Security Experts:

Email Security
long dotted

NEWS & INDUSTRY UPDATES

Citrix warns that the bugs could result in privileged code in a guest virtual machine to crash the host or render it unresponsive. [Read More]
North Korean government-backed APT group caught using a fake pen-testing company sock puppet Twitter and LinkedIn accounts in an escalation of a hacking campaign targeting security research professionals. [Read More]
A serious security bug in the 'netmask' npm package leads to misinterpretation of IP addresses. [Read More]
CompuCom shares information on the cost of recovering from a cybersecurity incident, including loss of revenue and major service disruptions. [Read More]
Suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries. [Read More]
Apple ships an urgent security update to fix a major security flaw affecting iPhone, iPad and Apple Watch devices and warned that the vulnerability is being actively exploited in the wild. [Read More]
Reuters is reporting that a draft executive order would set new rules on data breach disclosure and use of multi-factor authentication and encryption in federal agencies. [Read More]
Researchers flag a critical security hole in the official Facebook for WordPress plugin and warn it could be abused for remote code execution attacks. [Read More]
Solarwinds has shipped a major security update to fix at least four documented security vulnerabilities, including a pair of bugs that be exploited for remote code execution attacks. [Read More]
Slack rushed to take action on Wednesday after customers raised security-related concerns regarding a new feature that allows users to send direct messages to anyone. [Read More]

FEATURES, INSIGHTS // Email Security

rss icon

Erin O’Malley's picture
Conventional email security solutions may defend against spam, viruses, and malware, but they don’t defend against ignorance or egregious stupidity.
Bill Sweeney's picture
As data moves online, social engineering techniques have become far more personalized, technologically advanced and ultimately successful.
Travis Greene's picture
Yahoo's “Account Key” uses push notifications to their Yahoo Mail app on mobile devices. Will this securely replace passwords and two-factor authentication?
Travis Greene's picture
In the case of Hilary Clinton's personal email server, we know that Top Secret information was transmitted over a network that likely wasn’t equipped to safeguard it. If her server was a target of foreign state actors, the implications are frightening.
Marc Solomon's picture
Today’s email-based attacks don’t occur at a single point in time and use multiple methods to evade detection. To bolster protection, organizations may turn to a set of disparate products that don’t – and can’t – work together.
Marc Solomon's picture
Recent high-profile security breaches at major retailers stem from the fact that in-store networks and their components are evolving and spawning a range of attack vectors.
Marc Solomon's picture
Many continue to click on links or attachments sent via email without taking any steps to verify the origin of the email or the validity of the link or attachment. It only takes one click to for an attacker to establish a foothold in the target’s systems.
Jon-Louis Heimerl's picture
Social engineering attacks can happen at any time. Here are some strategies you can use to help reduce the chances of a successful social engineering/phishing attack you or your organization.
Jon-Louis Heimerl's picture
Was the Mayan Apocalypse was a myth? Since I am a security geek, I just happen to talk about security a lot. What are some security myths I have heard in my conversations with some very bright people?
Tal Be'ery's picture
In this column, Tal analyzes the technical details of the DKIM vulnerability, evaluates possible implications of the exploit, and points to some general lessons.