As per RFC, if an SPF record has more than 255 characters, then it will be invalid. This simply means that such an SPF record would give false positives and negatives– neither of them works in favor of your domain.
‘Quid pro quo’ is the Latin term that literally means ‘this for that,’ meaning a mutual exchange. Although the term itself doesn’t indicate an illegal act, threat actors leverage this social engineering tactic to offer something valuable or helpful in exchange for information or access to a system.
![Windows Update Exploit, Interpol Recovers $40M, Chrome Direct Payments – Cybersecurity News [August 05, 2024]](https://www.duocircle.com/wp-content/uploads/2024/08/dkim-record-check.jpg)
From the latest Windows update downgrade attack to the recovery of $40 million by Interpol, Google’s new website payment feature, the hack on the classroom management platform, and the US suing TikTok for violating child privacy laws, our weekly cybersecurity bulletin will share the top news that’s making headlines around the world.
Digital Operational Resilience Act (DORA) is a regulation by the European Union that came into force on January 17, 2023. It makes the financial institutions and entities within the finance sector more resilient towards fraud. It strengthens banks, insurance companies, investment firms, and other financial service providers to get back on their feet after major losses and disruptions.
Secure Email Gateways (SEGs) are like your email infrastructure’s personal security guards. They ensure only safe and legitimate emails go out from your company, keeping it protected from email-based attacks. The overall practice of deploying SEGs prevents the distribution of malware and phishing attempts through emails, instills trust in your clients and prospects, helps you stay compliant with industry standards, and, most importantly, wards off litigations and financial damages. (more…)
When it comes to ensuring the success of your email campaigns, something that is just as important as the content of the email is the trust it inspires in your recipients. The way the receivers and their mail servers perceive your emails tells a lot about your brand’s identity and credibility.
![TryCloudflare Malware Spread, FBI Scam Alert, Azure Outage Triggered-Cybersecurity News [July 29, 2024]](https://www.duocircle.com/wp-content/uploads/2024/08/spf-record-tester.jpg)
This week’s latest scoop in cybersecurity will take you to the TryCloudflare exploitation for deploying RATs, the new FBI warning about scammers impersonating crypto exchanges, the MS Azure outage details, new features on Google Chrome against infostealers, and the security gap in Whatsapp for Windows that allows threat actors to run malicious scripts without alerts. Stay tuned to learn more about these and how to stay safe!
A cyber-espionage group backed by North Korea has been sneaking into the vital intellectual property and technical information of the US. The group is a part of North Korea’s foreign intelligence service. From aerospace to defense, engineering companies to nuclear science, the group has been prying into critical infrastructures. (more…)
By now, you might have heard a lot about how DMARC reports are crucial for your organization to gain insights into your email traffic and learn how your authentication protocols are waging against phishing and spoofing attempts. They reveal the harsh truth, that is, not all emails claiming to be from your domain are legitimate. While you’re decoding DMARC reports, have you ever looked into the sources of these emails?
Email authentication isn’t simply about verifying senders; it’s about protecting your organization from phishing, spoofing, and other email-based attacks and, most importantly, ensuring that your email campaigns reach their intended recipients. An email authentication protocol that ticks all of these boxes is DMARC, or Domain-based Message Authentication, Reporting, and Conformance.
![Chrome Warns Users, KnowBe4 Hires Hacker, Greece’s Registry Attacked – Cybersecurity News [July 22, 2024]](https://www.duocircle.com/wp-content/uploads/2024/07/email-migration-service.jpg)
This week’s cybersecurity updates include the latest Google Chrome malicious file alerts, the story of KnowBe4 hiring a North Korean Hacker, the 400 cyberattacks on the Greece Land Registry, US Sanctions on Russian Hackers targeting critical infrastructure, and threat actors taking advantage of fake CrowdStrike updates. Stay tuned!
You wonder what can a malicious actor do with your email and no password? Well, a lot!
The SPF delegation method is for domain owners who authorize an external email server to send emails on their behalf without having them fail the email authentication checks. This requires you to make some alterations to the existing SPF record.
The risk of cybercriminals intercepting your emails and tampering with them is perpetual. But there’s a way to mitigate this risk and make sure that your emails are delivered unaltered without any malicious interference. Implementing DKIM or DomainKeys Identified Mail is your masterstroke against email tampering and spoofing. It relies on cryptographic techniques to sign your emails, allowing recipients to verify that they truly originate from your domain and have not been messed with.
![Trello Emails Leaked, Malware Domains Registered, Kaspersky Exits USA – Cybersecurity News [July 15, 2024]](https://www.duocircle.com/wp-content/uploads/2024/07/spf-permerror.jpg)
Here’s an inside look at the latest cybersecurity news covering the 15 million emails stolen from Trello, Kaspersky’s exit from the U.S., what Revolver Rabbit is doing with 500,000 domains, the AT&T Data Breach, and info-stealer malware being distributed via Facebook ad campaigns. Let’s take a look!
Threat actors bypass DKIM authentication checks with the DKIM replay attack technique. This allows them to attain a copy of a valid email and replay it with additional or replaced From, To, or Subject headers. As the original DKIM signature is valid, the replayed version also passes the DKIM authentication checks. This way, even phishing and spoofing emails land in the recipients’ inboxes instead of spam folders.
Recently, Microsoft users received data breach notification emails, which, however, were marked as spam by Microsoft’s own security tools.
Email authentication has become a non-negotiable standard for companies and governments, as it prevents phishing, spoofing, ransomware, and other email-based cyberattacks. Email authentication protocols also raise alerts for modified email contents as these changes indicate tampering done by threat actors.
![Chinese Hackers Hijack Routers, US Stops Botfarm, Google Adds Passkeys – Cybersecurity News [July 08, 2024]](https://www.duocircle.com/wp-content/uploads/2024/07/sendgrid-alternative-5.jpg)
Here we are back again with cybersecurity’s latest covering the news that shook the world this week. We’ll take a look at Chinese hackers taking over SOHO routers for attacks, how the US DoJ shut down Russian bot accounts on X, the new passkeys for Google account protection, the Fujitsu data breach, and the compromise of personal and healthcare information of the City of Philadelphia. Stay tuned!
Google has always prioritized user safety and has designed the Google Critical Security Alert to warn users whenever a threat actor or unauthorized person tries to access your Google account. This security feature also alerts you if there is a login to your account from a new or unrecognized device, allowing you to deny access if you don’t recognize the device. You receive a notification on your primary device (in which the particular Google account is logged in), where you have to click on either of the options – ‘Yes, it’s me’ or ‘No, secure account.’ You may also receive this notification via email.