< ciso
brief />
Tag Banner

All news with #business email compromise tag

118 articles · page 6 of 6

Varonis Interceptor: Multimodal AI Email Defense Platform

🛡️ Varonis introduces Interceptor, an AI-native email security solution that combines multimodal AI—visual, linguistic, and behavioral models—to detect advanced phishing, BEC, and social engineering. It augments or replaces API-based filters with a phishing sandbox that pre-analyzes newly registered domains and URLs and a lightweight browser extension for multichannel protection. Integrated with the Varonis Data Security Platform, Interceptor aims to reduce false positives, accelerate detection of zero-hour threats, and stop breaches earlier in the attack chain.
read more →

Microsoft: 'Payroll Pirates' Hijack HR SaaS Accounts

🔒 Microsoft warns that a financially motivated group tracked as Storm-2657 is hijacking employee accounts to redirect payroll by altering profiles in third-party HR SaaS platforms such as Workday. Attacks rely on AitM phishing, MFA gaps and SSO abuse rather than software vulnerabilities. Observed tactics include creating inbox rules to delete warning notifications and enrolling attacker-controlled phone numbers for persistent access. Microsoft reported compromises at multiple U.S. universities and recommends phishing-resistant, passwordless MFA such as FIDO2 keys, and reviews of MFA devices and mailbox rules to detect takeover.
read more →

Universities Targeted in 'Payroll Pirate' Workday Hijacks

🔐 Microsoft says the Storm-2657 gang has been targeting U.S. university HR employees since March 2025 in “payroll pirate” attacks that aim to hijack salary payments by compromising Workday accounts and Exchange Online mailboxes. Attackers use tailored phishing themes—campus illness, faculty misconduct, executive impersonation—and adversary‑in‑the‑middle (AITM) links to steal MFA codes and gain access. They then set inbox rules to hide warnings, adjust payroll SSO settings, and sometimes enroll attacker phone numbers as MFA devices; Microsoft urges deployment of phishing‑resistant MFA and offers investigative guidance.
read more →

Investigating Payroll Pirate Attacks on US Universities

🔍 Microsoft Threat Intelligence observed a financially motivated actor tracked as Storm-2657 conducting targeted 'payroll pirate' intrusions against US universities to divert salary payments. The actor used realistic phishing and adversary-in-the-middle (AiTM) links to harvest credentials and MFA codes, gained access to Exchange Online, abused SSO to reach Workday profiles, and created inbox rules to hide payroll notifications. Microsoft recommends adopting phishing-resistant, passwordless MFA and provides detections and remediation guidance.
read more →

Fraudulent Emails Imitating Airlines and Airports Sector

🛫 Kaspersky researchers uncovered a widespread email fraud campaign impersonating major airlines and airports to solicit advance refundable deposits. Attackers use convincing business-style messages, registration forms and NDAs rather than malware, then request several-thousand-dollar payments to secure partnership consideration. Recipients are urged to verify sender domains against official corporate contacts and treat any deposit request as a major red flag. Organizations should deploy strong email-gateway defenses and provide targeted security awareness training for finance, sales and procurement teams.
read more →

Solicitors urged to curb payment diversion fraud losses

🔒 The National Crime Agency and The Law Society have warned that UK house buyers faced average losses of £82,000 from payment diversion fraud over the past year. This form of payment diversion fraud (PDF) — a type of business email compromise — relies on hijacked or spoofed emails and lookalike domains to alter bank transfer instructions. The campaign urges solicitors and conveyancers to tighten checks and advises clients to verify bank details, use strong passwords, avoid public Wi‑Fi and transfer small initial amounts to confirm receipt.
read more →

Interpol-led Operation Seizes $439M From Cybercrime

🕵️‍♂️ In a five-month international campaign, Operation HAECHI VI led by Interpol and partner agencies recovered more than $439 million in cash and cryptocurrency tied to cyber-enabled financial crimes. Investigators from 40 countries across five continents targeted a broad range of scams — including voice phishing, investment fraud, BEC, sextortion and romance scams — freezing 400 crypto wallets and blocking over 68,000 bank accounts. The action included 45 arrests in Portugal and multimillion-dollar recoveries in Thailand, building on prior HAECHI phases that netted hundreds of millions and thousands of arrests.
read more →

GitHub notifications abused to impersonate Y Combinator

📩 Attackers abused GitHub's notification system to send fake Y Combinator W2026 invitations by creating issues and tagging users so the platform would deliver legitimate-looking emails. The lure promised participation in a purported $15 million funding program and linked to a typo-squatted domain. That site ran obfuscated JavaScript and presented an EIP-712-style wallet verification prompt that, when signed, authorized draining transactions.
read more →

US and UK Charge Two Suspects in Scattered Spider Attacks

🔒 US and UK authorities have charged two UK-based teenagers linked to the Scattered Spider cybercrime group in connection with multiple high-profile intrusions. Thalha Jubair, 19, and Owen Flowers, 18, face US and UK charges including conspiracy to commit computer fraud, wire fraud, money laundering and offences under the UK Computer Misuse Act. Authorities allege extensive social engineering, ransomware extortion and transfers of victim cryptocurrency, with investigators attributing at least $115m in ransom payments to the group. The arrests follow a multinational probe and earlier detentions of other alleged members.
read more →

CISOs Assess Practical Limits of AI for Security Ops

🤖 Security leaders report early wins from AI in detection, triage, and automation, but emphasize limits and oversight. Prioritizing high-value telemetry for real-time detection while moving lower-priority logs to data lakes improves signal-to-noise and shortens response times, according to Myke Lyons. Financial firms are experimenting with agentic AI to block business email compromise in real time, yet researchers and practitioners warn of missed detections and 'ghost alerts.' Organizations that treat AI as a copilot with governance, explainability, and institutional context see more reliable, safer outcomes.
read more →

Social-Engineered Help Desk Breach Costs Clorox $380M

🔐 Attackers affiliated with the Scattered Spider group exploited weak vendor phone procedures to obtain repeated password and MFA resets from Cognizant’s service desk, then used the access to escalate to domain-admin footholds at Clorox. Clorox says the intrusion caused roughly $380 million in damages, including remediation and extended business-interruption losses. The case highlights failure to follow agreed verification processes and the amplified risk of outsourced help desks. Organizations should enforce out-of-band caller verification, immutable reset logs, and automated containment to reduce the attacker window.
read more →

Salty2FA Phishing Kit Targets US and EU Enterprises

⚠️ Researchers at ANY.RUN have uncovered Salty2FA, a new phishing-as-a-service kit engineered to harvest credentials and bypass multiple two-factor authentication methods. First observed gaining momentum in mid-2025, the kit uses multi-stage redirects, Cloudflare checks and evasive hosting to slip past automated filters. Salty2FA intercepts push, SMS and voice codes, enabling account takeover across finance, energy and telecom sectors.
read more →

US Sanctions Southeast Asian Cyber Scam Networks, $10B Theft

🚨 The U.S. Department of the Treasury has designated multiple cyber fraud networks in Burma and Cambodia that stole more than $10 billion from Americans, according to OFAC. The operations are linked to forced labor, human trafficking, and violent coercion and ran diverse scams from romance baiting to fake cryptocurrency schemes. The sanctions freeze U.S.-based assets and bar transactions with Americans, tightening these actors' access to international finance and platforms.
read more →

Axios Abuse and Salty 2FA Kits Fuel Direct Send Phishing

🔒 ReliaQuest reports threat actors increasingly abusing the HTTP client Axios alongside Microsoft's Direct Send to create a highly efficient phishing pipeline that intercepts and replays authentication flows. Campaigns beginning in July 2025 targeted executives in finance, healthcare, and manufacturing and expanded to all users, achieving up to a 70% success rate when pairing Axios with Direct Send. Attackers also use PDF lures with malicious QR codes, Google Firebase hosting, and advanced MFA-bypass kits such as Salty2FA to simulate multiple 2FA methods and steal credentials.
read more →

Axios User Agent Enables Mass Automated Phishing Campaigns

🔍 ReliaQuest reports a sharp rise in automated phishing campaigns leveraging the Axios user agent and Microsoft's Direct Send feature, observing a 241% increase between June and August 2025. Attacks using Axios represented 24% of malicious user-agent activity and had a 58% success rate versus 9% for other incidents. When paired with Direct Send, success rose to 70%, prompting guidance to restrict Direct Send, enforce anti-spoofing, scan inbound messages for QR codes/URLs/PDFs, train users including executives, and block uncommon TLDs.
read more →

FBI: Seniors Targeted by Three-Phase Phantom Scams

⚠️ The FBI and its Internet Crime Complaint Center (IC3) warn that seniors are being targeted by a three‑phase “Phantom Hacker” scam that combines tech‑support, financial‑institution, and U.S. government impersonations to extract life savings. Scammers typically gain trust by convincing victims to grant remote access, then prompt transfers via wire, cash, or cryptocurrency to purportedly secure accounts. The IC3 reports substantial losses—an average of US $83,000 per victim—and urges people not to allow remote access, download unsolicited software, or transfer funds at the request of unknown callers.
read more →

Cloud CISO Perspectives: Fighting Cyber-Enabled Fraud

🔒 David Stone and Marina Kaganovich from Google Cloud’s Office of the CISO warn that cyber-enabled fraud (CEF) is scaling rapidly and presents severe financial and reputational risk. The post cites FBI data — $13.7 billion in losses in 2024 — and highlights common tactics such as phishing, ransomware, account takeover, and business email compromise. It urges CISOs and boards to shift from siloed defenses to a proactive, enterprise-wide posture using frameworks like FS-ISAC’s Cyber Fraud Prevention Framework and Google Cloud detection and protection capabilities.
read more →

Phishers Target Aviation Executives, Steal Customer Funds

📧 A targeted phishing campaign compromised an aviation executive’s Microsoft 365 credentials, allowing attackers to mine past invoice conversations and send convincing fake invoice requests to customers. Within hours the fraudsters registered a near‑identical domain and at least one customer paid a six‑figure phony invoice. Investigation links the registration details to a long‑running Nigerian BEC ring identified as SilverTerrier; firms are urged to combine employee training, domain monitoring and rapid use of the Financial Fraud Kill Chain to improve recovery chances.
read more →