☕ Got a sec?

To:Brew Readers

IT Brew // Morning Brew // Update

CYBERSECURITY

Financial scamming

a repeating image of white envelopes with red icons indicating one unread email message

Elizabeth Fernandez/Getty Images

Threat actors are taking aim at the financial tech sector and upping the ante when it comes to email attacks. That’s according to research from Abnormal Security that found increases year over year in advanced email attacks (23%) and phishing (17%), with business email compromises largely staying stable.

Surprisingly, the most successful attacks are ones that ask for a simple favor. Those attacks work so well, Abnormal Field CISO Mick Leach told IT Brew, because people tend to be ready to help.

“Bad actors seek to prey on employees’ kindness and desire to assist,” Leach said, adding that financial institutions are “more susceptible and they’re more inclined to pay to protect the sensitive data of their folks, as well as the financial assets that they have under management.”

Letterbox. The increase in email attacks—as opposed to social engineering and malware—could be seen as a continuation of what some in the cybersecurity industry refer to as the attack atmosphere. Conceptually separate from the attack “surface,” the “atmosphere” refers to a diversity of tactics by threat actors. Chris Goettl, VP of product management at Ivanti, told IT Brew that the atmosphere is a change that was inevitable.

See why financial firms are open to ‘reciprocity’ attacks.—EH

Presented By ThreatLocker

How one hospital dodged a digital outbreak

Hackers can inflict permanent damage on the people and orgs they target. Their cyberattacks even have the potential to totally close hospitals, forcing doctors to turn patients away.

That was nearly the case for one hospital, but thankfully, they had ThreatLocker. With the protections offered, the hospital was safe from a ransomware attack.

Hackers tried to deploy remote access tools, steal sensitive data, and unleash ransomware, but ThreatLocker foiled their plans.

Thanks to ThreatLocker:

Application Allowlisting blocked unauthorized software from running.
Storage Control prevented data from being accessed or moved.
The attackers couldn’t deploy tools or spread.

Even the hackers had to admit they were impressed with this kind of security. See how they can impress you, too.

IDENTITY MANAGEMENT

Short and simple

AWS CISO Amy Herzog on stage at re:Inforce.

Amazon

Like Paris Hilton in 2003, Amazon Web Services (AWS) wants cybersecurity professionals to embrace the simple life.

AWS CISO Amy Herzog took the stage on day two of the company’s annual re:Inforce conference this week in Philadelphia to share some of the cloud giant’s latest security innovations, each aiming to simplify capabilities on existing tools. Herzog took on the role as CISO of the cloud giant earlier this month, replacing Chris Betz. She was previously CISO for Amazon’s AGI, ads, devices, and global media and entertainment units.

New identity. Herzog kicked off Tuesday’s keynote by announcing updates to AWS Identity and Access Management (IAM), the cloud giant’s web service that allows organizations to manage who has access to AWS resources. She said IAM, launched in 2011, was designed to “address the complex needs of modern cloud authentication and authorization at a massive scale,” and handles 1.2 billion API calls per second worldwide, she said.

“That means that 1.2 billion times per second, IAM is asked to determine if an API call should be permitted or denied,” she said.

New access analysis tools are available.—BM

Together With Bitwarden

Access denied. Tired of juggling password chaos? Create, deploy, manage, and retire credentials throughout their lifespan with Bitwarden. They seamlessly lock down all sensitive credentials so you can actually—gasp—get work done. Stay productive and protect your biz.

Level up your career with these resources from our sponsors!

Get by with a little help from AI. See 3 big ways futuristic tools improve employees’ work lives

Learn more about data-driven SaaS and AI management

Buyers + managed services = dream team: How the pair forms strategic partnerships

PATCH NOTES

Francis Scialabba

Today’s top IT reads.

Stat: 67%. That’s the proportion of the 307 surveyed developers who use AI during their daily software development and review the code before it is deployed. (SC Media)

Quote: “When tax breaks don’t pay for themselves, only two things can happen: Either public services are reduced in quality, or everybody’s taxes go up in other ways if you’re going to try to keep things the same in terms of quality of public services.”—Greg LeRoy, executive director of nonprofit research group Good Jobs First, on tax cuts for Big Tech rapidly building out data centers (CNBC)

Read: How to run a modern AI model on Windows 98. (Daily Galaxy)

Hackers vs. hospital: That was the story of one of ThreatLocker’s clients. See how they successfully shut down a ransomware attack and kept the hospital doors open in this video.*

^{*A message from our sponsor.}

SHARE THE BREW

Share IT Brew with your coworkers, acquire free Brew swag, and then make new friends as a result of your fresh Brew swag.

We’re saying we’ll give you free stuff and more friends if you share a link. One link.

Your referral count: 5

Click to Share

Or copy & paste your referral link to others:
itbrew.com/r/?kid=9ec4d467

Written by Eoin Higgins, Brianna Monsanto, and Patrick Lucas Austin

Was this email forwarded to you? Sign up here.

Take The Brew to work

Marketers: Marketing Brew
Corporate: CFO Brew HR Brew Revenue Brew
Tech: Tech Brew
Retailers: Retail Brew
Healthcare: Healthcare Brew

Get smarter in just 5 minutes

Business News: Morning Brew
Money & Career: Money With Katie Bossy Brew Markets The Playbook

Interested in podcasts?

Check out ours here

ADVERTISE // CAREERS // SHOP // FAQ

Update your email preferences or unsubscribe .
View our privacy policy .

Copyright © 2025 Morning Brew Inc. All rights reserved.
22 W 19th St, 4th Floor, New York, NY 10011