We’re back to provide you with the latest cybersecurity news of the week to keep you informed and help secure against evolving threats. This week, we dive into the critical Veeam vulnerability being exploited to spread ransomware, GitHub patching critical flaws in its enterprise servers, the FBI’s use of a fake cryptocurrency to expose manipulation in the crypto market, CISA’s warning on unencrypted cookies in F5 BIG-IP systems, and the alarming number of unpatched Fortinet instances vulnerable to a known flaw. Let’s read the authentic details stated in the news pieces discussed below.
How to add a DKIM signature for your domain in Zoho?
by DuoCircle
Once you have created a DKIM TXT record in your domain’s DNS manager, you can turn on DKIM for your domain from Zoho Mail’s control panel. DKIM configuration happens in 3 steps. Let’s see how these steps unfold to inform recipients if the email content was altered in transit.
In 1989, a group of unsuspected attendees at a World Health Organization conference received around 20,000 floppy disks. This incident went down in history not because of any scientific breakthroughs but because it heralded an all-new era in cybercrime—ransomware. Fast-forward to today, and ransomware attacks have transformed into a billion-dollar criminal enterprise, targeting not only the big giants but also small businesses and individuals.
What is DNS and why is it the backbone of the internet?
by DuoCircle
DNS stands for Domain Name System, which is often referred to as the phonebook of the internet. Just as a phonebook helps you know the phone number of a person or organization, DNS also lets you know the IP address of a website. It’s complicated to remember the numeric and alphanumericIP addresses of so many websites; that’s why you just type the name of the website in your browser’s search bar, and DNS steps in to retrieve the IP address corresponding to the website so that you land on the desired webpages.
Iranian Cyber Threats, October Patch Updates, China Infiltrates Wiretap – Cybersecurity News [September 30, 2024]
by DuoCircle
We’re back to provide you with the latest cybersecurity news of the week. This week, we dive into a joint warning from CISA and the FBI about Iranian-backed cyber activity aimed at undermining US democratic institutions. Microsoft’s Patch Tuesday for October 2024 addresses a range of critical vulnerabilities. We’ll also discuss the alarming report that China has infiltrated police wiretap systems, Sellafield’s hefty fine for cybersecurity breaches, and how gamers are tricked into downloading Lua-based malware through fake cheating script engines. Let’s explore each of these developments in detail.
Email deliverability is one of the primary factors in deciding whether your day-to-day emails and specially curated email campaigns will land in your inboxes or get marked as spam. There could be several reasons your email deliverability is low, including the “550 5.7 0 Email Rejected Per SPF Policy” error code.
What are email feedback loops and how do they work?
by DuoCircle
Email feedback loops are the significant mechanisms that notify senders about spam complaints. Your sender’s reputation plays a huge role in deciding whether a recipient’s mailbox will place your email in the inbox or spam folder or reject its entry. This is where email feedback loops step in and help you monitor your complaint rates so that you can take corrective measures for protecting and improving your domain’s sender reputation. Some of the common corrective measures are changing the way you write email content, using a better subject line, removing dormant subscribers from the list, providing an easy one-click unsubscribe option, etc.
Learning to avoid breaking up the Google Workspace DKIM setup
by DuoCircle
Enabling DKIM on Google Workspace is a two-step process but most people stop after completing the first one only. If that’s what you have also done, then please know that in such scenarios, DKIM and DMARC will function normally, and there won’t be any impact on email delivery, failing to complete the second step will compromise your email security. However, DKIM will fail to authenticate emails using your custom domain, causing communication problems at multiple levels.
We’re back to provide you with the latest cybersecurity news of the week, designed to keep you informed and secure against evolving threats. This week, we delve into Microsoft’s identification of Storm-0501 as a critical player in hybrid cloud ransomware attacks, a new HTML smuggling campaign distributing DCRat malware to Russian-speaking users, CISA’s release of a new toolkit for K-12 schools to address anonymous threats, a recently patched but less severe vulnerability in CUPS, and NIST’s revisions to identity and password guidelines. Furthermore, let us now go through the details of each story.
A guide to detecting DMARC problems using the pentesting techniques
by DuoCircle
While DMARC has proven its ability to keep spoofing and phishing attacks at a distance, DMARC records can have errors and misconfigurations. So, if you are seeing multiple instances of false positives, false negatives, delivery issues, etc., then it’s suggested that you check your DMARC record to see if it has issues. This can be done by running your DMARC TXT record through an online lookup tool. You can also come across errors and misconfigurations using penetration testing.
DMARC is based on three policies: none, quarantine, and reject. As a domain owner, you have the choice to apply one of these three policies for illegitimate emails sent from your domain. However, sometimes, receiving servers don’t respect the policy you applied; they adjust the policy according to what seems to be better for the emails sent from your domain.
Microsoft’s recent updates empower domain owners to combat modern phishing attacks using DMARC
by Duocircle
Microsoft has always encouraged domain owners to deploy DMARC to improve email deliverability and prevent spoofing. It has also been part of industry groups that aim to improve email security standards, demonstrating its endorsement of DMARC as part of the future of secure communication.
We’re back with the latest cybersecurity updates to inform you about recent threats and help you stay protected. This week, we’ll dive into how hackers are exploiting Versa Director through a critical vulnerability, the supply chain attack linked to Hezbollah device explosions, a zero-click vulnerability in MediaTek Wi-Fi chipsets, Transport for London’s (TfL) data breach affecting 5,000 customers, and the latest campaign by the North Korean-linked group Gleaming Pisces using poisoned Python packages to deliver backdoors. Let’s explore the news descriptions provided below!
Deciphering DMARC reports is complex as it requires understanding the XML structure and key components within the report. You have to analyze the IP address and understand the failures. Here’s a step-by-step guide on how you can go about it.
Understanding the process and importance of hashing in DKIM
by Duocircle
DKIM was created in 2005 to help recipients determine if someone has tampered with the email content in transit. The protocol is broadly based on the concept of cryptography, which ensures the authenticity and integrity of an email message by using a public key to sign the outgoing emails for your domain. In DKIM, hashing is an important step in creating a secure signature for email integrity and authentication. Let’s see how hashing works.
Lately, DMARC adoption has been reflecting an upward trend, underscoring the increasing awareness about email security, especially after Google and Yahoo’s announcements. Roughly 20 million domains are already using DMARC, although many users are still stuck at the p=none policy, which is like moving two steps forward and one step back.
Did you know how cyberspace unfolded this week? Here we are to inform you about this week’s most talked-about news and updates, curated and designed for you. We have covered topics around cybersecurity attacks, advisories, and other security-related updates. Some of these topics are related to leveraging cloud solutions in creating and maintaining access control, the FOCAL plan of CISA to safeguard an organization’s security posture, Chrome users being targeted to reveal account credentials, CISA’s addition of two new CVEs to the list, Fake and fraudulent live streaming websites exposed, and many more.
Phishing attack on 23rd US-Taiwan Defense Conference averted!
by Duocircle
In a recent turn of events, threat actors have been trying to target a US-Taiwanese defense conference. The meeting is going to be held in Philadelphia’s Logan Square neighborhood. Press entry will not be allowed in the meeting. Eminent speakers from different sectors, such as commerce, defense, academia, and government, will be attending the 23rd defense conference. The agenda of the meeting is to discuss the ‘future of US defense cooperation with Taiwan, the defense procurement process, and Taiwan’s defense and national security needs.’
Best practices for sending bulk emails on Gmail: A detailed guide
by Duocircle
Reaching out to your target audience in today’s highly competitive time requires not only great skills but a fail-proof strategy as well. Sending bulk emails is one such surefire strategy that enables you to reach out to a large audience with your brand message. However, if you fail to adhere to Gmail policies and local regulations, your emails can soon turn out to be spammy. When you follow the right practices, it guarantees that your emails will reach the right inboxes and resonate with your audience. Also, you won’t be easily marked as a spammer!
We are excited to announce that DuoCircle has acquired Maysoft’s SpamSentinel and Verisend products, a trusted name in email security for over twenty years. This partnership represents a new chapter for Maysoft’s customers, bringing an exciting upgrade in email protection and access to DuoCircle’s world-class customer support and services.
At DuoCircle, we have built a strong reputation for helping businesses stay secure with advanced email filtering and phishing protection. By welcoming Maysoft’s customers into the DuoCircle family, we are thrilled to provide the same level of care, combined with enhanced security features, ensuring your continued email protection is stronger than ever.
What This Means for Maysoft Customers
24/7 Technical Support: Maysoft customers will now benefit from DuoCircle’s renowned 24/7 technical support. Our team is available at any time to help with any questions or concerns, providing you with uninterrupted service and peace of mind.
Enhanced Phishing Protection and Email Filtering: As part of DuoCircle’s platform, Maysoft customers will enjoy upgraded email filtering and advanced phishing protection. This upgrade will bolster your defenses against email threats like phishing, spam, and malware.
Seamless Migration to Cloud Services: Maysoft’s on-premise customers will have the opportunity to transition to DuoCircle’s secure, cloud-based infrastructure. Our goal is to ensure that this migration is smooth, providing enhanced long-term security with minimal disruption.
A Partnership Built on Trust and Proven Solutions
Maysoft has been diligently testing DuoCircle’s platform over the last six months to ensure that this transition is seamless and beneficial for all customers. The result is a solid partnership that blends Maysoft’s trusted service with DuoCircle’s robust technology, offering you even greater protection and reliability.
We are committed to upholding the values and trust that Maysoft has established with you over the years, while also delivering the added benefits of DuoCircle’s enhanced security platform. We look forward to serving you as part of the DuoCircle family, with even stronger email security and support.
Stay tuned for more updates, and welcome to DuoCircle!
![Veeam Backup Vulnerability, GitHub Patches Flaw, FBI Fakes Cryptocurrency – Cybersecurity News [October 14, 2024]](https://www.duocircle.com/wp-content/uploads/2024/10/spf-validator-5.jpg)
![Iranian Cyber Threats, October Patch Updates, China Infiltrates Wiretap – Cybersecurity News [October 07, 2024]](https://www.duocircle.com/wp-content/uploads/2024/10/spf-validator-2.jpg)
![Storm-0501 Threat Identified, HTML Smuggling DCRat, CISA Releases Toolkit – Cybersecurity News [September 30, 2024]](https://www.duocircle.com/wp-content/uploads/2024/10/dmarc-report-2.jpg)
![Versa Networks Flaw, Hezbollah Supply Chain, MediaTek Wi-Fi Vulnerability – Cybersecurity News [September 23, 2024]](https://www.duocircle.com/wp-content/uploads/2024/09/spf-validator-8.jpg)
![Operational Cybersecurity Alignment, Chrome Credential Threats, CISA CVEs Update – Cybersecurity News [September 16, 2024]](https://www.duocircle.com/wp-content/uploads/2024/09/spf-permerror-7.jpg)
