Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Authentication 231

Authentication Passwords Phishing Government 231

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 87

Phishing Mobile Social Engineering Data breaches 87

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing 327

Phishing DNS Social Engineering Accountability 327

Cisco Security

NOVEMBER 2, 2022

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.

Authentication 143

Authentication Passwords Phishing Mobile 143

The Last Watchdog

DECEMBER 18, 2024

Enterprises must secure AI agents, adopt proactive data governance, and deploy AI-based security platforms. Our research reveals 69% of breaches are rooted in inadequate authentication and 78% of organizations have been targeted by identity-based attacks. Real-time defense and a robust security mindset are crucial to staying resilient.

Risk 173

Risk Threat Detection Technology Phishing 173

Malwarebytes

JANUARY 27, 2025

Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Data breaches 122

Data breaches Healthcare Passwords Insurance 122

SecureWorld News

FEBRUARY 25, 2025

Deepfake phishing, AI-generated malware, and automated spear-phishing campaigns are already on the rise. From the report: "Generative AI is being used to create highly convincing phishing emails, fake voices, and even deepfake videosmaking social engineering attacks more difficult to detect.

Cybersecurity 94

Cybersecurity Social Engineering Artificial Intelligence Cyber threats 94

CyberSecurity Insiders

JULY 3, 2021

Identity and user authentication continue to be a concern for IT managers. It’s time to take a closer look at alternative identity management and authentication strategies. While corporate malware attacks are down, phishing attacks are up, averaging 1.185 per month. Cyberattacks designed to steal identity are on the rise.

Authentication 140

Authentication Identity Theft Technology InfoSec 140

Malwarebytes

DECEMBER 5, 2024

The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. Among the culprits are four major APT groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant.

Encryption 141

Encryption Identity Theft Media Telecommunications 141

SecureWorld News

FEBRUARY 13, 2025

Traditional phishing attacks rely on deceptive emails, but deepfakes have taken impersonation to a new level by creating convincing audio and video forgeries. Attackers now impersonate executives, government officials, and even family members to gain trust and manipulate victims.

Social Engineering 84

Social Engineering Authentication Identity Theft Education 84

Krebs on Security

NOVEMBER 5, 2024

At the end of 2023, malicious hackers learned that many large companies had uploaded huge volumes of sensitive customer data to Snowflake accounts that were protected with little more than a username and password (no multi-factor authentication required). government agencies and first responders.

Cybercrime 277

Cybercrime Mobile Media Hacking 277

eSecurity Planet

NOVEMBER 6, 2024

This attack underscores a critical lesson for businesses: even the most vital institutions, such as a city government, are vulnerable to cyberthreats. With cyberthreats getting more advanced , businesses and local governments alike must work together to share resources, insights, and best practices to improve cybersecurity across the board.

Ransomware 113

Ransomware Authentication Identity Theft Penetration Testing 113

Malwarebytes

NOVEMBER 4, 2024

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. Enable two-factor authentication (2FA).

Data breaches 108

Data breaches Passwords Ransomware Phishing 108

The Last Watchdog

FEBRUARY 4, 2025

This innovative approach empowers security teams to proactively protect against previously unseen risks, including the darknet exposures of identity and authentication data stolen about employees, consumers, and suppliers that have been beyond their visibility to date.

Cybercrime 124

Cybercrime Phishing Accountability Malware 124

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. The first campaign aimed at a government organization in Greece, threat actors sent emails containing exploit urls to their targets. The exploit was used to steal the Zimbra authentication token.

Government 141

Government Authentication Phishing Hacking 141

Malwarebytes

AUGUST 4, 2023

Attackers believed to have ties to Russia's Foreign Intelligence Service (SVR) are using Microsoft Teams chats as credential theft phishing lures. The targeted organizations are mostly found among government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.

Authentication 98

Authentication Phishing Accountability Small Business 98

eSecurity Planet

SEPTEMBER 3, 2021

Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses. Therein lies a key issue raised by the phishing campaign.

Phishing 142

Phishing Architecture Education Marketing 142

Krebs on Security

JANUARY 30, 2024

The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. On July 28 and again on Aug. According to an Aug.

Social Engineering 357

Social Engineering Mobile Passwords Cybercrime 357

Jane Frankland

JANUARY 19, 2025

Here are some of the risks: Desensitisation and Missed Warnings: Whether its a phishing email, a password reset notification, or a critical system alert, tech users are increasingly tuning out notifications. A deepfake (video) from a government official spreading misinformation during a crisis.

Cybersecurity 130

Cybersecurity Technology Scams Risk 130

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts.

Ransomware 112

Ransomware IoT Encryption Social Engineering 112

Duo's Security Blog

JANUARY 18, 2023

Multi-Factor Authentication (MFA) is a security tool used by various organizations to protect user credentials, or the username and password. MFA has been recommended, or required, by governments and has grown in popularity as a measure to quickly add a layer of security, especially if credentials are compromised as part of a phishing attack.

Authentication 110

Authentication Phishing Threat Detection Mobile 110

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. This year, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) coordinate the collaboration between the government and industry, running a human-centric campaign themed “See Yourself in Cyber”.

Authentication 127

Authentication Passwords Cybersecurity Data breaches 127

SecureWorld News

NOVEMBER 13, 2024

As of August 2023, it's estimated that around 40 million individuals and more than 2,500 businesses were affected across various sectors, including healthcare, government, finance, and education. Notable organizations hit include major financial firms, government agencies, and educational institutions worldwide.

Data breaches 116

Data breaches Identity Theft Education Software 116

The Last Watchdog

DECEMBER 18, 2024

state privacy laws, the EUs governance of ethical AI deployment, and updated regulations in India and Japan. The SEC Cybersecurity Disclosure Rule highlights transparency in governance. Seara Jose Seara , CEO, DeNexus Recent regulatory updates highlight a shift toward robust cyber risk governance, requiring organizations to adapt.

Cybersecurity 130

Cybersecurity CISO Risk Government 130

SecureWorld News

JANUARY 16, 2025

Multi-factor authentication (MFA): MFA ensures that access to critical systems is granted only after verifying user credentials through multiple channels. Conducting regular training sessions on recognizing phishing emails, avoiding suspicious downloads, and following cybersecurity protocols can build a resilient workforce.

Energy and Utilities 108

Energy and Utilities IoT Artificial Intelligence Backups 108

CyberSecurity Insiders

AUGUST 1, 2022

While verification and authentication are terms that are often used interchangeably, they are in fact two separate operations. Digital verification and authentication play a critical role in preventing fraud and cyberattacks. Government organizations, on the other hand, will employ much more extensive verification methods.

Authentication 121

Authentication Passwords Technology Insurance 121

Security Boulevard

APRIL 4, 2025

In addition to the six critical security controls, SANS also offers advice for deploying AI models, recommending that organizations do it gradually and incrementally, starting with non-critical systems; that they establish a central AI governance board; and that they draft an AI incident response plan. or token-based authentication.

Cybersecurity 72

Cybersecurity DNS Government Authentication 72

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. GhostPulse), and other forms of phishing campaigns. These infected websites host a PHP script which displays a seemingly authentic update.

Education 138

Education Government Business Services Software 138

Krebs on Security

JULY 31, 2024

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock.

DNS 312

DNS Internet Internet Phishing 312

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. Experts warn that biometric authentication alone is not foolproof.

Social Engineering 102

Social Engineering Mobile Authentication Engineering 102

SecureList

FEBRUARY 16, 2023

Short-lived phishing sites often offered to see the premieres before the eagerly awaited movie or television show was scheduled to hit the screen. At the beginning of that year, we still observed phishing attacks that used the themes of infection and prevention as the bait.

Phishing 118

Phishing Scams Accountability Energy and Utilities 118

eSecurity Planet

JUNE 14, 2023

Passkeys can use a range of passwordless authentication methods, from fingerprint, face and iris recognition to screen lock pins, smart cards, USB devices and more. ” authID’s multi-factor authentication (MFA) solutions included biometric authentication such as fingerprint recognition and facial recognition.

Authentication 98

Authentication Passwords Password Management Phishing 98

Digital Shadows

MARCH 17, 2025

The ransomware targets unpatched internet-facing servers, impacting systems across 70+ countries in sectors like critical infrastructure, health care, governments, education, technology, manufacturing, and small- to medium-sized businesses. This ensures that even if the VPN is compromised, attackers can’t move laterally.

VPN 133

VPN Authentication Ransomware Risk 133

Hacker's King

DECEMBER 24, 2024

As the digital landscape evolves, cybersecurity remains a critical concern for businesses, governments, and individuals alike. AI-powered malware and phishing schemes can adapt to defenses in real time, making them harder to detect and counter. Organizations must invest in advanced AI-based security tools to stay ahead.

Cybersecurity 59

Cybersecurity Cyber Insurance IoT Insurance 59

Thales Cloud Protection & Licensing

MARCH 12, 2025

The FIDO (Fast Identity Online) standard has emerged as the gold standard in authentication technology, providing a robust framework for secure and convenient access. The newly introduced SafeNet eToken Fusion NFC PIV enables passwordless, phishing-resistant authentication across a wide range of devices.

Passwords 71

Passwords Authentication Digital transformation Government 71

Hacker's King

DECEMBER 16, 2024

In the digital age, cyber-attacks are a growing concern for individuals, businesses, and governments worldwide. Recent incidents include attacks on government agencies, critical infrastructure, and major corporations, highlighting the vulnerability of national cybersecurity defenses.

Cyber Attacks 59

Cyber Attacks Phishing Artificial Intelligence Penetration Testing 59

Thales Cloud Protection & Licensing

OCTOBER 30, 2024

From AI-generated phishing attacks to badly behaved bots, these digital ghouls are more than just scary stories—they're real threats to your business and personal security. That is why governments are rushing to regulate the AI ecosystem and push forward responsible and ethical AI development and use. Bad Bots, Whatcha Gonna Do?

Phishing 71

Phishing Artificial Intelligence Passwords Media 71