Accountability, Government and Phishing

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Krebs on Security

JANUARY 16, 2025

Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. Reports of similar SMS phishing attacks against customers of other U.S. This is by no means a comprehensive list.

Phishing

Phishing Scams Mobile Passwords

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

Department of Justice refers to the cybercrime group as Saim Raza , after a pseudonym The Manipulaters communally used to promote their spam, malware and phishing services on social media. ” Manipulaters advertisement for Office 365 Private Page with Antibot phishing kit sold via Heartsender. Image: DomainTools. ” U.S.

Phishing

Phishing Cybercrime Advertising Malware

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Krebs on Security

NOVEMBER 9, 2024

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to U.S.-based based technology companies.

Hacking

Hacking Accountability Government Social Engineering

Russia-linked APT Star Blizzard targets WhatsApp accounts

Security Affairs

JANUARY 16, 2025

The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection. In November 2024, Microsoft researchers observed the Russia-linked APT group Star Blizzard targeting WhatsApp accounts via spear-phishing, shifting tactics to avoid detection.

Accountability

Accountability Phishing Government Hacking

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. Some SMS phishing messages told employees their VPN credentials were expiring and needed to be changed; other phishing messages advised employees about changes to their upcoming work schedule. com and ouryahoo-okta[.]com.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Storm-2372 used the device code phishing technique since August 2024

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. ” Device code phishing attacks exploit authentication flows to steal tokens, granting attackers access to accounts and data. . ” continues the report.

Phishing

Phishing Authentication Telecommunications Accountability

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing

Phishing Passwords Mobile Authentication

Two Russians Charged in $17M Cryptocurrency Phishing Spree

Krebs on Security

SEPTEMBER 16, 2020

authorities today announced criminal charges and financial sanctions against two Russian men accused of stealing nearly $17 million worth of virtual currencies in a series of phishing attacks throughout 2017 and 2018 that spoofed websites for some of the most popular cryptocurrency exchanges. million from 158 Poloniex users, and $1.17

Cryptocurrency

Cryptocurrency Phishing Accountability Cybercrime

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. AI-Enhanced Cyberthreats Recent intelligence indicates that the sophistication of Gmail phishing campaigns has reached new heights.

Phishing

Phishing Artificial Intelligence Password Management Accountability

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

The Last Watchdog

OCTOBER 10, 2024

SpyCloud Investigations is a powerful cybercrime and identity threat investigation solution used by analysts and investigators to discover and act on threats by navigating the world’s largest repository of recaptured breach, malware, and phishing data.

Risk

Risk Cybercrime Identity Theft Phishing

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing

Phishing DNS Social Engineering Accountability

Why is.US Being Used to Phish So Many of Us?

Krebs on Security

SEPTEMBER 1, 2023

Domain names ending in “ US ” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows. government, which is frequently the target of phishing domains ending in.US. US phishing domains.US government overall, nor to the US public.”

Phishing

Phishing Telecommunications Government DNS

Social Media Account Verification Messages: CyberCriminals’ Latest Phishing Technique Exploits Both Human Emotions And Anti-Fraud Techniques

Joseph Steinberg

DECEMBER 1, 2020

Social media users’ delight at receiving notification that their accounts have qualified for Verification (that is, receiving the often-coveted “blue check mark” that appears on the social media profiles of public figures) has become the latest target of criminal exploitation.

Media

Media Accountability Phishing Scams

New T-Mobile Breach Affects 37 Million Accounts

Krebs on Security

JANUARY 19, 2023

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately 37 million current customer accounts.

Mobile

Mobile Accountability Data breaches Identity Theft

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

SecureWorld News

FEBRUARY 17, 2025

Cybersecurity governance has undergone a dramatic transformation over the past few decades. From its early days, where security was an afterthought to business operations, to the present, where it has become a board-level discussion, governance has had to adapt to an ever-evolving digital landscape.

Government

Government Cybersecurity Risk CISO

Government Shutdown Leaves Americans More Vulnerable to Identity Theft, Scams

Adam Levin

JANUARY 15, 2019

citizens are more vulnerable to the effects of identity theft and scams as a result of the ongoing government shutdown. The two primary websites created by the government as resources for victims of identity theft, IdentityTheft.gov and FTC.gov/complaint , are currently offline as part of the partial shutdown of the Federal Trade Commission.

Identity Theft

Identity Theft Scams Government Phishing

Phishing attack spoofs US Department of Labor to steal account credentials

Tech Republic Security

JANUARY 19, 2022

A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects.

Phishing

Phishing Accountability Government

CERT-UA warns of a phishing campaign targeting government entities

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government

Government Phishing Malware Banking

Chinese man charged for spear-phishing against NASA and US Government

Security Affairs

SEPTEMBER 17, 2024

US DoJ charged a Chinese national who used spear-phishing emails to obtain sensitive info from NASA, the U.S. DoJ charged a Chinese national, Song Wu (39), who used spear-phishing emails to target employees of NASA, the U.S. Air Force, Navy, Army, and the FAA. Air Force, Navy, Army, and the FAA.” “According to U.S.

Phishing

Phishing Government Identity Theft Engineering

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Troy Hunt

SEPTEMBER 17, 2020

As I started delving back through my own writing over the years, the picture became much clearer and it really crystallised just this week after I inadvertently landed on a nasty phishing site. In the end I broke it down into 3 Ps: padlocks, phishing and privacy. Maybe they're plugging into the API directly from the account page there?

VPN

VPN Phishing DNS Encryption

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

The company exclusively sells exploits to the Russian government and local firms. Strategic Cyber Warfare In geopolitical conflicts, access to Telegram accounts and devices could provide military and intelligence advantages, such as intercepting sensitive communications, and identifying informants. continues the announcement.

Government

Government Surveillance Mobile Hacking

Canadian Man Arrested in Snowflake Data Extortions

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). government agencies and first responders. “The rest is just ransom.”

Cybercrime

Cybercrime Mobile Media Hacking

News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk

The Last Watchdog

MARCH 19, 2025

Holistic Identity: The New Cyber Battleground Organizations have traditionally focused on securing individual account credentials, but SpyClouds research indicates that cybercriminals have expanded their tactics beyond conventional account takeover. ” Additional Report Findings: 17.3

Cyber Risk

Cyber Risk Risk Phishing Cybercrime

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

The Hacker News

JUNE 13, 2024

Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups.

Phishing

Phishing Financial Services Government Accountability

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

The Last Watchdog

FEBRUARY 4, 2025

Identity security vendors have focused narrowly on securing corporate accounts, leaving organizations vulnerable to cybercriminals exploiting the broader identity exposures of employees, consumers, and suppliers. A shift to an identity-centric perspective is needed, particularly as the scope of identity exposures continues to grow. .

Cybercrime

Cybercrime Phishing Accountability Malware

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

DECEMBER 5, 2024

The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. Protect your social media accounts by using Malwarebytes Identity Theft Protection. Among the culprits are four major APT groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant.

Encryption

Encryption Identity Theft Media Telecommunications

Google's AI Trends Report: Key Insights and Cybersecurity Implications

SecureWorld News

FEBRUARY 25, 2025

Deepfake phishing, AI-generated malware, and automated spear-phishing campaigns are already on the rise. From the report: "Generative AI is being used to create highly convincing phishing emails, fake voices, and even deepfake videosmaking social engineering attacks more difficult to detect.

Cybersecurity

Cybersecurity Social Engineering Artificial Intelligence Cyber threats

Report Shows Ransomware Has Grown 41% for Construction Industry

Digital Shadows

NOVEMBER 12, 2024

Top MITRE Technique: Spearphishing The construction sector is no stranger to phishing attacks, which topped the list of initial access techniques between October 1, 2023, and September 30, 2024. Phishing is favored by threat actors for its simplicity and effectiveness.

Ransomware

Ransomware Phishing Cyber threats Malware

Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns

The Hacker News

DECEMBER 1, 2021

Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts.

Phishing

Phishing Social Engineering Banking Engineering

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Enterprises must secure AI agents, adopt proactive data governance, and deploy AI-based security platforms. Promoting continuous learning in privacy tech, AI governance, and Zero Trust, alongside partnerships with educational institutions, helps build a skilled workforce to meet evolving regulatory demands.

Risk

Risk Threat Detection Technology Phishing

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished.

Data breaches

Data breaches Healthcare Passwords Insurance

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts.

Ransomware

Ransomware IoT Encryption Social Engineering

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing

Phishing Accountability Hacking Scams

Real-Time Attacks Against Two-Factor Authentication

Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Authentication

Authentication Passwords Phishing Government

Managed detection and response in 2024

SecureList

FEBRUARY 20, 2025

Kaspersky MDR customers by region Distribution of incidents by industry In 2024, the MDR team observed the highest number of incidents in the industrial (25.7%), financial (14.1%), and government (11.7%) sectors. in government, 17.8% User Execution and Phishing remain top threats. in IT, 18.3% in industrial, and 11.9%

Social Engineering

Social Engineering Phishing Government Threat Detection

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. Watch out for fake vendors. Take your time.

Data breaches

Data breaches Passwords Ransomware Phishing

US Harbors Prolific Malicious Link Shortening Service

Krebs on Security

OCTOBER 31, 2023

The top-level domain for the United States — US — is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. domains as among the most prevalent in phishing attacks over the past year. US phishing domains.

Phishing

Phishing Telecommunications Malware Scams

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

The Last Watchdog

JUNE 23, 2021

These hacking waves contribute to the harvesting of account credentials and unauthorized access to loosely-configured servers; and these ill-gotten assets can, in turn, be utilized to execute different stages of higher-level hacks, such as account takeovers and ransomware campaigns. Remote desktop risks. Password concierge.

Accountability

Accountability Passwords Hacking Cyber Risk

Formula 1 governing body discloses data breach after email hacks

Bleeping Computer

JULY 3, 2024

FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. [.]

Government

Government Data breaches Hacking Phishing

New Hacking-for-Hire Company in India

Schneier on Security

JUNE 19, 2020

Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries. We also identify Dark Basin as the group behind the phishing of organizations working on net neutrality advocacy, previously reported by the Electronic Frontier Foundation. News article. Boing Boing post.

Hacking

Hacking Phishing Accountability Government

Don’t Let Your Domain Name Become a “Sitting Duck”

Krebs on Security

JULY 31, 2024

The reason lame domains are problematic is that a number of Web hosting and DNS providers allow users to claim control over a domain without accessing the true owner’s account at their DNS provider or registrar. Other attacks have used hijacked domains in targeted phishing attacks by creating lookalike subdomains. .”

DNS

DNS Internet Internet Phishing

Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts

The Hacker News

FEBRUARY 14, 2025

The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas

Telecommunications

Telecommunications Accountability Phishing Education

US Federal agencies fall prey to Phishing Scam via Remote Management Software

CyberSecurity Insiders

JANUARY 25, 2023

United States Cybersecurity and Infrastructure Security Agency (CISA) along with two other agencies; National Security Agency (NSA) and Multi-State Information Sharing and Analysis Center (MS-ISAC) have issued a warning to federal agencies against a phishing scam taking place through Remote Monitoring and Management (RMM) Software.

Scams

Scams Software Phishing Social Engineering

Main phishing and scamming trends and techniques

SecureList

DECEMBER 6, 2022

There are two main types of online fraud aimed at stealing user data and money: phishing and scams. The history of scams and phishing. The term “phishing” was coined back in 1996, when cybercriminals attacked users of America Online (AOL), the largest internet provider at that time. Phishing site with chat support.

Scams

Scams Phishing Social Engineering Banking

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Trending Sources

FBI: Spike in Hacked Police Emails, Fake Subpoenas

Russia-linked APT Star Blizzard targets WhatsApp accounts

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Storm-2372 used the device code phishing technique since August 2024

Phishing evolves beyond email to become latest Android app threat

Two Russians Charged in $17M Cryptocurrency Phishing Spree

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

News alert: SpyCloud accelerates supply chain risk analysis with new ‘IDLink’ correlation capability

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Why is.US Being Used to Phish So Many of Us?

Social Media Account Verification Messages: CyberCriminals’ Latest Phishing Technique Exploits Both Human Emotions And Anti-Fraud Techniques

New T-Mobile Breach Affects 37 Million Accounts

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

Government Shutdown Leaves Americans More Vulnerable to Identity Theft, Scams

Phishing attack spoofs US Department of Labor to steal account credentials

CERT-UA warns of a phishing campaign targeting government entities

Chinese man charged for spear-phishing against NASA and US Government

Padlocks, Phishing and Privacy; The Value Proposition of a VPN

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Canadian Man Arrested in Snowflake Data Extortions

News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

Americans urged to use encrypted messaging after large, ongoing cyberattack

Google's AI Trends Report: Key Insights and Cybersecurity Implications

Report Shows Ransomware Has Grown 41% for Construction Industry

Researchers Warn Iranian Users of Widespread SMS Phishing Campaigns

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Cybercriminals Use Azure Front Door in Phishing Attacks

Real-Time Attacks Against Two-Factor Authentication

Managed detection and response in 2024

City of Columbus breach affects around half a million citizens

US Harbors Prolific Malicious Link Shortening Service

MY TAKE: A path for SMBs to achieve security maturity: start small controlling privileged accounts

Formula 1 governing body discloses data breach after email hacks

New Hacking-for-Hire Company in India

Don’t Let Your Domain Name Become a “Sitting Duck”

Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts

US Federal agencies fall prey to Phishing Scam via Remote Management Software

Main phishing and scamming trends and techniques

Stay Connected