Cloud Security Alliance News Clipping Site

Tag: business email compromise

  • The Register: Crook breaks into AI biz, points $250K wire payment at their own account

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/19/ilearningengines_bec_scam/ Source: The Register Title: Crook breaks into AI biz, points $250K wire payment at their own account Feedly Summary: Fastidious attacker then tidied up email trail behind them A Maryland AI company has confirmed to the Securities and Exchange Commission (SEC) that it lost $250,000 to a misdirected wire payment.… AI Summary…

  • METR Blog – METR: The Rogue Replication Threat Model

    by

    system automation
    in

    Source URL: https://metr.org/blog/2024-11-12-rogue-replication-threat-model/ Source: METR Blog – METR Title: The Rogue Replication Threat Model Feedly Summary: AI Summary and Description: Yes Summary: The text outlines the emerging threat of “rogue replicating agents” in the context of AI, focusing on their potential to autonomously replicate and adapt, which poses significant risks. The discussion centers on the…

  • CSA: Threat Report: BEC and VEC Attacks Surge

    by

    system automation
    in

    Source URL: https://abnormalsecurity.com/blog/bec-vec-attacks-continue Source: CSA Title: Threat Report: BEC and VEC Attacks Surge Feedly Summary: AI Summary and Description: Yes Summary: The text reveals the alarming rise of Business Email Compromise (BEC) and Vendor Email Compromise (VEC) attacks, emphasizing their sophistication and effectiveness against traditional security measures. It highlights the need for organizations to adopt…

  • The Register: Criminals open DocuSign’s Envelope API to make BEC special delivery

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/05/docusigns_envelope_bec/ Source: The Register Title: Criminals open DocuSign’s Envelope API to make BEC special delivery Feedly Summary: Why? Because that’s where the money is Business email compromise scammers are trying to up their success rate by using a DocuSign API.… AI Summary and Description: Yes Summary: The text discusses a rise in business…

  • Cisco Talos Blog: Talos IR trends Q3 2024: Identity-based operations loom large

    by

    system automation
    in

    Source URL: https://blog.talosintelligence.com/incident-response-trends-q3-2024/ Source: Cisco Talos Blog Title: Talos IR trends Q3 2024: Identity-based operations loom large Feedly Summary: Credential theft was the main goal in 25% of incidents last quarter, and new ransomware variants made their appearance – read more about the top trends, TTPs, and security weaknesses that facilitated adversary actions. AI Summary…

  • Microsoft Security Blog: File hosting services misused for identity phishing

    by

    system automation
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/ Source: Microsoft Security Blog Title: File hosting services misused for identity phishing Feedly Summary: Since mid-April 2024, Microsoft has observed an increase in defense evasion tactics used in campaigns abusing file hosting services like SharePoint, OneDrive, and Dropbox. These campaigns use sophisticated techniques to perform social engineering, evade detection, and compromise identities,…

  • CSA: Cybercriminals Exploit Docusign with Customizable Phishing Templates

    by

    system automation
    in

    Source URL: https://abnormalsecurity.com/blog/cybercriminals-exploit-docusign Source: CSA Title: Cybercriminals Exploit Docusign with Customizable Phishing Templates Feedly Summary: AI Summary and Description: Yes Summary: The text addresses the rising trend of phishing attacks targeting Docusign users, highlighting the techniques employed by cybercriminals and their motivations. It provides practical advice for security professionals and organizations to mitigate risks posed…