Tuesday , April 29 2025
mail

abnormal security report
Vendor Email Attacks risen by 137% in Financial Sector in 2023

The financial industry has seen a 137% rise in Vendor Email Compromise attacks in the past year, according to new data from Abnormal Security.

Most threats came from email attacks that tricked people, with the sector getting 200 advanced attacks per week for every 1000 mailboxes.

Palo Alto Networks to Acquire AI Security Firm “Protect AI”

On Monday, Palo Alto Networks confirmed it is acquiring the US-based AI security company Protect AI. Protect AI has created...
Read More
Palo Alto Networks to Acquire AI Security Firm “Protect AI”

CISA Releases Seven ICS Advisories

On April 24, 2025, CISA published seven advisories addressing security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS)....
Read More
CISA Releases Seven ICS Advisories

India Launches First Quantum Computing Village in Amaravati

India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing Village, a state-of-the-art project in...
Read More
India Launches First Quantum Computing Village in Amaravati

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks....
Read More
400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

Blind_Virus, DU_Featherless_Bipeds and Hidden investigations team secure the 1st , 2nd and 3rd positions accordingly for online preliminary round at...
Read More
30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

CVE-2025-43859
Request Smuggling Vulnerability in Python’s h11 HTTP Library

A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python....
Read More
CVE-2025-43859  Request Smuggling Vulnerability in Python’s h11 HTTP Library

NVIDIA Releases Security Update For GPU Driver Vulnerabilities

NVIDIA has released a software security update for its GPU Display Driver to fix multiple vulnerabilities affecting both the driver...
Read More
NVIDIA Releases Security Update For GPU Driver Vulnerabilities

‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

The SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn about real-time attacks using fake login...
Read More
‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild....
Read More
159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

NVIDIA NeMo Framework Vuln Allow Attackers RCE

The NVIDIA NeMo Framework has three vulnerabilities that could enable attackers to execute remote code, risking AI system compromise and...
Read More
NVIDIA NeMo Framework Vuln Allow Attackers RCE

Last year, there were peak attack periods in late January, late September, and mid-December.

VEC is when bad actors pretend to be business providers, like suppliers or vendors, to trick financial transfers. These attacks are hard to spot because they seem real and can cause big financial losses for organizations.

Abnormal Security recently published a report on VEC attacks. The report mentions that millions of dollars have been targeted, including a shocking case where $36m was involved.

An example in the document showed how a $1.4m VEC attack was carried out against an Australian financial company. The attacker used legitimate communication patterns and invoices to change banking details in an innocent-looking email.

The financial services industry saw a 71% increase in Business Email Compromise (BEC) attacks in 2023. These attacks involved cybercriminals pretending to be executives or employees to commit payroll or banking fraud.

BEC attacks can trick traditional security tools using social engineering, even without harmful links or attachments. Last year, the median open rate for text-based BEC attacks was almost 28%, showing how effective these tactics can be.

The firm says that these attacks are very sophisticated. They are able to trick security systems and people because they look real and make small changes to avoid detection.

“If these trends continue, organizations in the financial services industry should prepare for the increasing frequency of email-based attacks targeting human fallibility,” the company wrote.

“While VEC, BEC, and scams can often circumvent traditional security solutions, organizations are meeting the challenges presented by sophisticated email attacks head-on by adopting sophisticated cloud email security.”

Check Also

symlink

16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia

According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new …

Leave a Reply

Your email address will not be published. Required fields are marked *