Sometimes, Google Calendar invites don’t pass DMARC authentication checks because when the recipient replies to the invitation, the response is sent back through Google’s servers. Since the ‘From’ address and the originating servers don’t align, the Google Calendar invitation gets rejected as the sending domain’s DMARC policy instructs so.
How do you stay one step ahead in a world where cybersecurity threats evolve faster than a click? One of the best ways to stay on top of your cybersecurity game is to cultivate a comprehensive understanding of the various determinants that shape the cybersecurity landscape—major threats, emerging technologies, regulatory changes, etc. And what better way to gain insights into all of this and more than by attending conferences?
DMARC failure reports give insights into why emails failed DMARC checks and show where the trouble is to help you fix it. Invalid DMARC records fail to filter out phishing and spoofing emails. So, ensure your SPF and DKIM settings are correct, address alignment issues, and manage subdomains carefully.
![Darcula Device Phishing, KuCoin AML Charges, Finland APT31 Culprits – Cybersecurity News [March 25, 2024]](https://www.duocircle.com/wp-content/uploads/2024/04/dmarc-generator.jpg)
Here we are again with the latest in cybersecurity to help you keep up and stay a step ahead of threat actors and new scams. This week, we’ll share information about the Darcula phishing scheme targeting mobile devices, KuCoin’s failure to cope with the US AML requirements, the Finnish Police’s latest update on the parliament breach, the advanced PhaaS tool that bypasses MFA, and also how Google’s AI-powered search is promoting scam websites and malware. Let’s get into it.
Do your children take lessons or play games online? Do they spend significant time on the internet downloading songs or simply browsing through the treasure trove of information available online?
National security is generally associated with protecting the borders, but in this hyperconnected digital world, there’s more to ensuring a nation’s safety than just safeguarding the borders from external threats.
![Spa Email Compromised, X Malicious Redirect, CISA China Cyber – Cybersecurity News [March 18, 2024]](https://www.duocircle.com/wp-content/uploads/2024/03/email-sending-services-1.jpg)
This week, we bring you the latest in cybersecurity that will help you stay a step ahead of the latest threats. From the phishing scam of the Spa Grand Prix and the malicious telegram links on X (Twitter) to the latest releases by CISA and the FTC on Chinese threats and impersonation scams. Plus, the details of the ‘Earth Krahang’ threat actor group that has compromised 70 organizations in 45 countries. Stay tuned!
Phishing is an umbrella term for several kinds of tricks and scams attempted online. For example, there’s ‘credential phishing,’ which is when threat actors steal your passwords or login information. Then, there’s ‘spear phishing,’ which is more targeted and personalized. They might use information about you to make their scams seem more believable. Another type is ‘vishing,’ which involves phone calls instead of emails, where they try to get personal information from you over the phone.
Nissan, the Japanese car manufacturing company, experienced a mind-boggling ransomware attack on December 5, 2024, resulting in a complete frenzy across Australia and New Zealand. This is not the first time that Nissan has come under the radar of cybercriminals. Earlier, this automobile company faced attacks such as proof of concept exploitation, source code leak issues, and data breach cases. Apparently, the notorious Akira ransomware gang is the mastermind behind this cyber scam. They have claimed to have scraped a whopping 100GB of data.
We are in 2024, and it’s officially the era of email authentication, especially after Google and Yahoo made it mandatory for organizations to protect their email ecosystem with SPF, DKIM, and DMARC. Now that email authentication has become the new norm; enterprises have no other choice but to level up their cybersecurity game by implementing robust email authentication protocols.
![French Agency Breach, PixPirate’s Stealth Technique, Fake Wallet Scam – Cybersecurity News [March 11, 2024]](https://www.duocircle.com/wp-content/uploads/2024/03/dkim-selector.jpg)
Here we are again with the latest inside scoop on the cybersecurity highlights of the week. We’ll share details of the data leak in France’s job-seeking portal, the latest advancements of PixPirate Android malware, the fake “Leather” wallet crypto drainer application on the App Store, the Russian attack on Microsoft, and the arrest of a former Google employee who stole cutting-edge AI tech from the organization. Stay tuned!
DMARC isn’t a new regime; however, regulations and email service providers have now made it mandatory. This exercise is meant to reduce phishing and spoofing by filtering genuine and fraudulent emails. DMARC works in accordance with SPF and DKIM to instruct recipients’ servers to either reject or mark illegitimate emails as spam, reducing the likelihood of victims engaging with such emails and getting manipulated.
Clop Ransomware was first discovered by Michael Gillespie in 2019. It’s a developing family of ransomware that encrypts all data in a company’s digital ecosystem, and hackers demand money to decrypt and give back access. The malware is packed covertly and smartly to hide its inner workings.
If you have a website’s IP address and don’t know its domain name, you would need to perform a PTR lookup. A PTR record, which is short for a Pointer Record, is the opposite of an A record; an A record translates domain names into their corresponding IP addresses, and a PTR record translates IP addresses into their corresponding domain names.
![Internet Crime Costs U.S. $12.5B, WordPress Breach Exploits, Cybercriminals Impersonate Government – Cybersecurity News [March 04, 2024]](https://www.duocircle.com/wp-content/uploads/2024/03/spf-permerror-1.jpg)
We’re back with the latest cybersecurity news that will keep you a step ahead of cybercriminals and their new tactics. This week, we’ll examine the findings of the 2023 Internet Crime Report, the new WordPress brute force password attacks, BEC attacks with threat actors impersonating the U.S. Government, the new WogRAT Malware, and how Germany’s Düsseldorf Police took down the country’s largest cybercriminal portal.
Microsoft refrains from rejecting emails that don’t pass the DMARC checks even if the sending domain’s DMARC policy is set to ‘p=reject.’ This is because it is considerate of the legitimate emails that get false positives. So, to avoid disrupting genuine conversations, Microsoft takes a different route.
Don’t we all love it when tasks become easier for us? And by saying ‘all’ we unfortunately have to include cybercriminals as well. What we are talking about today is cybercrime-as-a-service or CaaS– a model that has democratized cybercrime by allowing even budding malicious actors to wreak havoc with just a rudimentary understanding of cyber menaces, access to the internet, and some money.
If you notice outgoing emails going to spam folders of only Outlook recipients and reflecting a ‘000’ reason, then it means your messages failed DMARC with ‘quarantine’ or ‘reject’ effects. You are likely to see the following snippet from the headers of email messages getting dumped in the spam folders-
SPF and DKIM collectively prevent you from email spoofing and phishing while also ensuring nobody tampers with messages in transit. To get started with them, domain administrators have to create their respective records and add them to their domain’s DNS.
![Joomla XSS Risk, Banking Trojan Google, US Cyber Tips – Cybersecurity News [February 19, 2024]](https://www.duocircle.com/wp-content/uploads/2024/02/office-365-tenant-to-tenant-migration-same-domain.jpg)
From Joomla’s new vulnerabilities to the latest banking trojan campaigns on Google Cloud Run and OpenAI keeping state-sponsored threat actors from using its ChatGPT tool, here are the top scoops of the week in the cybersecurity world. Stay tuned to learn more about these and how to keep yourself safe from these new threats.