Esvalabs Security Blog
We just discovered a new trick that is currently being used to slip malicious html files through email security solutions and, in some cases, through antivirus engines. The trick is quite simple: declaring an email entity as “application/html” instead of “text/html”. “application/html” is an invalid type and this allows it to slip through some checks. […]
I get it, you’re a hot shot Libraesva ESG admin who knows everything about the system, but even the best of us make mistakes and forget the basics, even me! In a recent certification course we held in the UK we discovered some fairly obvious shortcomings in basic configuration and management of the solution that […]
What makes a good archiving solution? Count 1 to 10: 1- No vendor lock-in Archiving email is a long term commitment, you need to think long term and make sure that you will be able, in 10 or 20 years from now, to autonomously, easily and reliably make use of your email archive. If […]
Recent email phishing campaigns are using Google reCAPTCHA as part of their efforts to bypass click-time protection sandboxing, requiring user interaction before delivering the actual contents of the phishing page. We have seen two different instances of such campaigns, both are targeting Office 365 users in order to collect their credentials. Implementation details suggest that […]