Password Management and Phishing - Cyber Security Informer

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing

Phishing Passwords Mobile Authentication

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. AI-Enhanced Cyberthreats Recent intelligence indicates that the sophistication of Gmail phishing campaigns has reached new heights.

Phishing

Phishing Artificial Intelligence Password Management Accountability

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

Troy Hunt

AUGUST 30, 2023

They'd observed a phishing campaign that had collected 68k credentials from unsuspecting victims and asked if HIBP may be used to help alert these individuals to their exposure. Last week I was contacted by CERT Poland. Data accumulated by the malicious activity spanned from October 2022 until just last week.

Phishing

Phishing Password Management Passwords Banking

How AI was used in an advanced phishing campaign targeting Gmail users

Malwarebytes

FEBRUARY 13, 2025

Phishers are using AI-based phishing attacks which have proven to raise the effectiveness of phishing campaigns. And if cybercriminals manage to steal the session cookie, they can log in as you, change the password and grab control of your account. Use a password manager to autofill credentials only on trusted sites.

Phishing

Phishing Artificial Intelligence Identity Theft Accountability

Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store

Penetration Testing

NOVEMBER 5, 2024

LastPass, a leading password management platform, has issued a critical warning to users about a social engineering campaign targeting its customer base through deceptive reviews on its Chrome Web Store... The post Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store appeared first on Cybersecurity (..)

Scams

Scams Phishing Social Engineering Password Management

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing

Phishing DNS Social Engineering Accountability

Bitwarden vs 1Password: Compare Top Password Managers

eSecurity Planet

MARCH 8, 2022

Users looking to increase their security without the burden of remembering all those passwords typically turn to password managers to keep their accounts secure. Vault health reports Directory sync Secure password sharing. 1Password is a popular business password manager that encrypts data both at rest and in transit.

Password Management

Password Management Passwords Encryption Accountability

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. Redefining Change Your Password Day Well start with Change Your Password Day because, frankly, its a little complicated.

Phishing

Phishing Passwords Password Management Authentication

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

JULY 23, 2018

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico. a mobile device).

Phishing

Phishing Authentication Mobile Passwords

New phishing campaign impersonates LogMeIn to steal user credentials

Tech Republic Security

MAY 20, 2020

LogMeIn is the parent company of LastPass, so attackers may also be attempting to access the password managers of compromised users, says Abnormal Security.

Password Management

Password Management Phishing Passwords

The Life Cycle of a Breached Database

Krebs on Security

JULY 29, 2021

Much like WeLeakInfo and others operated before being shut down by law enforcement agencies, these services sell access to anyone who wants to search through billions of stolen credentials by email address, username, password, Internet address, and a variety of other typical database fields. TARGETED PHISHING. Don’t re-use passwords.

Passwords

Passwords Password Management Phishing Scams

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

FEBRUARY 25, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Passwords

Passwords Password Management Phishing Authentication

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Security Affairs

NOVEMBER 15, 2024

The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information. Gen Digital observed phishing campaigns distributing the Glove Stealer.

Encryption

Encryption Password Management Cryptocurrency Social Engineering

Bitwarden password vaults targeted in Google ads phishing attack

Bleeping Computer

JANUARY 26, 2023

Bitwarden and other password managers are being targeted in Google ads phishing campaigns to steal users' password vault credentials. [.]

Passwords

Passwords Phishing Password Management

Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager

Google Security

JANUARY 30, 2024

This is why the Pixel team has been especially excited about passkeys —the easier, safer alternative to passwords. Passkeys are safer because they’re unique to each account, and are more resistant against online attacks such as phishing. Google Password manager will incorporate these updates for other platforms in the future.

Password Management

Password Management Passwords Accountability Phishing

Healthcare security lapses keep piling up

Malwarebytes

FEBRUARY 21, 2025

Cybercriminals can use PHI against affected individuals to phish or extort them. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. Take your time.

Healthcare

Healthcare Data breaches Passwords Phishing

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Malwarebytes

MAY 16, 2024

A type of phishing we’re calling authentication-in-the-middle is showing up in online media. It works like this: A user gets lured to a phishing site masquerading as a site they normally use, such as a bank, email or social media account. Use a password manager. Use security software. Consider passkeys.

Authentication

Authentication Phishing Password Management Scams

Weekly Update 228

Troy Hunt

JANUARY 28, 2021

Ok, that's a bit wordy but the Exodus thing earlier today was frustrating, not because a screen cap of an alleged breach notice was indistinguishable from a phish, but because of the way some people chose to react when I shared the notice. Watch today's vid for an explanation on that one, there's that and a bunch more this week.

Password Management

Password Management Phishing IoT Data breaches

Fake LastPass password manager spotted on Apple’s App Store

Bleeping Computer

FEBRUARY 8, 2024

LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. [.]

Password Management

Password Management Passwords Phishing

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Data breaches

Data breaches Healthcare Passwords Insurance

How to spot a DocuSign phish and what to do about it

Malwarebytes

AUGUST 18, 2021

Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. Earlier this year, DocuSign specifically warned about phishing campaigns using its brand. We’ve included some examples of DocuSign phishing campaigns below. Real DocuSign emails used for phishing.

Phishing

Phishing Password Management Passwords Accountability

Background check provider data breach affects 3 million people who may not have heard of the company

Malwarebytes

FEBRUARY 25, 2025

Given the field that DISA is active in, that information could interest cybercriminals for use as background information for targeted phishing attempts or extortion. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Enable two-factor authentication (2FA).

Data breaches

Data breaches Passwords Phishing Password Management

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Krebs on Security

JUNE 15, 2024

0KTAPUS In August 2022, KrebsOnSecurity wrote about peering inside the data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations. A Scattered Spider phishing lure sent to Twilio employees.

Hacking

Hacking Phishing Cybercrime Passwords

Humans are Bad at URLs and Fonts Don’t Matter

Troy Hunt

OCTOBER 28, 2020

But let's also keep some perspective here; look at how many pixels are different between an "i" and an "l": Are we really saying we're going to combat phishing by relying on untrained eyes to spot 6 pixels being off in a screen of more than 2 million of them?! That's a very different kettle of phish (sorry, couldn't help myself!)

Phishing

Phishing Password Management Passwords Internet

100 million US citizens officially impacted by Change Healthcare data breach

Malwarebytes

OCTOBER 25, 2024

Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Enable two-factor authentication (2FA).

Healthcare

Healthcare Data breaches Passwords Identity Theft

Watch out, this LastPass email with "Important information about your account" is a phish

Malwarebytes

SEPTEMBER 13, 2023

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the " unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having a hard time cracking them open.

Phishing

Phishing Accountability Passwords Password Management

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Password Management : Use strong, unique passwords and implement multi-factor authentication (MFA) whenever possible, prioritizing authentication apps or hardware tokens over SMS text-based codes.

Phishing

Phishing Ransomware Security Awareness Authentication

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Enable two-factor authentication (2FA).

Data breaches

Data breaches Passwords Ransomware Phishing

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts. Use Privileged Access Management (PAM) solutions. Require 16+ character unique passwords stored in an enterprise password manager. Regularly audit and remove unused credentials and accounts.

Ransomware

Ransomware IoT Encryption Social Engineering

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

“ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy. “Over the last few years, we have increased our password complexities and required 2FA wherever possible. This prevents login to fake or phishing websites.

Authentication

Authentication Passwords Phishing Mobile

BayMark Health Services sends breach notifications after ransomware attack

Malwarebytes

JANUARY 10, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Ransomware

Ransomware Data breaches Passwords Phishing

ConnectWise Quietly Patches Flaw That Helps Phishers

Krebs on Security

DECEMBER 1, 2022

ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link.

Phishing

Phishing Architecture Passwords Accountability

10 Behaviors That Will Reduce Your Risk Online

Daniel Miessler

MAY 14, 2020

Use unique, strong passwords, and store them in a password manager. Many people get hacked from having guessable or previously compromised passwords. Good passwords are long, random, and unique to each account, which means it’s impossible for a human to manage them on their own.

Risk

Risk Password Management Passwords Accountability

Digital life protection: How Webroot keeps you safe in a constantly changing world

Webroot

FEBRUARY 21, 2025

Phishing scams, ransomware attacks, data breaches, and identity theft are part of a growing list of online dangers that are a daily reality. Password Manager Ensures your passwords are strong and secure, while also making them easy to access and manage. Anti-phishing protection Shields you from phishing attempts.

Antivirus

Antivirus Identity Theft Cyber threats Phishing

The Risk of Weak Online Banking Passwords

Krebs on Security

AUGUST 5, 2019

The first involves spear phishing attacks to gain access to that second authentication factor, which can be made much more convincing once the attackers have access to specific details about the customer’s account — such as recent transactions or account numbers (even partial account numbers). .

Banking

Banking Passwords Risk Accountability

Bitwarden’s new auto-fill option adds phishing resistance

Bleeping Computer

FEBRUARY 22, 2024

The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. [.]

Password Management

Password Management Phishing Passwords Risk

Phishing scam takes $950k from DoorDash drivers

Malwarebytes

JUNE 19, 2023

A particularly nasty slice of phishing, scamming, and social engineering is responsible for DoorDash drivers losing a group total of around $950k. How to avoid phishing Block known bad websites. Malwarebytes DNS filtering blocks malicious websites used for phishing attacks, as well as websites used to spread or control malware.

Scams

Scams Phishing Password Management Passwords

Should you allow your browser to remember your passwords?

Malwarebytes

NOVEMBER 2, 2023

At Malwarebytes we’ve been telling people for years not to reuse passwords, and that a password manager is a secure way of remembering all the passwords you need for your online accounts. But we also know that a password manager can be overwhelming, especially when you’re just getting started.

Passwords

Passwords Password Management Data breaches Authentication

12 Million Zacks accounts leaked by cybercriminal

Malwarebytes

FEBRUARY 14, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Accountability

Accountability Data breaches Passwords Phishing

Understanding the Essential Pillars of Phishing Mitigation

SecureWorld News

JUNE 6, 2023

In our most recent Remote Sessions webcast, Roger Grimes, computer security expert and Data-Driven Defense Evangelist for KnowBe4, gave a deep dive on phishing and how to properly mitigate and prevent phishing attacks. What is phishing? Also known as spamming, phishing is typically done through email, SMS, and phone attacks.

Phishing

Phishing Social Engineering Security Awareness Engineering

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

How to protect yourself and your data Smart ways to secure your devices Strong passwords – Make them long, random, and unique. Password managers Automatically generate and store strong passwords. Solutions Webroot Premium and Webroot Essentials offer ultimate protection and include password managers.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Research on iOS apps shows widespread exposure of secrets

Malwarebytes

MARCH 14, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Passwords

Passwords Data breaches Phishing Password Management

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. On July 28 and again on Aug. According to an Aug.

Social Engineering

Social Engineering Mobile Passwords Cybercrime

So long passwords, thanks for all the phish

Google Security

MAY 3, 2023

Choosing strong passwords and remembering them across various accounts can be hard. In addition, even the most savvy users are often misled into giving them up during phishing attempts. Your device also ensures the signature can only be shared with Google websites and apps, and not with malicious phishing intermediaries.

Passwords

Passwords Phishing Accountability Password Management

Phishing evolves beyond email to become latest Android app threat

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

Trending Sources

68k Phishing Victims are Now Searchable in Have I Been Pwned, Courtesy of CERT Poland

How AI was used in an advanced phishing campaign targeting Gmail users

Warning: LastPass Alerts Users to Phishing Scam Using Fake Support Reviews on Chrome Web Store

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Bitwarden vs 1Password: Compare Top Password Managers

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA

Google: Security Keys Neutralized Employee Phishing

New phishing campaign impersonates LogMeIn to steal user credentials

The Life Cycle of a Breached Database

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

Bitwarden password vaults targeted in Google ads phishing attack

Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager

Healthcare security lapses keep piling up

Scammers can easily phish your multi-factor authentication codes. Here’s how to avoid it

Weekly Update 228

Fake LastPass password manager spotted on Apple’s App Store

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

How to spot a DocuSign phish and what to do about it

Background check provider data breach affects 3 million people who may not have heard of the company

Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested

Humans are Bad at URLs and Fonts Don’t Matter

100 million US citizens officially impacted by Change Healthcare data breach

Watch out, this LastPass email with "Important information about your account" is a phish

Phorpiex botnet sent millions of phishing emails to deliver LockBit Black ransomware

City of Columbus breach affects around half a million citizens

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

BayMark Health Services sends breach notifications after ransomware attack

ConnectWise Quietly Patches Flaw That Helps Phishers

10 Behaviors That Will Reduce Your Risk Online

Digital life protection: How Webroot keeps you safe in a constantly changing world

The Risk of Weak Online Banking Passwords

Bitwarden’s new auto-fill option adds phishing resistance

Phishing scam takes $950k from DoorDash drivers

Should you allow your browser to remember your passwords?

12 Million Zacks accounts leaked by cybercriminal

Understanding the Essential Pillars of Phishing Mitigation

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Research on iOS apps shows widespread exposure of secrets

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

So long passwords, thanks for all the phish

Stay Connected