All news with #email security tag

🔐 Cyber attackers are increasingly embedding malware inside password-protected ZIP archives and splitting the delivery chain by sending the archive via email while transmitting the password out-of-band (SMS or messaging apps). Traditional scanners struggle to inspect these encrypted attachments. New Threat Emulation capabilities can now inspect and block malicious ZIP files without requiring the password, closing the delivery gap. This reduces reliance on manual password sharing and strengthens perimeter defenses.

📧 Microsoft is investigating an ongoing Exchange Online issue that is mistakenly marking legitimate email messages as phishing and quarantining them. The problem began on February 5 and continues to disrupt customers' ability to send and receive mail. Microsoft traced the fault to a newly introduced URL rule that incorrectly classifies certain links as malicious. The company is releasing quarantined messages and working to unblock legitimate URLs while it completes remediation.

📧 Inboxes can be overwhelmed by spam and scams for many reasons, from large-scale data breaches and web scraping to updated scam kits and AI-assisted phishing that evade filters. Attackers use these feeds to deliver malspam, impersonate trusted brands, or bury critical alerts through email bombing. Reduce exposure by keeping profiles private, using email-masking services, avoiding replies or unsubscribe links, and deploying reputable security software with layered anti-phishing and anti-spam protections.

🔒 Security teams at fast-growing companies must secure collaboration platforms without slowing the business. This piece highlights common native gaps in Google Workspace—from BEC and targeted phishing to legacy protocol exposure and weak OAuth controls—and lists immediate hardening steps for Gmail, access, and data protection. It also outlines how Material augments Workspace with advanced email defense, context-aware account monitoring, and automated data protection.

🔒 As CISOs prepare for 2026, seven pragmatic projects can strengthen defenses against evolving threats. Priorities include transforming identity and access to cover human and non-human agents and reinforcing email security. Organizations should leverage AI for vulnerability discovery and security automation, enforce enterprise AI governance, adopt a zero-trust-by-default posture, and unify data governance to reduce shadow data and compliance gaps.

⚠️ Cisco has released patches for a critical zero-day, CVE-2025-20393, in AsyncOS that affects Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. The flaw allows a remote attacker to gain root by sending a crafted HTTP request to the Spam Quarantine interface when it is enabled and reachable from the internet. Cisco first learned of exploitation in December, issued a public advisory on Dec. 17, and has now published fixes to address the issue.

🔒 Cisco has released a fix for a maximum‑severity AsyncOS zero‑day (CVE-2025-20393) that has been exploited since November 2025. The flaw impacts Cisco Secure Email Gateway and Secure Email and Web Manager appliances with non-standard configurations when the Spam Quarantine feature is exposed to the internet, permitting arbitrary command execution as root. Cisco Talos links the intrusions to a Chinese-nexus actor tracked as UAT-9686, which deployed persistence and tunneling implants and a log-wiping utility. CISA has added the vulnerability to its known exploited vulnerabilities catalog and ordered federal remediation under BOD 22-01.

🔒 Cisco has released patches for a maximum-severity remote command execution vulnerability (CVE-2025-20393, CVSS 10.0) in AsyncOS that affects Cisco Secure Email Gateway and Secure Email and Web Manager. The defect stems from insufficient validation of HTTP requests in the Spam Quarantine feature and can allow arbitrary commands to run as root when the feature is enabled and reachable from the internet. Cisco says a China-nexus APT tracked as UAT-9686 exploited the bug in the wild, deploying tunneling tools, a log-cleaner and a Python backdoor, and that fixes remove persistence artifacts. Administrators should apply the provided fixed releases and follow the vendor's hardening guidance to restrict access and monitor for anomalous activity.

🔐 Many security teams rely on click rates to judge phishing risk, but that metric is volatile and often fails to predict real-world harm. The article argues that true maturity is measured by what an attacker can do after gaining mailbox access, not by simulated click statistics. It urges a layered approach—prevention, detection, and especially containment—and highlights Material Security as an example of automated remediation that reduces blast radius without constant manual triage.

📧 Microsoft Threat Intelligence warns attackers are increasingly abusing complex email routing and misconfigured DMARC and SPF policies to make phishing messages appear internal. Campaigns exploit MX records that do not point directly to Microsoft 365, allowing messages with the recipient's address in both To and From fields to bypass filters. Lures include password resets and shared-document notices, and some attacks use Phishing-as-a-Service platforms such as Tycoon 2FA to perform Adversary-in-the-Middle attacks that can defeat MFA. Microsoft recommends strict DMARC reject policies, SPF hard-fails, correct connector configuration, and phishing-resistant MFA like FIDO2.

📧 Microsoft Threat Intelligence warns of a surge in phishing campaigns that exploit misconfigured mail routing and domain spoofing protections to make malicious messages appear internal to Microsoft 365 tenants. Attackers target users with HR- and IT-themed lures to steal credentials, often pairing the technique with phishing-as-a-service kits like Typhoon2FA. The vector depends on tenants whose MX records are not pointed directly at Office 365, bypassing built-in spoof detection. Organizations should correct MX configuration, enforce DMARC and deploy phishing-resistant MFA for privileged roles.

⚠ Microsoft is investigating an Exchange Online outage (EX1215307) that intermittently prevents users from accessing mailboxes via IMAP4. Microsoft attributes the disruption to a recent IMAP deployment that introduced a code conflict and authentication misconfiguration, and says a configuration fix has been deployed and is being rolled out. Other connection methods are not affected, and Microsoft advises retries may restore access while the update completes.

📧 Microsoft’s Threat Intelligence team warns that attackers are increasingly exploiting complex email routing and misconfigured DMARC and SPF policies to make phishing messages appear to come from inside targeted organizations. These campaigns often rely on MX records that route mail through on‑premises servers or third‑party relays before Microsoft 365, which can prevent correct spoof checks. Threat actors deliver lures ranging from password resets to shared documents and use PhaaS platforms such as Tycoon 2FA. Microsoft advises enforcing strict DMARC reject and SPF hard-fail policies, verifying connectors, and adopting phishing-resistant MFA like FIDO2 keys.

🔒 Microsoft warns that threat actors are exploiting misconfigured email routing and lax spoof protections to send phishing messages that appear to originate from an organization’s own domain. The Microsoft Threat Intelligence team says the tactic surged since May 2025 and is commonly deployed via Tycoon 2FA phishing-as-a-service kits. Attacks aim to steal credentials, bypass MFA via AiTM techniques, and enable follow-on fraud or BEC, often using fake invoices, HR notices, or shared-document lures. Organizations should enforce DMARC reject and strict SPF policies, validate third-party connectors, and disable Direct Send if unnecessary.

🔒Microsoft will automatically enable key messaging safety features in Teams for tenants still using default settings beginning January 12, 2026. The update enables weaponizable file type protection, malicious URL detection, and a false-positive reporting option; dangerous file types will be blocked and suspicious links labeled. Administrators who previously customized messaging safety will see no change; others should review and save settings in the Teams admin center before the deadline and update helpdesk documentation.

📧 Amazon Simple Email Service (SES) introduces email validation to help customers reduce bounce rates and protect sender reputation. The capability offers API-based address checks and detailed validation insights such as syntax verification and DNS record analysis. With Auto Validation enabled, SES can automatically review every outbound address at the account or configuration-set level via simple console toggles, requiring no code changes. This feature is available in all AWS Regions where Amazon SES is offered and integrates with existing email workflows.

📊 Microsoft published its second email security benchmarking report comparing environments protected solely by Microsoft Defender to deployments using a Secure Email Gateway (SEG) in front of Defender and Integrated Cloud Email Security (ICES) layered after Defender. The updated methodology corrects for journaling and connector reinjection and now includes Defender's zero‑hour auto purge post‑delivery detections to avoid misattribution. Results show layering reduces marketing and bulk mail (avg 9.4%), while incremental gains for spam and malicious filtering remain modest. Post‑delivery remediation remains critical: Defender's zero‑hour auto purge removed 45% of malicious mail reaching inboxes on average, and ICES vendors accounted for an average 55% post‑delivery catch.

📧Attackers impersonating file-sharing and e-signature platforms sent over 40,000 finance-themed phishing emails, researchers at Check Point report. These messages mimicked notifications from services like SharePoint and popular e-signing vendors to coax recipients into clicking links or entering credentials. The campaign targeted finance workflows and aimed to harvest credentials or deliver follow-on malware, underscoring the need for robust email security and user vigilance.

🔒 Microsoft has been named a Leader in the 2025 Gartner® Magic Quadrant for Email Security, recognizing advances in Microsoft Defender for Office 365. The announcement highlights agentic AI innovations and automated workflows—including an agentic email grading system and the Microsoft Security Copilot Phishing Triage Agent—that reduce manual triage and speed investigations. Microsoft also cites new protections like email bombing detection and expanded coverage across collaboration surfaces such as Microsoft Teams, while committing to greater transparency through in-product benchmarking and reporting.

📢 Amazon SES Mail Manager is now available in 10 additional commercial AWS Regions, bringing total coverage to 27 Regions and aligning Mail Manager availability with where SES Outbound is offered. Mail Manager centralizes email routing, governance, and compliance controls for domain-based sending, helping organizations replace legacy relays and streamline integrations with mailbox providers and email security vendors. It also supports onward delivery to WorkMail, built-in archiving with search and export, and console-based third-party security add-ons to simplify operations.