Posts

Mobile Security is Here to Defeat Those Viruses!



Global Email Security Market Forecast Report 2021-2025: New Malware Techniques Drive Market Growth as Organizations Accelerate Cloud Migration Due to the COVID-19 Pandemic – ResearchAndMarkets.com | Business

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


DUBLIN–(BUSINESS WIRE)–Apr 23, 2021–

This research service analyzes the global email security market.

Email remains the number one threat vector. It is the primary mode of corporate communication and the de facto standard for B2B and B2C communications. During the COVID-19 pandemic, email continues to be the chief channel for business communication, and this trend is driven by the surging trend of working from home.

Over the past few years, the complexity and the volume of threats have increased significantly. Email-based threats have become big business; specific verticals and individuals within organizations are targeted. Threat vectors continue to evolve, and the need for secure email has never been stronger. Attackers are more focused on people and less on systems. Business email compromise (BEC) fraud continues to affect organizations, both large and small. Consequently, traditional security solutions that are designed to protect systems and infrastructure are now inadequate.

Sophisticated and highly targeted email-borne attacks are on the rise, and many of these attacks use social engineering techniques. For businesses of all sizes, this is a serious problem as the legitimate communication channel they rely on extensively, email, is also the channel of choice to deliver malware and malwareless attacks. Advanced attacks combine email and cloud accounts. Cybercriminals are also leveraging pandemic-driven fears and uncertainties to launch their attacks.

The most significant trend in the market is the acceleration of the migration to the cloud. Customers are adopting cloud-based mailbox services and moving their email security to the cloud from on-premise appliances. The substantial adoption of Microsoft Office 365 has caused the biggest loss of email security posture for organizations.

As a result, organizations are looking for integrated solutions to increase operational efficiencies while gaining stronger and more comprehensive security. In such a competitive environment, email security vendors must be able to differentiate themselves.

  • Executive Summary – Market Engineering Measurements
  • Executive Summary – CEO’s Perspective
  • Introduction to the…

Source…

Someone is using SonicWall’s email security tool to hack customers

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


SonicWall announced three zero-day vulnerabilities in its email security solution. (SonicWall)

SonicWall’s email security solution is supposed to help protect customers from phishing attacks, business email compromise, ransomware and other email related threats. However, it appears some attackers have been using previously unknown cybersecurity vulnerabilities in the very same product to break into victim networks.  

Yesterday, the company announced three zero-day vulnerabilities found in SonicWall Email Security. They include a damaging bug that allows an unauthorized user to create administrative accounts on a network (CVE-2021-20021) and two others that allow an already-authenticated attacker to read (CVE-2021-20023) and upload (CVE-2021-20022) files on the victim’s remote host. Together they can be used to access and read a victim’s files or emails, plant malware and conduct other post-compromise activities.

SonicWall said the flaws were discovered during “standard collaboration and testing” and there is evidence at least one of those vulnerabilities is being actively exploited by attackers. A report by Mandiant issued on the same day claims that they first disclosed them to SonicWall on March 26. There are patches available now for all three vulnerabilities.

“In at least one known case, these vulnerabilities have been observed to be exploited ‘in the wild,’” the company said on April 20. “It is imperative that organizations using SonicWall Email Security hardware appliances, virtual appliances or software installation on Microsoft Windows Server immediately upgrade” to patched versions.

According to a report from the Mandiant team at FireEye, which helped identify the vulnerabilities, an unnamed threat actor leveraged these zero-days along with “intimate knowledge” of SonicWall’s application code in March to plant a backdoor on a victim organization’s network, gain access to emails and files and use it as a foothold to move to other parts of the network. The threat intelligence firm found web shells on a fully-patched, internet-connected version of the email security solution that indicated post-exploitation…

Source…