2017, Password Management and Phishing - Cyber Security Informer

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Jane Frankland

MAY 16, 2025

MFA Bypass Methods: SIM swaps, malware, or phishing sites that trick you into revealing or approving access. Auto-fill Exploits: A small but critical sign when your password manager doesnt autofill it might be a scam site. Passkeys are the gold standard phishing-resistant, cryptographic credentials tied to your device.

Scams

Scams Password Management Passwords Banking

New York SHIELD Act: Everything You Need to Know for Compliance

Centraleyes

MARCH 3, 2025

The New York Department of Financial Services (DFS) Cybersecurity Regulation, introduced in 2017, was groundbreaking, setting a high bar for financial institutions. This change accounts for modern cyber threats such as phishing, malware, or insider threats. predating similar efforts in many other jurisdictions.

Data breaches

Data breaches Risk Financial Services Data privacy

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

JULY 23, 2018

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity. A YubiKey Security Key made by Yubico. a mobile device). .”

Phishing

Phishing Authentication Mobile Passwords

Humans are Bad at URLs and Fonts Don’t Matter

Troy Hunt

OCTOBER 28, 2020

But let's also keep some perspective here; look at how many pixels are different between an "i" and an "l": Are we really saying we're going to combat phishing by relying on untrained eyes to spot 6 pixels being off in a screen of more than 2 million of them?! That's a very different kettle of phish (sorry, couldn't help myself!)

Phishing

Phishing Password Management Passwords Internet

Timeline of the latest LastPass data breaches

CSO Magazine

JANUARY 11, 2023

On November 30, 2022, password manager LastPass informed customers of a cybersecurity incident following unusual activity within a third-party cloud storage service. While LastPass claims that users’ passwords remain safely encrypted, it admitted that certain elements of customers’ information have been exposed.

Data breaches

Data breaches Password Management Passwords Encryption

How to Shop Online Like a Security Pro

Krebs on Security

NOVEMBER 23, 2018

Even so, anti-phishing company PhishLabs found in a survey last year that more than 80% of respondents believed the green lock indicated that a website was either legitimate and/or safe. Be on guard against phishing and malware schemes that take advantage of shopper distraction and frenzy during the holidays. CHCEK THE SHIPPING.

Scams

Scams Wireless Phishing Banking

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Why we’re in the ‘Golden Age’ of cyber espionageThe fact is cyber criminals are expert at refining and carrying out phishing, malvertising and other tried-and-true ruses that gain them access to a targeted victim’s Internet-connected computing device. Use a password manager. But that’s the world we live in.

Passwords

Passwords Password Management Antivirus Internet

Dell notifies customers about data breach

Malwarebytes

MAY 10, 2024

A cybercriminal called Menelik posted the following message on the “Breach Forums” site: “The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.

Data breaches

Data breaches Passwords Phishing Big data

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

Security Affairs

JUNE 24, 2020

. “While the group’s key infiltration vector to the exchange is usually through spear-phishing against the corporate network, the executives’ personal email accounts are the first to be targeted.” North Korea-linked APT Lazarus stole around $571 million from cryptocurrency exchanges in Asia between January 2017 and September 2018.

Cryptocurrency

Cryptocurrency Phishing Accountability Passwords

No, Spotify Wasn't Hacked

Troy Hunt

JANUARY 8, 2019

Get a password manager (8 years on and I still use 1Password every day), create strong and unique passwords on every account and enable 2-factor authentication where available. Or they entered it into a phishing site somewhere. pic.twitter.com/d3sSR8PCu1 — Scott Helme (@Scott_Helme) December 9, 2017.

Hacking

Hacking Passwords Accountability Data breaches

NY AG Investigation Highlights Dangers of Credential Stuffing

eSecurity Planet

JANUARY 10, 2022

Successful attackers can then use the credentials to leverage stored credit card data to make fraudulent purchases, steal gift cards saved on the customer’s account, use the information in phishing attempts against victims or sell the login information and personal data to other bad actors. Removing the Guesswork for Cybercriminals.

Password Management

Password Management Passwords Authentication Accountability

Akamai Report: Credential stuffing attacks are a growing threat

Security Affairs

SEPTEMBER 25, 2018

Credential stuffing attacks involve botnets to try stolen login credentials usually obtained through phishing attacks and data breaches. This kind of attacks is very efficient due to the bad habit of users of reusing the same password over multiple services. The experts detected 8.3 billion per month.

Data breaches

Data breaches Passwords Financial Services Advertising

Recipe for Cybersecurity Success in the Restaurant Industry

SecureWorld News

SEPTEMBER 18, 2024

customers were targeted by a phishing campaign after a suspected data breach. Sonic Drive-In (2017): The fast-food chain experienced a breach that potentially impacted millions of credit and debit card accounts. Subway U.K. 2020): The sandwich chain's U.K.

Cybersecurity

Cybersecurity Data breaches Accountability Authentication

Lazarus targets defense industry with ThreatNeedle

SecureList

FEBRUARY 25, 2021

The group made use of COVID-19 themes in its spear-phishing emails, embellishing them with personal information gathered using publicly available sources. In this attack, spear phishing was used as the initial infection vector. The phishing emails claimed to have urgent updates on today’s hottest topic – COVID-19 infections.

Malware

Malware Phishing Passwords Encryption

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

The Last Watchdog

MAY 11, 2020

In May 2017, the Saudi Arabian Monetary Authority (SAMA) rolled out its Cyber Security Framework mandating detailed data security rules, including a requirement to encrypt and containerize business data in all computing formats. Shamoon motivated the Saudis to seriously ramp up the work of its National Cyber Security Center.

Computers and Electronics

Computers and Electronics Data privacy Encryption Media

NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link

The Last Watchdog

OCTOBER 15, 2019

If there ever was such a thing as a cybersecurity silver bullet it would do one thing really well: eliminate passwords. Threat actors have proven to be endlessly clever at abusing and misusing passwords. It started isolating passwords as a contributing factor in its 2017 report.

Authentication

Authentication Passwords Data breaches Internet

12 Data Loss Prevention Best Practices (+ Real Success Stories)

eSecurity Planet

APRIL 12, 2024

Customize training materials to address these specific concerns, including data handling protocols, password management , and phishing attempt identification. GitLab’s 300 GB Data Loss Incident: In 2017, GitLab experienced an 18-hour outage caused by a database sync failure.

Backups

Backups Encryption Data breaches Risk

Mystic Stealer

Security Boulevard

JUNE 15, 2023

These services are often used to host malware, command and control servers, phishing campaigns, and other illicit digital operations. 171:15555 Size ~234 KB Compiler: EP:Microsoft Visual C/C++ (2017 v.15.5-6) 20:13219 Size ~211 KB Compiler: EP:Microsoft Visual C/C++ (2017 v.15.5-6) Trojan.Mystic.KV 123:13219 185.252.179[.]18:13219

Cryptocurrency

Cryptocurrency Password Management Malware DNS

Password checkup: from 0 to 650, 000 users in 20 days

Elie

MARCH 31, 2019

Designing Password Checkup Drawing inspiration from the widely successful Safe Browsing malware and phishing API, we started researching how to develop a somewhat similar API to check for compromised passwords back in 2017. Talking to the Safe Browsing team and doing. user research.

Passwords

Passwords Data breaches Accountability Internet

Top Cybersecurity Accounts to Follow on Twitter

eSecurity Planet

DECEMBER 3, 2021

ICYMI, Equifax forced to pull offline a huge database of consumer data guarded only by credentials "admin/admin" [link] — briankrebs (@briankrebs) September 13, 2017. If you're new to ARM, this tutorial is for you: [link] pic.twitter.com/nmilxbBYpK — Azeria (@Fox0x01) May 27, 2017. Samy Kamkar | @samykamkar.

Accountability

Accountability Cybersecurity Penetration Testing InfoSec

APT trends report Q2 2021

SecureList

JULY 29, 2021

We have designated it as a new threat actor and named it “HotCousin” The attacks began with a spear-phishing email which led to an ISO file container being stored on disk and mounted. Previous activity also connected with this group relied heavily on spear-phishing and Cobalt Strike throughout 2020.

Malware

Malware Phishing Password Management Social Engineering

No more snack attacks? Mondelez hopes new security training program can help prevent the next ‘NotPetya’

SC Magazine

APRIL 14, 2021

The 2017 NotPetya supply-chain wiper attack hit $26.6 This global initiative will expose employees to short but, impactful video-based lessons produced by security awareness firm AwareGO on topics such as phishing, data leaks, Microsoft Office security and Zoom bombing. But we’re not there yet. We did a bit more difficult one.

Manufacturing

Manufacturing Security Awareness Phishing Passwords

No more snack attacks? Mondelez hopes new security training will prevent the next ‘NotPetya’

SC Magazine

APRIL 14, 2021

The 2017 NotPetya supply-chain wiper attack hit $26.6 This global initiative will expose employees to short but, impactful video-based lessons produced by security awareness firm AwareGO on topics such as phishing, data leaks, Microsoft Office security and Zoom bombing. But we’re not there yet. We did a bit more difficult one.

Manufacturing

Manufacturing Security Awareness Phishing Passwords

Cyber Security Informer

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

New York SHIELD Act: Everything You Need to Know for Compliance

Trending Sources

Google: Security Keys Neutralized Employee Phishing

Humans are Bad at URLs and Fonts Don’t Matter

Timeline of the latest LastPass data breaches

How to Shop Online Like a Security Pro

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Dell notifies customers about data breach

CryptoCore hacker group stole over $200M from cryptocurrency exchanges

No, Spotify Wasn't Hacked

NY AG Investigation Highlights Dangers of Credential Stuffing

Akamai Report: Credential stuffing attacks are a growing threat

Recipe for Cybersecurity Success in the Restaurant Industry

Lazarus targets defense industry with ThreatNeedle

MY TAKE: COVID-19’s silver lining could turn out to be more rapid, wide adoption of cyber hygiene

NEW TECH: ‘Passwordless authentication’ takes us closer to eliminating passwords as the weak link

12 Data Loss Prevention Best Practices (+ Real Success Stories)

Mystic Stealer

Password checkup: from 0 to 650, 000 users in 20 days

Top Cybersecurity Accounts to Follow on Twitter

APT trends report Q2 2021

No more snack attacks? Mondelez hopes new security training program can help prevent the next ‘NotPetya’

No more snack attacks? Mondelez hopes new security training will prevent the next ‘NotPetya’

Stay Connected