< ciso
brief />
Tag Banner

All news with #email security tag

76 articles · page 4 of 4

CISA Releases Microsoft Exchange Server Security Guide

🔐 Today, CISA, in collaboration with the National Security Agency and international partners, published Microsoft Exchange Server Security Best Practices to help defenders harden on-premises Exchange servers against ongoing exploitation. The guidance emphasizes strengthening user authentication and access controls, enforcing robust network encryption, and reducing application attack surfaces through configuration and feature management. CISA also urges organizations to decommission end-of-life or hybrid 'last Exchange' servers after migrating to Microsoft 365 to reduce exposure to continued exploitation.
read more →

Blueprint for Hardening Microsoft Exchange Servers

🔒 CISA, the NSA, and international partners released the Microsoft Exchange Server Security Best Practices blueprint to help administrators of on‑premises and hybrid Exchange environments strengthen defenses against persistent cyber threats. The guidance builds on CISA’s Emergency Directive 25‑02 and emphasizes restricting administrative access, implementing multifactor authentication, enforcing strict transport security, and adopting zero trust principles. It also urges organizations to remediate or replace end‑of‑life Exchange versions, apply recommended mitigations, and consider migrating to cloud-based email to reduce operational complexity and exposure.
read more →

Email and Remote Access Drive 90% of Cyber Claims in 2024

📧 At-Bay's 2025 InsurSec analysis finds email and remote access were central to 90% of cyber insurance claims in 2024. Email accounted for 43% of incidents and fraud schemes commonly begin with credential theft, domain spoofing, and impersonation. Google Workspace was cited as the most secure mail provider, though claims rose; MDR services were highlighted as the most reliable defense against full encryption.
read more →

Copilot Mermaid Diagrams Could Exfiltrate Enterprise Emails

🔐 Microsoft has patched an indirect prompt injection vulnerability in Microsoft 365 Copilot that could have been exploited to exfiltrate recent enterprise emails via clickable Mermaid diagrams. Researcher Adam Logue demonstrated a multi-stage attack using Office documents containing hidden white-text instructions that caused Copilot to invoke an internal search-enterprise_emails tool. The assistant encoded retrieved emails into hex, embedded them in Mermaid output styled as a login button, and added an attacker-controlled hyperlink. Microsoft mitigated the risk by disabling interactive hyperlinks in Mermaid diagrams within Copilot chats.
read more →

Hardening Google Workspace: Practical Guidance for Teams

🔒 Small security teams can harden Google Workspace by enforcing MFA, restricting admin roles, and tightening sharing and OAuth app permissions. The article stresses stronger email defenses — advanced phishing controls, DMARC/DKIM/SPF — and proactive monitoring for account takeovers through alerts and behavioral signals. It argues native controls form a solid foundation but leave gaps, and recommends augmenting them with Material Security for unified visibility and automated remediation.
read more →

Sendmarc names Dan Levinson Customer Success Director

🔐 Sendmarc has appointed Dan Levinson as Customer Success Director — North America to support the company’s regional expansion and enhance locally aligned customer support. Levinson brings more than 15 years of experience across email security, deliverability, account and product management, and leadership, with direct experience implementing SPF, DKIM and DMARC. He will build and lead a North America customer success team focused on accelerating DMARC adoption, improving visibility across email environments, and strengthening protections against impersonation while preserving deliverability.
read more →

Amazon SES adds IP observability for DIP-M pools capability

📬 Amazon Simple Email Service (SES) now exposes the exact IP addresses used by Dedicated IP Addresses - Managed (DIP-M) pools. Customers can view these IPs via the console, CLI, or SES API and access Microsoft SNDS metrics for each address. SES also creates CloudWatch metrics for SNDS data to aid reputation monitoring. This gives customers greater transparency into sending activity and helps diagnose deliverability and reputation issues with mailbox providers.
read more →

Microsoft: Exchange Server 2016 and 2019 End of Support

⚠️ Microsoft notified administrators that Exchange Server 2016 and Exchange Server 2019 reached end of support on October 14, 2025, and will no longer receive security patches or time zone updates after the October 2025 security releases. The company strongly advises migrating to Exchange Online or upgrading to Exchange Server Subscription Edition (SE). In-place upgrades from Exchange 2019 to SE follow the same process as installing a Cumulative Update. Customers still on Exchange 2016 or 2013 should upgrade to SE or first move to Exchange 2019.
read more →

Varonis Interceptor: Multimodal AI Email Defense Platform

🛡️ Varonis introduces Interceptor, an AI-native email security solution that combines multimodal AI—visual, linguistic, and behavioral models—to detect advanced phishing, BEC, and social engineering. It augments or replaces API-based filters with a phishing sandbox that pre-analyzes newly registered domains and URLs and a lightweight browser extension for multichannel protection. Integrated with the Varonis Data Security Platform, Interceptor aims to reduce false positives, accelerate detection of zero-hour threats, and stop breaches earlier in the attack chain.
read more →

Hidden Text Salting in Emails and Strategic Cyber Decisions

🧯 Cisco Talos warns of extensive abuse of CSS to insert hidden “salt” — extraneous characters, comments and markup — into email preheaders, headers, attachments and bodies to evade detection. This hidden text salting technique is significantly more common in spam and malicious mail than in legitimate messages, undermining both signature and ML-based defenses. Talos advises detecting concealed content and, crucially, stripping or normalising that salt before passing messages to downstream engines, while also urging attention to longer-term strategic decision-making in cyber defense.
read more →

Hidden Text Salting: CSS Abuse in Email Threats and Evasion

🧂 Cisco Talos documents growing abuse of CSS to insert visually hidden 'salt' into emails, a technique that undermines parsing and language-detection systems. Observed across preheaders, headers, attachments and bodies between March 1, 2024 and July 31, 2025, attackers use CSS properties (font-size, opacity, display, clipping) and zero-width characters to conceal irrelevant content. Talos recommends detection plus HTML sanitization and filters—examples include Cisco Secure Email Threat Defense—to strip or ignore invisible content before downstream analysis.
read more →

New MatrixPDF Phishing Technique Targets Gmail Users

📄 Researchers at Varonis have identified a sophisticated phishing toolkit called MatrixPDF that embeds prompts, JavaScript, and external redirects inside seemingly legitimate PDF files to target Gmail users. Attackers exploit Gmail's preview and desktop PDF readers: a blurred preview displays a prompt to 'open secure document' that directs victims to external payloads, while embedded scripts can fetch malware if a user grants permission. Because the malicious content is only retrieved after user interaction, Gmail's automated scanners and attachment sandboxes can be bypassed. Security experts recommend stronger webmail controls, robust attachment sandboxing, endpoint detection, and frequent, realistic user awareness training.
read more →

MatrixPDF: PDFs Weaponized to Evade Gmail Defenses

📄 Researchers at Varonis have discovered MatrixPDF, a toolkit that disguises malicious web redirects and scripts inside seemingly benign PDFs to bypass Gmail filters. The files use blurred content, overlays and convincing prompts such as “Open Secure Document” to trick users into opening external sites. In some cases embedded JavaScript can auto-fetch payloads when a reader grants permission. Because Gmail treats preview clicks as user-initiated, these PDFs often evade email scanners and sandboxes.
read more →

Cloudflare Email Service Private Beta for Developers

📧 Cloudflare announced the private beta of its Email Sending capability, integrated into Workers so developers can send transactional emails directly from serverless code using a simple binding. The service complements existing Email Routing to provide a unified Email Service for both inbound and outbound flows, automates SPF/DKIM/DMARC setup to boost deliverability, and offers local testing, observability, and low-latency global delivery.
read more →

iCloud Calendar abused to send phishing via Apple Servers

📅 iCloud Calendar invites are being abused to send callback phishing emails that appear to originate from Apple's servers and pass SPF, DKIM, and DMARC checks. Attackers embed phishing content in the event Notes and invite a Microsoft 365 forwarding address so the message is relayed to targets while Apple remains the visible sender. Treat unexpected calendar invites with unusual messages or requests cautiously; calling listed numbers or granting remote access can lead to fraud, malware, or data theft.
read more →

FTC Probes Gmail Spam Filtering Of GOP Fundraising Emails

📧 The FTC chairman sent a letter to Google’s CEO asking why Gmail flagged Republican fundraising messages as spam while allegedly allowing similar Democratic messages through. Email-intelligence firms report that WinRed has triggered far more spamtraps than ActBlue, driven by aggressive list and delivery practices that degrade sender reputation. Blocklists and reputation signals, not political content, explain many filtering outcomes, experts say. The dispute highlights both operational deliverability risks for campaigns and potential regulatory overreach.
read more →