The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: email hacking

Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients

Dozens of STARTTLS Related Flaws Found Affecting Popular Email Clients
August 16, 2021Ravie Lakshmanan
Security researchers have disclosed as many as 40 different vulnerabilities associated with an opportunistic encryption mechanism in mail clients and servers that could open the door to targeted man-in-the-middle (MitM) attacks, permitting an intruder to forge mailbox content and steal credentials. The now-patched flaws, identified in various STARTTLS implementations, were  detailed  by a group of researchers Damian Poddebniak, Fabian Ising, Hanno Böck, and Sebastian Schinzel at the 30th USENIX Security Symposium. In an Internet-wide scan conducted during the study, 320,000 email servers were found vulnerable to what's called a command injection attack. Some of the popular clients affected by the bugs include Apple Mail, Gmail, Mozilla Thunderbird, Claws Mail, Mutt, Evolution, Exim, Mail.ru, Samsung Email, Yandex, and KMail. The attacks require that the malicious party can tamper connections established between an email client and the email server of a provider and has login cr

Can Your Business Email Be Spoofed? Check Your Domain Security Now!

Can Your Business Email Be Spoofed? Check Your Domain Security Now!
May 31, 2021The Hacker News
Are you aware of how secure your domain is? In most organizations, there is an assumption that their domains are secure and within a few months, but the truth soon dawns on them that it isn't. Spotting someone spoofing your domain name is one way to determine if your security is unsatisfactory - this means that someone is impersonating you (or confusing some of your recipients) and releasing false information. You may ask, "But why should I care?" Because these spoofing activities can potentially endanger your reputation. With so many companies being targeted by domain impersonators, email domain spoofing shouldn't be taken lightly. By doing so, they could put themselves, as well as their clients, at risk.  Your domain's security rating can make a huge difference in whether or not you get targeted by phishers looking to make money quickly or to use your domain and brand to spread ransomware without you knowing it! Check your domain's security rating with

Yandex Employee Caught Selling Access to Users' Email Inboxes

Yandex Employee Caught Selling Access to Users' Email Inboxes
February 12, 2021Ravie Lakshmanan
Russian Dutch-domiciled search engine, ride-hailing and  email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for personal gain. "The employee was one of three system administrators with the necessary access rights to provide technical support for the service," Yandex said in a statement. The company said the security breach was identified during a routine audit of its systems by its security team. It also said there was no evidence that user payment details were compromised during the incident and that it had notified affected mailbox owners to change their passwords. It's not immediately clear when the breach occurred or when the employee began offering unauthorized access to third-parties. "A thorough internal investigation of the incident is under way, and Yandex will be

European Authorities Disrupt Emotet — World's Most Dangerous Malware

European Authorities Disrupt Emotet — World's Most Dangerous Malware
January 28, 2021Ravie Lakshmanan
Law enforcement agencies from as many as eight countries dismantled the infrastructure of Emotet , a notorious email-based Windows malware behind several botnet-driven spam campaigns and ransomware attacks over the past decade. The coordinated takedown of the botnet on Tuesday — dubbed " Operation Ladybird " — is the result of a joint effort between authorities in the Netherlands, Germany, the U.S., the U.K., France, Lithuania, Canada, and Ukraine to take control of servers used to run and maintain the malware network. "The Emotet infrastructure essentially acted as a primary door opener for computer systems on a global scale," Europol  said . "What made Emotet so dangerous is that the malware was offered for hire to other cybercriminals to install other types of malware, such as banking Trojans or ransomware, onto a victim's computer." More Than a Malware  Since its first identification in 2014,  Emotet  has evolved from its initial roots as a cr

Enhancing Email Security with MTA-STS and SMTP TLS Reporting

Enhancing Email Security with MTA-STS and SMTP TLS Reporting
January 25, 2021The Hacker News
In 1982, when SMTP was first specified, it did not contain any mechanism for providing security at the transport level to secure communications between mail transfer agents. Later, in 1999, the STARTTLS command was added to SMTP that in turn supported the encryption of emails in between the servers, providing the ability to convert a non-secure connection into a secure one that is encrypted using TLS protocol. However, encryption is optional in SMTP, which implies that emails can be sent in plaintext.  Mail Transfer Agent-Strict Transport Security (MTA-STS)  is a relatively new standard that enables mail service providers the ability to enforce Transport Layer Security (TLS) to secure SMTP connections and to specify whether the sending SMTP servers should refuse to deliver emails to MX hosts that that does not offer TLS with a reliable server certificate. It has been proven to successfully mitigate TLS downgrade attacks and Man-in-the-Middle (MitM) attacks. SMTP TLS Reporting (TLS-

Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers

Microsoft Warns CrowdStrike of Hackers Targeting Azure Cloud Customers
December 25, 2020Ravie Lakshmanan
New evidence amidst the ongoing probe into the  espionage campaign  targeting SolarWinds has uncovered an unsuccessful attempt to compromise cybersecurity firm Crowdstrike and access the company's email. The hacking endeavor was reported to the company by Microsoft's Threat Intelligence Center on December 15, which identified a third-party reseller's Microsoft Azure account to be making "abnormal calls" to Microsoft cloud APIs during a 17-hour period several months ago. The undisclosed affected reseller's Azure account handles Microsoft Office licensing for its Azure customers, including CrowdStrike. Although there was an attempt by unidentified threat actors to read the emails, it was ultimately foiled as the firm does not use Microsoft's Office 365 email service, CrowdStrike  said . The incident comes in the wake of the  supply chain attack  of SolarWinds revealed earlier this month, resulting in the deployment of a covert backdoor (aka "Sunbu

Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks

Japan, France, New Zealand Warn of Sudden Uptick in Emotet Trojan Attacks
September 08, 2020Ravie Lakshmanan
Cybersecurity agencies across Asia and Europe have issued multiple security alerts regarding the resurgence of email-based Emotet malware attacks targeting businesses in France, Japan, and New Zealand. "The emails contain malicious attachments or links that the receiver is encouraged to download," New Zealand's Computer Emergency Response Team (CERT) said. "These links and attachments may look like genuine invoices, financial documents, shipping information, resumes, scanned documents, or information on COVID-19, but they are fake." Echoing similar concerns, Japan's CERT (JPCERT/CC) cautioned it found a rapid increase in the number of domestic domain (.jp) email addresses that have been infected with the malware and can be misused to send spam emails in an attempt to spread the infection further. First identified in 2014 and distributed by a threat group tracked as TA542 (or Mummy Spider), Emotet has since evolved from its original roots as a s

Indian IT Company Was Hired to Hack Politicians, Investors, Journalists Worldwide

Indian IT Company Was Hired to Hack Politicians, Investors, Journalists Worldwide
June 09, 2020Wang Wei
A team of cybersecurity researchers today outed a little-known Indian IT firm that has secretly been operating as a global hackers-for-hire service or hacking-as-a-service platform. Based in Delhi, BellTroX InfoTech allegedly targeted thousands of high-profile individuals and hundreds of organizations across six continents in the last seven years. Hack-for-hire services do not operate as a state-sponsored group but likely as a hack-for-hire company that conducts commercial cyberespionage against given targets on behalf of private investigators and their clients. According to the latest report published by the University of Toronto's Citizen Lab, BellTroX—dubbed ' Dark Basin ' as a hacking group—targeted advocacy groups, senior politicians, government officials, CEOs, journalists, and human rights defenders. "Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against oppo

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data

New ComRAT Malware Uses Gmail to Receive Commands and Exfiltrate Data
May 26, 2020Ravie Lakshmanan
Cybersecurity researchers today uncovered a new advanced version of ComRAT backdoor, one of the earliest known backdoors used by the Turla APT group, that leverages Gmail's web interface to covertly receive commands and exfiltrate sensitive data. "ComRAT v4 was first seen in 2017 and known still to be in use as recently as January 2020," cybersecurity firm ESET said in a report shared with The Hacker News. "We identified at least three targets: two Ministries of Foreign Affairs in Eastern Europe and a national parliament in the Caucasus region." Turla , also known as Snake, has been active for over a decade with a long history of the watering hole and spear-phishing campaigns against embassies and military organizations at least since 2004. The group's espionage platform started off as Agent.BTZ , in 2007, before it evolved to ComRAT , in addition to gaining additional capabilities to achieve persistence and to steal data from a local network. It

Zero-Day Warning: It's Possible to Hack iPhones Just by Sending Emails

Zero-Day Warning: It's Possible to Hack iPhones Just by Sending Emails
April 22, 2020Mohit Kumar
Watch out Apple users! The default mailing app pre-installed on millions of iPhones and iPads has been found vulnerable to two critical flaws that attackers are exploiting in the wild, at least, from the last two years to spy on high-profile victims. The flaws could eventually let remote hackers secretly take complete control over Apple devices just by sending an email to any targeted individual with his email account logged-in to the vulnerable app. According to cybersecurity researchers at ZecOps, the bugs in question are remote code execution flaws that reside in the MIME library of Apple's mail app—first, due to an out-of-bounds write bug and second, is a heap overflow issue. Though both flaws get triggered while processing the content of an email, the second flaw is more dangerous because it can be exploited with 'zero-click,' where no interaction is required from the targeted recipients. 8-Years-Old Apple Zero-Days Exploited in the Wild According to the

New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks

New Group of Hackers Targeting Businesses with Financially Motivated Cyber Attacks
November 14, 2019Swati Khandelwal
Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware. Though the new malware campaigns are not customized for each organization, the threat actors appear to be more interested in businesses, IT services, manufacturing, and healthcare industries who possess critical data and can likely afford high ransom payouts. According to a report ProofPoint shared with The Hacker News, the newly discovered threat actors are sending out low-volume emails impersonating finance-related government entities with tax assessment and refund lured emails to targeted organizations. "Tax-themed Email Campaigns Target 2019 Filers, finance-related lures have been used seasonally with upticks in tax-related malware and phishing campaigns leading up to the annual tax filing deadlines in

Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content

Former Yahoo Employee Admits Hacking into 6000 Accounts for Sexual Content
October 02, 2019Swati Khandelwal
An ex-Yahoo! employee has pleaded guilty to misusing his access at the company to hack into the accounts of nearly 6,000 Yahoo users in search of private and personal records, primarily sexually explicit images and videos. According to an press note released by the U.S. Justice Department, Reyes Daniel Ruiz , a 34-year-old resident of California and former Yahoo software engineer, admitted accessing Yahoo internal systems to compromise accounts belonging to younger women, including his personal friends and work colleagues. Once he had access to the users' Yahoo accounts, Ruiz then used information obtained from users' email messages and their account's login access to hacking into their iCloud, Gmail, Facebook, DropBox, and other online accounts in search of more private material. Besides this, Ruiz also made copies of private images and videos that he found in the personal accounts of Yahoo users without their permission and stored them on a private computer a

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released
September 30, 2019Swati Khandelwal
A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers. Exim maintainers today released an urgent security update— Exim version 4.92.3 —after publishing an early warning two days ago, giving system administrators an early head-up on its upcoming security patches that affect all versions of the email server software from 4.92 up to and including then-latest version 4.92.2. Exim is a widely used, open source mail transfer agent (MTA) developed for Unix-like operating systems like Linux, Mac OSX or Solaris, which runs almost 60 percent of the Internet's email servers today for routing, delivering and receiving email messages. This is the second time in this month when the Exim maintainers have released an urgent security update. Earlier this month, the team patched a critical remote code execution flaw (

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks
April 30, 2019Swati Khandelwal
A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, Roundcube and Mailpile. When you send a digitally signed email, it offers end-to-end authenticity and integrity of messages, ensuring recipients that the email has actually come from you. However, researchers tested 25 widely-used email clients for Windows, Linux, macOS, iOS, Android and Web and found that at least 14 of them were vulnerable to multiple types of practical attacks under five below-mentioned categories, making spoofed signatures indistinguishable from a valid one even by an attentive user. The research was conducted by a team of researchers from Ruhr University Bochum and

Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission

Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission
April 18, 2019Swati Khandelwal
Not a week goes without a new Facebook blunder. Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity? At the time, it was suspected that Facebook might be using access to users' email accounts to unauthorizedly and secretly gather a copy of their saved contacts. Now it turns out that the collection of email contacts was true, Facebook finally admits. In a statement released on Wednesday, Facebook said the social media company "unintentionally" uploaded email contacts from up to 1.5 million new users on its servers, without their consent or knowledge, since May 2016. In other words, nearly 1.5 million users had shared passwords for their email accounts with Facebook as part of its dubious verification process. A Facebook spokesperson shared information with Business Insider that the company was using harvested data to "build Facebook'

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts
April 13, 2019Swati Khandelwal
If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft's customer support portal and access information related to some email accounts registered with the company's Outlook service. Yesterday, a user on Reddit publicly posted a screenshot of an email which he received from Microsoft warning that unknown attackers were able to access some information of his OutLook account between 1 January 2019 and 28 March 2019. Another user on Reddit also confirmed that he/she too received the same email from Microsoft. According to the incident notification email, as shown below, attackers were able to compromise credentials for one of Microsoft's customer support agents and used it to unauthorisedly access some information related to the affected accounts, but not

T-Mobile Hacked — 2 Million Customers' Personal Data Stolen

T-Mobile Hacked — 2 Million Customers' Personal Data Stolen
August 24, 2018Mohit Kumar
T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of "some" personal information of up to 2 million T-Mobile customers. The leaked information includes customers' name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid). However, the good news is that no financial information like credit card numbers, social security numbers, or passwords, were compromised in the security breach. According to a brief blog post published by the company detailing the incident, its cybersecurity team detected and shut down an "unauthorized capture of some information" on Monday, August 20. Although the company has not revealed how the hackers managed to hack into its servers neither it disclosed the exact number of customers affected by the data breach, a T-Mobile spokesperson told Motherboard that less than 3 percent of its 77 m

21-Year-Old Woman Charged With Hacking Selena Gomez's Email Account

21-Year-Old Woman Charged With Hacking Selena Gomez's Email Account
July 17, 2018Wang Wei
A 21-year-old New Jersey woman has been charged with hacking into the email accounts of pop star and actress Selena Gomez, stealing her personal photos, and then leaked them to the Internet. Susan Atrach of Ridgefield Park was charged Thursday with 11 felony counts—five counts of identity theft, five counts of accessing and using computer data to commit fraud or illegally obtain money, property or data, and one count of accessing computer data without permission. According to the prosecutors, Atrach allegedly hacked into email accounts belonging to Gomez and one of her associates several times between June 2015 and February 2016, the Los Angeles County District Attorney's office said in a press release . She then obtained images and other media stored there and shared them with her friends and posted them online. Gomez, who has more than 138 million followers on Instagram, was the victim of a hacking attack in August 2017, when photographs of her ex-boyfriend Justin Bieb
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.