, earlier this year, Chinese threat actors were reported to exploit vulnerabilities of the Exchange Server to attack organizations throughout the United States that were using Exchange Server for their email operations or other activities.

(more…)

Log4j Disclosure

DuoCircle Security Statement: Apache Log4j Vulnerability

On Friday December 10, 2021 we observed the announcement of the unknown zero day vulnerability (CVE-2021-44228) for the commonly used logging library for Java-based software called log4j.

DuoCircle uses the Log4j in AWS ElasticSearch for our email message logging service. Amazon has issued a patch for the service and it has been applied to our system.

As a security measure, our team has conducted a full impact assessment since the vulnerability was initially documented, and we have found other component or service offered by DuoCircle to be affected.

Components analyzed and identified as secure:

  • Applications, RESTful APIs, API Gateways
  • DuoCircle Web (Public Website)
  • DuoCircle Support (Freshdesk)
  • Backup Services (AWS Backup, AWS S3)

At this moment there are no additional components that were identified as vulnerable to the exploit.

We are constantly monitoring the response of security researchers to observe the further discovery of this vulnerability and others that may arrive. Further updates will be posted on this page as necessary.

Cyber Security News Update – Week 51 of 2021

Cyber Security News Update – Week 51 of 2021

This week’s cybersecurity headlines are proof that vulnerabilities should be patched the moment they are reported. Here are the top headlines this week that re-emphasize the need to heed security warnings by law enforcement.

 

Scandinavian Hotel Chain-Nordic Choice Has The Hardest Time Checking Guest In

Having caused much disruption in Ireland’s Health Service Executive (HSE) and the US-based Broward County Public Schools, the Conti ransomware group has now targeted a Scandinavian hotel chain. While the hotel – Nordic Choice, has no plans to negotiate with the attackers, it suspects a theft of its guests’ personally identifiable information (PII). As a result of the attack, guests are also struggling to check in because the reservations system at over 200 Nordic Choice locations remains affected. All procedures related to check-in, new room key creation, check-out, etc., were affected, which compelled the hotel staff to escort guests to their rooms.

(more…)

Reducing The Risk of Email Impersonation Attacks: 6 Email Security Measures You Need to Consider

Reducing The Risk of Email Impersonation Attacks: 6 Email Security Measures You Need to Consider

Email services will not be outdated anytime soon as most businesses still prefer it to be their primary means of communication. However, as 4.6 billion people will be using emails by 2025, there is an alarming rise in email impersonation attacks and email security risks. In a single case in Colombia, $8 million was compromised by malicious actors in a recent example of an impersonation attack.

(more…)

Cybercrimes on The Rise: How MSPs Can Ensure Email Security For Their Clients

Cybercrimes on The Rise: How MSPs Can Ensure Email Security For Their Clients

Malicious actors target Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) as attack points for malware delivery. Attacks on distribution networks have increased in frequency in recent times. The reward to any attempt that successfully infiltrates a Managed Service Provider (MSP) far surpasses the cost of the incident. Attackers install ransomware on various networks and devices after exploiting vulnerabilities in email services and systems managed by MSPs. Several managed service providers have lately acknowledged becoming victims of targeted ransomware attacks.

(more…)

Cyber Security News Update – Week 50 of 2021

Cyber Security News Update – Week 50 of 2021

The cyber realm has progressed much over the last week; here is the compilation of the top cybersecurity headlines from the past seven days.

 

UK Government Passes New Cybersecurity Bill

The general notion among consumers of electronic goods today is that a seller or manufacturer does a good job of ensuring their security from cyberattacks. More often than not, this isn’t true. Of late, cyber adversaries have been intruding into netizens’ private and public spaces – right from attacks on their organizational networks to home systems such as smart TVs, CCTVs, baby monitors, etc. The United Kingdom government has implemented the Product Security and Telecommunications Infrastructure (PSTI) Bill as a corrective measure. The PSTI bill mandates all manufacturers and sellers of IoT devices to abide by cybersecurity protocols and protect the privacy of Britons.

(more…)

Why You Need to Prioritize Email Security While Selecting an Email Marketing Vendor

Why You Need to Prioritize Email Security While Selecting an Email Marketing Vendor

Designing a successful email marketing campaign takes time and strategy. While it is imperative to partner with an established email marketing vendor, you cannot possibly overlook email security. As an enterprise head, you might be focusing on intensifying your digital footprint by working on your email list and leads. Amidst all these responsibilities, it’s easy to ignore online threats from malicious actors. While most established email marketing vendors offer anti-phishing services and ransomware protection, you need to guard yourself against other modes of attacks too. To craft a better experience on your digital journey, you need to know the best practices while selecting your email marketing vendor. (more…)

Email Security Breach at the FBI: How Threat Actors Got Access to the FBI’s Mail Servers

Email Security Breach at the FBI: How Threat Actors Got Access to the FBI’s Mail Servers

Malicious actors reportedly attacked the Federal Bureau of Investigation (FBI) mail system Saturday (November 13, 2021) morning, ostensibly as a DHS warning of a cyberattack. The FBI confirmed that attackers compromised its mail servers and sent out bogus messages. Despite spending millions to ensure cybersecurity, the FBI’s network has been compromised. The attackers could have used the emails for spear phishing and ransomware attacks but instead outlined how recipients avoid cybercrimes. They used a compromised server to send spam, warning that someone could steal their data.

(more…)

Cyber Security News Update – Week 48 of 2021

Cyber Security News Update – Week 48 of 2021

Threat actors continue to launch cyber attacks on organizations around the world. This week’s headlines cover some of these, among other cyber news.

 

If You Have The SoSafe App, Then This Should Interest You

Pakistan-based threat actors running the GravityRAT remote access trojan have recently developed a chat application called SoSafe chat which spreads malware under the disguise of a ‘safe messaging platform.’ Cybersecurity experts say that the malware is currently targeting high-profile individuals from India. Although the download link and registration for this malicious site remain un-operational, it is very much online.

(more…)

Pin It on Pinterest