Security News

Oh! No! The Windows desktop that got so big it imploded. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

Key findings 32.5% of all companies were targeted by brute force attacks in early June 2021. 73% of all advanced threats were credential phishing attacks.

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," Microsoft 365 Defender Threat Intelligence Team said in a report published this week.

Most of the time it's the first; it can be complicated to add security to a running system without affecting how everyone does their jobs-in some cases even the security team. It's a process the initial notification described as Microsoft taking responsibility for its role as a security service and acting "On your behalf to prevent your users from being compromised." As the process continues to roll out, one of the most obvious effects will be on security teams testing their systems and their staff.

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," Microsoft 365 Defender Threat Intelligence Team said in a report published this week.

Microsoft has warned that it has been tracking a widespread credential-phishing campaign that relies on open redirector links, while simultaneously suggesting it can defend against such schemes. Microsoft says that open redirects have legitimate uses, pointing to the way sales and marketing campaigns rely on them to lead customers to specific landing pages and to gather web metrics.

How does ransomware begin? According to a new report from Palo Alto Networks, the answer is primarily through email. The most significant vector is SMTP, at 45%, followed by IMAP at 26.5%. When combined with POP3, you get the following: 75.3% of ransomware attacks arrive via email.

A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. The phishing scam was first discovered by security research Daniel Gallagher and pretended to be an email from UPS stating that a package had an "Exception" and needs to be picked up by the customer.

Overall, the first half of 2021 shows a 22 percent increase in the volume of phishing attacks over the same time period last year, PhishLabs reveals. The impact of phishing attacks in H1 2021 Crypto is fully in attackers' sights: This category experienced an increase of phishing attacks 10 times greater than the previous quarter in 2021.

Research shows that the cost of phishing attacks has nearly quadrupled over the past six years: Large U.S. companies are now losing, on average, $14.8 million annually, or $1,500 per employee. What businesses shell out for extortion payments in ransomware attacks or what gets jimmied out of them in fraudulent BEC wire transfers are both just portions of the true costs of phishing attacks, according to the study, titled The 2021 Cost of Phishing.