Security Affairs
Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month|U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses|Attacker Used AI to Build Custom PowerShell Recon Malware|Malware Hits Japan’s Largest Taxi Company Nihon Kotsu, Services Temporarily Suspended|CrashStealer: New macOS Infostealer Uses Signed Apps to Evade Gatekeeper|Lidl Notified Online Shop Customers in Germany, Belgium, and the Netherlands of a Data Breach|U.S. CISA adds a Cisco IOS flaw to its Known Exploited Vulnerabilities catalog|EU Targets FSB-Linked Hackers in New Sanctions Over Cyber Sabotage|Dutch Nationals Suspected in Odido Hack That Exposed Six Million Customers|Australia Alerts Organizations to Ongoing CMS Exploitation Attacks|Ryuk Ransomware Member Pleads Guilty Over Attacks on U.S. Organizations|Progress Told ShareFile Customers to Pull the Plug on Their Servers. Here’s What We Know.|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Saint Ambrose Catholic Parish – Crooks stole $1.75M in BEC Attack

Crooks have stolen $1.75 million in a church BEC (Business Email Compromise) attack, the victim is the Saint Ambrose Catholic Parish. Cybercriminals have stolen $1.75 million in a BEC (Business Email Compromise) attack against the Saint Ambrose Catholic Parish. Saint Ambrose is the second largest church in the Diocese of Cleveland and the largest church […]

Norfund BEC

Crooks have stolen $1.75 million in a church BEC (Business Email Compromise) attack, the victim is the Saint Ambrose Catholic Parish.

Cybercriminals have stolen $1.75 million in a BEC (Business Email Compromise) attack against the Saint Ambrose Catholic Parish.

Saint Ambrose is the second largest church in the Diocese of Cleveland and the largest church in Brunswick, Ohio.

The Saint Ambrose Catholic Parish discovered the BEC attack on April 17 when was making payments related to a Vision 2020 project that were never received by a contractor (Marous Brothers Construction).

According to the investigation conducted by the FBI and Brunswick police, hackers broke into the parish’s email system, likely via a phishing attack. Attackers were able to trick the personnel into believing that the contractor had changed their bank, and asked them to transfer the funds to a new bank account under their control.

BEC

In a letter to the parish, Fr. Bob Stec explained he was contacted by the contractor that informed him that he did receive the payments for the past two months.

“On Wednesday, Marous Brothers called inquiring as to why we had not paid our monthly payment on the project for the past two months totaling approximately $1,750,000.” reads a letter sent to parish by Pastor Father Bob Stec.

“This was shocking news to us, as we have been very prompt on our payments every month and have received all the appropriate confirmations from the bank that the wire transfers of money to Marous were executed/confirmed.”

According to Stec, crooks accessed two St. Ambrose employees’ email accounts. Attackers only compromised the email system, they did not access to the parish database that is stored in a secure cloud-based system.

“We are working closely with the Diocese and its insurance program to file a claim in the hopes that Marous Brothers Construction can receive their payment quickly and we can bring this important project for our parish to a positive completion,” Stec said in the letter.

The parish submitted an insurance claim in the attempt of recovering the stolen money.

“At the same time, we brought in information technology consultants to review the security and stability of our system, change all passwords, and verify the integrity of our databases and other pertinent information.” Stec added. “They have determined the breach was limited to only two email accounts.”

BEC attacks represent a serious threat for businesses, according to the recently released 2018 Internet Crime Report by FBI’s Internet Crime Complaint Center (IC3), BEC scams reached $1,2 billion in profits.

“In 2018, the IC3 received 20,373 BEC/E-mail Account Compromise (EAC) complaints with adjusted losses of over $1.2 billion” reads the report.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – BEC, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]