Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product has been exploited in the wild.
The vulnerability, tracked as CVE-2023-45249 (CVSS score: 9.8), concerns a case of remote code execution that stems from the use of default passwords.
The flaw impacts the following versions of Acronis Cyber Infrastructure (ACI) –
&
The Hacker News – Read More
Cybersecurity Experts Uncover Critical Vulnerabilities in Leading Web Analytics Platform Hotjar, Potentially Exposing Sensitive Data of Millions of…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
We’ve recently improved the accuracy of detecting spear phishing and business email compromise (BEC) attacks by adding a tiny but important check to our email security products. Now, if our mail-protection engine flags an email as suspicious for whatever reason, we match the domain in the From header against that in the Reply To header. And it’s surprisingly effective; this simple check succeeds in weeding out a large portion of rather sophisticated attacks. Here’s how it works.
Spear phishers who carry out targeted email attacks traditionally go to great lengths to make their emails seen legitimate. These aren’t the kind of bad guys who email out attachments with Trojans inside; instead, they tend to hide phishing links under multiple layers of subterfuge. And this is why security solutions capable of detecting targeted emails rarely deliver a verdict based on a single criterion, but rather on a combination of suspicious signs. Matching the From and Reply To fields is one of these criteria.
Most attackers, even when compromising business correspondence, don’t bother hacking legitimate domains. Instead, they exploit the often-limited “expertise” of mail-server administrators. In fact, on a huge number of domains, mail authentication methods — like Sender Policy Framework (SPF), and especially Domain-based Message Authentication, Reporting, and Conformance (DMARC) — don’t work very effectively (if at all). In the best-case scenario, these mechanisms are technically enabled, but configured so loosely to avoid false positives that they become practically useless.
This laxity allows threat actors (sometimes including those behind full-blown APT attacks) to simply take the domain of the targeted organization and put it in the From, or even the SMTP From header. However, since they don’t want to just deliver an email, but also get a direct reply to it, they have to put their own address in the Reply To field. This tends to be a disposable email address or an address hosted on a free email service. And that’s what gives them away.
From and Reply To don’t always have to match. There are many legitimate cases when an email may be sent from one mail server, but the reply is expected to another. The simplest example of this is newsletters and marketing emails: a specialized mailing-service provider sends them, but its client is the one who’s interested in the responses. Therefore, if the From and Reply To check were always enabled, it’d generate false positives.
The check is integrated into all our corporate email security products: Kaspersky Security for Microsoft Exchange Server, Kaspersky Security for Office 365, Kaspersky Security for Linux Mail Server, and Kaspersky Secure Mail Gateway.
Kaspersky official blog – Read More
VPN demand skyrockets in Bangladesh due to internet restrictions. Learn about the global impact of VPNs on internet…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
According to an analysis by TRM Labs, Russian-speaking threat actors were responsible for over 69% of all ransomware-related cryptocurrency earnings in the past year, amounting to more than $500 million.
Cyware News – Latest Cyber News – Read More
An attack flow that combines API flaws within “log in with” implementations and Web injection bugs could affect millions of websites.
darkreading – Read More
Long-distance cables were severed across France in a move that disrupted internet connectivity.
Security Latest – Read More
An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint’s defenses to send millions of messages spoofing various legitimate companies.
“These emails echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures, thus bypassing major security protections — all to deceive
The Hacker News – Read More
Research shows voters around the world are nervous about political deepfakes, with some country’s citizens being far more concerned than others.
Latest news – Read More
Despite bans, organizations are widespread in using AI code tools, causing security concerns, as reported by Checkmarx. While 15% prohibit AI tools for code generation, a staggering 99% still use them.
Cyware News – Latest Cyber News – Read More
