When it comes to validating the authenticity of an email’s contents, DKIM (DomainKeys Identified Mail) is the go-to authentication protocol for most organizations. It does so by adding a digital signature to the email’s header. This signature helps verify that the message is actually coming from a trusted source and that its contents have not been changed during transit.
You may not know, but DMARC adoption among the top 1 million websites is low, with only 33.4% having a valid DMARC record. This means that a significant portion of these websites, that is 66.6%, are vulnerable to email spoofing and phishing attacks. 57.2% of these websites use a ‘none’ policy, meaning emails that fail DMARC checks are still delivered to recipients’ primary inboxes. As a result, 85.7% of the domains don’t have effective DMARC protection, leaving them open to cyber threats.
Digital adoption means using new technologies, tools, and systems to make various processes more efficient and less time-consuming. There are tons of apps and software that do so many things that we don’t have to do manually. For example, Whatfix is a Digital Adoption Platform (DAP) that helps organizations implement new CRM systems quickly and get accustomed to the new software with minimal disruption. For companies implementing internal tools like HR or accounting software, Userlane ensures users can navigate new platforms without formal training sessions.
![Veeam Backup Vulnerability, GitHub Patches Flaw, FBI Fakes Cryptocurrency – Cybersecurity News [October 14, 2024]](https://www.duocircle.com/wp-content/uploads/2024/10/spf-validator-5.jpg)
We’re back to provide you with the latest cybersecurity news of the week to keep you informed and help secure against evolving threats. This week, we dive into the critical Veeam vulnerability being exploited to spread ransomware, GitHub patching critical flaws in its enterprise servers, the FBI’s use of a fake cryptocurrency to expose manipulation in the crypto market, CISA’s warning on unencrypted cookies in F5 BIG-IP systems, and the alarming number of unpatched Fortinet instances vulnerable to a known flaw. Let’s read the authentic details stated in the news pieces discussed below.
Once you have created a DKIM TXT record in your domain’s DNS manager, you can turn on DKIM for your domain from Zoho Mail’s control panel. DKIM configuration happens in 3 steps. Let’s see how these steps unfold to inform recipients if the email content was altered in transit.
In 1989, a group of unsuspected attendees at a World Health Organization conference received around 20,000 floppy disks. This incident went down in history not because of any scientific breakthroughs but because it heralded an all-new era in cybercrime—ransomware. Fast-forward to today, and ransomware attacks have transformed into a billion-dollar criminal enterprise, targeting not only the big giants but also small businesses and individuals.
DNS stands for Domain Name System, which is often referred to as the phonebook of the internet. Just as a phonebook helps you know the phone number of a person or organization, DNS also lets you know the IP address of a website. It’s complicated to remember the numeric and alphanumeric IP addresses of so many websites; that’s why you just type the name of the website in your browser’s search bar, and DNS steps in to retrieve the IP address corresponding to the website so that you land on the desired webpages.
![Iranian Cyber Threats, October Patch Updates, China Infiltrates Wiretap – Cybersecurity News [October 07, 2024]](https://www.duocircle.com/wp-content/uploads/2024/10/spf-validator-2.jpg)
We’re back to provide you with the latest cybersecurity news of the week. This week, we dive into a joint warning from CISA and the FBI about Iranian-backed cyber activity aimed at undermining US democratic institutions. Microsoft’s Patch Tuesday for October 2024 addresses a range of critical vulnerabilities. We’ll also discuss the alarming report that China has infiltrated police wiretap systems, Sellafield’s hefty fine for cybersecurity breaches, and how gamers are tricked into downloading Lua-based malware through fake cheating script engines. Let’s explore each of these developments in detail.
Email feedback loops are the significant mechanisms that notify senders about spam complaints. Your sender’s reputation plays a huge role in deciding whether a recipient’s mailbox will place your email in the inbox or spam folder or reject its entry. This is where email feedback loops step in and help you monitor your complaint rates so that you can take corrective measures for protecting and improving your domain’s sender reputation. Some of the common corrective measures are changing the way you write email content, using a better subject line, removing dormant subscribers from the list, providing an easy one-click unsubscribe option, etc.
Enabling DKIM on Google Workspace is a two-step process but most people stop after completing the first one only. If that’s what you have also done, then please know that in such scenarios, DKIM and DMARC will function normally, and there won’t be any impact on email delivery, failing to complete the second step will compromise your email security. However, DKIM will fail to authenticate emails using your custom domain, causing communication problems at multiple levels.
![Storm-0501 Threat Identified, HTML Smuggling DCRat, CISA Releases Toolkit – Cybersecurity News [September 30, 2024]](https://www.duocircle.com/wp-content/uploads/2024/10/dmarc-report-2.jpg)
We’re back to provide you with the latest cybersecurity news of the week, designed to keep you informed and secure against evolving threats. This week, we delve into Microsoft’s identification of Storm-0501 as a critical player in hybrid cloud ransomware attacks, a new HTML smuggling campaign distributing DCRat malware to Russian-speaking users, CISA’s release of a new toolkit for K-12 schools to address anonymous threats, a recently patched but less severe vulnerability in CUPS, and NIST’s revisions to identity and password guidelines. Furthermore, let us now go through the details of each story.
While DMARC has proven its ability to keep spoofing and phishing attacks at a distance, DMARC records can have errors and misconfigurations. So, if you are seeing multiple instances of false positives, false negatives, delivery issues, etc., then it’s suggested that you check your DMARC record to see if it has issues. This can be done by running your DMARC TXT record through an online lookup tool. You can also come across errors and misconfigurations using penetration testing.
DMARC is based on three policies: none, quarantine, and reject. As a domain owner, you have the choice to apply one of these three policies for illegitimate emails sent from your domain. However, sometimes, receiving servers don’t respect the policy you applied; they adjust the policy according to what seems to be better for the emails sent from your domain.
Microsoft has always encouraged domain owners to deploy DMARC to improve email deliverability and prevent spoofing. It has also been part of industry groups that aim to improve email security standards, demonstrating its endorsement of DMARC as part of the future of secure communication.
![Versa Networks Flaw, Hezbollah Supply Chain, MediaTek Wi-Fi Vulnerability – Cybersecurity News [September 23, 2024]](https://www.duocircle.com/wp-content/uploads/2024/09/spf-validator-8.jpg)
We’re back with the latest cybersecurity updates to inform you about recent threats and help you stay protected. This week, we’ll dive into how hackers are exploiting Versa Director through a critical vulnerability, the supply chain attack linked to Hezbollah device explosions, a zero-click vulnerability in MediaTek Wi-Fi chipsets, Transport for London’s (TfL) data breach affecting 5,000 customers, and the latest campaign by the North Korean-linked group Gleaming Pisces using poisoned Python packages to deliver backdoors. Let’s explore the news descriptions provided below!
Deciphering DMARC reports is complex as it requires understanding the XML structure and key components within the report. You have to analyze the IP address and understand the failures. Here’s a step-by-step guide on how you can go about it.
DKIM was created in 2005 to help recipients determine if someone has tampered with the email content in transit. The protocol is broadly based on the concept of cryptography, which ensures the authenticity and integrity of an email message by using a public key to sign the outgoing emails for your domain. In DKIM, hashing is an important step in creating a secure signature for email integrity and authentication. Let’s see how hashing works.
Lately, DMARC adoption has been reflecting an upward trend, underscoring the increasing awareness about email security, especially after Google and Yahoo’s announcements. Roughly 20 million domains are already using DMARC, although many users are still stuck at the p=none policy, which is like moving two steps forward and one step back.
![Operational Cybersecurity Alignment, Chrome Credential Threats, CISA CVEs Update – Cybersecurity News [September 16, 2024]](https://www.duocircle.com/wp-content/uploads/2024/09/spf-permerror-7.jpg)
Did you know how cyberspace unfolded this week? Here we are to inform you about this week’s most talked-about news and updates, curated and designed for you. We have covered topics around cybersecurity attacks, advisories, and other security-related updates. Some of these topics are related to leveraging cloud solutions in creating and maintaining access control, the FOCAL plan of CISA to safeguard an organization’s security posture, Chrome users being targeted to reveal account credentials, CISA’s addition of two new CVEs to the list, Fake and fraudulent live streaming websites exposed, and many more.