The United States Patent and Trademark Office has issued Iconix's twelfth patent titled "E-Mail Message Authentication Extending Standards Compliant Techniques." The abstract for U.S. Patent 10,77,397, dated April 30, 2019, states: "A system and method for e-mail authentication. The method includes aggregating a plurality of headers associated with an e-mail message and transmitting the aggregated plurality of headers to a validation service. A validation response is then received from the validation service. The e-mail is authenticated based on the validation response."
The United States Patent and Trademark Office has issued Iconix's eleventh patent titled "Techniques for integrating external content from advertising services into client applications." The abstract for U.S. Patent 10,248,958, dated April 2, 2019, states: "Techniques for integrating advertising content into client applications are presented. Events occurring within client applications are monitored and when a predefined event is encountered and external advertising service is consulted for acquiring external content. The external content is then integrated into one or more portions of presentations associated with the client applications."
On March 24, 2019, Attorney General Barr released his summary of the Mueller Report. While there has been a lot of coverage of the report, this passage about Russian interference has received little attention in the media: The second element involved the Russian government's efforts to conduct computer hacking operations designed to gather and disseminate information to influence the election. The Special Counsel found that Russian government actors successfully hacked into computers and obtained emails from persons affiliated with the Clinton campaign and Democratic Party organizations, and publicly disseminated those materials through various intermediaries, including WikiLeaks. Based on these activities, [...]
Federal authorities have brought civil and criminal actions related to a cyberattack on the Securities and Exchange Commission. The Washington Post reports: [T]he Securities and Exchange Commission alleged that the defendants launched a sophisticated cyberattack against the agency starting in 2016. Once they penetrated the SEC’s system, the hackers stole thousands of documents with sensitive, confidential information about corporations' financial conditions. They used that information to make a profit from illegal trading, prosecutors said. The indictment provides the details on what a sophisticated cyberattack includes: 7. It was further part of the conspiracy that the defendants and others employed phishing [...]
Yesterday the U.S. Department of Justice unsealed the indictment of two Chinese government hackers. The Justice Department said, Through their involvement with the APT10 Group, from at least in or about 2006 up to and including in or about 2018, Zhu and Zhang conducted global campaigns of computer intrusions targeting, among other data, intellectual property and confidential business and technological information at managed service providers (MSPs), which are companies that remotely manage the information technology infrastructure of businesses and governments around the world, more than 45 technology companies in at least a dozen U.S. states, and U.S. government agencies. The [...]
The United States Patent and Trademark Office has issued Iconix's tenth patent titled "Authenticating and Confidence Marking E-Mail Messages." The abstract for U.S. Patent 10,110,530, dated October 23, 2018, states: "Methods and systems for authenticating and confidence marking e-mail messages are described. One embodiment describes a method of authenticating an e-mail message. This method involves extracting a plurality of e-mail headers associated with the e-mail message, and identifying a sending edge mail transfer agent (MTA). The method then calls for determining if the sending edge MTA is authorized to send the e-mail message."
In a new findings from the University of Maryland, Baltimore County (UMBC), researchers came to a startling conclusion: Contrary to our expectations, we observed greater user susceptibility with greater phishing knowledge and awareness. We have no convincing explanation for this finding, and we do not know if it is reproducible. Nevertheless, we consider two speculations. First, it is possible that the act of falling for the phishing scheme might have increased the user’s awareness about phishing. In hindsight, it might have been wiser to have asked in the post-event survey what was the level of phishing awareness the user had [...]
On October 30, 2018, the U.S. Justice Department announced the indictment of Chinese intelligence officers and their hackers for allegedly stealing U.S. aviation and technical data. For over five years the Chinese are alleged to have stolen important aviation technology by using unauthorized access to computer systems. How did they do it? An important tool of choice was spearphishing. In order to enhance the deceptive power of their evil emails, they used Doppelganger Domain Names. According to the indictment: Doppelganger Domain Names, the creation and use of domain names that closely resemble legitimate domain names to trick unwitting' recipients of [...]
What can a threat actor do with a compromised email account? They can steal a lot of money! Yahoo!News provides the details of a clever email scam involving real estate. The threat actors used their access to a compromised real estate settlement company email account to send fraudulent payment instructions to the buyers. Instead of wiring the money to the account of the settlement company, the recipients of the fraudulent email sent the money to the criminals. This is just one class of Business Email Compromise, a crime in which compromised email is used to steal money. The latest FBI Internet [...]
In a recent article entitled Phishing Is the Internet’s Most Successful Con, the Atlantic observes: Phishing doesn’t attack computers. It attacks the people using computers. The Sting - The Art of the Con Cormac Herley, a principal researcher at Microsoft Research, observes in the article: Many security-professional and media recommendations exhort eternal vigilance, paying attention to every detail. This is terrible advice. I’m a professional with years of experience in this space and I don’t bother to inspect my emails or carefully read all my URLs: I have things to do. As a strategy for the constant level of [...]