Security News

In collaboration with Europol and Eurojust, European law enforcement dismantled an extensive network of cybercriminals linked to the Italian Mafia that was able to defraud their victims of roughly €10 million last year alone. "The Spanish National Police, supported by the Italian National Police, Europol and Eurojust, dismantled an organised crime group linked to the Italian Mafia involved in online fraud, money laundering, drug trafficking and property crime," the Europol said today.

A phishing campaign that mostly targeted the global aviation industry may be connected to Nigeria, according to Cisco Talos. The malicious campaigns centred around phishing emails linking to "Off-the-shelf malware" being sent to people around the world - even those with a marginal interest in commercial aviation.

Threat actors impersonated the U.S. Department of Transportation in a two-day phishing campaign that used a combination of tactics - including creating new domains that mimic federal sites so as to appear to be legitimate - to evade security detections. The date of its creation - revealed by WHOIS - seems to signal that the site was set up specifically for the phishing campaign.

33% of emails employees report as phishing attempts are either malicious or highly suspect, according to new research. The finding comes from an analysis of emails reported by employees from organizations across the globe during the first half of 2021, and highlights the efficacy of employee-led efforts in preventing cyberattacks.

On Wednesday, Expel released a report, highlighting the top keywords used in phishing attempt subject lines. Some of the top listed phishing keywords are designed to imitate legitimate business invoices.
![S3 Ep48: Cryptographic bugs, cryptocurrency nightmares, and lots of phishing [Podcast]](/static/build/img/news/s3-ep48-cryptographic-bugs-cryptocurrency-nightmares-and-lots-of-phishing-podcast-small.jpg)
Oh! No! The Windows desktop that got so big it imploded. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.

Key findings 32.5% of all companies were targeted by brute force attacks in early June 2021. 73% of all advanced threats were credential phishing attacks.

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," Microsoft 365 Defender Threat Intelligence Team said in a report published this week.

Most of the time it's the first; it can be complicated to add security to a running system without affecting how everyone does their jobs-in some cases even the security team. It's a process the initial notification described as Microsoft taking responsibility for its role as a security service and acting "On your behalf to prevent your users from being compromised." As the process continues to roll out, one of the most obvious effects will be on security teams testing their systems and their staff.

Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software. "Attackers combine these links with social engineering baits that impersonate well-known productivity tools and services to lure users into clicking," Microsoft 365 Defender Threat Intelligence Team said in a report published this week.