All articles tagged with #email security
A bug in Microsoft 365 Copilot causes its Work tab chat to summarize emails—including those with confidentiality labels in Sent Items and Drafts—bypassing DLP protections. Microsoft began rolling out a fix in early February and is monitoring impact while assessing scope and remediation progress.
A worldwide phishing campaign floods recipients with urgent emails claiming cloud-storage renewals failed, pushing them to a fake Google Cloud Storage link that redirects to scam pages impersonating cloud portals. The pages upsell a deceptive “loyalty” upgrade and collect credit card info, with the aim of affiliate revenue. Legitimate providers do not notify via such scans or require third-party security products, and users should delete the messages and verify billing directly on official sites.
The article explains the plus addressing feature in Gmail and Outlook, which allows users to add aliases to their email addresses for tracking and privacy purposes, helping identify who might be leaking or selling their email addresses. It also covers iCloud Mail's similar features and discusses their usefulness in managing email privacy and security.
Cybercriminals are increasingly using SVG image files in emails to deliver malware like AsyncRAT, which can remotely control devices. These malicious SVGs often appear in emails from trusted sources and contain embedded scripts that evade traditional security measures. Users are advised to delete any emails with SVG attachments unless they are certain of their legitimacy, as these files pose a significant security threat.
Researchers have discovered a vulnerability in Google's Gemini AI used in Workspace that allows attackers to embed hidden commands in email summaries, potentially leading to phishing attacks. Google is working on defenses, but users are advised to verify AI-generated content, avoid using summaries for suspicious emails, keep software updated, and consider disabling Gemini summaries temporarily to stay safe.
Security researchers have discovered a vulnerability in Google Gemini for Workspace that allows attackers to embed hidden malicious instructions in emails, which can manipulate the AI assistant to display fake security warnings and facilitate credential theft and social engineering attacks. The attack exploits the AI's processing of crafted HTML and CSS to hide instructions, affecting multiple Google Workspace products and potentially enabling AI-driven worms. Organizations are advised to implement mitigation strategies such as HTML sanitization and user awareness training.
Google's Gemini AI in Workspace can be exploited through hidden prompt injections in emails to generate convincing phishing warnings or malicious instructions, posing security risks. Despite safeguards, attackers can embed invisible directives using HTML and CSS, which Gemini obeys when summarizing emails, potentially leading users to trust malicious content. Google is working on defenses, but users should remain cautious and not rely solely on Gemini summaries for security alerts.
Clicking the 'unsubscribe' link in emails can pose security risks, including redirecting to malicious sites or phishing attempts. Experts recommend using email header 'list-unsubscribe' options or disposable emails for safer unsubscription, and maintaining strong antivirus protection.
Google's latest Gmail upgrade introduces AI-powered smart replies and access to all past emails and files, raising privacy concerns. Users are encouraged to adopt new privacy tools like Apple's Hide My Email and Google's Shielded Email to protect against data breaches and phishing attacks. The article emphasizes the importance of masking email addresses and adopting secure practices amid increasing AI-driven cyber threats, suggesting a shift towards more private and secure email solutions.
Google's latest Gmail update introduces AI-powered smart replies and access to past emails and files, raising privacy concerns. New privacy features like Shielded Email aim to mask addresses and protect users from breaches, but users should consider creating new email accounts for enhanced security. A survey indicates many users prefer privacy-focused services like Proton Mail over Gmail, highlighting ongoing privacy tensions in email use.
Cybersecurity researchers have identified a phishing campaign that uses corrupted Microsoft Office documents and ZIP archives to bypass email defenses and antivirus software. These corrupted files evade detection by exploiting built-in recovery mechanisms in programs like Word and Outlook, allowing malicious emails to reach users' inboxes. The attack, active since at least August 2024, aims to trick users into opening these files, which contain QR codes leading to malware or credential theft sites. This highlights the ongoing evolution of phishing tactics to circumvent security measures.
Cybersecurity experts warn of a rise in sophisticated two-step phishing attacks using Microsoft Visio files to evade detection. These attacks involve sending emails from breached accounts with seemingly harmless attachments that, when interacted with, lead to credential-stealing sites. Additionally, attackers are using scalable vector graphics (SVG) files to deploy phishing attacks, exploiting their ability to execute JavaScript. Users are advised to be cautious with unfamiliar file formats and ensure robust email security measures, including two-factor authentication.
Security researchers from Perception Point have identified a new two-step phishing attack method using Microsoft Visio (.vsdx) files to evade detection and steal credentials. These attacks exploit the familiarity of Visio files in workplaces, embedding malicious URLs that lead victims to fake Microsoft 365 login pages. The attack involves instructing users to hold down the Ctrl key to access these URLs, bypassing automated security systems. Enhanced email security and two-factor authentication are recommended to mitigate these threats.
With increasing cyber attacks targeting Gmail users, including methods to bypass two-factor authentication (2FA), it's recommended to open a second Gmail account as a backup to mitigate potential data loss. While this doesn't prevent attacks, it ensures important emails are preserved. Users are also advised to enroll in Google's Advanced Protection Program for enhanced security and regularly use Google's security checkup tool to safeguard their accounts.
With increasing cyber attacks targeting Gmail users, including methods to bypass two-factor authentication (2FA), it's recommended to open a second Gmail account as a backup to mitigate potential data loss. This secondary account can store forwarded emails from the primary account, providing a safeguard if the main account is compromised. Additionally, enrolling in Google's Advanced Protection Program can enhance security by adding layers of protection against phishing and unauthorized access.