Password Management, Passwords and Phishing

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing

Phishing Passwords Mobile Authentication

Security expert Troy Hunt hit by phishing attack

Malwarebytes

MARCH 26, 2025

Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldestand most provenscams in the online world: A phishing attack. As such, readers should be the lookout for any scams or phishing attempts in the coming weeks. But Hunts immediate disclosure of the attack should be commended.

Phishing

Phishing Data breaches Password Management Scams

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

AUGUST 30, 2023

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Last week I was contacted by CERT Poland. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing

Phishing Password Management Passwords Banking

Webinars

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

MORE WEBINARS

On world password day, Microsoft says fewer passwords, more passkeys

Malwarebytes

MAY 2, 2025

If there is a cybersecurity themed day that we would like to get rid as soon as possible its world password day. To quote Microsoft : As the world shifts from passwords to passkeys, were excited to join the FIDO Alliance in leaving World Password Day behind to celebrate the very first World Passkey Day.

Passwords

Passwords Password Management Authentication Accountability

Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store

Penetration Testing

NOVEMBER 5, 2024

LastPass, a leading password management platform, has issued a critical warning to users about a social engineering campaign targeting its customer base through deceptive reviews on its Chrome Web Store... The post Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store appeared first on Cybersecurity (..)

Scams

Scams Phishing Social Engineering Password Management

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. AI-Enhanced Cyberthreats Recent intelligence indicates that the sophistication of Gmail phishing campaigns has reached new heights.

Phishing

Phishing Artificial Intelligence Password Management Accountability

Why World Password Day Is a Perfect Reminder to Up Your Security Game

SecureWorld News

MAY 1, 2025

As we celebrate World Password Day on May 1st, it's clear that traditional password trickslike swapping "a" with "@" or adding an exclamation point at the endare no longer fooling hackers. Hackers today can guess common patterns and character swaps in mere seconds, leaving those "clever" passwords vulnerable.

Passwords

Passwords Password Management Authentication Mobile

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

Malwarebytes

MARCH 26, 2025

A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. Use a different password for every online account. Choose a strong password that you dont use for anything else.

Phishing

Phishing Malware Passwords Password Management

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

If you bank online and choose weak or re-used passwords, there’s a decent chance your account could be pilfered by cyberthieves — even if your bank offers multi-factor authentication as part of its login process. Crooks are constantly probing bank Web sites for customer accounts protected by weak or recycled passwords.

Banking

Banking Passwords Risk Accountability

Bitwarden vs 1Password: Compare Top Password Managers

eSecurity Planet

MARCH 8, 2022

The average internet user has somewhere around 100 accounts, according to NordPass research, meaning they have to track 100 different passwords or risk using the same one over and over. Users can share password files securely with encrypted transmissions. Vault health reports Directory sync Secure password sharing. Key Features.

Password Management

Password Management Passwords Encryption Accountability

How AI was used in an advanced phishing campaign targeting Gmail users

Malwarebytes

FEBRUARY 13, 2025

Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. And if cybercriminals manage to steal the session cookie, they can log in as you, change the password and grab control of your account. Use a password manager to autofill credentials only on trusted sites.

Phishing

Phishing Artificial Intelligence Identity Theft Accountability

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing

Phishing DNS Social Engineering Accountability

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. Our continued reliance on passwords for authentication has contributed to one toxic data spill or hack after another.

Passwords

Passwords Password Management Phishing Scams

773M Password ‘Megabreach’ is Years Old

Krebs on Security

JANUARY 17, 2019

My inbox and Twitter messages positively lit up today with people forwarding stories from Wired and other publications about a supposedly new trove of nearly 773 million unique email addresses and 21 million unique passwords that were posted to a hacking forum. Sanixer says Collection #1 was from a mix of sources.

Passwords

Passwords Accountability Hacking Password Management

Bitwarden password vaults targeted in Google ads phishing attack

Bleeping Computer

JANUARY 26, 2023

Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users' password vault credentials. [.]

Passwords

Passwords Phishing Password Management

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

FEBRUARY 25, 2025

If you find an app from this family or another information stealer on your device, there are a few guidelines to follow to limit the damage: Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else. Enable two-factor authentication (2FA).

Passwords

Passwords Password Management Phishing Authentication

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. Redefining Change Your Password Day Well start with Change Your Password Day because, frankly, its a little complicated.

Phishing

Phishing Passwords Password Management Authentication

Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager

Google Security

JANUARY 30, 2024

This is why the Pixel team has been especially excited about passkeys —the easier, safer alternative to passwords. Passkeys are safer because they’re unique to each account, and are more resistant against online attacks such as phishing. Google Password manager will incorporate these updates for other platforms in the future.

Password Management

Password Management Passwords Accountability Phishing

Strengthen your digital defenses on World Password Day

Webroot

APRIL 30, 2025

In todays digital world, passwords have become a necessary part of life. May 1, 2025, is World Password Day , a reminder that passwords are the unsung heroes of cybersecurity, the first line of defense for all your sensitive personal data. World Password Day is more relevant than ever in todays evolving threat landscape.

Passwords

Passwords Password Management Malware Accountability

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

JULY 23, 2018

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico. a mobile device). a mobile device).

Phishing

Phishing Authentication Mobile Passwords

New phishing campaign impersonates LogMeIn to steal user credentials

Tech Republic Security

MAY 20, 2020

LogMeIn is the parent company of LastPass, so attackers may also be attempting to access the password managers of compromised users, says Abnormal Security.

Password Management

Password Management Phishing Passwords

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Malwarebytes

APRIL 24, 2025

Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Insurance

Insurance Data breaches Passwords Phishing

Employee monitoring app exposes users, leaks 21+ million screenshots

Malwarebytes

APRIL 28, 2025

This incident echoes a previous Cybernews investigation that found WebWork, another remote team tracker, leaked over 13 million screenshots containing emails, passwords, and other sensitive work data. Change the passwords that may have been seen. You can make a stolen password useless to thieves by changing it.

Passwords

Passwords Phishing Spyware Password Management

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Data breaches

Data breaches Healthcare Passwords Insurance

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

.” In a SIM-swapping attack, crooks transfer the target’s phone number to a device they control and intercept any text messages or phone calls sent to the victim — including one-time passcodes for authentication, or password reset links sent via SMS. A Scattered Spider phishing lure sent to Twilio employees.

Hacking

Hacking Cybercrime Phishing Passwords

Weekly Update 228

Troy Hunt

JANUARY 28, 2021

Ok, that's a bit wordy but the Exodus thing earlier today was frustrating, not because a screen cap of an alleged breach notice was indistinguishable from a phish, but because of the way some people chose to react when I shared the notice. Watch today's vid for an explanation on that one, there's that and a bunch more this week.

Password Management

Password Management Phishing IoT Data breaches

Should you allow your browser to remember your passwords?

Malwarebytes

NOVEMBER 2, 2023

At Malwarebytes we’ve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when you’re just getting started.

Passwords

Passwords Password Management Data breaches Authentication

100 million US citizens officially impacted by Change Healthcare data breach

Malwarebytes

OCTOBER 25, 2024

Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Healthcare

Healthcare Data breaches Passwords Identity Theft

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

“ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy. “Over the last few years, we have increased our password complexities and required 2FA wherever possible. . “ – Jack Poller, Senior Analyst, ESG.

Authentication

Authentication Passwords Phishing Mobile

Hertz data breach caused by CL0P ransomware attack on vendor

Malwarebytes

APRIL 15, 2025

Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Data breaches

Data breaches Ransomware Passwords B2B

Coffee with the Council Podcast: Passwords Versus Passkeys: A Discussion with the FIDO Alliance

PCI perspectives

APRIL 29, 2025

If you're like most citizens of the modern world, you've probably struggled to remember your password when signing into your computer, your mobile device, or any of the hundreds of websites and apps where your unique data is being held. It can become overwhelming and frustrating at times and even the best password manager can fall short.

Passwords

Passwords Password Management Mobile Authentication

Fake LastPass password manager spotted on Apple’s App Store

Bleeping Computer

FEBRUARY 8, 2024

LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. [.]

Password Management

Password Management Passwords Phishing

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Data breaches

Data breaches Passwords Ransomware Phishing

Why you should act like your CEO’s password is “querty”

Malwarebytes

MAY 20, 2022

A poor password at the highest levels of an organisation can cost a company millions in losses. Recent findings show that half of IT leaders store passwords in shared documents. On top of that, it seems that folks at executive level are not picking good passwords either. Are CEOs naming their passwords after themselves?

Passwords

Passwords Password Management Authentication VPN

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own.

Risk

Risk Passwords Password Management Accountability

The 3 biggest cybersecurity threats to small businesses

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. Lured in by similar color schemes, company logos, and familiar layouts, victims log in to their account by entering their username and password.

Small Business

Small Business Cybersecurity Passwords Scams

Background check provider data breach affects 3 million people who may not have heard of the company

Malwarebytes

FEBRUARY 25, 2025

Given the field that DISA is active in, that information could interest cybercriminals for use as background information for targeted phishing attempts or extortion. Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else.

Data breaches

Data breaches Passwords Phishing Password Management

1Password is looking to a password-free future. Here’s why

Tech Republic Security

MARCH 2, 2023

With phishing-based credentials theft on the rise, 1Password CPO Steve Won explains why the endgame is to 'eliminate’ passwords entirely. The post 1Password is looking to a password-free future. Here’s why appeared first on TechRepublic.

Passwords

Passwords Phishing Password Management Encryption

Hackers take over 1.1 million accounts by trying reused passwords

Malwarebytes

JANUARY 6, 2022

Credential stuffing is the automated injection of stolen username and password pairs in to website login forms, in order to fraudulently gain access to user accounts. Using a forum or social media account to send phishing messages or spam. Start using a password manager. No more passwords. What can users do?

Passwords

Passwords Accountability Identity Theft Password Management

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

MAY 16, 2024

A type of phishing we’re calling authentication-in-the-middle is showing up in online media. It works like this: A user gets lured to a phishing site masquerading as a site they normally use, such as a bank, email or social media account. Use a password manager. Use security software. Consider passkeys.

Authentication

Authentication Phishing Password Management Scams

How to Protect Your Gmail Password: Top Tips for Maximum Security

Hacker's King

DECEMBER 28, 2024

A compromised password can lead to identity theft and data breaches. To safeguard your Gmail password, you need to adopt a few best practices that will enhance your accounts security and keep cyber threats at bay. If hackers gain access to your Gmail password , they could potentially compromise these connected services too.

Passwords

Passwords Identity Theft Accountability Data breaches

BayMark Health Services sends breach notifications after ransomware attack

Malwarebytes

JANUARY 10, 2025

Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Ransomware

Ransomware Data breaches Passwords Phishing

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

Malwarebytes

MARCH 25, 2025

In 2023, not only did the company suffer a major data breach , it also placed some of the blame on the victims who, according to 23andMe, negligently recycled and failed to update their passwords. SCAN NOW If your data was exposed in the 23andMe breach, here is what you can do: Change your password. Watch out for fake vendors.

Passwords

Passwords Accountability Data breaches Phishing

Phishing evolves beyond email to become latest Android app threat

Security expert Troy Hunt hit by phishing attack

Webinars

Trending Sources

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Webinars

On world password day, Microsoft says fewer passwords, more passkeys

Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

Why World Password Day Is a Perfect Reminder to Up Your Security Game

Fake Booking.com phish uses fake CAPTCHAs to trick hotel staff into downloading malware

The Risk of Weak Online Banking Passwords

Bitwarden vs 1Password: Compare Top Password Managers

How AI was used in an advanced phishing campaign targeting Gmail users

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

The Life Cycle of a Breached Database

773M Password ‘Megabreach’ is Years Old

Bitwarden password vaults targeted in Google ads phishing attack

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager

Strengthen your digital defenses on World Password Day

Google: Security Keys Neutralized Employee Phishing

New phishing campaign impersonates LogMeIn to steal user credentials

4.7 million customers’ data accidentally leaked to Google by Blue Shield of California

Employee monitoring app exposes users, leaks 21+ million screenshots

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Weekly Update 228

Should you allow your browser to remember your passwords?

100 million US citizens officially impacted by Change Healthcare data breach

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Hertz data breach caused by CL0P ransomware attack on vendor

Coffee with the Council Podcast: Passwords Versus Passkeys: A Discussion with the FIDO Alliance

Fake LastPass password manager spotted on Apple’s App Store

City of Columbus breach affects around half a million citizens

Why you should act like your CEO’s password is “querty”

10 Behaviors That Will Reduce Your Risk Online

The 3 biggest cybersecurity threats to small businesses

Background check provider data breach affects 3 million people who may not have heard of the company

1Password is looking to a password-free future. Here’s why

Hackers take over 1.1 million accounts by trying reused passwords

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

How to Protect Your Gmail Password: Top Tips for Maximum Security

BayMark Health Services sends breach notifications after ransomware attack

23andMe bankruptcy: How to delete your data and stay safe from the 2023 breach

Stay Connected