Authentication, Backups and Phishing - Cyber Security Informer

How to Lose a Fortune with Just One Bad Click

Krebs on Security

DECEMBER 18, 2024

Griffin said a follow-up investigation revealed the attackers had used his Gmail account to gain access to his Coinbase account from a VPN connection in California, providing the multi-factor code from his Google Authenticator app. I put my seed phrase into a phishing site, and that was it.” My brain went haywire.

Cryptocurrency

Cryptocurrency Accountability Authentication Phishing

Silent Ransom Group targeting law firms, the FBI warns

Security Affairs

MAY 24, 2025

law firms for 2 years using callback phishing and social engineering extortion tactics. law firms using phishing and social engineering. “Implement basic cyber hygiene to include being suspicious, robust passwords, multifactor authentication, and installation of antivirus tools.” ” concludes the report.

Social Engineering

Social Engineering Antivirus Phishing Engineering

New phishing attack steals your Instagram backup codes to bypass 2FA

Bleeping Computer

DECEMBER 20, 2023

A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account. [.]

Backups

Backups Phishing Authentication Accountability

FBI Warns Law Firms: Hackers Are Calling Offices in Stealth Phishing Scam

eSecurity Planet

MAY 27, 2025

The FBI has issued a new warning to US law firms about an ongoing and increasingly aggressive phishing campaign orchestrated by the cybercriminal group Luna Moth. Enable two-factor authentication across all systems. Maintain regular backups of sensitive data. Ensure employees are aware of how the IT department can be contacted.

Phishing

Phishing Scams Antivirus Backups

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

OCTOBER 22, 2024

One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users. ClickFix campaigns represent a new wave of phishing tactics that emerged in May 2024, aimed at exploiting users of popular software applications. What Are ClickFix Campaigns?

Scams

Scams Malware Phishing Social Engineering

Why it might be time to consider using FIDO-based authentication devices

CSO Magazine

JANUARY 4, 2023

Every business needs a secure way to collect, manage, and authenticate passwords. Storing passwords in the browser and sending one-time access codes by SMS or authenticator apps can be bypassed by phishing. Unfortunately, no method is foolproof.

Authentication

Authentication Password Management Backups Passwords

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

SecureWorld News

JANUARY 16, 2025

Multi-factor authentication (MFA): MFA ensures that access to critical systems is granted only after verifying user credentials through multiple channels. Conducting regular training sessions on recognizing phishing emails, avoiding suspicious downloads, and following cybersecurity protocols can build a resilient workforce.

Energy and Utilities

Energy and Utilities IoT Artificial Intelligence Backups

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency

Cryptocurrency Hacking Phishing Cyber Attacks

The 3 biggest cybersecurity threats to small businesses

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. In phishing attacks, there never is a genuine problem with a users account, and there never is a real request for information from the company.

Small Business

Small Business Cybersecurity Scams Passwords

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

APRIL 11, 2019

Google this week made it easier for Android users to enable strong 2-factor authentication (2FA) when logging into Google’s various services. and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft. a one-time token, key fob or mobile device).

Mobile

Mobile Authentication Passwords Accountability

Your Phone May Soon Replace Many of Your Passwords

Krebs on Security

MAY 7, 2022

Apple , Google and Microsoft announced this week they will soon support an approach to authentication that avoids passwords altogether, and instead requires users to merely unlock their smartphones to sign in to websites or online services. Image: Blog.google. “I worry about forgotten password recovery for cloud accounts.”

Passwords

Passwords Authentication Accountability Backups

Okta: Breach Affected All Customer Support Users

Krebs on Security

NOVEMBER 29, 2023

20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. For this reason, they can’t be locked down with multifactor authentication the way user accounts can.

Authentication

Authentication Accountability Antivirus Passwords

Researchers Quietly Cracked Zeppelin Ransomware Keys

Krebs on Security

NOVEMBER 17, 2022

He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “ Zeppelin ” in May 2020.

Ransomware

Ransomware Encryption Backups Manufacturing

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

NOVEMBER 6, 2024

Rhysida went so far as to publish sample files to verify the authenticity of the data, revealing access to a trove of information, including city databases, employee credentials, cloud management files, and even the city’s traffic camera feeds.

Ransomware

Ransomware Authentication Identity Theft Penetration Testing

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

The Last Watchdog

FEBRUARY 5, 2024

iConnect faced a major disruption of its Exchange services, stemming from a corrupted RAID drive and extending into their backups. Implement strong password policies and multi-factor authentication to prevent unauthorized access. Backup strategies. Comprehensive monitoring.

Risk

Risk Backups Software Education

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

SecureWorld News

APRIL 23, 2025

As the report starkly states: "The three primary ways in which attackers access an organization are stolen credentials, phishing and exploitation of vulnerabilitiesacross every single industry." Phishing accounted for nearly 25% of all breaches. Threat actors aren't brute-forcing their way inthey're logging in through the front door.

Ransomware

Ransomware CISO Backups Risk

8 security tips for small businesses

Malwarebytes

NOVEMBER 6, 2024

Train your employees in security awareness, so they can recognize phishing attempts and know what they can and can’t do on company-issued hardware. Lock things down Having a strict policy to protect your important assets with strong passwords and multi-factor authentication (MFA) should be a no-brainer.

Small Business

Small Business Backups Firewall VPN

Taking on the Next Generation of Phishing Scams

Google Security

MAY 11, 2022

Posted by Daniel Margolis, Software Engineer, Google Account Security Team Every year, security technologies improve: browsers get better , encryption becomes ubiquitous on the Web , authentication becomes stronger. But phishing persistently remains a threat (as shown by a recent phishing attack on the U.S.

Phishing

Phishing Scams Authentication Accountability

Discord Shame channel goes phishing

Malwarebytes

JULY 6, 2022

Enable two-factor authentication (2FA). While you’re doing this , download your backup codes too. Should you land on a regular phishing page and hand over login details, the attacker will still need your 2FA code to do anything with your account. Tips to keep your Discord account secure.

Phishing

Phishing Accountability Scams Backups

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 10, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Ransomware

Ransomware Cybercrime Phishing Banking

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

eSecurity Planet

MARCH 17, 2025

Attack vectors and techniques Medusa actors leverage common ransomware tactics, including phishing campaigns and exploiting unpatched software vulnerabilities. Maintain offline backups: Store critical data backups offline to ensure recovery in case of an attack, preventing data loss and reducing downtime.

Ransomware

Ransomware Backups Firmware Insurance

Unanswered Questions Loom Over Cyber Attacks on M&S, Co-op & Harrods

Jane Frankland

MAY 3, 2025

While details remain sparse, reports suggest social engineering tactics like phishing, SIM swapping, and multi-factor authentication (MFA) fatigue attacks may have been used to infiltrate systems. These backups must be secured against unauthorised access and tested frequently to ensure they function as intended.

Cyber Attacks

Cyber Attacks Retail Cyber threats Backups

Microsoft Patch Tuesday, February 2021 Edition

Krebs on Security

FEBRUARY 9, 2021

by sending a phishing email with a link to a new domain or even with images embedded that call out to a new domain). A domain controller is a server that responds to security authentication requests in a Windows environment, and a compromised domain controller can give attackers the keys to the kingdom inside a corporate network.

DNS

DNS Backups Software Phishing

Google Cybersecurity Action Team Threat Horizons Report #5 Is Out!

Anton on Security

JANUARY 3, 2023

We anticipate an increase in targeting of identities that allow cross-platform authentication as actors recognise the value in compromising identities rather than endpoints. ” [A.C. — this not truly ‘new news’, but a useful reminder to those who assume, circa 2015, that ‘backups solve ransomware’.

Cybersecurity

Cybersecurity Backups DDOS Accountability

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

The Last Watchdog

MARCH 6, 2021

Set-up 2-factor authentication. Two-factor authentication or two-step verification involves adding a step to add an extra layer of protection to accounts. You can keep a data backup on hardware or use a cloud-based service. Keep an eye out for phishing emails. Even the most strong password is not enough.

VPN

VPN Firewall Risk Antivirus

How to set up two-factor authentication on Twitter using a hardware key

Malwarebytes

FEBRUARY 20, 2023

If you use text based authentication as an additional level of security for your Twitter account, you may be aware that this option will be reserved for paying Twitter Blue subscribers come mid-March. This post explains how to enable hardware key authentication instead. Enabling a hardware security key 1. Click Security key.

Authentication

Authentication Accountability Backups Phishing

1 in 10 people do nothing to stay secure and private on vacation

Malwarebytes

MARCH 17, 2025

To stay cybersecure and private on vacation, the majority of people will backup their data (53%), ensure their security software is up to date (63%), and set up credit card transaction alerts (56%), but 10% will take none of theseor othersteps. A particularly plugged-in 8% of people said they manage more than seven apps for the same purposes.

VPN

VPN Passwords Scams Backups

Amazon's Latest Data Breach a Ripple Effect of MOVEit

SecureWorld News

NOVEMBER 13, 2024

In light of this type of breach, companies should prepare by doing a review of what may be at risk, shoring up anti-phishing methods and awareness measures, doing backup and resiliency testing, and having appropriate communications plans in place.

Data breaches

Data breaches Identity Theft Education Software

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

SEPTEMBER 25, 2023

According to Verizon’s 2023 Data Breach Investigations Report, 74% of breaches were caused by human error, with phishing and text message phishing scams being some of the leading causes. Cloud vendors often handle the security and backup processes automatically, so examine your technology and see if that is the case.

Small Business

Small Business Cybersecurity Technology Accountability

Luxury, Loyalty and Lateral Movement: Retail and Banking Attacks Surge

SecureWorld News

JUNE 4, 2025

While the company emphasized that no financial data or passwords were exposed, the incident raises concerns about the potential for highly targeted phishing and social engineering , particularly given the brand's clientele of high-net-worth individuals (HNWIs). That's why MFA adoption remains low in many cases."

Retail

Retail Banking Financial Services Social Engineering

How to Spot an Email Phishing Attempt at Work

Identity IQ

FEBRUARY 8, 2024

How to Spot an Email Phishing Attempt at Work IdentityIQ In the modern workplace, technology is just as common as the typical morning cup of coffee. Among these ever-present threats is phishing, which is a deceptively simple yet effective method cybercriminals use to compromise both business and personal accounts. What Is Phishing?

Phishing

Phishing Scams Education Firewall

Are You Vulnerable To Ransomware? 6 Questions to Ask Yourself

Vipre

MAY 5, 2021

For instance, failing to educate users on the dangers of phishing amounts to business malpractice. Your answers should make it obvious in which areas of security you need to invest: Are you training users on the dangers of phishing? 66% of ransomware infections are due to spam and phishing emails.

Ransomware

Ransomware Backups Phishing Education

Passkeys: The future of secure and seamless authentication

Webroot

FEBRUARY 5, 2025

But what exactly are passkeys, and why are they considered the future of authentication? With Password Day coming up this Saturday, it’s the perfect time to discuss the future of authentication. Passkeys leverage public-key cryptography to authenticate users without requiring them to remember or type in a password.

Authentication

Authentication Password Management Passwords Backups

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

Online shopping scams An online shopping scam usually involves a fake online store or app, which appears legitimate and is promoted on social media or other authentic websites. Beware before you share Phishing scams Avoid clicking on malicious links in emails and social media. Document disposal Shred sensitive documents.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

The Last Watchdog

DECEMBER 12, 2023

Focus on implementing robust backup and disaster recovery plans, user training, and the sharing of threat intelligence. Supply-chain attacks, new zero-day attacks, insider risk and improved phishing leads to an onslaught of breaches. Phishing attacks driven by ChatGPT will be harder than ever to detect.

Cybersecurity

Cybersecurity Social Engineering Cyber threats Software

Recognising Scam Patterns and Preventing Data Loss: A Unified Approach

IT Security Guru

NOVEMBER 20, 2023

Spear Phishing While phishing remains one of the most prevalent methods cybercriminals use, spear phishing represents a refined form of the traditional phishing technique. Utilise realistic phishing simulations to test their preparedness and hone their skills.

Scams

Scams Phishing Backups Cyber threats

GUEST ESSAY: A roadmap for wisely tightening cybersecurity in the modern workplace

The Last Watchdog

MAY 24, 2023

This problem, called ransomware , explains why keeping backups is so important. Hijackers’ demands lose power when you can just recover your operations from backups. Cyberattacks can also lead to a loss of productivity.

Cybersecurity

Cybersecurity Backups Data breaches Technology

How to use a physical security key on Twitter and where to get it from

CyberSecurity Insiders

JULY 1, 2021

Now the Tweeting giant has clarified that users will be allowed to use their security keys as the only form of two factor authentication, if they will do so. Twitter allows Two factor authentication in three ways- Text Message, authentication via App and through a physical security key.

Authentication

Authentication Backups Accountability Phishing

Cyber Security Awareness Month: Cyber tune-up checklist

Webroot

OCTOBER 1, 2024

Turn on multi-factor authentication Using multi-factor authentication adds a layer of security to your passwords by having you prove your identity in multiple ways. Identifying phishing scams Phishing scams appear in our email inboxes, text messages and even voicemails on a daily basis. noreply@yourbank.com.)

Security Awareness

Security Awareness Backups Passwords Password Management

Prevention Maintenance: Strategies To Bolster Your Organisation’s Cybersecurity

IT Security Guru

MAY 20, 2024

Today, common cyber threats include phishing, ransomware, and malware attacks, each capable of significantly disrupting operations and compromising sensitive data. These sessions should cover critical topics like phishing, which tricks you into giving out sensitive information, and password security to protect your data.

Cybersecurity

Cybersecurity Backups Cyber threats Mobile

FTC shares guidance for small businesses to prevent ransomware attacks

Security Affairs

NOVEMBER 14, 2021

The first step consists of recommending organizations to follow best practices to neutralize ransomware attack such as set up offline, off-site, encrypted backups. “In addition, educate your staff on the folly of using the same password on different platforms, and consider the many benefits of multifactor authentication.”

Small Business

Small Business Ransomware Backups Authentication

Tips to make your summer travels cyber safe

Webroot

JUNE 17, 2025

Phishing scams: Phishing scams that target travel-related platforms are on the rise. In 2024, the travel website booking.com reported a 500%-900% increase in travel-related phishing scams. Enable two-factor authentication: Use Two-factor Authentication (TFA) on your gadgets and electronic devices.

VPN

VPN Scams Computers and Electronics Phishing

What is a Cyberattack? Types and Defenses

eSecurity Planet

JUNE 16, 2022

However, basic cybersecurity tools and practices, like patching , strong passwords , and multi-factor authentication (MFA), “can prevent 80 to 90% of cyberattacks,” said Anne Neuberger, deputy national security advisor for cyber and emerging technologies, during a White House press conference in Sept. Ransomware. Mobile attacks.

Backups

Backups Ransomware Firewall Malware

Is Your Small Business Safe Against Cyber Attacks?

CyberSecurity Insiders

MARCH 21, 2021

Two-factor authentication . Backup data on Cloud . Even if you take all the protective measures, you don’t want to be left without any backup or options in case of a cyber attack. Small businesses should have a contingency plan in place in the form of cloud backup. Anti-virus and anti-malware . Firewalls .

Small Business

Small Business Cyber Attacks VPN Backups

How to Lose a Fortune with Just One Bad Click

Silent Ransom Group targeting law firms, the FBI warns

Trending Sources

New phishing attack steals your Instagram backup codes to bypass 2FA

FBI Warns Law Firms: Hackers Are Calling Offices in Stealth Phishing Scam

Deceptive Google Meet Invites Lures Users Into Malware Scams

Why it might be time to consider using FIDO-based authentication devices

Protecting Oil and Gas Industry Infrastructure: Strategies for Resilience

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

The 3 biggest cybersecurity threats to small businesses

Android 7.0+ Phones Can Now Double as Google Security Keys

Your Phone May Soon Replace Many of Your Passwords

Okta: Breach Affected All Customer Support Users

Researchers Quietly Cracked Zeppelin Ransomware Keys

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

GUEST ESSAY: Best practices to shrink the ever-present risk of Exchange Server getting corrupted

Verizon's 2025 DBIR: Threats Are Faster, Smarter, and More Personal

8 security tips for small businesses

Taking on the Next Generation of Phishing Scams

Discord Shame channel goes phishing

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

Medusa Ransomware Warning: CISA and FBI Issue Urgent Advisory

Unanswered Questions Loom Over Cyber Attacks on M&S, Co-op & Harrods

Microsoft Patch Tuesday, February 2021 Edition

Google Cybersecurity Action Team Threat Horizons Report #5 Is Out!

BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks

How to set up two-factor authentication on Twitter using a hardware key

1 in 10 people do nothing to stay secure and private on vacation

Amazon's Latest Data Breach a Ripple Effect of MOVEit

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

Luxury, Loyalty and Lateral Movement: Retail and Banking Attacks Surge

How to Spot an Email Phishing Attempt at Work

Are You Vulnerable To Ransomware? 6 Questions to Ask Yourself

Passkeys: The future of secure and seamless authentication

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 1)

Recognising Scam Patterns and Preventing Data Loss: A Unified Approach

GUEST ESSAY: A roadmap for wisely tightening cybersecurity in the modern workplace

How to use a physical security key on Twitter and where to get it from

Cyber Security Awareness Month: Cyber tune-up checklist

Prevention Maintenance: Strategies To Bolster Your Organisation’s Cybersecurity

FTC shares guidance for small businesses to prevent ransomware attacks

Tips to make your summer travels cyber safe

What is a Cyberattack? Types and Defenses

Is Your Small Business Safe Against Cyber Attacks?

Stay Connected