Accountability and Cybersecurity - Cyber Security Informer

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

NOVEMBER 5, 2024

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. Cybercriminals could use your account to spread spam and phishing emails to your contacts.

Accountability

Accountability Authentication Malware Banking

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? The scheme consists of stealing as many advertiser accounts as possible by impersonating Google Ads and redirecting victims to fake login pages.

Advertising

Advertising Accountability Phishing Scams

CrossBarking Vulnerability in Opera Browser Allows Malicious Extensions to Hijack User Accounts

Penetration Testing

NOVEMBER 2, 2024

This vulnerability grants attackers... The post CrossBarking Vulnerability in Opera Browser Allows Malicious Extensions to Hijack User Accounts appeared first on Cybersecurity News.

Accountability

Accountability Cybersecurity

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

A large botnet targets M365 accounts with password spraying attacks

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide. ” concludes the report.

Passwords

Passwords Accountability Authentication Malware

Misconfigured AWS Accounts Are Fueling Phishing Campaigns

eSecurity Planet

MARCH 4, 2025

Cybersecurity researchers have uncovered a campaign where threat actors exploit misconfigured Amazon Web Services (AWS) environments to send phishing emails. Their current tactics include: Gaining access to AWS accounts using identify and access management (IAM) keys. Incorporating continuous security monitoring to reduce threats.

Phishing

Phishing Accountability Authentication Risk

Cybersecurity Resolutions for 2025

IT Security Guru

JANUARY 9, 2025

Resolution #1: Adopt a Proactive Approach to Cybersecurity to Combat AI-Driven Attacks Adopt a proactive approach to cybersecurity that integrates advanced defence mechanisms with fundamental best practices to mitigate and combat AI-driven attacks. This will require expertise in cryptography, IT infrastructure and cybersecurity.

Cybersecurity

Cybersecurity Cyber threats Architecture Digital transformation

Women in Cybersecurity & IWD: Why I’m Done!

Jane Frankland

MARCH 8, 2025

For nearly a decade, we’ve heard the same discussion in cybersecurity circles about the gender diversity problem. Yet here we are, in 2025, and the percentage of women in cybersecurity remains stagnantor worse, is backtracking. Meanwhile, cybersecurity job vacancies are skyrocketing. It’s utter madness.

Cybersecurity

Cybersecurity Penetration Testing Accountability Cyber Risk

Meta takes down more than 2 million accounts in fight against pig butchering

Malwarebytes

NOVEMBER 22, 2024

Meta provided insight this week into the company’s efforts in taking down more than 2 million accounts that were connected to pig butchering scams on their owned platforms, Facebook and Instagram. Never give money to anyone you’ve met online Get a second opinion from someone you trust If in doubt, back away and report the account.

Accountability

Accountability Scams Cryptocurrency Identity Theft

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. The phishers also abused legitimate Google services to send Tony an email from google.com, and to send a Google account recovery prompt to all of his signed-in devices.

Phishing

Phishing Cryptocurrency Accountability Social Engineering

Reducing the Crushing Burden of Cybersecurity, Privacy Laws in the UK

SecureWorld News

NOVEMBER 17, 2024

The UK has a complex regulatory landscape for businesses, particularly in the realms of cybersecurity and privacy. This challenge is especially prevalent for UK small and medium-sized enterprises (SMEs) which account for 99.9% Establishing clear, consistent standards: Promoting a unified approach to cybersecurity and privacy.

Cybersecurity

Cybersecurity Risk Healthcare Accountability

What Maslow’s Hierarchy of Needs Reveals About Cybersecurity Flaws

Jane Frankland

APRIL 18, 2025

This is the state of cybersecurity today. To break free from this cycle, we must rethink how we approach cybersecurity. Likewise, cybersecurity demands a layered approach, starting with foundational human-centered elements and building toward a resilient, secure business environment. The result?

Cybersecurity

Cybersecurity Technology Risk Security Awareness

Upload a video selfie to get your Facebook or Instagram account back

Malwarebytes

OCTOBER 22, 2024

Meta, the company behind Facebook and Instagram says its testing new ways to use facial recognition—both to combat scams and to help restore access to compromised accounts. The social media giant is testing the use of video selfies and facial recognition to help users get their hijacked accounts back. What do you think?

Accountability

Accountability Scams Media Artificial Intelligence

Empowering Boards for Cybersecurity Incidents

SecureWorld News

JANUARY 12, 2025

This article explores how boards can effectively prepare, respond, and lead during cybersecurity incidents, turning a potential disaster into a managed crisis. These principles serve as the foundation for the board's actions before, during, and after a cybersecurity incident.

Cybersecurity

Cybersecurity Ransomware Data breaches Government

10 Benefits of Leading a Cybersecurity Management Review

SecureWorld News

NOVEMBER 25, 2024

I just wrapped up a management review for our cybersecurity program (which is called an Information Security Management System (ISMS) in ISO 27001), and it got me thinking about how valuable these reviews are—not just for meeting compliance requirements like ISO 27001, but for driving real improvements in how we approach cybersecurity.

Cybersecurity

Cybersecurity Risk Information Security Accountability

SEC Fines Four Companies $7M for Misleading Cybersecurity Disclosures

SecureWorld News

OCTOBER 23, 2024

Securities and Exchange Commission (SEC) announced Tuesday that it has fined four companies $7 million for misleading statements about their cybersecurity incidents, particularly concerning the high-profile 2019 SolarWinds hack. The SEC charged the companies with "materially misleading disclosures regarding cybersecurity risks and intrusions."

Cybersecurity

Cybersecurity Risk Hacking Software

Infostealers VietCredCare and DuckTail Fuel Facebook Business Account Exploitation

Penetration Testing

NOVEMBER 25, 2024

Vietnam has become a hotspot for malicious operations targeting Facebook Business accounts, with threat actors leveraging infostealers like VietCredCare and DuckTail.

Accountability

Accountability Malware Cybersecurity

Travel Safe: Cybersecurity Tips for Your Next Vacation

SecureWorld News

NOVEMBER 27, 2024

Getting ready to go Add a simple cybersecurity checklist along with your packing routine before you depart for some rest and relaxation. Updates often include tweaks that protect you against the latest cybersecurity concerns. Don't access key accounts like email or banking on public Wi-Fi.

Cybersecurity

Cybersecurity Wireless Accountability Internet

Change Healthcare Breach Hits 100M Americans

Krebs on Security

OCTOBER 30, 2024

.” But in June 2024 testimony to the Senate Finance Committee, it emerged that the intruders had stolen or purchased credentials for a Citrix portal used for remote access, and that no multi-factor authentication was required for that account. Last month, Sens. Mark Warner (D-Va.) and Ron Wyden (D-Ore.) Mark Warner (D-Va.)

Healthcare

Healthcare Insurance Computers and Electronics Data breaches

Google's AI Trends Report: Key Insights and Cybersecurity Implications

SecureWorld News

FEBRUARY 25, 2025

Artificial intelligence (AI) is transforming industries at an unprecedented pace, and its impact on cybersecurity is no exception. From automating cybersecurity defenses to combatting adversarial AI threats, the report underscores both the power and pitfalls of AI-driven security.

Cybersecurity

Cybersecurity Social Engineering Artificial Intelligence Cyber threats

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

Jane Frankland

JANUARY 19, 2025

While this might protect our mental bandwidth, and in some cases help us avoid hacking attempts via exhaustion tactics, it also has unintended consequenceswhen it comes to cybersecurity. While skepticism is healthy, excessive distrust can lead to the dismissal of genuine outreach or important instructionsundermining cybersecurity efforts.

Cybersecurity

Cybersecurity Technology Scams Risk

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

The Last Watchdog

DECEMBER 18, 2024

Wojtasiak Mark Wojtasiak , VP of Research and Strategy, Vectra AI In the coming year, well see the initial excitement that surrounded AIs potential in cybersecurity start to give way due to a growing sense of disillusionment among security leaders. The SEC Cybersecurity Disclosure Rule highlights transparency in governance.

Cybersecurity

Cybersecurity CISO Risk Government

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

Security Affairs

OCTOBER 28, 2024

While conventional “internal” employees account for 29% of identities, non-employees or “external identities” in aggregate (contractors, vendors, etc.) account for nearly half of the total users (48%). And therein lies the problem: Your enterprise could be at risk if their credentials are unsafe.

B2B

B2B Cybersecurity Risk Identity Theft

News alert: INE shares guidance to help companies invest in year-end cybersecurity, networking training

The Last Watchdog

OCTOBER 28, 2024

If not spent, these funds often return to general accounts or are lost altogether, missing an opportunity for strategic investment. Strategic Spending: INE Security encourages using these funds to invest in team cybersecurity training, turning what could be wasted resources into a pivotal investment in security and professional development.

Cybersecurity

Cybersecurity Media Marketing Accountability

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

SecureWorld News

FEBRUARY 17, 2025

Cybersecurity governance has undergone a dramatic transformation over the past few decades. We have moved beyond traditional compliance-driven security models to risk-based approaches, integrating cybersecurity into enterprise risk management (ERM) frameworks. But the question remains: where are we headed?

Government

Government Cybersecurity Risk CISO

Top Cybersecurity Trends to Watch Out For in 2025

Centraleyes

DECEMBER 16, 2024

As we approach 2025, the cybersecurity landscape is evolving rapidly, shaped by technological advancements, regulatory shifts, and emerging threats. Below is an exhaustive list of key cybersecurity trends to watch out for in 2025. Lets explore the top current cybersecurity trends this year. The challenge?

Cybersecurity

Cybersecurity Insurance Cyber Insurance Risk

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

DECEMBER 16, 2024

Gen AI threats and quantum computing exposures must be accounted for. Alkove Jim Alkove , CEO, Oleria Identity is cybersecurity’s biggest challenge. Attacks targeting identities rose 71% last year, with valid accounts as the top entry point. The drivers are intensifying. Attackers arent hacking in theyre logging in.

Cyber threats

Cyber threats CISO IoT Phishing

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Malwarebytes

APRIL 9, 2025

The lawsuit claims that this gave Bathula login credentials for the victims’ personal accounts and systems, including bank accounts, emails, home surveillance systems, Dropbox accounts, Google Drives, dating applications, Google Nests, and iCloud accounts. This is not a good idea. Use multi-factor authentication.

Accountability

Accountability Spyware Passwords Password Management

Q&A: Cybersecurity in ‘The Intelligent Era’

IT Security Guru

MARCH 26, 2025

This transformation comes with immense responsibility from our business, IT and especially cybersecurity professionals to keep data safe and their colleagues, friends and family members protected from fraud and intrusion of privacy. With AI evolving rapidly, what new cybersecurity challenges will IT professionals need to tackle?

Cybersecurity

Cybersecurity Encryption Threat Detection Authentication

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

SecureWorld News

FEBRUARY 28, 2025

But amidst all these flashy, futuristic threats, the biggest cybersecurity risk remains the same as it's always beenhumans. Cybersecurity Through Human Behaviour just confirmed what most of us in the field already know: Cybersecurity isn't just a tech problemit's a behavior problem. And humbly, we're getting it very wrong.

Cybersecurity

Cybersecurity Risk Social Engineering Phishing

The Cybersecurity Dimensions of Web Accessibility

SecureWorld News

JANUARY 27, 2025

Aside from the obvious gap in accessing data and web-based resources, this shortfall also entails cybersecurity concerns. Without accessibility-focused design, even the best assistive tools can't fully protect users from cybersecurity and privacy pitfalls. It has distinct cybersecurity and privacy undertones.

Cybersecurity

Cybersecurity Risk Technology Authentication

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

NOVEMBER 12, 2024

Security and Exchange Commission (SEC) recently laid down the hammer charging and fining four prominent cybersecurity vendors for making misleading claims in connection with the SolarWinds hack. Joe Nicastro , Field CTO, Legit Security Nicastro Transparency in cybersecurity remains a complex balancing act.

CISO

CISO CSO Risk Cyber threats

Scammers Target Netflix Users: Expert Issues Urgent Warning

eSecurity Planet

MARCH 31, 2025

Streaming giant Netflix is at the center of a rising wave of online scams, cybersecurity experts warn. Karin Zilberstein, vice president of Product at cybersecurity company Guardio, says the platform consistently ranks among the top 10 most imitated companies in phishing schemes. Use a strong, unique password for your Netflix account.

Scams

Scams Artificial Intelligence Phishing Passwords

How Website Localization Strengthens Cybersecurity in Global Markets

SecureWorld News

FEBRUARY 4, 2025

This made the need for strengthening cybersecurity so apparent to everyone that U.S. The best approach one can adopt is always having cybersecurity at the forefront of their mind whichever aspect of their business they approach. The intersection of localization and cybersecurity Now, how does localization affect cybersecurity?

Marketing

Marketing Cybersecurity eCommerce Data breaches

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

SecureWorld News

MARCH 13, 2025

The rapid advancement of generative AI has brought both innovation and concern to the cybersecurity landscape. The report concludes that "while DeepSeek R1 does not instantly generate fully functional malware, its ability to produce semi-functional code should be a wake-up call for the cybersecurity industry."

Malware

Malware Cybersecurity Cyber threats Threat Detection

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

Security Boulevard

DECEMBER 30, 2024

Securities and Exchange Commission (SEC)began enforcing new cybersecurity disclosure rules. Recognizing the critical need for transparency and robust cybersecurity measures, the U.S. As part of their fiduciary duties, boards play a key role in the oversight of risks from cybersecurity threats.

Cybersecurity

Cybersecurity Cyber Risk CISO Risk

From Pest Control to Cybersecurity: What CISOs Can Learn from Pestie

SecureWorld News

JANUARY 21, 2025

Just as homeowners rely on services like Pestie to protect their spaces from unwanted intruders, cybersecurity professionals use strategic tools and methods to safeguard their organizations from cyber threats. Let's explore the correlation and what cybersecurity professionals can learn from a simple act like spraying for pests.

CISO

CISO Cybersecurity Cyber threats Education

Newsweek Op-Ed: Oversight of the Management of Cybersecurity Risks: The Skill Corporate Boards Need, But, So Often, Do Not Have

Joseph Steinberg

MAY 23, 2024

To read the piece, please see Oversight of the Management of Cybersecurity Risks: The Skill Most Corporate Boards Need, But Don’t Have on Newsweek.com. To read the piece, please see Oversight of the Management of Cybersecurity Risks: The Skill Most Corporate Boards Need, But Don’t Have on Newsweek.com.

Risk

Risk Cyber Risk Cybersecurity Artificial Intelligence

Scammer robs homebuyers of life savings in $20 million theft spree

Malwarebytes

NOVEMBER 14, 2024

Employees of these companies were tricked into clicking malicious attachments and links and filling in their email account login information on fake sites. With our law enforcement partners, we will continue to aggressively investigate, pursue, and hold accountable the crooks who perpetrate frauds online, wherever they are.”

Accountability

Accountability Banking Internet Internet

The Social Security data breach compromised ‘billions’ of accounts. Here’s one easy, free way to protect yourself.

Heimadal Security

MARCH 20, 2025

While artificial intelligence has transformed the ability to prevent, detect, […] The post The Social Security data breach compromised ‘billions’ of accounts. A year later, new security threats have gained traction. Here’s one easy, free way to protect yourself. appeared first on Heimdal Security Blog.

Data breaches

Data breaches Artificial Intelligence Accountability Cybersecurity

Microsoft Executives Hacked

Schneier on Security

JANUARY 29, 2024

The investigation indicates they were initially targeting email accounts for information related to Midnight Blizzard itself.

Hacking

Hacking Accountability Passwords Cybersecurity

Ex-Michigan, Ravens Football Coach Charged with Hacking Athlete Accounts

Security Boulevard

MARCH 21, 2025

Matthew Weiss, former football coach for the University of Michigan and the Baltimore Ravens, for almost 10 years accessed the social media and other online accounts of thousands of student athletes and downloaded personal information and intimate images, said prosecutors who indicted for illegal computer access and identity theft.

Accountability

Accountability Identity Theft Hacking Media

PayPal scam abuses Docusign API to spread phishy emails

Malwarebytes

MARCH 4, 2025

The Docusign Application Programming Interface (API) allows customers to send emails that come from genuine Docusign accounts, and they can use templates to impersonate reputable companies. Weve identified an unauthorized transaction made from your PayPal account to Coinbase: Amount: $755.38

Scams

Scams Accountability Phishing Banking

Hacker Leaks 270,000 Samsung Customer Records—Stolen Credentials Were Left Unchecked for Years

eSecurity Planet

APRIL 2, 2025

According to cybersecurity firm Hudson Rock, the hack was made possible by a set of stolen credentials compromised in 2021. Identity theft and account takeover: By impersonating customers using leaked support tickets, hackers can gain unauthorized access to accounts. How can malicious actors exploit this?

Identity Theft

Identity Theft Cybersecurity Scams Accountability

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

Webinars

Trending Sources

CrossBarking Vulnerability in Opera Browser Allows Malicious Extensions to Hijack User Accounts

Webinars

FBI: Spike in Hacked Police Emails, Fake Subpoenas

A large botnet targets M365 accounts with password spraying attacks

Misconfigured AWS Accounts Are Fueling Phishing Campaigns

Cybersecurity Resolutions for 2025

Women in Cybersecurity & IWD: Why I’m Done!

Meta takes down more than 2 million accounts in fight against pig butchering

A Day in the Life of a Prolific Voice Phishing Crew

Reducing the Crushing Burden of Cybersecurity, Privacy Laws in the UK

What Maslow’s Hierarchy of Needs Reveals About Cybersecurity Flaws

Upload a video selfie to get your Facebook or Instagram account back

Empowering Boards for Cybersecurity Incidents

10 Benefits of Leading a Cybersecurity Management Review

SEC Fines Four Companies $7M for Misleading Cybersecurity Disclosures

Infostealers VietCredCare and DuckTail Fuel Facebook Business Account Exploitation

Travel Safe: Cybersecurity Tips for Your Next Vacation

Change Healthcare Breach Hits 100M Americans

Google's AI Trends Report: Key Insights and Cybersecurity Implications

From Notifications to Deepfakes: How Human Behaviour Is Shifting and What It Means for Cybersecurity

LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold

Third-Party Identities: The Weakest Link in Your Cybersecurity Supply Chain

News alert: INE shares guidance to help companies invest in year-end cybersecurity, networking training

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

Top Cybersecurity Trends to Watch Out For in 2025

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

Man accused of using keylogger to spy on colleagues, log in to their personal accounts and watch them at home

Q&A: Cybersecurity in ‘The Intelligent Era’

The Biggest Cybersecurity Risk We're Ignoring—And No, It's Not AI

The Cybersecurity Dimensions of Web Accessibility

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

Scammers Target Netflix Users: Expert Issues Urgent Warning

How Website Localization Strengthens Cybersecurity in Global Markets

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

Navigating the SEC’s Cybersecurity Disclosure Rules: One Year On

From Pest Control to Cybersecurity: What CISOs Can Learn from Pestie

Newsweek Op-Ed: Oversight of the Management of Cybersecurity Risks: The Skill Corporate Boards Need, But, So Often, Do Not Have

Scammer robs homebuyers of life savings in $20 million theft spree

The Social Security data breach compromised ‘billions’ of accounts. Here’s one easy, free way to protect yourself.

Microsoft Executives Hacked

Ex-Michigan, Ravens Football Coach Charged with Hacking Athlete Accounts

PayPal scam abuses Docusign API to spread phishy emails

Hacker Leaks 270,000 Samsung Customer Records—Stolen Credentials Were Left Unchecked for Years

Stay Connected