Security News

A phishing campaign that mostly targeted the global aviation industry may be connected to Nigeria, according to Cisco Talos. The malicious campaigns centred around phishing emails linking to "Off-the-shelf malware" being sent to people around the world - even those with a marginal interest in commercial aviation.

Threat actors impersonated the U.S. Department of Transportation in a two-day phishing campaign that used a combination of tactics - including creating new domains that mimic federal sites so as to appear to be legitimate - to evade security detections. The date of its creation - revealed by WHOIS - seems to signal that the site was set up specifically for the phishing campaign.

33% of emails employees report as phishing attempts are either malicious or highly suspect, according to new research. The finding comes from an analysis of emails reported by employees from organizations across the globe during the first half of 2021, and highlights the efficacy of employee-led efforts in preventing cyberattacks.

On Wednesday, Expel released a report, highlighting the top keywords used in phishing attempt subject lines. Some of the top listed phishing keywords are designed to imitate legitimate business invoices.

Oh! No! The Windows desktop that got so big it imploded. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

Key findings 32.5% of all companies were targeted by brute force attacks in early June 2021. 73% of all advanced threats were credential phishing attacks.

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," Microsoft 365 Defender Threat Intelligence Team said in a report published this week.

Most of the time it's the first; it can be complicated to add security to a running system without affecting how everyone does their jobs-in some cases even the security team. It's a process the initial notification described as Microsoft taking responsibility for its role as a security service and acting "On your behalf to prevent your users from being compromised." As the process continues to roll out, one of the most obvious effects will be on security teams testing their systems and their staff.

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," Microsoft 365 Defender Threat Intelligence Team said in a report published this week.

Microsoft has warned that it has been tracking a widespread credential-phishing campaign that relies on open redirector links, while simultaneously suggesting it can defend against such schemes. Microsoft says that open redirects have legitimate uses, pointing to the way sales and marketing campaigns rely on them to lead customers to specific landing pages and to gather web metrics.