Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
The Return of Email Flooding
Newest First  |  Oldest First  |  Threaded View
BigIng123
50%
50%
BigIng123,
User Rank: Apprentice
10/19/2020 | 4:26:30 PM
Long-lasting disease
It doesn't really matter how old is that disease, it seems to never end. Anyway, there's a kind of way out for that https://utopia.fans/security/email-bomb-how-to-hide-from-attack/ Following these rules, you'll lower the risk of getting to email bombing. But I also believe it depends on the email provider you use.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2018 | 1:20:34 PM
motivations
Hactivists and fraudsters may have very different motivations for launching email flooding attacks, but the outcomes for those on the receiving end are all damaging to finances, reputation, and operations, or a combination thereof. Or just for the fun of it. They do it because nothing else better to do.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2018 | 1:19:13 PM
Cost
With all types of phishing attacks increasing in frequency and sophistication, many organizations are hardening their email security posture at both the server and the mailbox. This will certainly increase TCO, maybe best to go with third party systems such as g-suite or O365.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2018 | 1:17:38 PM
Business
In addition to hacktivism, email flooding is now being used as a smokescreen for more dangerous phishing techniques such as business email compromise, spearphishing and malware. I guess they are mainly after business emails so they can do physhing attack to business network.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2018 | 1:16:09 PM
legitimate
Symantec argues that such attacks are almost impossible to prevent because they come from legitimate email accounts, and most major mail servers don't even pick them up in spam filters. The attacks can also be carried out We should be able to indentify if a legitimate email doing illegitimate things.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
11/29/2018 | 1:14:19 PM
Email flooding
Imagine your inbox receiving 15,000 messages over the course of just a few days This happens to me even when I just returned from 2-weeks vacation.


Look Beyond the 'Big 5' in Cyberattacks
Robert Lemos, Contributing Writer,  11/25/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-26250
PUBLISHED: 2020-12-01
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by ...
CVE-2020-28576
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information.
CVE-2020-28577
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names.
CVE-2020-28582
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents.
CVE-2020-28583
PUBLISHED: 2020-12-01
An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information.