Schneier on Security

DECEMBER 14, 2018

Attackers are targeting two-factor authentication systems: Attackers working on behalf of the Iranian government collected detailed information on targets and used that knowledge to write spear-phishing emails that were tailored to the targets' level of operational security, researchers with security firm Certfa Lab said in a blog post.

Authentication 229

Authentication Passwords Phishing Government 229

eSecurity Planet

FEBRUARY 26, 2025

Cybercriminals are shifting their focus from emails to text messages, using mishing a more deceptive form of phishing to target mobile users and infiltrate corporate networks, according to new security research by Zimperium. Vishing: Also known as voice phishing. What is mishing? and 9%in Brazil.

Phishing 87

Phishing Mobile Social Engineering Data breaches 87

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing 331

Phishing DNS Social Engineering Accountability 331

Security Affairs

MAY 1, 2025

The FBI shared 42K phishing domains tied to LabHost, a PhaaS platform shut down in April 2024, to boost awareness and help identify compromises. The domain list helps prevent future malicious use, allows security teams to scan past logs for breaches, and supports phishing analysis and model training.

Phishing 74

Phishing Banking Threat Detection Authentication 74

Cisco Security

NOVEMBER 2, 2022

Going beyond the hype, passwordless authentication is now a reality. Cisco Duo’s passwordless authentication is now generally available across all Duo Editions. “ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy.

Authentication 145

Authentication Passwords Phishing Mobile 145

The Last Watchdog

DECEMBER 18, 2024

Enterprises must secure AI agents, adopt proactive data governance, and deploy AI-based security platforms. Our research reveals 69% of breaches are rooted in inadequate authentication and 78% of organizations have been targeted by identity-based attacks. Real-time defense and a robust security mindset are crucial to staying resilient.

Risk 173

Risk Threat Detection Technology Phishing 173

Malwarebytes

JANUARY 27, 2025

Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Data breaches 128

Data breaches Healthcare Passwords Insurance 128

SecureWorld News

FEBRUARY 25, 2025

Deepfake phishing, AI-generated malware, and automated spear-phishing campaigns are already on the rise. From the report: "Generative AI is being used to create highly convincing phishing emails, fake voices, and even deepfake videosmaking social engineering attacks more difficult to detect.

Cybersecurity 99

Cybersecurity Social Engineering Artificial Intelligence Cyber threats 99

SecureWorld News

FEBRUARY 13, 2025

Traditional phishing attacks rely on deceptive emails, but deepfakes have taken impersonation to a new level by creating convincing audio and video forgeries. Attackers now impersonate executives, government officials, and even family members to gain trust and manipulate victims.

Social Engineering 89

Social Engineering Authentication Identity Theft Education 89

Malwarebytes

APRIL 15, 2025

Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Better yet, let a password manager choose one for you. If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor.

Data breaches 108

Data breaches Ransomware Passwords B2B 108

Malwarebytes

DECEMBER 5, 2024

The infrastructure that the US government relies to communicate on is made up of the same private sector systems that everybody else uses. Among the culprits are four major APT groups: Volt Typhoon, Salt Typhoon, Flax Typhoon, and Velvet Ant.

Encryption 142

Encryption Identity Theft Media Telecommunications 142

Malwarebytes

NOVEMBER 4, 2024

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. Enable two-factor authentication (2FA).

Data breaches 120

Data breaches Passwords Ransomware Phishing 120

eSecurity Planet

NOVEMBER 6, 2024

This attack underscores a critical lesson for businesses: even the most vital institutions, such as a city government, are vulnerable to cyberthreats. With cyberthreats getting more advanced , businesses and local governments alike must work together to share resources, insights, and best practices to improve cybersecurity across the board.

Ransomware 113

Ransomware Authentication Identity Theft Penetration Testing 113

The Last Watchdog

FEBRUARY 4, 2025

This innovative approach empowers security teams to proactively protect against previously unseen risks, including the darknet exposures of identity and authentication data stolen about employees, consumers, and suppliers that have been beyond their visibility to date.

Cybercrime 124

Cybercrime Accountability Phishing Malware 124

Security Affairs

NOVEMBER 16, 2023

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day ( CVE-2023-37580 ) to steal emails from governments. The first campaign aimed at a government organization in Greece, threat actors sent emails containing exploit urls to their targets. The exploit was used to steal the Zimbra authentication token.

Government 140

Government Authentication Phishing Hacking 140

Malwarebytes

AUGUST 4, 2023

Attackers believed to have ties to Russia's Foreign Intelligence Service (SVR) are using Microsoft Teams chats as credential theft phishing lures. The targeted organizations are mostly found among government, non-government organizations (NGOs), IT services, technology, discrete manufacturing, and media sectors.

Authentication 98

Authentication Phishing Accountability Small Business 98

eSecurity Planet

SEPTEMBER 3, 2021

Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses. Therein lies a key issue raised by the phishing campaign.

Phishing 142

Phishing Architecture Education Marketing 142

Krebs on Security

JANUARY 30, 2024

The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. On July 28 and again on Aug. According to an Aug.

Social Engineering 356

Social Engineering Mobile Passwords Cybercrime 356

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts.

Ransomware 113

Ransomware IoT Encryption Social Engineering 113

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. In phishing attacks, there never is a genuine problem with a users account, and there never is a real request for information from the company.

Small Business 82

Small Business Cybersecurity Passwords Scams 82

Jane Frankland

JANUARY 19, 2025

Here are some of the risks: Desensitisation and Missed Warnings: Whether its a phishing email, a password reset notification, or a critical system alert, tech users are increasingly tuning out notifications. A deepfake (video) from a government official spreading misinformation during a crisis.

Cybersecurity 130

Cybersecurity Technology Scams Risk 130

Duo's Security Blog

JANUARY 18, 2023

Multi-Factor Authentication (MFA) is a security tool used by various organizations to protect user credentials, or the username and password. MFA has been recommended, or required, by governments and has grown in popularity as a measure to quickly add a layer of security, especially if credentials are compromised as part of a phishing attack.

Authentication 110

Authentication Phishing Threat Detection Mobile 110

SecureWorld News

NOVEMBER 13, 2024

As of August 2023, it's estimated that around 40 million individuals and more than 2,500 businesses were affected across various sectors, including healthcare, government, finance, and education. Notable organizations hit include major financial firms, government agencies, and educational institutions worldwide.

Data breaches 117

Data breaches Identity Theft Education Software 117

Thales Cloud Protection & Licensing

OCTOBER 4, 2022

Cybersecurity Awareness Month: Resilient Multi-factor Authentication (MFA) and Strong Passwords. This year, the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA) coordinate the collaboration between the government and industry, running a human-centric campaign themed “See Yourself in Cyber”.

Authentication 127

Authentication Passwords Cybersecurity Data breaches 127

SecureWorld News

JANUARY 16, 2025

Multi-factor authentication (MFA): MFA ensures that access to critical systems is granted only after verifying user credentials through multiple channels. Conducting regular training sessions on recognizing phishing emails, avoiding suspicious downloads, and following cybersecurity protocols can build a resilient workforce.

Energy and Utilities 109

Energy and Utilities IoT Artificial Intelligence Backups 109

The Last Watchdog

DECEMBER 18, 2024

state privacy laws, the EUs governance of ethical AI deployment, and updated regulations in India and Japan. The SEC Cybersecurity Disclosure Rule highlights transparency in governance. Seara Jose Seara , CEO, DeNexus Recent regulatory updates highlight a shift toward robust cyber risk governance, requiring organizations to adapt.

Cybersecurity 130

Cybersecurity CISO Risk Government 130

CyberSecurity Insiders

AUGUST 1, 2022

While verification and authentication are terms that are often used interchangeably, they are in fact two separate operations. Digital verification and authentication play a critical role in preventing fraud and cyberattacks. Government organizations, on the other hand, will employ much more extensive verification methods.

Authentication 121

Authentication Passwords Technology Insurance 121

Security Affairs

AUGUST 3, 2023

Russia-linked APT29 group targeted dozens of organizations and government agencies worldwide with Microsoft Teams phishing attacks. Microsoft Threat Intelligence reported that the cyberspies conducted highly targeted social engineering attacks using credential theft phishing lures sent as Microsoft Teams chat.

Phishing 98

Phishing Social Engineering Authentication Government 98

SecureWorld News

FEBRUARY 15, 2024

A sophisticated form of mobile malware dubbed "GoldPickaxe" has been uncovered, which collects facial recognition data to produce deepfake videos, enabling hackers to bypass biometric authentication protections on banking apps. Experts warn that biometric authentication alone is not foolproof.

Social Engineering 105

Social Engineering Mobile Authentication Engineering 105

Security Affairs

NOVEMBER 21, 2023

Experts warn of a surge in NetSupport RAT attacks against education, government, and business services sectors. The most impacted sectors are education, government, and business services. GhostPulse), and other forms of phishing campaigns. These infected websites host a PHP script which displays a seemingly authentic update.

Education 136

Education Government Business Services Software 136

Krebs on Security

JULY 31, 2024

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock.

DNS 310

DNS Internet Internet Phishing 310

SecureWorld News

APRIL 22, 2025

Victims are sent unsolicited invitations to join Zoom calls, often via links in phishing emails or messages. Lazarus Group: a history of cybercrime The Lazarus Group is believed to be a state-sponsored hacking collective operated by the North Korean government.

Cryptocurrency 94

Cryptocurrency Social Engineering Cybercrime Engineering 94

Krebs on Security

NOVEMBER 26, 2019

federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a.gov domain versus a commercial one ending in.com or.org. WHO WANTS TO BE A GOVERNMENT? “Back in the day, everyone not in the federal government was supposed to register in the.us

Government 359

Government Internet Internet Web Fraud 359

SecureList

NOVEMBER 29, 2024

Mobile statistics Targeted attacks New APT threat actor targets Russian government entities In May 2024, we discovered a new APT targeting Russian government organizations. The malware utilizes cloud resources for its C2 (command and control) servers, which it accesses via APIs using authentication tokens.

Energy and Utilities 106

Energy and Utilities Ransomware Malware Government 106

Hacker's King

DECEMBER 24, 2024

As the digital landscape evolves, cybersecurity remains a critical concern for businesses, governments, and individuals alike. AI-powered malware and phishing schemes can adapt to defenses in real time, making them harder to detect and counter. Organizations must invest in advanced AI-based security tools to stay ahead.

Cybersecurity 59

Cybersecurity Cyber Insurance IoT Insurance 59

Hacker's King

DECEMBER 16, 2024

In the digital age, cyber-attacks are a growing concern for individuals, businesses, and governments worldwide. Recent incidents include attacks on government agencies, critical infrastructure, and major corporations, highlighting the vulnerability of national cybersecurity defenses.

Cyber Attacks 59

Cyber Attacks Phishing Artificial Intelligence Penetration Testing 59

Security Boulevard

APRIL 4, 2025

In addition to the six critical security controls, SANS also offers advice for deploying AI models, recommending that organizations do it gradually and incrementally, starting with non-critical systems; that they establish a central AI governance board; and that they draft an AI incident response plan. or token-based authentication.

Cybersecurity 72

Cybersecurity DNS Government Authentication 72