Mustang Panda Exploits, White House Roadmap, Scaling Compliance Reciprocity- Cybersecurity News [September 09, 2024]
by Duocircle
Let’s talk bout this week’s most talked-about cybersecurity news and updates, crafted to keep you updated on recent happenings. We have covered topics around cybersecurity attacks, advisories, and other relevant updates. These topics consist of the Chinese APT groups leading espionage campaigns, an initiative taken by White House to safeguard internet routing security, a suggestion to streamline compliance across global industries, Apple’s latest launches and AI-driven updates, and last but not least, Google Maps’s new feature to blur your home images online.
DKIM is a cryptography-based email authentication protocol that ensures that only authorized people send emails on your behalf and that nobody changes the content of the message in transit. Salesforce highly encourages its users to deploy SPF, DKIM, and DMARC to protect their domain and email receivers from getting duped. Salesforce has also made it quite straightforward to integrate and configure DKIM so that most of your outgoing emails land in the inboxes of recipients and not their spam or junk folders. With DKIM, the chances of your emails getting marked as spam go down significantly.
Phishing attacks are gradually becoming commonplace. This is evident from the fact that around 94% of firms experienced phishing attacks in 2023. With time, threat actors have been able to make these attacks more sophisticated and credible. FBI’s Internet Crime Center gets the highest number of complaints of phishing attacks every year.
TLS, which is short for Transport Layer Security, is an email security protocol based on cryptography. It facilitates the end-to-end security of data transmitted between applications over the Internet. Most people know it as the padlock icon that appears in web browsers when a secure session is established. But there is more to it—it’s also used in emails, file transfers, video and audio conferencing, instant messaging, and voice-over IP. The overall aim of the TLS is to add an extra layer of security, preventing threat actors from hijacking connections between internet-enabled devices. It lets you know whether the person you are communicating with is actually who they are claiming to be.
With an ROI of $36 for every $1 spent, email marketing’s benefits are clear. Despite this, less than a quarter of marketers would say their email marketing strategy was “very successful.”
OTP Theft Guilty, Social Media Exploits, APT29 Targets Mobile – Cybersecurity News [September 02, 2024]
by Duocircle
We’re back to provide you with the latest cybersecurity news of the week, designed to keep you informed and secure against evolving threats. This week, we highlight the final verdict of an OTP theft case relating to 1-Time Passcode, a loophole in the financial system aided via social media platforms, Android and iOS users attacked by Russian hackers, a more personalized approach towards social engineering techniques, the role of CISOs in curating business strategies and finally the concerns associated with encryption policies amidst Telegram founder’s indictment.
Troubleshoot DMARC problems for Google Workspace domains
by Duocircle
Google Workspace encourages domain owners to use the three email authentication protocols, SPF, DKIM, and DMARC, to ensure outgoing emails are properly authenticated. This reduces the security gaps; otherwise, threat actors can exploit them to send phishing and spoofing emails from your domains. Moreover, from February 2024, Google has mandated DMARC deployment for regular and bulk email senders, urging domain owners or administrators to create a DMARC record in their DNS settings and specifying policies to handle emails that fail SPF and/or DKIM checks.
How do you receive DMARC reports on external email addresses?
by Duocircle
While most domain owners prefer receiving DMARC aggregate and forensic reports on internal email addresses, some want to have them in external inboxes. Internal email addresses refer to those belonging to the same domain for which the DMARC record is created. For example, if your organization’s domain is example.com, then an internal domain email address would be something like employee@example.com. On the other hand, external email addresses are the ones not belonging to that domain. For example, department@otherdomain.com.
What are the different phases of DMARC deployment?
by Duocircle
With sophisticated cyberattacks looming over your email landscape, you need to employ the latest techniques that not only protect your communications but also enhance the security posture, and DMARCfits the bill! Domain-based Message Authentication, Reporting, and Conformance (DMARC) is an email authentication protocol that helps you do just that! It protects your domains against spoofing, phishing, and other email-based frauds.
We’re back with the latest cybersecurity scoop of the week that will keep you privy to the latest attacks and help you stay safe. This week, we’ll take a look at how hackers are leveraging the WPS office to spread malware, the withdrawal of Notion from Russia, how Uber was fined $325 million for illegal data transfers, the Tickler malware attacking US government systems, and the FBI’s report on RansomHub ransomware’s 210 victims and the tactics used. Let’s take a look!
VM-expert landed up in jail for planning cyber extortion in New Jersey!
by Duocircle
A New Jersey-based core infrastructure engineer at a US industrial firm got arrested as he locked out Windows admins from 254 servers. He was trying to target his employer and, in the process, landed up in prison. Daniel was a specialist in hosting virtual machines or VMs.
You might have heard that you do not necessarily need all three email authentication protocols— SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) to create a foolproof defence strategy for your email ecosystem. But here’s a truth that these custodians of security do not tell you: achieving a 100% foolproof email security strategy is very challenging, if not impossible, and you need a multi-layered approach that covers all the bases and helps you stay ahead of these attacks.
Here’s a question for you: how much security is too much security for your emails? Before you try to answer this question, we would like to remind you that email security threats like phishing, spam, ransomware, malware, and spoofing are not only becoming more frequent but also more grave. The kind of impact these attacks have on the target is often devastating, including financial loss, data breach, and legal consequences. With these threats looming over your email ecosystem, you need a mechanism that is robust and hardy.
Emails were and still are a crucial tool for business communication and marketing.
A report by Statista revealed that in 2023, about 347 billion emails were sent and received globally daily. That figure is projected to increase to about 392 billion daily emails by 2026.
Public Data Breach, Ransomware Disables Security, Hacker Fakes Death –Cybersecurity News [August 19, 2024]
by Duocircle
We’re back with the latest cybersecurity scoop of the week where we’ll take a look at the data breach that occurred at National Public Data, the new malware that disables security software, how a man was sentenced for hacking into the stage registry to fake his death, the $14 million holograph crypto hackers’ arrest, and the charges against Karakurt extortion gang’s member. Stay tuned for more!
The risks associated with parked domains- a gateway to grave cyberattacks
by Duocircle
Brand owners buy domains and park them for several reasons, including future use or development and brand protection. Sometimes, they also buy them because they want to hold onto a name they like or identify with, even if they don’t have the purpose of developing it anytime soon.
SPF=fail, but the recipient’s mailbox has not quarantined or rejected the email- why?
by Duocircle
When an email shows ‘SPF=fail’ but is not blocked by an antispam filter, it can be due to several reasons. Knowing and fixing the issue is important; otherwise, threat actors can exploit the security gap by sending fraudulent emails in your business’ name.
Enabling Microsoft’s Exchange Online Protection (EOP) phishing policies using the Microsoft Defender portal
by Duocircle
There is a default anti-phishing policy that is applied to all recipients, but it’s better to create custom policies for better protection. To configure the anti-phishing policies, you need to be assigned permissions in the Microsoft Defender portal. If you have the required permissions, you are good to go ahead and make modifications.
Here we are with cybersecurity latest with our news bulletin. This week, we’ll share all the info on the Windows SmartScreen flaw, the arrest of the Reveton ransomware cartel’s operator, the sentencing of a Russian cybercriminal who stole 300,000 login credentials, the details of the 3AM ransomware breach of Kootenai Health patient data, and fake alerts on X being used as clickbait. Let’s take a look!
Ever since Google and Yahoo rolled out new email-sending policies that mandate organizations that send bulk marketing emails every day to deploy DMARC (Domain-based Message Authentication Reporting and Conformance), organizations across the world have been quite proactive in meeting these new standards. The wave of DMARC adoption was such that over 800,000 new DMARC records were created by March 2024. And just like the rest of the world, organizations in Ireland also jumped on this bandwagon.
![Mustang Panda Exploits, White House Roadmap, Scaling Compliance Reciprocity- Cybersecurity News [September 09, 2024]](https://www.duocircle.com/wp-content/uploads/2024/09/spf-permerror-4.jpg)
![OTP Theft Guilty, Social Media Exploits, APT29 Targets Mobile – Cybersecurity News [September 02, 2024]](https://www.duocircle.com/wp-content/uploads/2024/09/spf-permerror-1.jpg)
![WPS Office Exploit, Notion Exits Russia, Uber’s $325M Fine – Cybersecurity News [August 26, 2024]](https://www.duocircle.com/wp-content/uploads/2024/09/spf-validator.jpg)
![Public Data Breach, Ransomware Disables Security, Hacker Fakes Death – Cybersecurity News [August 19, 2024]](https://www.duocircle.com/wp-content/uploads/2024/08/smtp-email-7954.jpg)
![Windows SmartScreen Exploited, Ransomware Leader Arrested, Russian Hacker Sentenced – Cybersecurity News [August 12, 2024]](https://www.duocircle.com/wp-content/uploads/2024/08/spf-record-check-1.jpg)
