Email

Dyn Confirms DDoS Attack Affecting Twitter, Github, Many Others

October 21, 2016 , 10:01 am

IoT Botnets Are The New Normal of DDoS Attacks

October 5, 2016 , 8:51 am

Leftover Factory Debugger Doubles as Android Backdoor

October 14, 2016 , 9:00 am

Backdoor Found in Firmware of Some Android Devices

November 21, 2016 , 3:20 pm

Threatpost News Wrap, November 18, 2016

November 18, 2016 , 9:15 am

iPhone Call History Synced to iCloud Without User Consent, Knowledge

November 17, 2016 , 1:51 pm

Microsoft Patches Zero Day Disclosed by Google

November 8, 2016 , 2:57 pm

Microsoft Says Russian APT Group Behind Zero-Day Attacks

November 1, 2016 , 5:50 pm

Google to Make Certificate Transparency Mandatory By 2017

October 29, 2016 , 6:00 am

Microsoft Extends Malicious Macro Protection to Office 2013

October 27, 2016 , 4:27 pm

Dyn DDoS Work of Script Kiddies, Not Politically Motivated Hackers

October 25, 2016 , 3:00 pm

Mirai-Fueled IoT Botnet Behind DDoS Attacks on DNS Providers

October 22, 2016 , 6:00 am

FruityArmor APT Group Used Recently Patched Windows Zero Day

October 20, 2016 , 7:00 am

Experts ‘Outraged’ by Warrant Demanding Fingerprints to Unlock Smartphones

October 18, 2016 , 4:58 pm

Researchers Break MarsJoke Ransomware Encryption

October 3, 2016 , 5:00 am

OpenSSL Fixes Critical Bug Introduced by Latest Update

September 26, 2016 , 10:45 am

500 Million Yahoo Accounts Stolen By State-Sponsored Hackers

September 22, 2016 , 3:47 pm

Yahoo Reportedly to Confirm Breach of Hundreds of Millions of Credentials

September 22, 2016 , 12:31 pm

Experts Want Transparency From Government’s Vulnerabilities Equities Process

September 20, 2016 , 2:41 pm

Bruce Schneier on Probing Attacks Testing Core Internet Infrastructure

September 15, 2016 , 11:15 am

Generic OS X Malware Detection Method Explained

September 13, 2016 , 9:14 am

Patched Android Libutils Vulnerability Harkens Back to Stagefright

September 9, 2016 , 2:06 pm

Chrome to Label Some HTTP Sites ‘Not Secure’ in 2017

September 8, 2016 , 3:43 pm

Threatpost News Wrap, September 2, 2016

September 2, 2016 , 9:00 am

Insecure Redis Instances at Core of Attacks Against Linux Servers

September 1, 2016 , 1:08 pm

Dropbox Forces Password Reset for Older Users

August 29, 2016 , 9:58 am

Cisco Begins Patching Equation Group ASA Zero Day

August 24, 2016 , 5:53 pm

New Collision Attacks Against 3DES, Blowfish Allow for Cookie Decryption

August 24, 2016 , 8:00 am

Cisco Acknowledges ASA Zero Day Exposed by ShadowBrokers

August 17, 2016 , 4:06 pm

Pokémon GO Spam, Ransomware, On the Rise

August 17, 2016 , 12:58 pm

ProjectSauron APT On Par With Equation, Flame, Duqu

August 8, 2016 , 1:40 pm

Miller, Valasek Deliver Final Car Hacking Talk

August 4, 2016 , 3:26 pm

Researchers Go Inside a Business Email Compromise Scam

August 4, 2016 , 10:00 am

Export-Grade Crypto Patching Improves

August 3, 2016 , 10:00 am

Kaspersky Lab Launches Bug Bounty Program

August 2, 2016 , 9:00 am

Threatpost News Wrap, July 29, 2016

July 29, 2016 , 10:45 am

KeySniffer Vulnerability Opens Wireless Keyboards to Snooping

July 26, 2016 , 9:30 am

Upcoming Tor Design Battles Hidden Services Snooping

July 25, 2016 , 3:51 pm

EFF Files Lawsuit Challenging DMCA’s Restrictions on Security Researchers

July 21, 2016 , 1:18 pm

Oracle Patches Record 276 Vulnerabilities with July Critical Patch Update

July 20, 2016 , 9:21 am

Threatpost News Wrap, July 15, 2016

July 15, 2016 , 11:00 am

Academics Build Early-Warning Ransomware Detection System

July 14, 2016 , 1:05 pm

xDedic Hacked Server Market Resurfaces on Tor Domain

July 12, 2016 , 11:40 am

Conficker Used in New Wave of Hospital IoT Device Attacks

June 30, 2016 , 11:48 am

655,000 Healthcare Records Being Sold on Dark Web

June 28, 2016 , 10:00 am

Windows Zero Day Selling for $ 90,000

May 31, 2016 , 5:44 pm

Millions of Stolen MySpace, Tumblr Credentials Being Sold Online

May 31, 2016 , 1:37 pm

OTR Protocol Patched Against Remote Code Execution Flaw

March 10, 2016 , 10:23 am

Serious Dirty Cow Linux Vulnerability Under Attack

October 21, 2016 , 11:21 am

Facebook Debuts Open Source Detection Tool for Windows

September 27, 2016 , 12:24 pm

Popular Android App Leaks Microsoft Exchange User Credentials

October 14, 2016 , 8:00 am

Cisco Warns of Critical Flaws in Nexus Switches

October 7, 2016 , 10:55 am

Free Tool Protects Mac Users from Webcam Surveillance

October 7, 2016 , 7:00 am


Threatpost | The first stop for security news

blog-gfi-oneconnect-beta_sqEnsuring safe and continuous delivery of business emails is one of IT department’s top priorities. Today we’re presenting GFI OneConnect Beta, a solution delivering a more secure and reliable email service for businesses of all sizes.

In a continuous effort to deliver new and innovative solutions to the market and our customers, GFI Software’s engineering team has developed a new product, named GFI OneConnect. For more details on this product and its beta version that just became available, we’ve spoken with Joe Kern, Director of Product Integration at GFI Software.

TalkTechToMe: Can you explain what is GFI OneConnect?

Joe Kern: To describe it briefly, GFI OneConnect is our newest cloud-based email security and continuity platform, a solution built to help IT admins in protecting their infrastructure from spam, viruses, malware threats, and email service outages.

TTTM: What are the key features that GFI OneConnect brings?

blog-joe-kern-gfiJoe: We used our expertise and experience in building on-premise and cloud software to create a hybrid solution, that would protect and ensure high availability of one of the most important business services of today – email.

With two anti-virus engines and lots of advanced spam detection mechanisms, our new solution filters out spam and stops virus threats coming through emails. And in case the company on-premise Exchange Server is down, GFI OneConnect takes over the delivery of emails, so no important messages get lost and business continuity is ensured.

By using our email protection, continuity and disaster recovery solution, IT professionals are delivering a definitive value to companies, and we expect this to be the main benefit which will attract IT admins and business owners in using GFI OneConnect.

blog-gfi-oneconnect-beta-screenshot-1

TTTM: So how does exactly GFI OneConnect work?

Joe: To begin using it, you need to install the GFI OneConnect Server on a Windows Server, whether physical or virtualized, located in your local infrastructure, and setup the connection between the GFI OneConnect Server and your Exchange Server, on one side, and the GFI OneConnect Data Center, on the other side.

After the initial configuration, all your emails are being routed through GFI OneConnect. The solution uses two AV engines, ClamAV and Kaspersky, to search all incoming messages for viruses and other malware threats, such as ransomware, before sending them through to the Exchange Server for further distribution to users. GFI OneConnect also uses RBL’s Bayesian analysis, SPF and other advanced technologies to filter out up to 99% of spam messages before they even come to inboxes of users.

And on top of this, if for any reason your on-premise Exchange Server goes down, you can turn on the Continuity mode with a click of a button, and GFI OneConnect will send and receive all emails until you restore availability of your existing email server. Once your Exchange Server is back on, all sent and received emails will be synced, and end users won’t experience any email downtime or lost messages.

blog-gfi-oneconnect-components-ports

TTTM: Since it is still in beta phase, when can we expect the final version of GFI OneConnect?

Joe: We have launched this public beta so that our customers can evaluate it and see for themselves that we’ve created a powerful and versatile product which brings a very specific value to them. We expect the final version to become available in early 2017, when we will announce all product details, including pricing. The product will be available as service, and we plan to add an archiving feature in future releases.

Since this is a Beta release, we expect that users may encounter bugs or missing features, so we would be very thankful for any user insights or reports on bugs. To report any issues you’ve noticed while using GFI OneConnect Beta, we kindly ask users to file a bug report at http://feedback.gfi.com so we can look into it before the final release.

– – –

So, it seems like the best is yet to come, but in the meantime, if you’re interested in the features and benefits that GFI OneConnect has to offer, you can find more information about the product and download and install a fully functional 30-day trial of the beta version at www.gfi.com/oneconnect

You may also like:

  • Great improvements for even greater GFI Support
  • GFI Prime Brings More Value to Customers by Providing Additional…
  • Introducing GFI LanGuard 12 – now with a web-based reporting…


GFI Blog

OPISLike it or loathe it, email is here to stay. Despite the ubiquity of file sharing services like OneDrive and Google Docs, email remains a fast and convenient way for users to review, communicate and collaborate. Almost 25 years since the first email attachment was sent, businesses around the globe remain heavily dependent on using email to send their files. Indeed, according to research firm Radicati, business emails are set to reach 116.4 billion a day before the end of 2016.

It’s no wonder then, that email represents a major security threat vector. Because, as long as organisations use email to send and receive files, malicious email attachments will continue to plague corporate inboxes. Cyber criminals have consistently proved adept at exploiting the ‘click first, think second’ behaviours of email-users, which have the potential to open the door to malware, or unintentionally expose the business to data loss.

Protecting the enterprise against such vulnerabilities is no easy task. Email threats aimed at exploiting risky user behaviours have evolved into highly sophisticated phishing and spam campaigns, targeted zero-hour attacks and data theft initiatives. But with 91% of hacks starting with a targeted email attack, organisations need to be certain that the actions they take will truly protect their users, data and assets.

Unfortunately, standard anti-virus (AV) software can only go so far, as a recent incident graphically illustrates. In August, a public domain AV signature provider wrongfully categorised all Microsoft .doc files as a virus. This led to a large number of legitimate Microsoft Word documents being blocked from transmission when they encountered an AV layer.

In order to maintain an acceptable balance between user productivity and user safety, many vendors took the decision to disable the piece of AV technology that was blocking documents affected by these false positives. This meant that documents could be transmitted to their intended recipients, where an AV system would have, in theory, defended users from malicious attachments.

It wasn’t long before cyber criminals picked up on this enticing opportunity and began creating malware files whose signatures changed and morphed in order to evade signature-based AV solutions. This resulted in surge in the number of .doc files being transmitted over email – at which time our security analytics found that approximately 80% of the files were malicious.

It’s a sobering example of how criminals are constantly monitoring the security industry in an effort to find vulnerabilities and opportunities to exploit – in this case, the reduced security for .doc attachments. It also highlights why organisations need to use multiple layers of protection. Because in this case, the false positives ‘loophole’ meant there was a greater need for non-signature based defences.

Protecting the organisation against email-enabled attacks is no easy task when users across the enterprise are opening up hundreds of emails every day. But with hackers constantly on the look out for ways of working around signature-based technologies, businesses need to ensure their email security is one step ahead.

That means adopting multi-layered threat protection and prevention technologies alongside ‘good hygiene’ employee training and email best practices:

1. Advanced detection and intrusion prevention

Sandboxing is a valuable technical control that delivers a powerful line of defence. Scanning emails at the endpoint is a good start, but attachments should be scanned again before opening so that the files and URLs can be analysed. Ideally, all incoming mail should be automatically scanned in real-time, with any suspicious attachments being forwarded to a cloud-based sandbox environment where they can be executed and thoroughly analysed to identify potentially suspicious and malicious behaviour. This guarantees that even sophisticated pieces of malware can do no harm to digital assets, as only safe files will be forwarded to users.

2. Monitor unusual spikes in file transmissions

Minimising the fallout of a potential malware attack is a priority. That means gaining full visibility of any identified malware activity, so that infected users can be automatically quarantined to prevent malware from spreading within the network, or creating unwanted communications to the outside world.

3. End user education

Representing the enterprise’s first line of defence, the workforce needs to be educated about their responsibilities when it comes to protecting customer and colleague data. Often viewed by security experts as the weakest link, employees are a target for hackers who know there are specific times when people are most susceptible to attack – at the start or end of the day, when the pressure is on to ‘get out the door’ or ‘get stuff done’ – and will send out bursts early in the morning and late in the afternoon.

For this reason, training needs to be an ongoing endeavour during which staff members are trained on how to spot a suspicious email and what to do if they receive one. This isn’t a once a year task – employees need to be regularly updated with the latest threats and approaches used by cyber criminals.

4. Stay on top of version control

Installing the latest versions of operating systems, applications and email platforms should be an essential good housekeeping practice, as vendors regularly release security patches that can help reduce exposure to some attacks.

5. Limit user access to critical IT systems

More often than not, user devices and business-critical databases are located within the same internal network. This means that infected devices could potentially going about their malicious ways while remaining undetected for a long time. Segmentation is a very effective way for businesses to detect malicious activity and contain the fall out of any attack. Data leakage prevention starts with inhibiting data collection.

Dealing with today’s modern and persistent email threats means reliance on antivirus protection or existing intrusion prevention systems is no longer enough. Today’s enterprise needs advanced threat detection technologies that not only detect targeted attacks, but provide sophisticated technical controls to detect and extract malware before it enters the organisation. Whether an organisation operates a cloud or on-premises email platform, email security is a multi-layered affair that involves taking a holistic approach to educating and protecting users and ensuring the enterprise network is constantly monitored and safe.


Help Net Security

The volume of spam email has increased significantly this year, being comparable to record levels observed in 2010. Researchers from Cisco Talos believe the increase has been driven mainly from increased activity of the Necurs botnet.

Over the past five years, spam volumes have been relatively low compared to 2010, when they reached an all-time high. However, it appears that this lull might have ended this year, as spam is on the rise once again. Citing data from the Composite Block List (CBL), Cisco Talos researchers note that 2016’s spam volumes are nearly as high as they were back in mid-2010.

Furthermore, the overall size of the SpamCop Block List (SCBL) over the past year shows a spike of more than 450,000 IP addresses in August 2016, although the SCBL size was under 200,000 IPs last year, Cisco says.

The surge in spam email volumes this year, researchers explain, can only mean that dedicated botnets have increased their activity. However, anti-spam systems can usually catch spam campaigns fast because botnets are using a non-targeted/shotgun approach. Even so, researchers say, attacks cannot be predicted before they start.

Responsible for this year’s spike in spam campaigns, Cisco says, might be the Necurs botnet, which was associated only several months ago with the Locky ransomware and the Dridex Trojan. When Necurs suffered an outage in June, Locky and Dridex infections came to a relative stop, but the ransomware returned with a vengeance when the botnet was restored three weeks later.

Both Necurs’ outage and the lack of activity behind Dridex and Locky were supposedly connected to the arrests in Russia related to the Lurk Trojan, which Cisco now confirms. Necurs was only one of the major threats to be silenced following said arrests, but its return also marked a major change in behavior, Cisco says.

“And not only had Necurs returned, but it switched from sending largely Russian dating and stock pump-n-dump spam, to sending malicious attachment-based spam. This was the first time we'd seen Necurs send attachments,” the security researchers say.

Also associated with the Lurk gang, the Angler exploit kit disappeared in June, taking EK traffic down along with it, which has determined threat actors to find new means to deliver their malicious payloads, and spam botnets appear to have become their main choice. Although new anti-spam technologies and high-profile takedowns of spam-related botnets have diminished spam volumes over time, it appears that this attack technique is once again popular among cybercriminals.

According to Cisco, Necurs remains a highly active spam botnet mainly because its operators have found an ingenious method to continue using infected hosts for many years. For that, they only send spam from a subset of infected machines, and then stop using these hosts for several weeks, to draw attention away from them and to trick security personnel into believing that the host has been cleaned.

“Many of the host IPs sending Necurs' spam have been infected for more than two years. To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions. An infected host might be used for two to three days, and then sometimes not again for two to three weeks,” researchers say. “At Talos, we see this pattern over, and over again for many Necurs-affiliated IPs.”

And because spammers have only a small window of opportunity between the start of a campaign until anti-spam systems are deployed, they try to send as much email as possible to ensure that they can successfully land malicious email into their victims' inboxes.

“Unfortunately there is no silver bullet to defending against a spam campaign. Organizations are encouraged to build a layered set of defenses to maximize the chances of detecting and blocking such an attack. Of course, whenever ransomware is involved, offline backups can be critical to an organization's survival. Restoration plans need to be regularly reviewed and tested to ensure no mistakes have been made and that items have not been overlooked. Lastly, reach out to your users and be sure they understand that strange attachments are never to be trusted,” Cisco says.

view counter

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire:

Tags:


SecurityWeek RSS Feed

blog_email_send_blacklist_SQ

Email is one of the most efficient ways to keep in touch with your existing or perspective customers. But only if you use it properly.

Has this ever happened to you: your phone rings, and it’s one of your executives screaming because a mail he or she sent to a customer bounced back with a Non-Delivery Report, the dreaded NDR? Just as you hang up your phone rings again about another NDR, and your cell phone beeps a text message from your monitoring system notifying that your outbound mail queue is starting to back up, and before you know it you’ve got a full-fledged disaster on your hands because no email is getting out. You do some digging and find out pretty quickly – you’ve been blacklisted. So what happened?

Well if this was the mid 90’s, I’d say you had yourself on open relay on your hands, and got added to one or more of the blacklists that track those things. But you know better than that, and so that leaves your marketing department. Maybe they set up a script using blat to crank out thousands of emails to a mailing list they found/created. Or perhaps they purchased an application and are running it on their desktop to do similar things. Or they could have simply started cranking out bulk volumes of email with Word and Outlook because you don’t have restrictions on send rates.

Whatever the reason, the road to heck is paved with good intentions, and when someone tries to do IT without IT’s involvement, bad things can happen. You get the mess cleaned up, finally figure out how to get yourself delisted, and speak harshly to the marketing team about never doing it again. That’s when they look at you and say “But we have to send out these emails. How do we do it?”

Commercial remailer services are the way to go here. There are several on the market that offer remailing services to send out newsletters, advertising, notifications, or pretty much any other bulk emailing need you may have, and there are multiple advantages to using these.

Bulk emailing uses a lot of bandwidth, especially when attachments are included. It can use even more with replies, NDRs, unsubscribe requests, and more. If a third-party service is sending email for you, then they are using their bandwidth and can deal with all the responses, provided that you are using a subdomain instead of your primary domain. In other words, if you are @example.com, ensure that mail is send by [email protected] and either delegate that domain to them for management, or ensure your MX for that domain resolves to their systems, not yours.

You will still find some recipients that will blacklist the sending system. When that is a subdomain instead of your primary domain, and the IP’s blocked are the third party mailer’s and not yours, you can avoid all the legitimate mail being sent by your users being blocked.

Anyone sending bulk email needs to have an unsubscribe method and honor requests for removal. That can be a lot of work, so third party mailing services have this down to a science, with automatic processing. That’s much easier than doing it by hand, can be done instantly, and will go a long way to keeping your customers’ good will towards you.

What do you need to do in order to start using a third party service? There is a great blog post over at Zapier.com titled Transactional Email: The 7 Best Services to Send 1000s of Emails Daily that lists, well, the seven best services to send bulk email.

Check out that list for links to the top services, and keep in mind there are others out there too that you may want to investigate. Keep the costs in mind and speak to your colleagues from marketing, but also keep your eye out on the following features:

  • Will they send from a subdomain?
  • Will they manage DNS for that subdomain, or let you, as you prefer?
  • Do they support DKIM and DMARC?
  • Do they handle replies as well?

You want to minimize the likelihood that your business email system is going to suffer any backlash from sending outbound mails in volume through a service, and you also want to ensure that the mails, while bulk, do adhere to best practices for bulk email, and that you map them into your SPF or other DNS records so that they are not flagged for spoofing.

So if you have a need for sending bulk email, check out one of the services listed in the post linked above, and ensure you set things up on your end as well. That way, marketing can do what they need, you don’t get angry phone calls, and your company email keeps flowing.

You may also like:

  • What the Future Brings for Emails in SMBs
  • Hacked by a purchase order. How it can happen.
  • Time to start thinking of the Exchange 2007 EOL


GFI Blog

Wikileaks is hosting 324 confirmed instances of malware among its caches of dumped emails, a top Bulgarian anti-malware veteran says.

Random checks of reported malware hashes find the trojans are flagged as malware by Virus Total's static analysis checks.

Much of the malware appear to be attachments emailed by black hats in a bid to compromise the various parties affected in the Wikileaks dumps.

Dr Vesselin Bontchev (@bontchev) says the instances of malware are only those confirmed and found in an initial search effort.

Dr Bontchev, an anti-virus researcher of nearly 30 years and former founder of the National Laboratory of Computer Virology in Bulgaria, said there were "no doubts" that the malware hosted on Wikileaks was indeed malware.

"The list is by no means exhaustive; I am just starting with the analysis," Bontchev says.

"But what is listed below is definitely malware; no doubts about it."

The document dumpster uploads attachments for the emails it releases but offers no warning about the security implications of downloading macro-enabled documents, executables, and other potentially malicious files.

A feasibly simple anti-virus check would have cleared a lot if not all of the attachment malware given the huge 80 to 100 percent hit rate Virus Total returned when testing files selected randomly from Dr Bontchev's list. ®

Sponsored: 2016 Cyberthreat defense report


The Register - Security

Oracle Patches Record 276 Vulnerabilities with July Critical Patch Update

July 20, 2016 , 9:21 am

Latest Windows UAC Bypass Permits Code Execution

August 15, 2016 , 3:35 pm

ProjectSauron APT On Par With Equation, Flame, Duqu

August 8, 2016 , 1:40 pm

Miller, Valasek Deliver Final Car Hacking Talk

August 4, 2016 , 3:26 pm

Researchers Go Inside a Business Email Compromise Scam

August 4, 2016 , 10:00 am

Export-Grade Crypto Patching Improves

August 3, 2016 , 10:00 am

Kaspersky Lab Launches Bug Bounty Program

August 2, 2016 , 9:00 am

Threatpost News Wrap, July 29, 2016

July 29, 2016 , 10:45 am

KeySniffer Vulnerability Opens Wireless Keyboards to Snooping

July 26, 2016 , 9:30 am

Upcoming Tor Design Battles Hidden Services Snooping

July 25, 2016 , 3:51 pm

EFF Files Lawsuit Challenging DMCA’s Restrictions on Security Researchers

July 21, 2016 , 1:18 pm

Threatpost News Wrap, July 15, 2016

July 15, 2016 , 11:00 am

Academics Build Early-Warning Ransomware Detection System

July 14, 2016 , 1:05 pm

xDedic Hacked Server Market Resurfaces on Tor Domain

July 12, 2016 , 11:40 am

Conficker Used in New Wave of Hospital IoT Device Attacks

June 30, 2016 , 11:48 am

655,000 Healthcare Records Being Sold on Dark Web

June 28, 2016 , 10:00 am

Windows Zero Day Selling for $ 90,000

May 31, 2016 , 5:44 pm

Millions of Stolen MySpace, Tumblr Credentials Being Sold Online

May 31, 2016 , 1:37 pm

OTR Protocol Patched Against Remote Code Execution Flaw

March 10, 2016 , 10:23 am

Android KeyStore Encryption Scheme Broken, Researchers Say

July 7, 2016 , 11:52 am

Necurs Botnet is Back, Updated With Smarter Locky Variant

June 23, 2016 , 4:10 pm

Planes, Trains and Automobiles Increasingly in Cybercriminal’s Bullseye

June 29, 2016 , 8:19 am

WordPress Security Update Patches Two Dozen Flaws

June 23, 2016 , 8:00 am

Apple Leaves iOS 10 Beta Kernel Unencrypted: Pros and Cons

June 27, 2016 , 5:13 pm

Voter Database Leak Exposes 154 Million Sensitive Records

June 24, 2016 , 10:14 am

Popular Anime Site Infected, Redirecting to Exploit Kit, Ransomware

June 24, 2016 , 7:00 am


Threatpost | The first stop for security news

Original release date: August 01, 2016

The Australian Cyber Security Centre (ACSC) has published guidance to organizations on risks posed by malicious email. Systems infected through targeted email phishing campaigns act as an entry point for attackers to spread throughout an organization's entire enterprise, steal sensitive business or personal information, or disrupt business operations.

US-CERT encourages users and administrators to review the ACSC publication on Malicious Email Mitigation Strategies and US-CERT Alert TA15-213A for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No


US-CERT Current Activity