DMARC’s purpose of instructing receiving servers on how to handle unauthorized emails from your domain is achieved based on what policy you have set in your DMARC record. While p=reject is undoubtedly the strictest policy, there are conditions in which it isn’t a suitable one.
![Global Data Breach, Nokia Data Sold, Schneider Electric Breach – Cybersecurity News [November 04, 2024]](https://www.duocircle.com/wp-content/uploads/2024/11/dmarc-reporting-service-1.jpg)
Presenting a fresh bundle of exciting, handpicked news to enhance your knowledge and keep you informed. We will cover points revolving around news items ranging from a man being allegedly involved in significant data extortion, third-party associated risks hampering the ISMS protocols, a budding ransomware group demanding huge ransom, advancements in AI vulnerability detection, and last but not least, Okta’s recent fix for a username-related security flaw. Let’s dive deep into the details!
Threat actors use psychological tactics to manipulate victims into believing they are communicating with benevolent people. They know how to exploit older adults’s poor ability to spot the red flags of scams. In fact, in a recent study, 182 participants aged between 18 and 90 with normal cognitive function were given two separate tests to predict susceptibility to phishing. The results clearly revealed that it was easier for younger participants to distinguish between phishing and safe emails than older people. So, basically, the older you are, the higher the risk of falling into the trap of cybercriminals.
Phishing attacks have spread over the digital world like a plague. Not only are these attacks frequent, but they are also grave and capable of causing irreparable damage to your brand’s reputation. Not to mention the financial toll; phishing attacks cost companies an average of $4.88 million per data breach.
![Windows Kernel Vulnerability, Massive Data Breach, Facebook Malvertising Malware – Cybersecurity News [October 28, 2024]](https://www.duocircle.com/wp-content/uploads/2024/11/sender-policy-framework-1.jpg)
This week, we are once again back, providing you with an all-in-one platform to read news pieces freshly curated from authentic sources. Firstly, we will discover how the Microsoft Windows kernel is vulnerable to attack, and other following sources will highlight incidents like the Biggest data breach in US history, the circulation of malvertisements exploiting victims, Opera browser patching its critical vulnerability, and lastly, the first-ever release of the strategic plan by CISA. Let’s delve deep!
If safe email communication is one of your priorities, you have to ensure consistent and reliable paths for messages to travel on. With increased instances of sophisticated cybercrimes, email service providers are also using strict filters. So, if you are not taking care of proper configurations of email security protocols and software, your messages are highly prone to getting marked as spam or bouncing back.
If your business relies on email marketing, you would understand the pain of having your well-crafted and strategized emails land in recipients’ spam folders. As per a deliverability test conducted by EmailToolTester, almost 16.9% of emails don’t reach the intended recipients’ inboxes; out of these, 10.5% get marked as spam, and 6.4% go missing altogether. So, for example, if you tried reaching out to 1000 people through an email campaign, 169 of them won’t see your email in their inboxes.
Yes, you can create and update multiple DKIM records for your domain. In fact, it’s one of the best practices in certain scenarios. Each DKIM record corresponds to a different, unique selector that allows the existence and association of multiple public keys. This way, different public keys linked with different email servers or systems can coexist without triggering any technical problems.
![Cisco DevHub Breach, Impersonated IT Threats, Election Mail Security – Cybersecurity News [October 21, 2024]](https://www.duocircle.com/wp-content/uploads/2024/10/office-365-tenant-migration-tool-2.jpg)
This has been an exciting week in the cyber world, we present a scoop of recent cybersecurity highlights testing the robustness of the existential security landscape. The news coverage ranges from a data breach at Cisco affecting major services, unintentionally hiring practices of fraudulent employees leading to extortion, recent CISA and USPIS release of election mail security resources, the health sector facing a lawsuit for a major data breach, and finally, the comeback of Bumblebee and Latrodectus malware families. Let’s explore these pressing issues in detail below.
When it comes to validating the authenticity of an email’s contents, DKIM (DomainKeys Identified Mail) is the go-to authentication protocol for most organizations. It does so by adding a digital signature to the email’s header. This signature helps verify that the message is actually coming from a trusted source and that its contents have not been changed during transit.
You may not know, but DMARC adoption among the top 1 million websites is low, with only 33.4% having a valid DMARC record. This means that a significant portion of these websites, that is 66.6%, are vulnerable to email spoofing and phishing attacks. 57.2% of these websites use a ‘none’ policy, meaning emails that fail DMARC checks are still delivered to recipients’ primary inboxes. As a result, 85.7% of the domains don’t have effective DMARC protection, leaving them open to cyber threats.
Digital adoption means using new technologies, tools, and systems to make various processes more efficient and less time-consuming. There are tons of apps and software that do so many things that we don’t have to do manually. For example, Whatfix is a Digital Adoption Platform (DAP) that helps organizations implement new CRM systems quickly and get accustomed to the new software with minimal disruption. For companies implementing internal tools like HR or accounting software, Userlane ensures users can navigate new platforms without formal training sessions.
![Veeam Backup Vulnerability, GitHub Patches Flaw, FBI Fakes Cryptocurrency – Cybersecurity News [October 14, 2024]](https://www.duocircle.com/wp-content/uploads/2024/10/spf-validator-5.jpg)
We’re back to provide you with the latest cybersecurity news of the week to keep you informed and help secure against evolving threats. This week, we dive into the critical Veeam vulnerability being exploited to spread ransomware, GitHub patching critical flaws in its enterprise servers, the FBI’s use of a fake cryptocurrency to expose manipulation in the crypto market, CISA’s warning on unencrypted cookies in F5 BIG-IP systems, and the alarming number of unpatched Fortinet instances vulnerable to a known flaw. Let’s read the authentic details stated in the news pieces discussed below.
Once you have created a DKIM TXT record in your domain’s DNS manager, you can turn on DKIM for your domain from Zoho Mail’s control panel. DKIM configuration happens in 3 steps. Let’s see how these steps unfold to inform recipients if the email content was altered in transit.
In 1989, a group of unsuspected attendees at a World Health Organization conference received around 20,000 floppy disks. This incident went down in history not because of any scientific breakthroughs but because it heralded an all-new era in cybercrime—ransomware. Fast-forward to today, and ransomware attacks have transformed into a billion-dollar criminal enterprise, targeting not only the big giants but also small businesses and individuals.
DNS stands for Domain Name System, which is often referred to as the phonebook of the internet. Just as a phonebook helps you know the phone number of a person or organization, DNS also lets you know the IP address of a website. It’s complicated to remember the numeric and alphanumeric IP addresses of so many websites; that’s why you just type the name of the website in your browser’s search bar, and DNS steps in to retrieve the IP address corresponding to the website so that you land on the desired webpages.
![Iranian Cyber Threats, October Patch Updates, China Infiltrates Wiretap – Cybersecurity News [October 07, 2024]](https://www.duocircle.com/wp-content/uploads/2024/10/spf-validator-2.jpg)
We’re back to provide you with the latest cybersecurity news of the week. This week, we dive into a joint warning from CISA and the FBI about Iranian-backed cyber activity aimed at undermining US democratic institutions. Microsoft’s Patch Tuesday for October 2024 addresses a range of critical vulnerabilities. We’ll also discuss the alarming report that China has infiltrated police wiretap systems, Sellafield’s hefty fine for cybersecurity breaches, and how gamers are tricked into downloading Lua-based malware through fake cheating script engines. Let’s explore each of these developments in detail.
Email feedback loops are the significant mechanisms that notify senders about spam complaints. Your sender’s reputation plays a huge role in deciding whether a recipient’s mailbox will place your email in the inbox or spam folder or reject its entry. This is where email feedback loops step in and help you monitor your complaint rates so that you can take corrective measures for protecting and improving your domain’s sender reputation. Some of the common corrective measures are changing the way you write email content, using a better subject line, removing dormant subscribers from the list, providing an easy one-click unsubscribe option, etc.
Enabling DKIM on Google Workspace is a two-step process but most people stop after completing the first one only. If that’s what you have also done, then please know that in such scenarios, DKIM and DMARC will function normally, and there won’t be any impact on email delivery, failing to complete the second step will compromise your email security. However, DKIM will fail to authenticate emails using your custom domain, causing communication problems at multiple levels.