Email security

One-quarter of attacks during the first three months of 2024 involved BEC, most of which were in the finance sector, a report from Arctic Wolf revealed.

Malware sandbox service Any.Run had its employees subjected to a phishing attack suspected to be part of a business email compromise campaign.

Attackers could leverage a pair of medium-severity vulnerabilities in the Mailcow open-source mail server software older than version 2024-04 to facilitate arbitrary code execution, account takeovers, and sensitive data access, reports The Hacker News.

By leveraging AI, teams can end the black hole and more efficiently manage user-reported phishing emails and even explain to users the specifics of their case.

Such a flaw was publicized by a security researcher after the disclosure was dismissed by Microsoft.

Microsoft President Brad Smith stood up for his company over its handling of an attack by a Chinese threat actor in 2023.

Hackread reports that organizations in the IT and technology industry were most spoofed in phishing scams between January 2020 and March 2024, followed by those in the banking and financial services sector.

U.S. federal agencies recorded 32,211 cyber incidents in 2023, representing a 9.9% increase over 2022, most of which involved violations of system usage policies, The Register reports.