email security

In a move that will excite security-conscious organizations and users alike, Microsoft has announced a significant update to its revamped Outlook for Windows. Set to land later this January, the company will introduce Secure/Multipurpose Internet Mail Extensions (S/MIME) support for primary...

Imagine an email lands in your inbox—it looks legitimate. You see PayPal's logo, the subject seems professionally written, and even the email sender looks like the real deal. You don't think twice, log into PayPal to confirm the request, and BOOM: you've just handed your account over to a...

Phishing scams are like the flu of the cybersecurity world—constant, evolving, and always finding new ways to surprise you. But the latest intel from Fortinet’s FortiGuard Labs warns us of a phishing campaign that adds a layer of sophistication, blending technological savvy with psychological...

It’s a classic phishing tale, but this time, the stakes are raised higher than ever. Cybercriminals are trawling the depths of email inboxes with sophisticated phishing campaigns, targeting one of the most foundational tools for modern businesses—Microsoft Azure. What’s worse? They’re luring...

The Hidden Threat Lurking in Legitimate Platforms A phishing campaign with a particularly devious strategy has emerged, targeting Microsoft's Azure account users through an exploitation of HubSpot, a popular customer relationship management (CRM) platform. This campaign focuses on industries...

In today's digital age, Microsoft 365 stands as a stalwart fortress of productivity, trusted by businesses worldwide for its seamless collaboration and extensive native security features. Yet, with the rise of increasingly sophisticated cyber-attacks, the responsibility for safeguarding data...

In the ever-evolving landscape of cybersecurity, a new trend is making waves—Phishing-as-a-Service (PhaaS). Recent research from Trustwave has identified a disturbing increase in malicious email campaigns utilizing a specific PhaaS toolkit known as Rockstar 2FA. This alarming development raises...

In the rapidly evolving landscape of online threats, receiving an ominous email claiming that your devices have been compromised can be alarming. Recent reports suggest that many users are encountering fraudulent emails purportedly from Microsoft, demanding payment to prevent the release of...

In a startling turn of events for users of Microsoft's cloud services, cybercriminals have identified a new and insidious method to perpetrate sextortion scams using the Microsoft 365 Admin Portal. With the rise of digital communication, this latest exploit highlights just how creative—and...

In an alarming twist to cybercrime, criminals are now leveraging the Microsoft 365 Admin Portal to send sextortion emails, a tactic that is bypassing the usual spam filters thanks to the legitimacy of the Microsoft accounts involved. This issue, which surfaced on November 18, 2024, has raised...

In an exciting advancement for email security in New Zealand, the company SMX is teaming up with Microsoft to migrate its robust email security services to Microsoft's hyperscale cloud region in Aotearoa. This strategic move signifies the migration of over 500,000 mailboxes to the Azure public...

On November 12, 2024, Microsoft published critical information concerning a newly identified vulnerability in Microsoft Exchange Server, designated as CVE-2024-49040. This specific vulnerability poses a significant risk of spoofing attacks which could allow malicious actors to impersonate both...

Well, today I got an email message supposedly from FedEx saying that they had my package and there is a problem with my address, with a big button to click to contact them and confirm my address. This is the first time I've gotten one that was supposed to be from FedEx, UPS, or the Post Office...

Here is another real phishing email. This one purporting to be from PayPal. Lets dig in... (Orange) we have typos and grammatical errors (1) Again we have a weird email address from @paypap-us.com. This is highly unlikely owned by PayPal. (2) This email is probably BCC'd to a bunch of users...

Original release date: May 28, 2021 Summary The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are responding to a spearphishing campaign targeting government organizations, intergovernmental organizations (IGOs), and non-governmental...

Original release date: March 17, 2021 Summary This Advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise for all referenced threat actor tactics and techniques. The Cybersecurity and Infrastructure Security Agency...

Original release date: October 6, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. This product was written by the Cybersecurity and...

Original release date: August 14, 2020 Summary This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. The Cybersecurity and Infrastructure Security Agency (CISA)...

Original release date: August 12, 2020 Summary The Cybersecurity and Infrastructure Security Agency (CISA) is currently tracking an unknown malicious cyber actor who is spoofing the Small Business Administration (SBA) COVID-19 loan relief webpage via phishing emails. These emails include a...

Hi Guys I was just going through my emails and I saw one marked "Prime Alert". The message said... Unfortunately, we were unable to process your Amazon Prime membership payment. But don't worry, it's easy to solve & We are here to help! Your payment failed for the following reason: Declined...