I published the following diary on isc.sans.edu: “Generating PCAP Files from YAML“: BEC or “Business Email Compromize” is a trending thread for a while. The idea is simple: a corporate mailbox (usually from a C-level member) is compromized to send legitimate emails to other employees or partners. That’s the very first st

Phishing has been around since email has existed. It is an ever-present cyberthreat, and one of the most dangerous. It is estimated that one in every 99 emails is a phishing attack, and that 30% of phishing emails manage to get around default protections. What’s more, over 92% of the malware in the world arrives via email. Apart from malware, phishing emails

Instagram announced the release of a new feature that’s designed to help its users identify phishing emails impersonating the social media platform.On October 7, Instagram tweeted out about the new capability and said that users can leverage it to verify whether an email claiming to originate from the social network is legitimate.Heads up: Today, we’re

The Methodist Hospitals, Inc. revealed that a phishing attack potentially affected the information of approximately 68,000 patients.According to its Notice of Data Incident, the non-profit healthcare system located in Gary, Indiana detected unusual activity involving an employee’s email account back in June 2019. The Methodist Hospitals (‘Methodi

Instagram accounts will always be a popular target for scammers. You might not think it’s a big deal if someone has their account swiped, but it’s often the vanguard of many online businesses. A takeover, or a deletion, can be absolutely devastating. Smart hacking crews are always in the background, waiting to see what they can get away with—and it’s not jus

Written and researched by Mark Bregman and Rindert Kramer Sending signed phishing emails Every organisation, whatever its size, will encounter phishing emails sooner or later. While the number of phishing attacks is increasing every day, the way in which phishing is used within a cyber-attack has not changed: an attacker comes up with a scenario which looks

A key theme of the recent Cybersecurity Nexus event in Washington, D.C. was the growing need for small and medium-sized businesses (SMBs) to adopt enterprise-like IT security best practices. In fact, SMBs might actually have an edge over the unrelenting competition they endure from larger enterprises because they are more proactive and nimbler in mitigating

Layered schemes are used in most information security strategies, and it is essential to establish a similar approach to protecting the organization from unwanted email. In fact, spam and phishing are some of the biggest problems IT security managers face today. According to LinkedIn’s “2017 Cybersecurity Trends Report,” phishing attacks ar

In today’s cybercrime landscape, threats come not only from all sides, but also from within. In its annual Threat Intelligence Index, IBM X-Force called 2016 the “year of the mega breach.” As threat actors become more sophisticated, enterprises must deal with outsiders who target corporate networks to steal product, client and customer data

A complex cybercrime spy ring has been revealed today. A China-based cyber gang is behind the effort. Countries targeted include Japan, UK, France and the United States. If you’re responsible for your company’s cyber security, chances are, someone in your office has probably already forwarded this story to you. The Telegraph is sharing a story

A man used a business email compromise (BEC) scam to defraud two internet companies based in the United States out of 100 million dollars.On 21 March, the FBI along with the U.S. Attorney’s Office for the Southern District of New York announced criminal charges against Evaldas Rimasauskas, 48, of Vilnius, Lithuania. Lithuanian authorities arrested Rimasauska

A university has expelled a student for hacking the email accounts of several professors in an attempt to improve their grades.Technion Institute of Technology, a public research institute based in Haifa, Israel, revealed the disciplinary actions it took against the student to Ynetnews:“We are taking this case very seriously, as it is very unusual. The stude

Police have charged Gordon Ramsay’s father-in-law and three of his family members with hacking the celebrity chef’s emails.On 21 February, the Metropolitan Police announced charges against Chris Hutcherson, 68, along with Adam Hutcheson, Orlanda Butland, and Chris Hutcheson, 37. The four individuals are accused of having violated the Criminal Law

A hacker has received nine months in prison for compromising hundreds of people’s accounts as part of the ‘Celebgate’ scandal.From 23 November 2013 through August 2014, Edward Majerczyk, 29, of Orland Park, Illinois orchestrated a phishing scheme that targeted 30 celebrities and 270 others. He sent each victim an email that directed them to

A malspam campaign is leveraging malicious Word document macros and .js files to infect Windows users with Sage 2.0 ransomware.On 20 January, SANS Internet Storm Center handler Brad Duncan looked into a malspam campaign that’s known to drop Cerber ransomware onto victims’ machines. This campaign sends out emails without any subject lines. The onl