Search results for anti spam email software | Breaking Cybersecurity News | The Hacker News

Spam is arguably the most irritating aspect of the internet and email for people globally. However, there is hope in Canada for those who have been targeted by spammers. A new law, Bill C-28, aims to facilitate government efforts in prosecuting and fining individuals and companies guilty of sending spam. This law allows the government to impose fines of up to $1 million on individuals and up to $10 million on companies. Company directors and owners can also be held personally responsible if they are aware their networks are sending spam. Additionally, the law criminalizes the use of aliases or false information in emails, making it easier for victims to prosecute offenders. However, nearly 70 percent of the world's spam is distributed by botnets, meaning the senders are often as much victims as the receivers. Therefore, these laws might not significantly reduce the volume of spam sent and received. The new legislation closes a loophole in Canadian law, as Canada was previously ...

A massive database of 630 million email addresses used by a spambot to send large amounts of spam to has been published online in what appears to be one of the biggest data dumps of its kind. A French security researcher, who uses online handle Benkow , has spotted the database on an "open and accessible" server containing a vast amount of email addresses, along with millions of SMTP credentials from around the world. The database is hosted on the spambot server in Netherlands and is stored without any access controls, making the data publicly available for anyone to access without requiring any password. According to a blog post published by Benkow, the spambot server, dubbed "Onliner Spambot," has been used to send out spams and spread a banking trojan called Ursnif to users since at least 2016. Ursnif Banking Trojan is capable of stealing banking information from target computers including credit card data, and other personal information like login ...

Cyber criminals are taking advantage of the widespread popularity of the mobile messaging app ' WhatsApp '. A malware expert at the Kaspersky Lab revealed a large-scale spamming campaign, advertising a fake PC version of the WhatsApp , to spread a banking trojan. According to the report, unaware users have received an email written in Portuguese language , it also tries to deceive the recipient with a social engineering tactic in which cyber criminals composed the malicious email informing that victims already have 11 pending friend invitations.  If users click on the " Baixar Agora " (Download Now) link in the spam email, they will be redirected to a Hightail.com URL to download the Trojan. Hightail is a cloud storage service, the malicious component deployed on it then downloads the malware via a server in Brazil. The file stored on Hightail server looks like a 64-bit installation file bundled with 2.5 megabyte MP3 file. According to Virus Total engine, onl...

I am considering that you all must have read my last article on OpenSSL Heartbleed , a critical bug in the OpenSSL's implementation of the TLS/DTLS heartbeat extension that allows attackers to read portions of the affected server's memory, potentially revealing users data, that the server did not intend to reveal. The Heartbleed vulnerability made headlines around the world and my last article explains everything about probably the biggest Internet vulnerability in recent history, but still some readers are not aware of its nature, otherwise they would not have been a victim of the spam campaigns. Spammers are very smart on gaining from every opportunity they get, so this time they are taking advantage of the infamous Heartbleed bug and frighten the users into installing Anti-Heartbleed Software onto their systems, which is obviously a malware. The researchers at Symantec have unearthed a spam campaign targeting people by sending spam emails that warns them their ...

Hackers behind what computer security experts believe could be the biggest data theft in US history may be planning to sell the information to cyber criminals for targeted scams. And while the tens of millions of names and email addresses swiped from online marketing firm Epsilon do not appear to have been used yet for cyber crime, the experts said it may just be a matter of time. Major US banks, hotels, retail outlets and other companies have been warning customers to be wary of fraudulent emails after Epsilon acknowledged last week that hackers had gained access to the Texas-based company's email system. Epsilon, which provides email services for some 2,500 companies around the world, has said that customer data for about two per cent of its total clients was exposed in what it called an "unauthorized entry." Epsilon, which sends out over 40 billion emails a year, did not identify the firms whose customers' names and email addresses were taken but dozens of ...

Phishing attacks have become one of the business world's top cybersecurity concerns. These social engineering attacks have been rising over the years, with the most recent report from the Anti-Phishing Working Group coalition identifying over 266,000 active spoofed websites, which is nearly double the number detected during Q4 2018. Hackers have evolved their methods, from regular phishing attacks to spear phishing, where they use email messages disguised as coming from legitimate sources to dupe specific individuals. This is why the global spear phishing protection software market is estimated to reach $1.8 billion by 2025. However, conventional defenses can still fall short due to one particular weakness in the security perimeter – the human factor. Indeed, some 33 percent of 2019's data breaches involved humans falling victim to social engineering attacks. And given how sophisticated and creative the phishing perpetrators have been getting, it's easy to see h...

For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it. Why is everyone scared of Emotet? Emotet  is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication. The victim can be anyone from corporate to private users exposed to spam email campaigns. The botnet distributes through phishing containing malicious Excel or Word documents. When users open these documents and enable macros, the Emotet DLL downloads and then loads into memory. It searches for email addresses and steals them for spam campaigns. Moreover, the botnet drops additional payloads, such as Cobalt Strike or other attacks that lead to ransomware. The polymorphic nature of Emotet, along with the many modules it includes, makes the malware challenging to identify. The Emotet...

Cybersecurity researchers have detected a new wave of phishing attacks that aim to deliver an ever-evolving information stealer referred to as  StrelaStealer . The campaigns impact more than 100 organizations in the E.U. and the U.S., Palo Alto Networks Unit 42 researchers said in a new report published today. "These campaigns come in the form of spam emails with attachments that eventually launch the StrelaStealer's DLL payload," researchers Benjamin Chang, Goutam Tripathy, Pranay Kumar Chhaparwal, Anmol Maurya, and Vishwa Thothathri said . "In an attempt to evade detection, attackers change the initial email attachment file format from one campaign to the next, to prevent detection from the previously generated signature or patterns." First disclosed in November 2022, StrelaStealer is  equipped  to siphon email login data from well-known email clients and exfiltrate them to an attacker-controlled server. Since then, two large-scale campaigns involving the ma...

The Security Software company Malwarebytes has discovered a malicious scam spreading through rogue tweets by a number of fake Twitter accounts with a link to a story that says the United States Government is trying to ban cryptocurrency Bitcoin. " The majority of the accounts pushing these things are clearly fake, using gathered Twitter handles to launch the barrage of malicious spam at the Twitterverse, " wrote Adam Kujawa of Malwarebytes in a blog post on Thursday. In most cases, cybercriminals use to spread the malicious software via an email, but distribution of malware through social media is relatively new tantrum of cyber criminals, as more people are fond of social media platforms now a days. Adam discovered the scam and according to him the worst part of this new Twitter scam is that even without realizing the impact of this fake news, other Twitter users are retweeting from their accounts, making the malware scam more worse. The tweets contain links lead...

A previously undocumented "phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. "The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors who could purchase a custom phishing kit called W3LL Panel, designed to bypass MFA, as well as 16 other fully customized tools for business email compromise (BEC) attacks," Group-IB  said  in a report shared with The Hacker News. The phishing infrastructure is estimated to have targeted more than 56,000 corporate Microsoft 365 accounts and compromised at least 8,000 of them, primarily in the U.S., the U.K., Australia, Germany, Canada, France, the Netherlands, Switzerland, and Italy between October 2022 and July 2023, netting its operators $500,000 in illicit profits. Some of the prominent sectors infiltrated using the phishing solution include manufacturing, IT, consultin...

A month after the FBI and Europol took down the GameOver Zeus botnet by seizing servers and disrupting the botnet's operation, security researchers have unearthed a new variant of malware based explicitly on the same Gameover ZeuS that compromised users' computers and collectively formed a massive botnet. GAMEOVER ZEUS TROJAN The massive botnet, essentially a collection of zombie computers, specifically was designed to steal banking passwords with the capability to perform Denial of Service (DoS) attacks on banks and other financial institutions in order to deny legitimate users access to the site, so that the thefts kept hidden from the users. As a result of it, Gameover ZeuS' developers have stolen more than $100 million from banks, businesses and consumers worldwide. NEW GAMEOVER ZEUS TROJAN On Thursday, security researchers at the security firm Malcovery came across a series of new spam campaigns that were distributing a piece of malware based on the Gameover Zeus code which ...

The Dridex banking trojan that is widely being used by cyber criminals to distribute malware onto users' machines has now been found distributing a security software. A portion of the Dridex banking Trojan botnet may have been hacked or compromised by an unknown Whitehat Hacker, who replaced the malicious links with  Avira Antivirus  installers. What is Dridex Banking Trojan? How it Works? Dridex malware – also known as Bugat and Cridex – is believed to have been created by cyber criminals in Eastern Europe in an effort to harvest online banking details. Even after a high-profile takedown operation in late 2015, the Dridex botnet seems to be active again. The Dridex virus typically distributes itself through spam messages or emails that include malicious attachments, most often a Microsoft Office file or Word document integrated with malicious macros. Once the malicious file has been clicked, the macros download and install the main payload of the v...

Your mailbox may be filling up with Christmas cards from friends and family, and so might your email inbox. But, as the song says, 'you better watch out,' because some of those merry emails could be from an internet Grinch looking to steal your peace of mind. Christmas cards are a great way to send holiday wishes to those you love. However, many of us are opting to send our cards electronically using e-cards. "One of the big problems around Christmastime is everyone sends out Christmas cards. That's great, and it's great to see one in your email inbox. The problem is, about half of them that you're going to get are actually links to viruses and Trojan horses that will infect your computer," explained News 4 WOAI Web Expert Bob Gambert. Some of these malicious emails will attack your email address book and flood your friends' inboxes with spam. So, how do you know which e-card is safe to open? Our computer expert says don't open any of them. Inst...

Once again Facebook is on The Hacker News ! This time not for any scam or surveillance, but for a different reason.  The social networking giant has managed to take down a Greek botnet that used Facebook to spread malware and infected 250,000 computers to mine crypto-currencies, steal bitcoins, email passwords and banking details. Facebook is always one of the favourite weapon of cyber criminals, cyber thieves and scammers due to its popularity among other social media platforms. This social networking platform, with more than one billion active users, provides special opportunities for people to connect and share information, as well as also serves a great platform for malware developers and scammers. The botnet, dubbed as Lecpetex , was around from December 2013 to last month and compromised around 50,000 Facebook accounts at its peak, under which users would receive spam Facebook messages that would typically like "lol" with a zip archive attachment . O...

New variants of a banking malware called Grandoreiro have been found to adopt new tactics in an effort to bypass anti-fraud measures, indicating that the malicious software is continuing to be actively developed despite law enforcement efforts to crack down on the operation. "Only part of this gang was arrested: the remaining operators behind Grandoreiro continue attacking users all over the world, further developing new malware and establishing new infrastructure," Kaspersky said in an analysis published Tuesday. Some of the other freshly incorporated tricks include the use of a domain generation algorithm (DGA) for command-and-control (C2) communications, ciphertext stealing ( CTS ) encryption, and mouse tracking. Also observed are "lighter, local versions" that are specifically focused on targeting banking customers in Mexico. Grandoreiro , active since 2016, has consistently evolved over time, taking efforts to stay undetected, while also widening its geog...

Cybersecurity today is less about single attacks and more about chains of small weaknesses that connect into big risks. One overlooked update, one misused account, or one hidden tool in the wrong hands can be enough to open the door. The news this week shows how attackers are mixing methods—combining stolen access, unpatched software, and clever tricks to move from small entry points to large consequences.  For defenders, the lesson is clear: the real danger often comes not from one major flaw, but from how different small flaws interact together. ⚡ Threat of the Week WhatsApp Patches Actively Exploited Flaw — WhatsApp addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 relates to a case of insufficient authorization of linked device synchronization messages. The Meta-owned company ...

The Hacker News Hacking Awards : Best of Year 2011 2011 has been labeled the " Year of the Hack " or " Epic #Fail 2011 ". Hacking has become much easier over the years, which is why 2011 had a lot of hacking for good and for bad. Hackers are coming up with tools as well as finding new methods for hacking faster then companies can increase their security.  Every year there are always forward advancements in the tools and programs that can be used by the hackers. At the end of year 2011 we decided to give " The Hacker News Awards 2011 ". The Hacker News Awards will be an annual awards ceremony celebrating the achievements and failures of security researchers and the Hacking community. The THN Award is judged by a panel of respected security researchers and Editors at The Hacker News. Year 2011 came to an end following Operation Payback and Antisec, which targeted companies refusing to accept payments to WikiLeak's, such as, Visa and Amazon. Those attacks were carrie...