email


As a product manager, the start of the year is a time to take a few breaths and reflect on the successes or failures of the past year and plan for future projects.  When we have invested so much effort into our products, we know their strengths, but spending so much time in such close proximity to a solution can also make one a bit blinkered. Which is why it is always important to get outside opinions on your progress as a sanity check. Of course, customer feedback is essential, and always very welcome, but it was particularly satisfying to... [Read More]
by RSS Carl Windsor  |  Mar 15, 2017  |  Filed in: Business and Technology
On the anniversary of the first email transmission, we look at how email has evolved over the years, and how to keep it as an essential tool going forward, despite the growing and increasingly sophisticated dangers of e-mail-based malware and other email-borne threats. What some consider to be the first email – the first electronic message sent between two computers – was transmitted on this day exactly 47 years ago, on October 29, 1969. The exchange, from a computer at UCLA to one at Stanford Research Institute, took place over the... [Read More]
by RSS David Finger  |  Oct 28, 2016  |  Filed in: Industry Trends
Spam has been an constant and chronic problem since the early days of the internet.  The first unsolicited mass e-mailing (later termed SPAM) was sent on May 1, 1978 by Gary Thuerk of Digital Equipment Corp (DEC) advertising the VAX T-series to 400 of the then 2600 ARPAnet users. The SMTP protocol we still use today for emailing, grew out of these early mail protocols used in ARPANET (Postel RFC788 and RFC821) in the early 1980's, and has changed relatively little since.  From its inception, the SMTP protocol had little (no)... [Read More]
by RSS Carl Windsor  |  Sep 09, 2016  |  Filed in: Security Research
  Cyperine is a VB .NET info stealing malware advertised in hacking forums to retrieve information from victims and sends it to whichever email is entered in the builder. Cyperine version 1.0 was first released in December 2014, and on June 14, 2016 version 2.0 was released. It steals SSFN steam’s authentication files, stored passwords from browsers, user logins, and software product keys installed in the victim’s computer.   Figure 01. Cyperine builder   The seller also provides a skype account for... [Read More]
by RSS Rommel Joven and David Maciejak  |  Jul 07, 2016  |  Filed in: Security Research
FortiMail Awarded VBSpam+ Certification. Again. Email is still the primary form of critical, formal business communication. It also continues to be the primary conduit for malware, phishing attacks, and data loss. Here’s why: no matter how much they are trained, people make mistakes- especially when social engineering hits the mark. Any effective email security strategy has to assume that folks will open email attachments, click on infected website links and ultimately have their system compromised.  It takes just one person,... [Read More]
by RSS Bill McGee  |  May 02, 2016  |  Filed in: Industry Trends
Phishing works. Not all the time, not every time, but enough of the time. Either because users are in a hurry, are careless, or simply aren’t well-trained enough to recognize an attack, phishing emails catch enough employees and consumers that cybercriminals continue to fire them off by the millions and use them to deliver all manner of malware, lure users to fake or compromised sites and steal personal information. It doesn’t help that phishing emails are becoming increasingly sophisticated. While some are still quite easily recognized... [Read More]
by RSS Chris Dawson  |  Nov 11, 2015  |  Filed in: Industry Trends
Email has been in the news a lot lately, occasionally regarding phishing and recent attacks, but more often as a persistent talking point in the run up to 2016 Presidential elections. Politics aside, though, email is a sticky wicket. It's used almost universally in enterprise settings in both business and the public sector. But consider the fun, geeky issues here. What are the implications when an e-mail is sent and it contains nothing classified or sensitive, but it becomes classified months later? Even better, let's say it's a lengthy... [Read More]
by RSS Evan Schuman  |  Oct 08, 2015  |  Filed in: Industry Trends
A few weeks ago, we received a file that was being spread as an attachment in a spear phishing email. The sample, which we are detecting as W32/Byanga.A!tr, turns out to be a dropper for a bot which, if active in an organization’s system, has the capability to perform malicious activities that can be very damaging to the targeted organization. This post discusses what this particular malware can do. The Dropper The dropper used a Chinese file name, which translates to “Upcoming Events Schedule”.  It also uses a Microsoft... [Read More]
by RSS Margarette Joven  |  Jan 14, 2015  |  Filed in: Security Research
A recent news article described email as the undying "cockroach of the Internet". To validate this statement, seeing some of the Android malware samples I've analyzed recently, malware authors might share that sentiment. In 2013, we saw the first Android botnet variant that used email as a means to 'call home'. However, over the past few months there has been a surge in the number of samples discovered that follow suit (thanks to Crypto Girl for the observation). The table below lists all such variants we've seen so far : Variant Name Date... [Read More]
by RSS Ruchna Nigam  |  Sep 15, 2014  |  Filed in: Security Research
A: Email is totally insecure. Despite this fact, it is relied upon for some of our most critical personal and business communications. Circa 1980, The Simple Mail Transfer Protocol (SMTP) was designed without even a glimmer of what the internet would become. Security was not as paramount a concern as it is now; it never made it into the protocol. Changing this has been an uphill struggle due to the sheer number of mail servers and users who rely on them. Even today, by default, email is sent in plain text (if both servers do not already use... [Read More]
by RSS Carl Windsor  |  Nov 14, 2013  |  Filed in: Security Q & A