All news with #email security tag

🔒 Amazon Simple Email Service (SES) now supports accessing SES API endpoints via Virtual Private Cloud (VPC) endpoints. Customers can use VPC endpoints to send email and manage SES resource configuration without routing API traffic through an internet gateway, reducing exposure of VPC activity to the public internet. The capability is available in all AWS Regions where SES is offered, simplifying private network architectures.

🔍 A newly discovered phishing framework named GhostFrame has been linked to more than one million attacks, according to Barracuda. The kit uses a benign-looking outer HTML page that conceals a malicious iframe, enabling attackers to swap content, target regions and evade scanners without changing the visible landing page. GhostFrame employs a two-stage chain: the loader creates randomized subdomains and validates them before loading an internal credential-stealing page, and includes anti-analysis controls that block inspection shortcuts and restrict user actions. Barracuda recommends a multilayered defense—regular browser updates, staff training, email gateways and web filters, restricting iframe embedding, and monitoring for injected or redirected content.

📧 Fortinet was named a Challenger in the 2025 Gartner Magic Quadrant for Email Security, reflecting continued progress across its email protection portfolio. FortiMail Email Security and FortiMail Workspace Security combine AI-native detection, sandboxing, DMARC, enhanced BEC and account takeover defenses, and flexible on-premises and cloud deployment options. The company positions this suite as a cost-effective, integrated alternative that also extends protection to web browsers, cloud storage, and collaboration apps.

✅ Check Point has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Email Security. This independent evaluation reinforces our commitment to delivering best-in-class email protection that blocks increasingly sophisticated threats while remaining easy to deploy and manage. According to Check Point Research, 68% of attacks start with email and 61% of harmful files are delivered as HTML attachments, underscoring the need for robust, reliable defenses.

📧 Thunderbird 145 introduces built-in support for Microsoft Exchange email via the Exchange Web Services (EWS) protocol, eliminating the need for third-party add-ons in Exchange-hosted environments. The client auto-detects account settings and uses Microsoft’s OAuth2 for authorization to simplify migration from Outlook. Initial capabilities include full folder listings, message synchronization, message operations (view, send, reply, forward, move, copy, delete), attachment handling, subject/body search and quick filtering for Microsoft 365 domains with standard OAuth2 and for on-premise Exchange using basic password authentication. The Thunderbird team says additional features such as calendar syncing, address book support, Microsoft Graph integration and expanded authentication options (NTLM, tenant-specific OAuth2) are planned but not yet available.

📨 Check Point email security researchers uncovered a large-scale phishing campaign that abuses Meta's Business Suite and the facebookmail.com delivery domain to send convincing fake notifications. Attackers craft messages that appear to originate from Meta, allowing them to bypass many traditional security filters and increase the likelihood of SMBs across the U.S. and internationally engaging with malicious links or credential-stealing pages. Organizations should strengthen email defenses, monitor suspicious Business Suite activity, and educate staff to reduce exposure.

⚠️The National Cyber Security Centre (NCSC) has announced it will retire its Web Check and Mail Check external attack surface tools by 31 March 2026. These services, introduced in 2017, scanned for web vulnerabilities, misconfigurations, and email anti‑spoofing controls such as SPF, DKIM and DMARC. Current users are urged to seek commercial alternatives and consult an NCSC buyer’s guide and other Check services before the end-of-life date.

📧 Amazon Connect now lets organizations configure aliases for email addresses so customers continue to see trusted sender identities when messages are sent or received. For example, forwarding a public-facing address like support@company.com into Amazon Connect Email can preserve the visible sender as support@company.com. The capability is available in multiple AWS regions to simplify email management and maintain a consistent brand experience.

🔐 CISA, the NSA and international partners have published the Microsoft Exchange Server Security Best Practices to help organisations reduce exposure to attacks against hybrid and on‑premises Exchange deployments. The guidance reinforces Emergency Directive 25-02 and prioritises restricting administrative access, enforcing multi‑factor and modern authentication, tightening TLS and transport security, and applying Microsoft's Exchange Emergency Mitigation service. It also urges migration from unsupported or end‑of‑life systems and recommends use of secure baselines such as CISA's SCuBA. Agencies stress ongoing collaboration and a prevention-focused posture despite political and operational challenges.

🔒 CISA, the NSA and international partners have issued urgent guidance to harden on‑premises Microsoft Exchange Server instances by restricting administrative access, enforcing multi‑factor authentication, and applying strict transport security. The agencies recommend migrating or decommissioning end‑of‑life and hybrid Exchange servers, enabling the Exchange Emergency Mitigation Service, and disabling remote PowerShell for users. Organizations are also advised to maintain patch cadence, apply security baselines, and enable antivirus, EDR, ASR, and AppLocker controls.

🔒 CISA and the NSA, joined by the Australian Cyber Security Centre and the Canadian Centre for Cyber Security, released guidance to harden on-premises and hybrid Microsoft Exchange servers against attacks. The advisory emphasizes stronger authentication, minimized application attack surfaces, robust TLS configurations, and decommissioning unsupported servers after migration to Microsoft 365. It also recommends enabling emergency mitigations and built-in anti-spam and anti-malware protections and restricting administrative access to authorized workstations.

🔐 Today, CISA, in collaboration with the National Security Agency and international partners, published Microsoft Exchange Server Security Best Practices to help defenders harden on-premises Exchange servers against ongoing exploitation. The guidance emphasizes strengthening user authentication and access controls, enforcing robust network encryption, and reducing application attack surfaces through configuration and feature management. CISA also urges organizations to decommission end-of-life or hybrid 'last Exchange' servers after migrating to Microsoft 365 to reduce exposure to continued exploitation.

🔒 CISA, the NSA, and international partners released the Microsoft Exchange Server Security Best Practices blueprint to help administrators of on‑premises and hybrid Exchange environments strengthen defenses against persistent cyber threats. The guidance builds on CISA’s Emergency Directive 25‑02 and emphasizes restricting administrative access, implementing multifactor authentication, enforcing strict transport security, and adopting zero trust principles. It also urges organizations to remediate or replace end‑of‑life Exchange versions, apply recommended mitigations, and consider migrating to cloud-based email to reduce operational complexity and exposure.

📧 At-Bay's 2025 InsurSec analysis finds email and remote access were central to 90% of cyber insurance claims in 2024. Email accounted for 43% of incidents and fraud schemes commonly begin with credential theft, domain spoofing, and impersonation. Google Workspace was cited as the most secure mail provider, though claims rose; MDR services were highlighted as the most reliable defense against full encryption.

🔐 Microsoft has patched an indirect prompt injection vulnerability in Microsoft 365 Copilot that could have been exploited to exfiltrate recent enterprise emails via clickable Mermaid diagrams. Researcher Adam Logue demonstrated a multi-stage attack using Office documents containing hidden white-text instructions that caused Copilot to invoke an internal search-enterprise_emails tool. The assistant encoded retrieved emails into hex, embedded them in Mermaid output styled as a login button, and added an attacker-controlled hyperlink. Microsoft mitigated the risk by disabling interactive hyperlinks in Mermaid diagrams within Copilot chats.

🔒 Small security teams can harden Google Workspace by enforcing MFA, restricting admin roles, and tightening sharing and OAuth app permissions. The article stresses stronger email defenses — advanced phishing controls, DMARC/DKIM/SPF — and proactive monitoring for account takeovers through alerts and behavioral signals. It argues native controls form a solid foundation but leave gaps, and recommends augmenting them with Material Security for unified visibility and automated remediation.

🔐 Sendmarc has appointed Dan Levinson as Customer Success Director — North America to support the company’s regional expansion and enhance locally aligned customer support. Levinson brings more than 15 years of experience across email security, deliverability, account and product management, and leadership, with direct experience implementing SPF, DKIM and DMARC. He will build and lead a North America customer success team focused on accelerating DMARC adoption, improving visibility across email environments, and strengthening protections against impersonation while preserving deliverability.

📬 Amazon Simple Email Service (SES) now exposes the exact IP addresses used by Dedicated IP Addresses - Managed (DIP-M) pools. Customers can view these IPs via the console, CLI, or SES API and access Microsoft SNDS metrics for each address. SES also creates CloudWatch metrics for SNDS data to aid reputation monitoring. This gives customers greater transparency into sending activity and helps diagnose deliverability and reputation issues with mailbox providers.

⚠️ Microsoft notified administrators that Exchange Server 2016 and Exchange Server 2019 reached end of support on October 14, 2025, and will no longer receive security patches or time zone updates after the October 2025 security releases. The company strongly advises migrating to Exchange Online or upgrading to Exchange Server Subscription Edition (SE). In-place upgrades from Exchange 2019 to SE follow the same process as installing a Cumulative Update. Customers still on Exchange 2016 or 2013 should upgrade to SE or first move to Exchange 2019.

🛡️ Varonis introduces Interceptor, an AI-native email security solution that combines multimodal AI—visual, linguistic, and behavioral models—to detect advanced phishing, BEC, and social engineering. It augments or replaces API-based filters with a phishing sandbox that pre-analyzes newly registered domains and URLs and a lightweight browser extension for multichannel protection. Integrated with the Varonis Data Security Platform, Interceptor aims to reduce false positives, accelerate detection of zero-hour threats, and stop breaches earlier in the attack chain.