Lucene search
K

206 matches found

ThreatPost
ThreatPost
added 2021/01/29 9:54 p.m.47 views

Microsoft 365 Becomes Haven for BEC Innovation

Two fresh business email compromise BEC tactics have emerged onto the phishing scene, involving the manipulation of Microsoft 365 automated email responses in order to evade email security filters. In one case, scammers are targeting victims by redirecting legitimate out-of-office OOO replies fro...

7.8AI score
Exploits0References8
Malwarebytes
Malwarebytes
added 2021/01/25 1:12 p.m.65 views

A week in security (January 18 – January 24)

Last week on Malwarebytes Labs, we looked at changes to WhatsApp’s privacy policy, we provided information about Malwarebytes being targeted by the same threat actor that was implicated in the SolarWinds breach, we told the story of ZeroLogon, looked at the pros and cons of Zoom watermarking,...

7.2AI score
Exploits0
ThreatPost
ThreatPost
added 2021/01/21 3:2 p.m.53 views

Google Forms Set Baseline For Widespread BEC Attacks

A threat actor has been sending thousands of emails to organizations, in what researchers warn is a reconnaissance campaign to identify targets for a possible follow-up business-email-compromise BEC attack. So far, researchers have observed thousands of messages being sent to companies since...

0.5AI score
Exploits0References9
The Hacker News
The Hacker News
added 2020/11/26 6:17 a.m.49 views

Interpol Arrests 3 Nigerian BEC Scammers For Targeting Over 500,000 Entities

Three Nigerian citizens suspected of being members of an organized cybercrime group behind distributing malware, carrying out phishing campaigns, and extensive Business Email Compromise BEC scams have been arrested in the city of Lagos, Interpol reported yesterday. The investigation, dubbed...

1.5AI score
Exploits0
ThreatPost
ThreatPost
added 2020/11/25 5:5 p.m.56 views

Major BEC Phishing Ring Cracked Open with 3 Arrests

Three men suspected of participating in a massive business email compromise BEC ring have been arrested in Lagos, Nigeria. A joint INTERPOL, Group-IB and Nigeria Police Force cybercrime investigation resulted in the arrest of the Nigerian nationals, believed to be responsible for distributing...

Exploits0References7
Securelist
Securelist
added 2020/11/24 10:0 a.m.38 views

Lookalike domains and how to outfox them

Our colleagues already delved into how cybercriminals attack companies through compromised email addresses of employees, and how to protect against such attacks using SPF, DKIM and DMARC technologies. But despite the obvious pluses of these solutions, there is a way to bypass them that we want to...

7AI score
Exploits0
ThreatPost
ThreatPost
added 2020/11/20 8:56 p.m.54 views

Google Services Weaponized to Bypass Security in Phishing, BEC Campaigns

A spike in recent phishing and business email compromise BEC attacks can be traced back to criminals learning how to exploit Google Services, according to research from Armorblox. Social distancing has driven entire businesses into the arms of the Google ecosystem looking for a reliable, simple w...

7.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/10/30 8:8 p.m.38 views

Wisc. GOP's $2.3M MAGA Hat Debacle Showcases Fraud Concerns

The Wisconsin Republican party’s war chest is lighter by $2.3 million after scammers posing as MAGA-hat vendors were able to spoof invoices in what appears to be a basic business email compromise BEC attack. It’s just the latest in a litany of attacks related to the upcoming election, and it...

0.2AI score
Exploits0References13
ThreatPost
ThreatPost
added 2020/09/02 8:57 p.m.42 views

BEC Wire Transfers Average $80K Per Attack

The average wire-transfer loss from business email compromise BEC attacks is significantly on the rise: In the second quarter of 2020 the average was $80,183, up from $54,000 in the first quarter. That’s according to the recently released Anti-Phishing Working Group APWG’s Phishing Activity Trend...

Exploits0References8
FireEye
FireEye
added 2020/07/30 12:0 a.m.31 views

Obscured by Clouds: Insights into Office 365 Attacks and How Mandiant Managed Defense Investigates

With Business Email Compromises BECs showing no signs of slowing down, it is becoming increasingly important for security analysts to understand Office 365 O365 breaches and how to properly investigate them. This blog post is for those who have yet to dip their toes into the waters of an O365 BEC...

6.8AI score
Exploits0References12
ThreatPost
ThreatPost
added 2020/07/13 1:0 p.m.60 views

A 'New Age' of Sophisticated Business Email Compromise is Coming

A newly discovered, sophisticated threat group that targets organizations without DMARC implemented and relies on business email compromise is heralding what researchers call “a new age” of business email compromise. The group, called Cosmic Lynx, is the first reported Russian BEC cybercriminal...

6.7AI score
Exploits0References11
Schneier on Security
Schneier on Security
added 2020/07/10 11:12 a.m.29 views

Business Email Compromise (BEC) Criminal Ring

A criminal group called Cosmic Lynx seems to be based in Russia: Dubbed Cosmic Lynx, the group has carried out more than 200 BEC campaigns since July 2019, according to researchers from the email security firm Agari, particularly targeting senior executives at large organizations and corporations...

0.9AI score
Exploits0
ThreatPost
ThreatPost
added 2020/07/07 9:1 p.m.41 views

BEC Hotshot with Opulent Social Media Presence to Face U.S. Charges

A Dubai resident with an elaborate lifestyle that he touted on social media – think designer clothes, expensive watches, luxury cars and charter jets – has arrived in the United States to face criminal charges. He is charged with conspiring to engage in money laundering, as part of a business ema...

7AI score
Exploits0References7
HackRead
HackRead
added 2020/07/07 4:13 p.m.27 views

FBI arrests Famous Instagrammer Ray Hushpuppi over $125m BEC scam

By Deeba Ahmed Ray Hushpuppi also targeted the English Premier League soccer club... This is a post from HackRead.com Read the original post: FBI arrests Famous Instagrammer Ray Hushpuppi over $125m BEC scam...

0.6AI score
Exploits0
ThreatPost
ThreatPost
added 2020/07/07 11:0 a.m.56 views

First-Ever Russian BEC Gang, Cosmic Lynx, Uncovered

Researchers say they have discovered the first-ever reported Russian business email compromise BEC cybercriminal ring, showing that sophisticated attackers beyond the usual Nigerian scammers are setting their sights on the email-based attack vector. The BEC gang is called Cosmic Lynx, and has bee...

Exploits0References17
ThreatPost
ThreatPost
added 2020/07/06 2:7 p.m.42 views

Email Sender Identity is Key to Solving the Phishing Crisis

Email is in crisis. Despite massive advancements in perimeter and endpoint defenses, email remains a cybersecurity weak link for many companies. Why? Email is at the heart of everything we do online. It’s an essential line of communication for one-on-one and group conversations, both...

7.3AI score
Exploits0References6
ThreatPost
ThreatPost
added 2020/07/01 1:0 p.m.39 views

Email Sender Identity is Key to Solving the Phishing Crisis

Email is in crisis. Despite massive advancements in perimeter and endpoint defenses, email remains a cybersecurity weak link for many companies. Why? Email is at the heart of everything we do online. It’s an essential line of communication for one-on-one and group conversations, both...

7.3AI score
Exploits0References6
Openbugbounty
Openbugbounty
added 2020/06/25 11:57 a.m.8 views

bec-i.fr Open Redirect vulnerability OBB-1206561

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2020/06/17 9:30 a.m.60 views

LinkedIn 'Job Offers' Targeted Aerospace, Military Firms With Malware

Attackers are impersonating human resource employees from Collins Aerospace and General Dynamics in a spear-phishing campaign leveraging LinkedIn’s messaging service. Targets are sent phony job offers that include malicious documents designed to fetch data-exfiltrating malware. The spear-phishing...

8AI score
Exploits0References15
ThreatPost
ThreatPost
added 2020/06/05 5:37 p.m.137 views

Electrolux, Others Conned Out of Big Money by BEC Scammer

A 64-year-old business email compromise BEC guru has plead guilty in Houston to bilking appliance giant Electrolux and one other company out of a combined half a million dollars — in addition to other fraud schemes. Kenenty Hwan Kim a.k.a. Myung Kim admitted in federal court the Southern District...

0.2AI score
Exploits0References6
Rows per page
Query Builder