Authentication, Phishing and Ransomware

Operation Heart Blocker: International Police Disrupt Phishing Network

SecureWorld News

FEBRUARY 3, 2025

and Dutch law enforcement agencies have dismantled 39 domains and their associated servers in an effort to disrupt a Pakistan-based network of online marketplaces selling phishing and fraud-enabling tools. Organizations should enforce least privilege access and enable multi-factor authentication (MFA) on all accounts that have it available.

Phishing

Phishing Cybercrime Scams Authentication

Problems with Multifactor Authentication

Schneier on Security

OCTOBER 21, 2021

Roger Grimes on why multifactor authentication isn’t a panacea : The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted VP who let the attackers in.

Authentication

Authentication Ransomware Social Engineering Engineering

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Krebs on Security

NOVEMBER 21, 2024

A visual depiction of the attacks by the SMS phishing group known as Scattered Spider, and Oktapus. The targeted SMS scams asked employees to click a link and log in at a website that mimicked their employer’s Okta authentication page. Image: Amitai Cohen twitter.com/amitaico. com and ouryahoo-okta[.]com. Click to enlarge.

Identity Theft

Identity Theft Phishing Cryptocurrency Accountability

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

SecureWorld News

NOVEMBER 22, 2024

The United States Department of Justice (DOJ) has unsealed charges against five individuals accused of orchestrating sophisticated phishing campaigns tied to the notorious Scattered Spider cybercrime group. As this case shows, phishing and hacking has become increasingly sophisticated and can result in enormous losses.

Phishing

Phishing Identity Theft Cryptocurrency Cybercrime

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. All they need is one successful attempt to gain initial access."

Ransomware

Ransomware IoT Encryption Social Engineering

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Krebs on Security

APRIL 30, 2025

Buchanan was arrested in Spain last year on a warrant from the FBI, which wanted him in connection with a series of SMS-based phishing attacks in the summer of 2022 that led to intrusions at Twilio, LastPass, DoorDash, Mailchimp, and many other tech firms. A Scattered Spider/0Ktapus SMS phishing lure sent to Twilio employees in 2022.

Identity Theft

Identity Theft Phishing Cryptocurrency Cybercrime

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020. There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code. This is not an idle concern.

Ransomware

Ransomware Encryption Backups Manufacturing

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

Following a July 18 attack by the Rhysida ransomware group — believed to have Russian affiliations — Columbus is still reeling from the exposure of vast amounts of sensitive resident data. Cybersecurity awareness training helps staff recognize phishing scams , social engineering attempts, and other threats.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

Hertz data breach caused by CL0P ransomware attack on vendor

Malwarebytes

APRIL 15, 2025

The car rental giants data was stolen in a ransomware attack leveraging a vulnerability in Cleo file sharing products. Enable two-factor authentication (2FA). Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Take your time.

Data breaches

Data breaches Ransomware Passwords B2B

BayMark Health Services sends breach notifications after ransomware attack

Malwarebytes

JANUARY 10, 2025

The RansomHub ransomware group claims to have exfiltrated an enormous 1.5 Here, the ransomware group lays blame on the company itself. This isn’t rare for a ransomware group, as the tactics and vernacular are often based around shame, guilt, and a pre-teen-like arrogance. Enable two-factor authentication (2FA).

Ransomware

Ransomware Data breaches Passwords Phishing

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

In May, UnitedHealth CEO Andrew Witty estimated that the ransomware attack compromised the data of a third of US individuals when he testified before the Senate Finance Committee on Capitol Hill. The ALPHV/BlackCat ransomware group claimed the initial attack. Enable two-factor authentication (2FA). Watch out for fake vendors.

Data breaches

Data breaches Healthcare Passwords Insurance

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. The ZIP archives contain a compressed executable payload that, if executed, will start the encryption process with LockBit Black ransomware. ” states the report published by the NJCCIC. 177 and 185[.]215[.]113[.]66.

Phishing

Phishing Ransomware Security Awareness Authentication

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

eSecurity Planet

MARCH 17, 2025

The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has released a joint cybersecurity advisory warning organizations about the escalating threat posed by the Medusa ransomware.

Ransomware

Ransomware Backups Firmware Insurance

We have failed to stop phishing, even after 2 decades. Can we finally agree that emails need digital signatures?

Joseph Steinberg

NOVEMBER 15, 2021

There has likely not been a single hour during the last decade, for example, during which criminals did not carry out successful phishing-based attacks by exploiting the inherent lack of security within standard and ubiquitous email technology. And such issues are just the tip of the iceberg when it comes to email security.

Phishing

Phishing Artificial Intelligence Technology Scams

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. Enable two-factor authentication (2FA).

Data breaches

Data breaches Passwords Ransomware Phishing

Warning over free online file converters that actually install malware

Malwarebytes

MARCH 17, 2025

The FBI warned specifically about that malware leading to ransomware attacks, but we’ve also seen similar sites that install browser hijackers, adware, and potentially unwanted programs (PUPs). Other passwords and session tokens that could allow the scammers to bypass multi-factor authentication (MFA). Email addresses.

Malware

Malware Adware Education Phishing

GUEST ESSAY: ‘Nag attacks’ — this new phishing variant takes full advantage of notification fatigue

The Last Watchdog

NOVEMBER 29, 2022

A new development in phishing is the “nag attack.” This is how keyloggers and backdoors get implanted deep inside company networks, as well as how ransomware seeps in. The nag might be a spoofed multifactor authentication push or system error alert – a notification message that annoying repeats on a seemingly infinite loop.

Phishing

Phishing Social Engineering Scams Software

Leaked Black Basta Chats Expose Ransomware Secrets & Infighting

eSecurity Planet

FEBRUARY 24, 2025

Over 200,000 internal messages from the notorious ransomware group Black Basta have surfaced online exposing deep divisions, ransom negotiations, and internal dysfunction. Cybersecurity experts are now poring over the data, uncovering a rare inside look at how one of the most feared ransomware groups operates and potentially unravels.

Ransomware

Ransomware Phishing Healthcare Cryptocurrency

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

Krebs on Security

SEPTEMBER 27, 2023

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The victim shaming website for the Snatch ransomware gang. 226 , currently assigned to Matrix Telekom in Russia.

Ransomware

Ransomware Internet Internet Phishing

The 3 biggest cybersecurity threats to small businesses

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. In phishing attacks, there never is a genuine problem with a users account, and there never is a real request for information from the company.

Small Business

Small Business Cybersecurity Passwords Scams

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

The Last Watchdog

FEBRUARY 4, 2025

This innovative approach empowers security teams to proactively protect against previously unseen risks, including the darknet exposures of identity and authentication data stolen about employees, consumers, and suppliers that have been beyond their visibility to date.

Cybercrime

Cybercrime Phishing Accountability Malware

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency

Cryptocurrency Hacking Phishing Cyber Attacks

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Ransomware? Well, the stats are even scarier with over 50% increase in ransomware attacks in 2021, compared to 2020. The media paid close attention to ransomware attacks last year, as they had a significant impact on Colonial Pipeline, the nation’s largest fuel distributor, and JBS, the nation’s largest meat distributor.

Ransomware

Ransomware Risk Internet Internet

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

SecureWorld News

APRIL 23, 2025

As the report starkly states: "The three primary ways in which attackers access an organization are stolen credentials, phishing and exploitation of vulnerabilitiesacross every single industry." Phishing accounted for nearly 25% of all breaches. Public Sector: DoS attacks and ransomware remain major concerns. Speed matters.

Ransomware

Ransomware CISO Backups Risk

100 million US citizens officially impacted by Change Healthcare data breach

Malwarebytes

OCTOBER 25, 2024

The attack on Change Healthcare, which processes about 50% of US medical claims, was one of the worst ransomware attacks against American healthcare and caused widespread disruption in payments to doctors and health facilities. Enable two-factor authentication (2FA). 2FA that relies on a FIDO2 device can’t be phished.

Healthcare

Healthcare Data breaches Passwords Identity Theft

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. What Are ClickFix Campaigns?

Scams

Scams Malware Phishing Social Engineering

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

SecureWorld News

JANUARY 16, 2025

A report from 2023 revealed that 67% of energy and utility companies faced ransomware attacks, with many incidents exploiting unpatched vulnerabilities. Multi-factor authentication (MFA): MFA ensures that access to critical systems is granted only after verifying user credentials through multiple channels.

Energy and Utilities

Energy and Utilities IoT Artificial Intelligence Backups

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 10, 2024

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Ransomware

Ransomware Cybercrime Phishing Banking

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

Security Affairs

MARCH 13, 2025

The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025.

Ransomware

Ransomware Encryption Cryptocurrency Insurance

American Water Shuts Down Services After Cybersecurity Breach

eSecurity Planet

OCTOBER 15, 2024

While American Water has not disclosed the exact method of attack, such incidents often involve tactics like ransomware or phishing , where hackers gain access to sensitive systems and either steal or encrypt data, demanding a ransom in return for restoring access.

Cybersecurity

Cybersecurity Penetration Testing Cyber threats Firewall

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

The Last Watchdog

DECEMBER 18, 2024

Our research reveals 69% of breaches are rooted in inadequate authentication and 78% of organizations have been targeted by identity-based attacks. AI-powered cryptocurrency attacks will automate phishing and exploit vulnerabilities. Organizations must automate cloud monitoring, fortify supply chains, and leverage AI defenses.

Risk

Risk Threat Detection Technology Phishing

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

eSecurity Planet

AUGUST 19, 2022

One new tactic hackers have been using is to steal cookies from current or recent web sessions to bypass multi-factor authentication (MFA). Even cloud infrastructures rely on cookies to authenticate their users. Browsers allow users to maintain authentication, remember passwords and autofill forms. How Hackers Steal Cookies.

Authentication

Authentication Password Management Passwords Malware

Salesforce Email Service Used for Phishing Campaign

eSecurity Planet

SEPTEMBER 3, 2021

Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks that can come from whitelisted email addresses. Therein lies a key issue raised by the phishing campaign.

Phishing

Phishing Architecture Education Marketing

Cisco was hacked by the Yanluowang ransomware gang

Security Affairs

AUGUST 10, 2022

Cisco discloses a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. Cisco disclosed a security breach, the Yanluowang ransomware group breached its corporate network in late May and stole internal data. yanluowang ransomware has posted #Cisco to its leaksite.

Ransomware

Ransomware Hacking VPN Phishing

Microsoft Announces Security Update with Windows Resiliency Initiative

eSecurity Planet

DECEMBER 4, 2024

With cyberattacks on operating systems, applications, and networks becoming more sophisticated, the tech giant formulated a strategy to enhance the protection of Windows systems, focusing strongly on phishing attacks. During the Ignite 2024 conference, Microsoft announced the Windows Resiliency Initiative to address these security concerns.

Encryption

Encryption Phishing Passwords Authentication

4 Most Common Network Attacks and How to Thwart Them

SecureWorld News

FEBRUARY 10, 2025

According to Charlie Madere of digital impersonation protection firm Memcyco, such attacks involve the use of phishing websites impersonating companies' websites. The dark web has a lot to do with the rise in frequency of ransomware attacks, as advanced payloads and tools are readily available.

DDOS

DDOS Ransomware Authentication Phishing

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

Digital Shadows

MARCH 17, 2025

This bypasses security barriers entirely, giving adversaries a direct path to infiltrate networks, steal data, and deploy ransomware undetected. Notably, 64% of VPN vulnerabilities are directly linked to ransomware campaigns, demonstrating how cybercriminals quickly monetize stolen credentials for profit.

VPN

VPN Authentication Ransomware Risk

How Ransomware Has Changed to Make Prevention the Top Priority

CyberSecurity Insiders

OCTOBER 13, 2021

Every year, ransomware evolves to become a greater threat to the security of organizations. In 2020, ransomware attacks grew by 150%, and are growing even faster in 2021 , and with costs to repair the damage they cause in the millions of dollars, many organizations are desperate for solutions. Effects of Ransomware.

Ransomware

Ransomware Passwords Authentication Encryption

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

IT Security Guru

FEBRUARY 25, 2025

A prime example is multi-factor authentication (MFA), a security process that requires users to verify their identity in two or more ways, such as a password, a code sent to their phone, or a fingerprint. Lateral Movement: Once inside, crooks may escalate privileges, exfiltrate sensitive data, or deploy ransomware and other malicious tools.

Social Engineering

Social Engineering Authentication Risk Accountability

The March Madness Cyber Threat

Adam Levin

MARCH 17, 2022

Unfortunately, brackets create opportunities for a wide array of phishing and hacking campaigns, particularly in workplaces where a lot of brackets are distributed. Sensitive information including passwords and financial information can be exfiltrated and ransomware can be deployed to block access to critical data.

Cyber threats

Cyber threats Phishing Passwords Malware

New cyberattack tactics rise up as ransomware payouts increase

CSO Magazine

FEBRUARY 28, 2023

While phishing , business email compromise (BEC) , and ransomware still rank among the most popular cyberattack techniques, a mix of new-breed attacks is gaining steam, according to a new report from cybersecurity and compliance company Proofpoint.

Ransomware

Ransomware Phishing Authentication Cybersecurity

Sony was attacked by two ransomware operators

Malwarebytes

OCTOBER 4, 2023

On September 25, newcomer ransomware group RansomedVC claimed to have successfully compromised the computer systems of entertainment giant Sony. It looks as if this is fall-out from the attack on Sony that was claimed by the Cl0p ransomware gang in June. How to avoid ransomware Block common forms of entry. Prevent intrusions.

Ransomware

Ransomware Data breaches Passwords Backups

Top Tips for Ransomware Defense

Cisco Security

JULY 14, 2021

Ransomware is wreaking havoc. Ransomware is making its way outside the cybersecurity space. Most people probably know what ransomware is (if not, go here ). Ransomware is now everyone’s problem – from governments to corporations and even individuals. Why is ransomware so dangerous, especially now? What can we do?

Ransomware

Ransomware Technology Government Phishing

Rhysida ransomware gang claimed China Energy hack

Security Affairs

NOVEMBER 25, 2023

The Rhysida ransomware group claimed to have hacked the Chinese state-owned energy conglomerate China Energy Engineering Corporation. The Rhysida ransomware gang added the China Energy Engineering Corporation to the list of victims on its Tor leak site. The Rhysida ransomware operators plan to sell the stolen data to a single buyer.

Ransomware

Ransomware Hacking Engineering Manufacturing

Operation Heart Blocker: International Police Disrupt Phishing Network

Problems with Multifactor Authentication

Webinars

Trending Sources

Feds Charge Five Men in ‘Scattered Spider’ Roundup

Webinars

U.S. Justice Department Cracks Down on Scattered Spider Phishing Ring

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Alleged ‘Scattered Spider’ Member Extradited to U.S.

Researchers Quietly Cracked Zeppelin Ransomware Keys

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

Hertz data breach caused by CL0P ransomware attack on vendor

BayMark Health Services sends breach notifications after ransomware attack

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

We have failed to stop phishing, even after 2 decades. Can we finally agree that emails need digital signatures?

City of Columbus breach affects around half a million citizens

Warning over free online file converters that actually install malware

GUEST ESSAY: ‘Nag attacks’ — this new phishing variant takes full advantage of notification fatigue

Leaked Black Basta Chats Expose Ransomware Secrets & Infighting

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

The 3 biggest cybersecurity threats to small businesses

News alert: SpyCloud operationalizes darknet data, pioneers shift to holistic identity threat protection

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

100 million US citizens officially impacted by Change Healthcare data breach

Deceptive Google Meet Invites Lures Users Into Malware Scams

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

American Water Shuts Down Services After Cybersecurity Breach

LW ROUNDTABLE: Predictive analytics, full-stack visualization to solidify cyber defenses in 2025

Hackers Steal Session Cookies to Bypass Multi-factor Authentication

Salesforce Email Service Used for Phishing Campaign

Cisco was hacked by the Yanluowang ransomware gang

Microsoft Announces Security Update with Windows Resiliency Initiative

4 Most Common Network Attacks and How to Thwart Them

Threat Spotlight: Credential Theft vs. Admin Control—Two Devastating Paths to VPN Exploitation

How Ransomware Has Changed to Make Prevention the Top Priority

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

The March Madness Cyber Threat

New cyberattack tactics rise up as ransomware payouts increase

Sony was attacked by two ransomware operators

Top Tips for Ransomware Defense

Rhysida ransomware gang claimed China Energy hack

Stay Connected