Email security

BleepingComputer reports that hacked Mailchimp, SendGrid, Mailgun, HubSpot, and Zoho accounts have been harnessed for the mass distribution of crypto seed phrase-containing emails aimed at compromising Coinbase and Ledger cryptocurrency wallets as part of the widespread PoisonSeed campaign, which has already impacted the Mailchimp account of Have I Been Pwned administrator Troy Hunt and certain Coinbase users last month.

Attackers can – and do – set up phony accounts to launch attacks – here’s how defenders should respond.

Google says it has created “an entirely new type of encryption” for Gmail.

While using DNX mail exchange to launch a phishing campaign is not new, experts say it’s potentially the first time it was automated at scale.

Massachusetts-based tech firm MORSE Corp, a U.S. defense contractor, has agreed to a $4.6 million settlement to resolve a lawsuit alleging its nonadherence to military contract cybersecurity requirements and submission of false claims for payment, reports The Register.

New tool can test millions of stolen credentials with minimal effort to run account takeovers.

The Register reports that data breach notification service Have I Been Pwned had nearly 16,000 records belonging to current and former Mailchimp mailing list subscribers stolen following a successful phishing attack against HIBP Administrator Troy Hunt.