< ciso
brief />
Tag Banner

All news with #email security tag

76 articles · page 3 of 4

Microsoft Exchange Online outage affects IMAP4 access

⚠ Microsoft is investigating an Exchange Online outage (EX1215307) that intermittently prevents users from accessing mailboxes via IMAP4. Microsoft attributes the disruption to a recent IMAP deployment that introduced a code conflict and authentication misconfiguration, and says a configuration fix has been deployed and is being rolled out. Other connection methods are not affected, and Microsoft advises retries may restore access while the update completes.
read more →

Microsoft Alerts: Phishing Uses Email Routing and DMARC Gaps

📧 Microsoft’s Threat Intelligence team warns that attackers are increasingly exploiting complex email routing and misconfigured DMARC and SPF policies to make phishing messages appear to come from inside targeted organizations. These campaigns often rely on MX records that route mail through on‑premises servers or third‑party relays before Microsoft 365, which can prevent correct spoof checks. Threat actors deliver lures ranging from password resets to shared documents and use PhaaS platforms such as Tycoon 2FA. Microsoft advises enforcing strict DMARC reject and SPF hard-fail policies, verifying connectors, and adopting phishing-resistant MFA like FIDO2 keys.
read more →

Misconfigured Email Routing Enables Internal Domain Phishing

🔒 Microsoft warns that threat actors are exploiting misconfigured email routing and lax spoof protections to send phishing messages that appear to originate from an organization’s own domain. The Microsoft Threat Intelligence team says the tactic surged since May 2025 and is commonly deployed via Tycoon 2FA phishing-as-a-service kits. Attacks aim to steal credentials, bypass MFA via AiTM techniques, and enable follow-on fraud or BEC, often using fake invoices, HR notices, or shared-document lures. Organizations should enforce DMARC reject and strict SPF policies, validate third-party connectors, and disable Direct Send if unnecessary.
read more →

Microsoft Teams to Enable Messaging Safety by Default

🔒Microsoft will automatically enable key messaging safety features in Teams for tenants still using default settings beginning January 12, 2026. The update enables weaponizable file type protection, malicious URL detection, and a false-positive reporting option; dangerous file types will be blocked and suspicious links labeled. Administrators who previously customized messaging safety will see no change; others should review and save settings in the Teams admin center before the deadline and update helpdesk documentation.
read more →

Amazon SES adds email validation to reduce bounces

📧 Amazon Simple Email Service (SES) introduces email validation to help customers reduce bounce rates and protect sender reputation. The capability offers API-based address checks and detailed validation insights such as syntax verification and DNS record analysis. With Auto Validation enabled, SES can automatically review every outbound address at the account or configuration-set level via simple console toggles, requiring no code changes. This feature is available in all AWS Regions where Amazon SES is offered and integrates with existing email workflows.
read more →

Transparent Email Security: New Microsoft Benchmarking

📊 Microsoft published its second email security benchmarking report comparing environments protected solely by Microsoft Defender to deployments using a Secure Email Gateway (SEG) in front of Defender and Integrated Cloud Email Security (ICES) layered after Defender. The updated methodology corrects for journaling and connector reinjection and now includes Defender's zero‑hour auto purge post‑delivery detections to avoid misattribution. Results show layering reduces marketing and bulk mail (avg 9.4%), while incremental gains for spam and malicious filtering remain modest. Post‑delivery remediation remains critical: Defender's zero‑hour auto purge removed 45% of malicious mail reaching inboxes on average, and ICES vendors accounted for an average 55% post‑delivery catch.
read more →

40,000 Phishing Emails Masquerade as E‑Signing Services

📧Attackers impersonating file-sharing and e-signature platforms sent over 40,000 finance-themed phishing emails, researchers at Check Point report. These messages mimicked notifications from services like SharePoint and popular e-signing vendors to coax recipients into clicking links or entering credentials. The campaign targeted finance workflows and aimed to harvest credentials or deliver follow-on malware, underscoring the need for robust email security and user vigilance.
read more →

Microsoft named Leader in 2025 Gartner Email Security

🔒 Microsoft has been named a Leader in the 2025 Gartner® Magic Quadrant for Email Security, recognizing advances in Microsoft Defender for Office 365. The announcement highlights agentic AI innovations and automated workflows—including an agentic email grading system and the Microsoft Security Copilot Phishing Triage Agent—that reduce manual triage and speed investigations. Microsoft also cites new protections like email bombing detection and expanded coverage across collaboration surfaces such as Microsoft Teams, while committing to greater transparency through in-product benchmarking and reporting.
read more →

Amazon SES Mail Manager Expands to 10 More Regions

📢 Amazon SES Mail Manager is now available in 10 additional commercial AWS Regions, bringing total coverage to 27 Regions and aligning Mail Manager availability with where SES Outbound is offered. Mail Manager centralizes email routing, governance, and compliance controls for domain-based sending, helping organizations replace legacy relays and streamline integrations with mailbox providers and email security vendors. It also supports onward delivery to WorkMail, built-in archiving with search and export, and console-based third-party security add-ons to simplify operations.
read more →

Amazon SES Adds VPC Endpoints for API Access in All Regions

🔒 Amazon Simple Email Service (SES) now supports accessing SES API endpoints via Virtual Private Cloud (VPC) endpoints. Customers can use VPC endpoints to send email and manage SES resource configuration without routing API traffic through an internet gateway, reducing exposure of VPC activity to the public internet. The capability is available in all AWS Regions where SES is offered, simplifying private network architectures.
read more →

GhostFrame Phishing Framework Surpasses One Million Attacks

🔍 A newly discovered phishing framework named GhostFrame has been linked to more than one million attacks, according to Barracuda. The kit uses a benign-looking outer HTML page that conceals a malicious iframe, enabling attackers to swap content, target regions and evade scanners without changing the visible landing page. GhostFrame employs a two-stage chain: the loader creates randomized subdomains and validates them before loading an internal credential-stealing page, and includes anti-analysis controls that block inspection shortcuts and restrict user actions. Barracuda recommends a multilayered defense—regular browser updates, staff training, email gateways and web filters, restricting iframe embedding, and monitoring for injected or redirected content.
read more →

Fortinet Named Challenger in Gartner Email Security MQ

📧 Fortinet was named a Challenger in the 2025 Gartner Magic Quadrant for Email Security, reflecting continued progress across its email protection portfolio. FortiMail Email Security and FortiMail Workspace Security combine AI-native detection, sandboxing, DMARC, enhanced BEC and account takeover defenses, and flexible on-premises and cloud deployment options. The company positions this suite as a cost-effective, integrated alternative that also extends protection to web browsers, cloud storage, and collaboration apps.
read more →

Check Point Named Leader in Gartner 2025 Email Security

Check Point has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Email Security. This independent evaluation reinforces our commitment to delivering best-in-class email protection that blocks increasingly sophisticated threats while remaining easy to deploy and manage. According to Check Point Research, 68% of attacks start with email and 61% of harmful files are delivered as HTML attachments, underscoring the need for robust, reliable defenses.
read more →

Thunderbird Gains Native Microsoft Exchange Support

📧 Thunderbird 145 introduces built-in support for Microsoft Exchange email via the Exchange Web Services (EWS) protocol, eliminating the need for third-party add-ons in Exchange-hosted environments. The client auto-detects account settings and uses Microsoft’s OAuth2 for authorization to simplify migration from Outlook. Initial capabilities include full folder listings, message synchronization, message operations (view, send, reply, forward, move, copy, delete), attachment handling, subject/body search and quick filtering for Microsoft 365 domains with standard OAuth2 and for on-premise Exchange using basic password authentication. The Thunderbird team says additional features such as calendar syncing, address book support, Microsoft Graph integration and expanded authentication options (NTLM, tenant-specific OAuth2) are planned but not yet available.
read more →

Phishing Campaign Uses Meta Business Suite to Target SMBs

📨 Check Point email security researchers uncovered a large-scale phishing campaign that abuses Meta's Business Suite and the facebookmail.com delivery domain to send convincing fake notifications. Attackers craft messages that appear to originate from Meta, allowing them to bypass many traditional security filters and increase the likelihood of SMBs across the U.S. and internationally engaging with malicious links or credential-stealing pages. Organizations should strengthen email defenses, monitor suspicious Business Suite activity, and educate staff to reduce exposure.
read more →

NCSC to Retire Web Check and Mail Check Tools in 2026

⚠️The National Cyber Security Centre (NCSC) has announced it will retire its Web Check and Mail Check external attack surface tools by 31 March 2026. These services, introduced in 2017, scanned for web vulnerabilities, misconfigurations, and email anti‑spoofing controls such as SPF, DKIM and DMARC. Current users are urged to seek commercial alternatives and consult an NCSC buyer’s guide and other Check services before the end-of-life date.
read more →

Amazon Connect adds email address aliasing for branding

📧 Amazon Connect now lets organizations configure aliases for email addresses so customers continue to see trusted sender identities when messages are sent or received. For example, forwarding a public-facing address like support@company.com into Amazon Connect Email can preserve the visible sender as support@company.com. The capability is available in multiple AWS regions to simplify email management and maintain a consistent brand experience.
read more →

CISA, NSA and Partners Issue Exchange Server Best Practices

🔐 CISA, the NSA and international partners have published the Microsoft Exchange Server Security Best Practices to help organisations reduce exposure to attacks against hybrid and on‑premises Exchange deployments. The guidance reinforces Emergency Directive 25-02 and prioritises restricting administrative access, enforcing multi‑factor and modern authentication, tightening TLS and transport security, and applying Microsoft's Exchange Emergency Mitigation service. It also urges migration from unsupported or end‑of‑life systems and recommends use of secure baselines such as CISA's SCuBA. Agencies stress ongoing collaboration and a prevention-focused posture despite political and operational challenges.
read more →

CISA and NSA Urge Immediate Hardening of Exchange Servers

🔒 CISA, the NSA and international partners have issued urgent guidance to harden on‑premises Microsoft Exchange Server instances by restricting administrative access, enforcing multi‑factor authentication, and applying strict transport security. The agencies recommend migrating or decommissioning end‑of‑life and hybrid Exchange servers, enabling the Exchange Emergency Mitigation Service, and disabling remote PowerShell for users. Organizations are also advised to maintain patch cadence, apply security baselines, and enable antivirus, EDR, ASR, and AppLocker controls.
read more →

CISA and NSA Issue Hardening Guidance for Exchange

🔒 CISA and the NSA, joined by the Australian Cyber Security Centre and the Canadian Centre for Cyber Security, released guidance to harden on-premises and hybrid Microsoft Exchange servers against attacks. The advisory emphasizes stronger authentication, minimized application attack surfaces, robust TLS configurations, and decommissioning unsupported servers after migration to Microsoft 365. It also recommends enabling emergency mitigations and built-in anti-spam and anti-malware protections and restricting administrative access to authorized workstations.
read more →