In this week’s cyber update, let’s examine the following case scenarios closely: a significant email data breach affecting multiple healthcare organizations, the discovery of a new Wi-Fi exploit used in targeted attacks, a malware campaign exploiting an outdated Avast driver, a high-profile extortion campaign targeting cloud storage platforms, and recent intrusion attempts on telecom infrastructure. These headlines are followed by matter-expert suggestions highlighting best practices one could follow to mitigate potential risks in the future.
How do we fix the custom domain configuration problems for Azure Email Communication?
by DuoCircle
Email deliverability is the backbone of email marketing campaigns; your effort in strategizing and executing the campaign will go to complete waste if half of your emails don’t reach the inboxes of the intended recipients. If you have deployed email authentication protocols like SPF and DKIM and ensured their TXT records aren’t amiss, receiving mail servers will consider emails sent from your domain by authorized senders as genuine and, hence, will not hesitate to place them in the inboxes.
Understanding the ins and outs of attack simulations
by DuoCircle
Attack simulation is a cybersecurity technique that tests defenses by imitating tactics, methods, and procedures used by threat actors to exploit vulnerabilities and launch attacks. Its purpose is to spot system vulnerabilities and help the security team remediate them before someone capitalizes on them for malicious purposes.
BreakSPF attack- working, impact, and preventive measures
by DuoCircle
Amidst the chaos in the cybersecurity landscape, a new type of cyberattack has been surfacing: BreakSPF. This latest attack framework bypasses the SPF authentication checks, invading target recipients’ inboxes with phishing and spoofing emails. This foul technique is capable of wreaking havoc on a large scale, jeopardizing the security of millions of domains across the world.
The wait is over! We’re here with this week’s round-up of the most pressing cybersecurity events and developments worldwide. The latest reports shed light on a significant data breach at a fintech giant, Finastra, efforts by the USDA to thwart phishing attacks with advanced authentication measures, a zero-day vulnerability impacting PAN-OS devices, VMware vCenter Server flaws being exploited post-patch, and a critical WordPress plugin vulnerability that puts millions of websites at risk.
With rapid digitization, email has become one of the most effective communication tools, both for business and corporate entities. However, the matter of concern is that the same emails are a favorite avenue for threat actors who exploit them to carry out malicious attacks, impersonate trusted brands, and spam naive users. This is where DMARC (Domain-based Message Authentication, Reporting, and Conformance) steps in! This is a robust email authentication protocol that can protect your domain as well as email recipients from the prying eyes of cybercriminals.
How to get started with BIMI for Zoho Mail- a guide to acquiring a verified checkmark
by DuoCircle
After Gmail and other key players, Zoho Mail is now openly supporting BIMI, allowing senders to display their brand logos with a blue verified checkmark in Zoho mailboxes. Email security risks are on the rise, stressing 95% of the top 500 cybersecurity leaders about it.
A roundup of TLDs that were the prime target of cyber attackers in 2024
by DuoCircle
As an unsuspecting internet user, if you come across an email from someone whose email address ends with a ‘.com’ or ‘.org,’ you might not think twice before opening it. After all, it comes from one of the widely recognized TLDs (top-level domains) out there. But in the context of cybersecurity, not everything that looks legitimate is to be trusted.
Your week’s wait is over since we are once again at your service, delivering the latest news and happenings in the cybersecurity world. The news pieces are freshly curated from authentic sources, providing you with insights on recent threat landscape scenarios. The news sections we cover further down the article include significant data breaches affecting healthcare providers, Microsoft’s latest patch addressing its vulnerabilities, the FBI’s warning about usage of hacked police email accounts, the rise of the new Interlock ransomware, and finally, the success of CISA’s ScubaGear tool, improving Microsoft 365 security configurations in cloud settings. Let’s explore and understand each section in detail.
Enforcing DMARC policies on incoming emails in Amazon WorkMail
by DuoCircle
Email domains use DNS to secure communications from eavesdroppers. They aim at preventing phishing, spoofing, ransomware, and impersonation attacks. DNS records also include a DMARC record, which is implemented and configured by the owner of the specific domain with the intention of allowing only authorized entities to send emails from that domain. A DMARC record consists of DMARC policies that instruct the receiving server on how to deal with unauthorized emails sent from your domain. By unauthorized emails, we mean outgoing emails from your domain that didn’t pass the DMARC checks.
AI is everywhere, from your smartphones and home appliances to high-efficiency systems in workplaces and industries. It is officially the era of artificial intelligence, where bots have taken over almost every domain, including cybersecurity.
Use cases for none, quarantine, and reject policy in DMARC
by DuoCircle
DMARC’s purpose of instructing receiving servers on how to handle unauthorized emails from your domain is achieved based on what policy you have set in your DMARC record. While p=reject is undoubtedly the strictest policy, there are conditions in which it isn’t a suitable one.
Global Data Breach, Nokia Data Sold, Schneider Electric Breach – Cybersecurity News [November 04, 2024]
by DuoCircle
Presenting a fresh bundle of exciting, handpicked news to enhance your knowledge and keep you informed. We will cover points revolving around news items ranging from a man being allegedly involved in significant data extortion, third-party associated risks hampering the ISMS protocols, a budding ransomware group demanding huge ransom, advancements in AI vulnerability detection, and last but not least, Okta’s recent fix for a username-related security flaw. Let’s dive deep into the details!
Rise in cybercrime against older adults across the world- the current scenario
by DuoCircle
Threat actors use psychological tactics to manipulate victims into believing they are communicating with benevolent people. They know how to exploit older adults’s poor ability to spot the red flags of scams. In fact, in a recent study, 182 participants aged between 18 and 90 with normal cognitive function were given two separate tests to predict susceptibility to phishing. The results clearly revealed that it was easier for younger participants to distinguish between phishing and safe emails than older people. So, basically, the older you are, the higher the risk of falling into the trap of cybercriminals.
Understanding the importance of DMARC in interagency phishing guide
by DuoCircle
Phishing attacks have spread over the digital world like a plague. Not only are these attacks frequent, but they are also grave and capable of causing irreparable damage to your brand’s reputation. Not to mention the financial toll; phishing attacks cost companies an average of $4.88 million per data breach.
Windows Kernel Vulnerability, Massive Data Breach, Facebook Malvertising Malware – Cybersecurity News [October 28, 2024]
by DuoCircle
This week, we are once again back, providing you with an all-in-one platform to read news pieces freshly curated from authentic sources. Firstly, we will discover how the Microsoft Windows kernel is vulnerable to attack, and other following sources will highlight incidents like the Biggest data breach in US history, the circulation of malvertisements exploiting victims, Opera browser patching its critical vulnerability, and lastly, the first-ever release of the strategic plan by CISA. Let’s delve deep!
Fixing custom domain configuration problems for Azure Email Communication Services
by DuoCircle
If safe email communication is one of your priorities, you have to ensure consistent and reliable paths for messages to travel on. With increased instances of sophisticated cybercrimes, email service providers are also using strict filters. So, if you are not taking care of proper configurations of email security protocols and software, your messages are highly prone to getting marked as spam or bouncing back.
Stop your emails from landing in spam folders with trusted email authentication
by DuoCircle
If your business relies on email marketing, you would understand the pain of having your well-crafted and strategized emails land in recipients’ spam folders. As per a deliverability test conducted by EmailToolTester, almost 16.9% of emails don’t reach the intended recipients’ inboxes; out of these, 10.5% get marked as spam, and 6.4% go missing altogether. So, for example, if you tried reaching out to 1000 people through an email campaign, 169 of them won’t see your email in their inboxes.
Yes, you can create and update multiple DKIM records for your domain. In fact, it’s one of the best practices in certain scenarios. Each DKIM record corresponds to a different, unique selector that allows the existence and association of multiple public keys. This way, different public keys linked with different email servers or systems can coexist without triggering any technical problems.
Cisco DevHub Breach, Impersonated IT Threats, Election Mail Security – Cybersecurity News [October 21, 2024]
by DuoCircle
This has been an exciting week in the cyber world, we present a scoop of recent cybersecurity highlights testing the robustness of the existential security landscape. The news coverage ranges from a data breach at Cisco affecting major services, unintentionally hiring practices of fraudulent employees leading to extortion, recent CISA and USPIS release of election mail security resources, the health sector facing a lawsuit for a major data breach, and finally, the comeback of Bumblebee and Latrodectus malware families. Let’s explore these pressing issues in detail below.
![Healthcare Email Breaches, Wi-Fi Exploits Uncovered, Malware Exploits Avast – Cybersecurity News [November 25, 2024]](https://www.duocircle.com/wp-content/uploads/2024/12/spf-record-tester.jpg)
![Finastra Probes Breach, USDA Adopts FID, PAN-OS Zero-Day – Cybersecurity News [November 18, 2024]](https://www.duocircle.com/wp-content/uploads/2024/11/spf-validator-7.jpg)
![Healthcare Breaches Confirmed, Microsoft Releases Patches, FBI Issues Advisory – Cybersecurity News [November 11, 2024]](https://www.duocircle.com/wp-content/uploads/2024/11/sender-policy-framework-7.jpg)
![Global Data Breach, Nokia Data Sold, Schneider Electric Breach – Cybersecurity News [November 04, 2024]](https://www.duocircle.com/wp-content/uploads/2024/11/dmarc-reporting-service-1.jpg)
![Windows Kernel Vulnerability, Massive Data Breach, Facebook Malvertising Malware – Cybersecurity News [October 28, 2024]](https://www.duocircle.com/wp-content/uploads/2024/11/sender-policy-framework-1.jpg)
![Cisco DevHub Breach, Impersonated IT Threats, Election Mail Security – Cybersecurity News [October 21, 2024]](https://www.duocircle.com/wp-content/uploads/2024/10/office-365-tenant-migration-tool-2.jpg)