Fraud | Breaking Cybersecurity News | The Hacker News

An unknown threat actor has been linked to a massive scam campaign that exploited an email routing misconfiguration in email security vendor Proofpoint's defenses to send millions of messages spoofing various popular companies like Best Buy, IBM, Nike, and Walt Disney, among others. "These emails echoed from official Proofpoint email relays with authenticated SPF and DKIM signatures , thus bypassing major security protections — all to deceive recipients and steal funds and credit card details," Guardio Labs researcher Nati Tal said in a detailed report shared with The Hacker News. The cybersecurity company has given the campaign the name EchoSpoofing . The activity is believed to have commenced in January 2024, with the threat actor exploiting the loophole to send as many as three million emails per day on average, a number that hit a peak of 14 million in early June as Proofpoint began to enact countermeasures. "The most unique and powerful part of this domain ...

It's no secret that the internet isn't a very safe place. And it's not hard to understand why. It's a medium that connects billions of people around the world that affords bad actors enough anonymity to wreak havoc without getting caught. It's almost as if the internet's tailor-made to enable scams and fraud. And that's just what it does. Right now, the world's on track to  lose $10.5 trillion every year  to cybercrime. That number is so large that it's hard for the average person to grasp. And when most people hear it, they imagine that money's coming mostly from large-scale data breaches and ransomware attacks on large companies. Although businesses are among the hardest hit each year, they're by no means the only target. Every day, internet users are targeted too. They face barrages of phishing emails, compromised websites, and booby-trapped downloads. But among all of the attacks aimed at rank-and-file users, there's one that stand...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...