Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. . ” continues the report.

Phishing 113

Phishing Authentication Telecommunications Accountability 113

Krebs on Security

JANUARY 16, 2025

Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. A notice from MassDOT cautions that “the targeted phone numbers seem to be chosen at random and are not uniquely associated with an account or usage of toll roads.”

Phishing 299

Phishing Scams Mobile Passwords 299

Krebs on Security

JANUARY 31, 2025

The government says transnational organized crime groups that purchased these services primarily used them to run business email compromise (BEC) schemes, wherein the cybercrime actors tricked victim companies into making payments to a third party. “Presumably, these buyers also include Dutch nationals.

Phishing 251

Phishing Cybercrime Advertising Malware 251

Malwarebytes

FEBRUARY 11, 2025

Of those malicious apps, 5,200 could subvert one of the strongest security practices available today, called multifactor authentication, by prying into basic text messages sent to a device. With vigilance, safe behavior, and some extra support, you can avoid Android phishing apps and protect your accounts from cybercriminals.

Phishing 129

Phishing Passwords Mobile Authentication 129

Malwarebytes

DECEMBER 5, 2024

The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. Protect your social media accounts by using Malwarebytes Identity Theft Protection. Among the culprits are four major APT groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant.

Encryption 142

Encryption Identity Theft Media Telecommunications 142

Security Affairs

FEBRUARY 16, 2024

CISA revealed that threat actors breached an unnamed state government organization via an administrator account belonging to a former employee. The government experts conducted an incident response assessment of the state government organization after its documents were posted on the dark web.

Government 144

Government VPN Accountability Authentication 144

Schneier on Security

FEBRUARY 1, 2023

This is the result of a security audit: More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, In the first 90 minutes of testing, auditors cracked the hashes for 16 percent of the department’s user accounts. and ChangeItN0w!—were

Passwords 285

Passwords Accountability Authentication Government 285

Krebs on Security

MAY 12, 2022

KrebsOnSecurity has learned the alleged compromise is tied to a cybercrime and online harassment community that routinely impersonates police and government officials to harvest personal information on their targets. The DEA declined to comment on the validity of the claims, issuing only a brief statement in response.

Government 295

Government Authentication Passwords Mobile 295

eSecurity Planet

NOVEMBER 6, 2024

This data reportedly includes everything from names and addresses to Social Security numbers and bank account details. This attack underscores a critical lesson for businesses: even the most vital institutions, such as a city government, are vulnerable to cyberthreats. With over 6.5

Ransomware 116

Ransomware Authentication Identity Theft Penetration Testing 116

Krebs on Security

MARCH 31, 2022

On Tuesday, KrebsOnSecurity warned that hackers increasingly are using compromised government and police department email accounts to obtain sensitive customer data from mobile providers, ISPs and social media companies. co saying he could be hired to perform fake EDRs on targets at will, provided the account was recently active.

Government 312

Government Accountability Education Media 312

Krebs on Security

SEPTEMBER 13, 2023

” Airbus has apparently confirmed the cybercriminal’s account to the threat intelligence firm Hudson Rock , which determined that the Airbus credentials were stolen after a Turkish airline employee infected their computer with a prevalent and powerful info-stealing trojan called RedLine. government inboxes. Microsoft Corp.

Cybercrime 338

Cybercrime Passwords Authentication Malware 338

Krebs on Security

JULY 4, 2020

One of the most-read advice columns on this site is a 2018 piece called “ Plant Your Flag, Mark Your Territory ,” which tried to impress upon readers the importance of creating accounts at websites like those at the Social Security Administration , the IRS and others before crooks do it for you.

Accountability 338

Accountability Passwords Authentication Insurance 338

Krebs on Security

JULY 12, 2024

AT&T also acknowledged the customer records were exposed in a cloud database that was protected only by a username and password (no multi-factor authentication needed). For its part, Snowflake says it now requires all new customers to use multi-factor authentication. million current AT&T account holders and roughly 65.4

Data breaches 347

Data breaches Passwords Authentication Accountability 347

Krebs on Security

JANUARY 19, 2022

If you created an online account to manage your tax records with the U.S. account and share the experience here. account). prompts users to choose a multi-factor authentication (MFA) option. Internal Revenue Service (IRS), those login credentials will cease to work later this year. After confirmation, ID.me

Mobile 364

Mobile Accountability Insurance Government 364

The Last Watchdog

SEPTEMBER 24, 2024

Rather, we should treat SSN as just another piece of personally identifiable information (PII) like an email address – confidential information but not a sensitive one that unlocks your bank accounts. Governments can create a digital identity at birth to replace SSN in its current use. That identity is tied to specific vendors.

Authentication 216

Authentication Identity Theft Banking Data breaches 216

Schneier on Security

FEBRUARY 3, 2021

New estimates are that 30% of the SolarWinds victims didn’t use SolarWinds: Many of the attacks gained initial footholds by password spraying to compromise individual email accounts at targeted organizations. On attribution: Earlier this month, the US government has stated the attack is “likely Russian in origin.”

Computers and Electronics 363

Computers and Electronics Malware Software Government 363

Cisco Security

MARCH 15, 2022

On March 15, 2022, a government flash bulletin was published describing how state-sponsored cyber actors were able to use the PrintNightmare vulnerability (CVE-2021-34527) in addition to bypassing Duo 2FA to compromise an unpatched Windows machine and gain administrative privileges. This activity was documented as early as May, 2021.

Authentication 144

Authentication Passwords Accountability Government 144

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. Compromising a single Gmail account can grant access to an extensive personal and corporate data treasure trove.

Phishing 116

Phishing Artificial Intelligence Password Management Accountability 116

Malwarebytes

OCTOBER 15, 2024

Unlike any other season in America, election season might bring the highest volume of advertisements sent directly to people’s homes, phones, and email accounts—and the accuracy and speed at which they come can feel invasive. The reasons could be obvious. Instead, it may point to how people interpret “cyber interference.

Scams 139

Scams Identity Theft Cybercrime Accountability 139

Krebs on Security

AUGUST 12, 2020

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. ” In short, although you may not be required to create online accounts to manage your affairs at your ISP, the U.S. .”

Accountability 357

Accountability Mobile Banking Passwords 357

Schneier on Security

MAY 6, 2019

Enable two-factor authentication for all important accounts whenever possible. Do your best to disable the "secret questions" and other backup authentication mechanisms companies use when you forget your password­ -- those are invariably insecure. Watch your credit reports and your bank accounts for suspicious activity.

Identity Theft 279

Identity Theft Passwords Password Management Authentication 279

Malwarebytes

JANUARY 27, 2025

Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Data breaches 126

Data breaches Healthcare Passwords Insurance 126

The Last Watchdog

MARCH 11, 2025

Treasury Department breach as a warning: “A single leaked API key from BeyondTrust allowed attackers to infiltrate government systems. “This requires a comprehensive approach that includes automated discovery, detection, remediation, and stronger secrets governance across all enterprise platforms.”

Government 130

Government Passwords Authentication CISO 130

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). government agencies and first responders. “The rest is just ransom.”

Cybercrime 274

Cybercrime Mobile Media Hacking 274

Krebs on Security

MAY 19, 2020

The SBU said they found on Sanix’s computer records showing he sold databases with “logins and passwords to e-mail boxes, PIN codes for bank cards, e-wallets of cryptocurrencies, PayPal accounts, and information about computers hacked for further use in botnets and for organizing distributed denial-of-service (DDoS) attacks.”

Passwords 362

Passwords Accountability Hacking Password Management 362

The Last Watchdog

FEBRUARY 4, 2025

Identity security vendors have focused narrowly on securing corporate accounts, leaving organizations vulnerable to cybercriminals exploiting the broader identity exposures of employees, consumers, and suppliers. A shift to an identity-centric perspective is needed, particularly as the scope of identity exposures continues to grow.

Cybercrime 124

Cybercrime Phishing Accountability Malware 124

Krebs on Security

NOVEMBER 21, 2018

Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf. Image: USPS.com. A USPS brochure advertising the features and benefits of Informed Visibility.

Accountability 278

Accountability Authentication Identity Theft Advertising 278

Malwarebytes

NOVEMBER 4, 2024

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. Enable two-factor authentication (2FA).

Data breaches 114

Data breaches Passwords Ransomware Phishing 114

Krebs on Security

DECEMBER 18, 2020

government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. 3, and said it learned about the flaw from the NSA. ” Indeed, the NSA’s Dec.

Software 363

Software Authentication Hacking Government 363

SecureWorld News

OCTOBER 28, 2024

From a governance standpoint, Agnidipta Sarkar, Vice President of CISO Advisory at ColorTokens, emphasizes the critical role of regulatory frameworks. In his view, prolonged breach response times often indicate inadequate data governance and limited internal controls. The good thing is that the affected parties have been notified.

Healthcare 106

Healthcare Insurance Government Data breaches 106

Digital Shadows

MARCH 17, 2025

The ransomware targets unpatched internet-facing servers, impacting systems across 70+ countries in sectors like critical infrastructure, health care, governments, education, technology, manufacturing, and small- to medium-sized businesses. This threat hunt identifies accounts at risk of this attack vector. With a CVSS score of 9.8,

VPN 133

VPN Authentication Ransomware Risk 133

Schneier on Security

AUGUST 7, 2023

A bunch of networks, including US Government networks , have been hacked by the Chinese. The hackers used forged authentication tokens to access user email, using a stolen Microsoft Azure account consumer signing key. Congress wants answers. Master signing keys are not supposed to be left around, waiting to be stolen.

Authentication 246

Authentication Government Hacking Accountability 246

Krebs on Security

MARCH 29, 2022

It involves compromising email accounts and websites tied to police departments and government agencies, and then sending unauthorized demands for subscriber data while claiming the information being requested can’t wait for a court order because it relates to an urgent matter of life and death. THE LAPSUS$ CONNECTION.

Accountability 292

Accountability Government Hacking Social Engineering 292

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts.

Ransomware 109

Ransomware IoT Encryption Social Engineering 109

Malwarebytes

JANUARY 10, 2024

We have seen several high-profile accounts that were taken over on X (formerly Twitter) only to be used for cryptocurrency related promotional activities, like expressing the approval of exchange-traded funds (ETFs). The @SECGov X account was compromised, and an unauthorized post was posted. You’re all set.

Accountability 113

Accountability Scams Hacking Cryptocurrency 113

Security Affairs

OCTOBER 28, 2024

While conventional “internal” employees account for 29% of identities, non-employees or “external identities” in aggregate (contractors, vendors, etc.) account for nearly half of the total users (48%). And therein lies the problem: Your enterprise could be at risk if their credentials are unsafe.

B2B 123

B2B Cybersecurity Risk Identity Theft 123

The Last Watchdog

DECEMBER 18, 2024

Enterprises must secure AI agents, adopt proactive data governance, and deploy AI-based security platforms. Our research reveals 69% of breaches are rooted in inadequate authentication and 78% of organizations have been targeted by identity-based attacks. Real-time defense and a robust security mindset are crucial to staying resilient.

Risk 173

Risk Threat Detection Technology Phishing 173