Ping - A Firewalls.com Podcast

You've Got Email...Security Vulnerabilities

April 28, 2021 Firewalls.com/Ax Sharma Season 1 Episode 44
Ping - A Firewalls.com Podcast
You've Got Email...Security Vulnerabilities
Chapters
Ping - A Firewalls.com Podcast
You've Got Email...Security Vulnerabilities
Apr 28, 2021 Season 1 Episode 44
Firewalls.com/Ax Sharma

While HTML email is nothing new, a recently discovered trick means a pretty wide open security flaw has been there all along, too. Security researcher, engineer, & tech columnist Ax Sharma joins us to explain how just a bit of code in the wrong hands can manipulate the "external sender" warning on your organization's emails - to either remove it altogether or change it to trick unsuspecting users into malicious clicks. Ax also tells us what solutions are out there to cut your risk. See the full story:

Attackers can hide 'external sender' email warnings with HTML and CSS

Plus, we dive deeper into the story of Facebook and the 533 million users whose data was exposed. Ax discusses the difference between a breach and data scraping, how social media users should protect their privacy, and Facebook's responsibility in this incident.

In headlines, we talk about a ransomware attack targeting a major police department, another update on SolarWinds & Russia's role, and we hear more about the current state of the ransomware threat.

See the stories:

Hackers threaten to release DC police data in apparent ransomware attack

https://www.theverge.com/2021/4/27/22405339/washington-dc-police-hack-data-department-ransomeware-babuk

Report: Russia 'likely' kept access to US networks after SolarWinds hack

https://www.engadget.com/russia-us-network-access-after-solarwinds-hack-192305973.html

Ransomware extortion demands are growing, and so is the downtime caused by attacks

https://www.zdnet.com/article/ransomware-extortion-demands-are-growing-and-so-is-the-downtime-caused-by-attacks/

Ransomware: don’t expect a full recovery, however much you pay

https://nakedsecurity.sophos.com/2021/04/27/ransomware-dont-expect-a-full-recovery/

Get info on all things network security through our blog, https://firewalls.com/blog.

Please do rate and review us wherever you listen, and reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review or comment, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first.

Thanks for listening!

Show Notes

While HTML email is nothing new, a recently discovered trick means a pretty wide open security flaw has been there all along, too. Security researcher, engineer, & tech columnist Ax Sharma joins us to explain how just a bit of code in the wrong hands can manipulate the "external sender" warning on your organization's emails - to either remove it altogether or change it to trick unsuspecting users into malicious clicks. Ax also tells us what solutions are out there to cut your risk. See the full story:

Attackers can hide 'external sender' email warnings with HTML and CSS

Plus, we dive deeper into the story of Facebook and the 533 million users whose data was exposed. Ax discusses the difference between a breach and data scraping, how social media users should protect their privacy, and Facebook's responsibility in this incident.

In headlines, we talk about a ransomware attack targeting a major police department, another update on SolarWinds & Russia's role, and we hear more about the current state of the ransomware threat.

See the stories:

Hackers threaten to release DC police data in apparent ransomware attack

https://www.theverge.com/2021/4/27/22405339/washington-dc-police-hack-data-department-ransomeware-babuk

Report: Russia 'likely' kept access to US networks after SolarWinds hack

https://www.engadget.com/russia-us-network-access-after-solarwinds-hack-192305973.html

Ransomware extortion demands are growing, and so is the downtime caused by attacks

https://www.zdnet.com/article/ransomware-extortion-demands-are-growing-and-so-is-the-downtime-caused-by-attacks/

Ransomware: don’t expect a full recovery, however much you pay

https://nakedsecurity.sophos.com/2021/04/27/ransomware-dont-expect-a-full-recovery/

Get info on all things network security through our blog, https://firewalls.com/blog.

Please do rate and review us wherever you listen, and reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review or comment, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first.

Thanks for listening!