email


The growing complexity of today’s networks and the growing sophistication of today’s threats has outpaced the ability of most traditional security devices to keep up. Until now, the approach of far too many IT teams has been to simply throw more money at the problem by adding yet another device into their security wiring closet. Billions have been spent on this approach every year for decades, and we really don’t have much to show for it. If cybersecurity is an arms race, the good guys aren’t winning. Instead, security... [Read More]
by RSS Aamir Lakhani  |  Nov 06, 2017  |  Filed in: Industry Trends
On October 16th, the U.S. Department of Homeland Security (DHS) announced its intention to have all federal agencies revamp their email security protocol. The Binding Operational Directive (BOD-18-01) will require all federal agencies to deploy STARTTLS, Secure Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) within three months of the directive’s announcement. While having these email security features enabled is generally considered to be a cybersecurity... [Read More]
by RSS Felipe Fernandez  |  Oct 30, 2017  |  Filed in: Industry Trends
As a product manager, the start of the year is a time to take a few breaths and reflect on the successes or failures of the past year and plan for future projects.  When we have invested so much effort into our products, we know their strengths, but spending so much time in such close proximity to a solution can also make one a bit blinkered. Which is why it is always important to get outside opinions on your progress as a sanity check. Of course, customer feedback is essential, and always very welcome, but it was particularly satisfying to... [Read More]
by RSS Carl Windsor  |  Mar 15, 2017  |  Filed in: Business and Technology
On the anniversary of the first email transmission, we look at how email has evolved over the years, and how to keep it as an essential tool going forward, despite the growing and increasingly sophisticated dangers of e-mail-based malware and other email-borne threats. What some consider to be the first email – the first electronic message sent between two computers – was transmitted on this day exactly 47 years ago, on October 29, 1969. The exchange, from a computer at UCLA to one at Stanford Research Institute, took place over the... [Read More]
by RSS David Finger  |  Oct 28, 2016  |  Filed in: Industry Trends
Spam has been an constant and chronic problem since the early days of the internet.  The first unsolicited mass e-mailing (later termed SPAM) was sent on May 1, 1978 by Gary Thuerk of Digital Equipment Corp (DEC) advertising the VAX T-series to 400 of the then 2600 ARPAnet users. The SMTP protocol we still use today for emailing, grew out of these early mail protocols used in ARPANET (Postel RFC788 and RFC821) in the early 1980's, and has changed relatively little since.  From its inception, the SMTP protocol had little (no)... [Read More]
by RSS Carl Windsor  |  Sep 09, 2016  |  Filed in: Security Research
  Cyperine is a VB .NET info stealing malware advertised in hacking forums to retrieve information from victims and sends it to whichever email is entered in the builder. Cyperine version 1.0 was first released in December 2014, and on June 14, 2016 version 2.0 was released. It steals SSFN steam’s authentication files, stored passwords from browsers, user logins, and software product keys installed in the victim’s computer.   Figure 01. Cyperine builder   The seller also provides a skype account for... [Read More]
by RSS Rommel Joven and David Maciejak  |  Jul 07, 2016  |  Filed in: Security Research
FortiMail Awarded VBSpam+ Certification. Again. Email is still the primary form of critical, formal business communication. It also continues to be the primary conduit for malware, phishing attacks, and data loss. Here’s why: no matter how much they are trained, people make mistakes- especially when social engineering hits the mark. Any effective email security strategy has to assume that folks will open email attachments, click on infected website links and ultimately have their system compromised.  It takes just one person,... [Read More]
by RSS Bill McGee  |  May 02, 2016  |  Filed in: Industry Trends
Phishing works. Not all the time, not every time, but enough of the time. Either because users are in a hurry, are careless, or simply aren’t well-trained enough to recognize an attack, phishing emails catch enough employees and consumers that cybercriminals continue to fire them off by the millions and use them to deliver all manner of malware, lure users to fake or compromised sites and steal personal information. It doesn’t help that phishing emails are becoming increasingly sophisticated. While some are still quite easily recognized... [Read More]
by RSS Chris Dawson  |  Nov 11, 2015  |  Filed in: Industry Trends
Email has been in the news a lot lately, occasionally regarding phishing and recent attacks, but more often as a persistent talking point in the run up to 2016 Presidential elections. Politics aside, though, email is a sticky wicket. It's used almost universally in enterprise settings in both business and the public sector. But consider the fun, geeky issues here. What are the implications when an e-mail is sent and it contains nothing classified or sensitive, but it becomes classified months later? Even better, let's say it's a lengthy... [Read More]
by RSS Evan Schuman  |  Oct 08, 2015  |  Filed in: Industry Trends
A few weeks ago, we received a file that was being spread as an attachment in a spear phishing email. The sample, which we are detecting as W32/Byanga.A!tr, turns out to be a dropper for a bot which, if active in an organization’s system, has the capability to perform malicious activities that can be very damaging to the targeted organization. This post discusses what this particular malware can do. The Dropper The dropper used a Chinese file name, which translates to “Upcoming Events Schedule”.  It also uses a Microsoft... [Read More]
by RSS Margarette Joven  |  Jan 14, 2015  |  Filed in: Security Research