A 64-year-old man has pleaded guilty in a Texan court to charges of money laundering after a series of attacks that defrauded companies out of hundreds of thousands of dollars. Kenenty Hwan Kim (who sometimes went by the name Myung Kim) took advantage of a simple trick that has proven highly effective to fraudsters in recent years. The method of tricking businesses into handing over large amounts of money is known as Business Email Compromise (BEC), and comes in a variety of flavours.

When organizations around the world began shifting their workforces in response to the COVID-19 crisis, the question on everyone’s mind was “When will things go back to normal?” When social media giant Twitter announced it would be allowing employees to work remotely permanently, the conversation took a quick shift: Forget normal, are traditional offices gone for good?

The nature of work these days is collaborative. Teams that work together get more done. But successful collaboration in business goes beyond people; it applies to the tools teams use to get their work done. Never has this been more true than now with the global pandemic that has shut most offices down and led to widespread remote-work situations for employees.

JFrog is pleased to announce that our comprehensive Cloud Enterprise+ plan is now available on Amazon Web Services (AWS) Marketplace through Private Offers. JFrog Cloud Enterprise+ on AWS is a universal, highly-available SaaS offering of the JFrog Platform for demanding DevSecOps at global scale.

Malware attacks are evolving and once common tactics are becoming a thing of the past. Attack strategies, like using a third-party hacking program or injecting viruses from external sources, are almost obsolete as they leave a distinct footprint. Most antimalware tools can now detect the presence of a foreign program or device and immediately block them.

Webhooks run a large portion of the "magic" that happens between applications. They are sometimes called reverse APIs, callbacks, and even notifications. Many services, such as SendGrid, Stripe, Slack, and GitHub use events to send webhooks as part of their API. This allows your application to listen for events and perform actions when they happen. In a previous article, we looked at how to consume webhooks with Node.js and Express.

June 1st 2020: Fireeye end of life The Email Laundry email security service. This comes as a surprise to many as Fireeye acquired The Email Laundry back in 2017 and seemingly had plans to greatly expand the service. The Email Laundry serviced MSPs and small organizations whereas Fireeye had a conserted desire and history servicing Enteprise businesses. This may be why Fireeye decided to exit the SME Email Security service market.

Organizations of all sizes are currently under siege by adversaries with unlimited time and enough technical skill to exploit the cracks in our information systems and networks. All organizations have something to protect, whether large or small, and they are always looking for new technology to help against these adversaries. Zero Trust has become the latest framework to solve all of our security woes.

Ervin McBride IV – TDP Engineer II contributed to this article. Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.

In this post, we continue our discussion of use cases involving account take over and credential access in enterprise data sets. In the first part of this series, we introduced the definition of a VIP account as any account that has privileged or root level access to systems/services. These VIP accounts are important to monitor for changes in behavior, particularly because they have critical access to key parts of the enterprise.