U.S. universities at risk of back-to-school and Covid-19 email fraud
The top 20 universities based in the U.S. are failing to implement proper DMARC protections and policies, opening the door for fraudsters to spoof their email domains and convincingly impersonate them at a time when students are likely expecting to receive a wealth digital communications related to back-to-school instructions, researchers warn.
Why Trump’s administration is going after the GDPR
U.S. officials are ramping up criticism of Europe’s flagship privacy law, which they say protects cybercriminals.
M3AAWG issues email authentication advice for security pros
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) has put out a joint call-to-action with Google and Verizon for the security industry to take more proactive measures to authenticate and secure their sending domains and email addresses by deploying email authentication at scale.
Firms Unite To Fight COVID-19 Spam
A group of major firms, including Google, Verizon and Comcast, has formed an initiative to fight COVID-19-related spam.
Google Warns of Emerging #COVID19 Cyber-Threat Hotspots
Google has warned of a rise in COVID-19 threats in specific parts of the world, as cyber-criminals adapt their campaigns regionally.
Working Group Calls for Greater DMARC Support and Adoption
In an open statement shared with Infosecurity, the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) made a call for further steps to be taken to “authenticate and secure sending domains and email addresses by deploying email authentication at scale and at enforcement.”
Should you deploy a TLS 1.3 middlebox?
To inspect or not to inspect, that is the question.
TLS 1.3 is by far the most secure version of the Transport Layer Security (TLS) protocol, but its use of ephemeral elliptic curve keys--and the deprecation of static RSA keys--means that TLS sessions now offer forward secrecy, a bane to enterprise security administrators who want to maintain visibility into their network traffic.
M3AAWG's 49th General Meeting Goes Virtual to Continue the Fight Against Online Abuse
200-member strong Messaging, Malware and Mobile Anti-Abuse Working Group gathers to discuss online security and privacy best-practices in the wake of attacks taking advantage of COVID-19
Think Before You Click. How to Protect Your Small Business From Malicious COVID-19 Email
The latest hook? The pandemic. Since nearly every individual and organization is impacted by COVID-19, everyone is a potential target for these cyberattacks, especially those without cybersecurity experience, namely small businesses.
WHY CAMPAIGNS NEED TO RETHINK HOW TO SECURE THEIR COMMUNICATIONS
Every campaign plan for this cycle has changed dramatically because of COVID. In-person activities are curtailed for the foreseeable future. In their place, candidates and groups are moving to virtual town halls, virtual rallies and relying more on texting, paid media and email.
MarTech Interview with Len Shneyder, VP of Industry Relations at Twilio SendGrid
Domain-based Message Authentication, and Reporting, and Conformance is a policy that adds to SPF and DKIM and gives a receiving set of instructions on what they should do when an email they received fails other authentication checks.
https://martechseries.com/mts-insights/interviews/len-shneyder-twilio-sendgrid/
AdExchanger Politics: Text Messaging Captures The Spotlight This Year
Text messaging isn’t new or trendy, but it’s an increasingly popular medium for political advertisers. That was true before the coronavirus swept the country, and now texting is even more important for candidates to connect with supporters without rallies, events or canvassing teams.
https://www.adexchanger.com/politics/adexchanger-politics-text-messaging-captures-the-spotlight-this-year/
How close are we to breaking encryption with quantum computing?
https://www.idginsiderpro.com/article/3532897/how-close-are-we-to-breaking-encryption-with-quantum-computing.html
Not as close as you might fear, but quantum encryption cracking is on its way. So, it's time to start getting ready for it
What Wisconsin Democrats learned from the spring election
https://www.politico.com/newsletters/morning-score/2020/04/23/what-wisconsin-democrats-learned-from-the-spring-election-787087
What lessons did you learn from the election? How will they apply ahead of November? [Absentee voting] went from five to 71 percent. It is totally amazing. Wisconsin, Michigan, Pennsylvania, North Carolina, Arizona and Florida all have no-excuse absentee voting.
Support of DANE and DNSSEC in Office 365 Exchange Online
Microsoft has been working closely with partners through the industry association M3AAWG to solve such limitations throughout the email ecosystem. As a result, we have decided to build and add support for DNSSEC and DANE for SMTP to Exchange Online.
Interview: Len Shneyder, Co-Chair, Election Security Working Group, M3AAWG
Len Shneyder is co-chair of the election security working group at the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) where industry comes together to work against botnets, malware, spam, viruses, DoS attacks and other online exploitation to fight online abuse.
Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) Celebrates Jerry Upton's 15 Years as Executive Director at the 48th General Meeting
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), the largest global industry consortium developing collaborative approaches to combat online abuse, today announced that Jerry Upton will retire from his role as M3AAWG's Executive Director after 15 years of service. He will be succeeded by Amy Cadagin.
Efforts Ramp Up to Strengthen Wanted Campaign Communications
https://www.twilio.com/blog/election-security-m3aawg-ctia
Election security means different things to different people. Cyber security personnel may think of election security as locking down access to voting machines. Other experts in the field may focus their attention on securing systems that are critical to the day to day operations of organizing elections, such as email and other communication channels, as a means of shrinking the attack surface of our elections. Whatever the focus, one thing rings absolutely true: maintaining free, fair and credible elections in democracies around the world is absolutely key to ensuring the survival of those democracies.
CAMPAIGNS STRUGGLING WITH CYBERSECURITY HAVE NEW PLACES TO START
Practitioners could develop ostrich syndrome when it comes to cybersecurity. With the drumbeat of concern growing louder, taking the first steps to reduce a campaign or group’s exposure can feel daunting.
At least that’s the concern of Seth Blank, who works on election security for the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG).
With email security, some things can't be outsourced
https://www.csoonline.com/article/3516548/with-email-security-some-things-cant-be-outsourced.html
You can outsource your email, but a good chunk of securing that email remains in-house. Here's what you need to know.