Sublime Security

Most email clients automatically load EML attachments, making them a clever way to hide malicious links. Our new Attack Spotlight from Aiden Mitchell examines a credential phishing attempt buried within EML attachments and how we detected it: https://lnkd.in/gKCqfh3V

In another example of trusted service abuse, attackers attempt to bypass detection of credential phishing by leveraging legitimate Docusign domains and landing pages. Read our new Attack Spotlight for a full breakdown of the attack + variants and how we detected it: https://lnkd.in/g_xx5kNP

“There are new attack techniques we’re seeing every week. More and more, you need to be adaptive to these changes, but if you have a point-in-time solution trained on only what you’ve seen before, it’s going to take time to retrain models and get it to your customers. Rapid adaptation to address the evolution of attacks is super important today.” Watch Josh Kamdjou and Patrick Gray discuss how email security platforms need to rapidly adapt to keep up with evolving threats, why programmable engines are the future of detection, and more,?on this week's Soap Box: https://lnkd.in/gNiaZFsP

We've observed a rise in Living off the Land email attacks where attackers abuse legitimate service infrastructure. Our newest Attack Spotlight details one of these attack variants abusing Docusign to deliver malware via callback phishing: https://lnkd.in/gRwKWRXH

Regarding the CISA Alert yesterday: Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments You can deploy verifiable coverage for this with Sublime Security, here’s the detection rule that’s been out for over a year: https://lnkd.in/gC6W6Qga This is fully supported in both Core (free) and Enterprise h/t Brandon M. Alfie Champion https://lnkd.in/gP67WxGx

We observed adversarial ML tactics in a recent extortion attempt. The social engineering is directed at both the recipient and any present LLM-backed phishing detectors. We break down the social engineering 2.0 in our latest Attack Spotlight: https://lnkd.in/gTa-PQB5

Announcing our latest NLU model update: a fine-tuned BERT Large Language Model (LLM). Our BERT LLM understands tone, intent, and context of email attacks better than ever before. Aryan Luthra and Vivek Sharath share their research comparing BERT LLM performance against other LLMs in our latest blog. See how BERT powers our latest NLU engine and is used to combat AI-generated attacks: https://lnkd.in/gaBnwDDQ

We're excited to announce the release of our new Public EML Analyzer: a free, unauthenticated tool for analyzing email messages. ? - Upload any EML and get Sublime's analysis results along with URL sandbox and attachment previews, insights, and more: https://lnkd.in/gbhP92xB - The EML Analyzer is also available as a free API, so you can hook it into your favorite phishing response workflows: https://lnkd.in/gFhhyrce As always, if you prefer to self-host the EML Analyzer, spin up a self-hosted Docker, AWS, or Azure instance of Sublime and use the in-product EML Analyzer here: https://lnkd.in/gmwK5jGJ

We're excited to announce the release of our new Public EML Analyzer: a free, unauthenticated tool for analyzing email messages. ? - Upload any EML and get Sublime's analysis results along with URL sandbox and attachment previews, insights, and more: https://lnkd.in/gbhP92xB - The EML Analyzer is also available as a free API, so you can hook it into your favorite phishing response workflows: https://lnkd.in/gFhhyrce As always, if you prefer to self-host the EML Analyzer, spin up a self-hosted Docker, AWS, or Azure instance of Sublime and use the in-product EML Analyzer here: https://lnkd.in/gmwK5jGJ

We're excited to announce the release of our new Public EML Analyzer: a free, unauthenticated tool for analyzing email messages. ? - Upload any EML and get Sublime's analysis results along with URL sandbox and attachment previews, insights, and more: https://lnkd.in/gbhP92xB - The EML Analyzer is also available as a free API, so you can hook it into your favorite phishing response workflows: https://lnkd.in/gFhhyrce As always, if you prefer to self-host the EML Analyzer, spin up a self-hosted Docker, AWS, or Azure instance of Sublime and use the in-product EML Analyzer here: https://lnkd.in/gmwK5jGJ