Messaging Security

NIST SP 800-47 Rev. 1: Managing the Security of Information Exchanges

Messaging Security, Standards & Guidelines / By Frank Crast / July 20, 2021 September 6, 2021

The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-47 Rev. 1 Managing the Security of Information Exchanges.

Tags: Exchange, Information, NIST, SP 800-47

Justice Department seizes domains used in Nobelium spear-phishing attacks

Cybersecurity Attacks, Messaging Security, Phishing / By Frank Crast / June 2, 2021 June 2, 2021

The U.S. Justice Department has announced the seizure of domains used in Nobelium spear-phishing attacks previously identified by Microsoft last week.

Tags: C2, DOJ, Microsoft, MSTIC, Nobelium, phishing, Spearphishing, U.S Department of Justice, USAID

Microsoft uncovers NOBELIUM ‘sophisticated email-based attack’

Cybersecurity Attacks, Malware, Messaging Security, Phishing / By Frank Crast / May 28, 2021 May 28, 2021

The Microsoft Threat Intelligence Center (MSTIC) has uncovered a “sophisticated email-based attack” operated by NOBELIUM, as part of a wide-scale malicious email campaign.

Tags: Constant Contact, email, GoldMax, Microsoft, MSTIC, phishing, SolarWinds, Sunburst, Teardrop

Samba fixes vulnerability (CVE-2021-20254) that could allow an attacker unauthorized access to files

Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / April 30, 2021 April 30, 2021

Samba has released a software update to fix a vulnerability (CVE-2021-20254) that could allow an attacker unauthorized access to files. A remote attacker could take advantage of this bug and exploit unpatched systems.

Tags: CIFS, CVE-2021-20254, Samba, SMB

SonicWall Email Security zero-day vulnerabilities

Messaging Security, Network Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / April 25, 2021 April 26, 2021

SonicWall has released urgent patches for Critical Email Security product zero-day vulnerabilities CVE-2021-20021, CVE-2021-20022 and CVE-2021-20023.

Tags: CVE-2021-20021, CVE-2021-20022, CVE-2021-20023, email, HES, Messaging, SonicWall

Samba fixes two High severity bugs (CVE-2020-27840 and CVE-2021-20277)

Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / March 26, 2021 March 26, 2021

Samba has released software updates to fix two High severity security vulnerabilities (CVE-2020-27840 and CVE-2021-20277) that impact Samba products. A remote attacker could take advantage of these bugs and exploit unpatched systems.

Tags: Active Directory, CVE-2020-27840, CVE-2021-20277, LDAP, Samba, SMB, SMB/CIFS

FBI and CISA issue urgent joint cybersecurity advisory on Exchange server hacks

Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / March 11, 2021 March 11, 2021

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an urgent joint cybersecurity advisory on the Microsoft Exchange vulnerability exploits.

Tags: CISA, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, Exchange, FBI, Zero-day

Microsoft releases emergency patches for Exchange Server RCE vulnerabilities exploited in the wild (Updated)

Cybersecurity Attacks, Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / March 8, 2021 March 11, 2021

Microsoft has released emergency out-of-band security updates to fix multiple Critical vulnerabilities impacting Microsoft Exchange Server 2013, 2016 and 2019. The tech giant also published interim mitigations if organizations can not patch immediately, as well as an IOC detection tool.

Tags: CVE-2021-26855, Cybersecurity, Cybersecurity Threat Center, Exchange, Exchange Server, Exploit, Microsoft, Vulnerabilities

Malicious accounts used in BEC attacks against 6,600 organizations

Cybersecurity Attacks, Messaging Security, Phishing / By Frank Crast / August 11, 2020 August 11, 2020

Hackers are using thousands of legitimate emails accounts to launch impersonation and business email compromise (BEC) attacks against thousands of organizations.

Tags: AOL, Barracuda, BEC, Gmail, hackers, phishing, Scam, Shark Tank

Microsoft takes down malicious domains used in COVID-19 related phishing campaign

Cybercrime, Cybersecurity Attacks, Messaging Security, Phishing / By Frank Crast / July 8, 2020 July 8, 2020

Microsoft has disrupted a major cybercriminal operation designed to take advantage of the COVID-19 pandemic and defraud victims in 62 countries around the world.

Tags: COVID-19, DCU, email, Messaging, Microsoft, phishing