Government, Password Management and Phishing

Phishing evolves beyond email to become latest Android app threat

Malwarebytes

FEBRUARY 11, 2025

There are plenty of phish in the sea, and the latest ones have little interest in your email inbox. In 2024, Malwarebytes detected more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. These Android phishing apps may sound high-tech, but they are not.

Phishing

Phishing Passwords Authentication Mobile

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. AI-Enhanced Cyberthreats Recent intelligence indicates that the sophistication of Gmail phishing campaigns has reached new heights.

Phishing

Phishing Artificial Intelligence Password Management Accountability

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Krebs on Security

MARCH 31, 2020

A spear-phishing attack this week hooked a customer service employee at GoDaddy.com , the world’s largest domain name registrar, KrebsOnSecurity has learned. 49 (that domain is hobbled here because it is currently flagged as hosting a phishing site). It was starting to look like someone had gotten phished.

Phishing

Phishing DNS Social Engineering Accountability

Organised Crime Gang Steals £47 Million from UK Tax Office in Phishing Scam

eSecurity Planet

JUNE 9, 2025

An organised crime gang has stolen £47 million ($64 million) from the UK’s tax office by hacking into over 100,000 customer accounts and fraudulently claiming government payments. The post Organised Crime Gang Steals £47 Million from UK Tax Office in Phishing Scam appeared first on eSecurity Planet.

Scams

Scams Phishing Password Management Accountability

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

JANUARY 27, 2025

Health insurance information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Data breaches

Data breaches Healthcare Insurance Passwords

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Jane Frankland

MAY 16, 2025

Here’s a breakdown of the most widespread and damaging scams today: Impersonation Scams (51% of fraud cases) where fraudsters pose as: Banks, HMRC, DVLA, or government agencies. MFA Bypass Methods: SIM swaps, malware, or phishing sites that trick you into revealing or approving access. Couriers (e.g., Royal Mail, DHL, FedEx).

Scams

Scams Password Management Passwords Banking

Internet Archive suffers data breach and DDoS

Malwarebytes

OCTOBER 10, 2024

Their tweet which explains their motivation hasn’t gone down well among X users, with many commenting that the Internet Archive is not connected to the US Government and, in fact, a very useful tool. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.

Data breaches

Data breaches DDOS Internet Internet

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. Strengthening identity security Enforce phishing-resistant MFA for all privileged accounts.

Ransomware

Ransomware IoT Encryption Social Engineering

City of Columbus breach affects around half a million citizens

Malwarebytes

NOVEMBER 4, 2024

A ransomware attack against the City of Columbus, Ohio—which drew public scrutiny following the city government’s attempt to silence a researcher who told the public about the attack—has received a little more detail from an unexpected source: The Attorney General for the state of Maine. Enable two-factor authentication (2FA).

Data breaches

Data breaches Passwords Ransomware Phishing

Hertz data breach caused by CL0P ransomware attack on vendor

Malwarebytes

APRIL 15, 2025

Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished. Enable two-factor authentication (2FA).

Data breaches

Data breaches Ransomware B2B Passwords

The 3 biggest cybersecurity threats to small businesses

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. In reality, those usernames and passwords are delivered directly to cybercriminals on the other side of the website.

Small Business

Small Business Cybersecurity Scams Passwords

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Zero Day

JUNE 22, 2025

And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. Use a password manager If you use a password manager, it may offer breach-monitoring services that will alert you when your passwords are exposed during a data breach.

Passwords

Passwords Data breaches Password Management Accountability

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Zero Day

JUNE 20, 2025

And while financial costs may be a factor, individual victims may face targeted phishing campaigns, social engineering schemes, identity theft, and damage to credit. Use a password manager If you use a password manager, it may offer breach-monitoring services that will alert you when your passwords are exposed during a data breach.

Passwords

Passwords Data breaches Password Management Identity Theft

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

Krebs on Security

JANUARY 30, 2024

The government says Urban went by the aliases “ Sosa ” and “ King Bob ,” among others. ” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. On July 28 and again on Aug. According to an Aug.

Social Engineering

Social Engineering Mobile Cybercrime Passwords

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. How to protect yourself and your data Smart ways to secure your devices Strong passwords – Make them long, random, and unique.

Consumer Protection

Consumer Protection Identity Theft Scams Social Engineering

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

Cisco Security

NOVEMBER 2, 2022

“ Cisco Duo simplifies the passwordless journey for organizations that want to implement phishing-resistant authentication and adopt a zero trust security strategy. “Over the last few years, we have increased our password complexities and required 2FA wherever possible. This prevents login to fake or phishing websites.

Authentication

Authentication Passwords Phishing Mobile

CISA Cuts: What They Mean for Cyber Defense for All

SecureWorld News

APRIL 10, 2025

Regardless of your political views, we must all agree that equipping our government with best cybersecurity talent, technology, and resources is critical to protecting our national interests," said Bruce Jenkins, CISO at Black Duck. In other words, dependence on government services for cybersecurity should always have a backup plan.

Energy and Utilities

Energy and Utilities Backups Healthcare Cybersecurity

8 security tips for small businesses

Malwarebytes

NOVEMBER 6, 2024

Train your employees in security awareness, so they can recognize phishing attempts and know what they can and can’t do on company-issued hardware. Lock things down Having a strict policy to protect your important assets with strong passwords and multi-factor authentication (MFA) should be a no-brainer.

Small Business

Small Business Backups Firewall VPN

Your Android phone just got a big upgrade for free - these Pixel models included

Zero Day

JUNE 17, 2025

It protects your device from a variety of attacks, including scam calls, harmful apps, unsafe websites, phishing attempts, malicious links, and more. Featured Is ChatGPT Plus really worth $20 when the free version offers so many premium features? Your MacBook is getting a big upgrade.

Password Management

Password Management Small Business Artificial Intelligence Software

Facebook's new passkey support could let you ditch your password once and for all

Zero Day

JUNE 19, 2025

"Passkeys are an upgrade in security compared to traditional passwords and one-time SMS codes because they are resistant to guessing or theft by malicious websites or scam links, making them effective against phishing and password spraying attacks," Facebook said in its announcement.

Passwords

Passwords Password Management Small Business Mobile

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Adam Levin

FEBRUARY 10, 2020

More Phishing Attacks. Phishing may seem like an ordinary part of online life, but it could also be the initial volley in a major cyberattack. Phishing here is shorthand for the Pantheon of Ishings: generic, spearphishing (personalized), vishing (phone based), and SMishing (text based). Consider using a password manager.

Passwords

Passwords Phishing Password Management Accountability

ROUNDTABLE: Targeting the supply-chain: SolarWinds, then Mimecast and now UScellular

The Last Watchdog

FEBRUARY 3, 2021

26 posting confirming that the compromise was at the hands of the same nation-state threat group behind the SolarWinds hack and subsequent attacks on various technology companies and federal government agencies. Having long passwords and a password manager can also add additional layers of security and protect you as a customer.

Phishing

Phishing Hacking Accountability Social Engineering

Angry Likho: Old beasts in a new forest

SecureList

FEBRUARY 21, 2025

However, Angry Likho’s attacks tend to be targeted , with a more compact infrastructure, a limited range of implants, and a focus on employees of large organizations, including government agencies and their contractors. Below is an example of such an email containing a malicious RAR archive. averageorganicfallfaw[.]shop

Phishing

Phishing Encryption Banking Malware

Happy 13th Birthday, KrebsOnSecurity!

Krebs on Security

DECEMBER 29, 2022

The records also reveal how Conti dealt with its own internal breaches and attacks from private security firms and foreign governments. The government of Costa Rica is forced to declare a state of emergency after a ransomware attack by Conti cripples government systems. It emerges that email marketing giant Mailchimp got hacked.

Cryptocurrency

Cryptocurrency Cybercrime Computers and Electronics Scams

Dark Pink APT Group Strikes Government Entities in South Asian Countries

Security Boulevard

MARCH 10, 2023

Executive Summary In February 2023, EclecticIQ researchers identified multiple KamiKakaBot malwares which are very likely used to target government entities in ASEAN (Association of Southeast Asian Nations) countries. Malware Execution Flow KamiKakaBot is delivered via phishing emails that contain a malicious ISO file as an attachment.

Government

Government Malware Encryption Passwords

How to Use A Password Manager: Setup, Benefits & Best Practices in 2024

eSecurity Planet

SEPTEMBER 6, 2024

We need secure and unique passwords to use business applications , access e-mail, and social media securely, and even watch movies on a streaming service. Password managers take some strain from generating, associating, and remembering those passwords. Table of Contents Toggle What Is a Password Manager?

Password Management

Password Management Passwords Accountability Social Engineering

The danger of data breaches — what you really need to know

Webroot

APRIL 22, 2025

Government agencies : Because government organizations store highly sensitive information, social security numbers, they are considered especially high-value targets for cyberattacks. Use strong, unique passwords: Strong, unique passwords are a simple, yet powerful security tool.

Data breaches

Data breaches Identity Theft Passwords eCommerce

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Related: Long run damage of 35-day government shutdown. Why we’re in the ‘Golden Age’ of cyber espionageThe fact is cyber criminals are expert at refining and carrying out phishing, malvertising and other tried-and-true ruses that gain them access to a targeted victim’s Internet-connected computing device.

Passwords

Passwords Password Management Antivirus Internet

Data Provided by the Estonian Central Criminal Police is Now Searchable on Have I Been Pwned

Troy Hunt

JUNE 11, 2018

Running Have I Been Pwned (HIBP) has presented some fascinating insights into all sorts of aspects of how data breaches affect us; the impact on the individual victims such as you and I, of course, but also how they affect the companies involved and increasingly, the role of government and law enforcement in dealing with these incidents.

Cryptocurrency

Cryptocurrency Cybercrime Data breaches Passwords

P@ssW0rdsR@N0T_FUN!

Duo's Security Blog

OCTOBER 4, 2023

No matter how many letters, numbers, or special characters you give them and no matter how many times you change them, passwords are still @N0T_FUN! Using strong passwords and a password manager 2. Recognizing and reporting phishing 4. Held in October, each week there will be a different focus on a key behavior: 1.

Password Management

Password Management Passwords Authentication Social Engineering

MoneyGram confirms customer data breach

Malwarebytes

OCTOBER 8, 2024

Initial investigations show the type of information stolen varies between different individuals, but may include: Names Contact information (phone number, email, physical address) Date of birth Social Security Numbers Government-issued identification documents (e.g. Choose a strong password that you don’t use for anything else.

Data breaches

Data breaches Identity Theft Passwords Phishing

How to improve your workplace’s cybersecurity

CyberSecurity Insiders

APRIL 16, 2021

Top VPNs such as ExpressVPN feature best-in-class AES encryption with 256-bit keys, the standard used by the US government. Anti-malware/ phishing. The anti-malware and anti-phishing option in some VPNs doubles up to a company’s cybersecurity by intercepting phishing attacks, pop-up adverts, and other malicious cyber threats.

Cybersecurity

Cybersecurity Password Management Passwords Encryption

Healthcare giant Norton breach leads to theft of millions of patient records

Malwarebytes

DECEMBER 12, 2023

Some people also had their financial account numbers, driver licenses or other government ID numbers, and digital signatures also taken. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. 2FA that relies on a FIDO2 device can’t be phished.

Healthcare

Healthcare Identity Theft Passwords Data breaches

Cybersecurity in the SMB space — a growing threat

SecureList

JUNE 25, 2024

Phishing Employee negligence remains a significant vulnerability for SMBs. Falling for phishing schemes can have catastrophic consequences for businesses. Phishing attacks are distributed via various channels, including spoofed emails and social media, to fool users into divulging login details or other sensitive data.

Cybersecurity

Cybersecurity Phishing Media Software

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Krebs on Security

FEBRUARY 18, 2019

government — along with a number of leading security companies — recently warned about a series of highly complex and widespread attacks that allowed suspected Iranian hackers to siphon huge volumes of email passwords and other sensitive data from multiple governments and private companies.

DNS

DNS Internet Internet Government

Chinese Police Data Leak Exposes 1 Billion Records

SecureWorld News

JULY 6, 2022

This includes things such as phishing, use of stolen credentials, misconfiguration, and simple mistakes. China now finds itself in the middle of one of the largest data breaches of all time after a government developer wrote a blog post on a popular forum that included the credentials to a police database.

Data breaches

Data breaches Password Management Passwords Government

A week in security (July 19 – August 1)

Malwarebytes

AUGUST 2, 2021

Spear-phishing now targets employees outside the finance and executive teams, report says. Source: ZDNet) We can’t believe people use browsers to manage their passwords, says maker of password management tools. BlackMatter, a new ransomware group , claims link to DarkSide, REvil.

Wireless

Wireless Firmware Password Management Passwords

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

eSecurity Planet

AUGUST 20, 2024

The fallout from this breach has the potential to ripple through societies globally, with far-reaching consequences for individuals, businesses, and governments alike. The implications of such massive data exposure are far-reaching, potentially impacting individuals, businesses, and governments globally.

Identity Theft

Identity Theft Data breaches Passwords Encryption

Number of data breach victims goes up 1,000%

Malwarebytes

JULY 19, 2024

Every person, business, institution and government agency must view data and identity protection with a greater sense of urgency.” Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. 2FA that relies on a FIDO2 device can’t be phished.

Data breaches

Data breaches Passwords Identity Theft Phishing

Hackers Intercept USPS Workers' Paychecks in Direct Deposit Scam

SecureWorld News

MAY 22, 2023

Without the budget for additional technology, or the headcount to investigate and respond to alerts, user awareness training can help users recognize phishing emails and spoofed websites." Using a password manager such as Keeper can help users avoid phony lookalike websites.

Scams

Scams Password Management Passwords Authentication

What you need to know: The biggest cyber threats in 2024

Webroot

SEPTEMBER 24, 2024

From ransomware attacks to phishing scams, hackers are becoming more sophisticated. Whether you’re running a small business or managing personal data at home, here’s what you need to know. For consumers: Stay alert to potential phishing attacks or scams related to global events.

Cyber threats

Cyber threats Small Business Scams Cybercrime

Security Affairs newsletter Round 402 by Pierluigi Paganini

Security Affairs

JANUARY 15, 2023

If you want to also receive for free the newsletter with the international press subscribe here. Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4 Most internet-exposed Cacti servers exposed to hacking French CNIL fined Tiktok $5.4

Small Business

Small Business Password Management Healthcare VPN

“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home

Malwarebytes

SEPTEMBER 4, 2024

This is because Pegasus has never been observed outside of a surveillance campaign carried out, specifically, by governments. Time and time again, Pegasus has been used by oppressive government regimes to spy on political dissidents, human rights activists, and watchdog journalists. Scammers do this to bypass phishing filters.

Scams

Scams Spyware Passwords Password Management

Change Healthcare confirms the customer data stolen in ransomware attack

Malwarebytes

JUNE 24, 2024

Patients were left facing enormous pharmacy bills, small medical providers teetered on the edge of insolvency, and the government scrambled to keep the money flowing and the lights on. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.

Healthcare

Healthcare Ransomware Insurance Passwords

Phishing evolves beyond email to become latest Android app threat

Gmail Under Siege: FBI Warns of Unusual AI-Driven Phishing Attacks

Trending Sources

Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others

Organised Crime Gang Steals £47 Million from UK Tax Office in Phishing Scam

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

As Seen on Channel 5’s Vanessa (Feltz) Show: What to Do if You’re Targeted by a Scam

Internet Archive suffers data breach and DDoS

Ghost Ransomware a Persistent Global Threat to Critical Infrastructure

City of Columbus breach affects around half a million citizens

Hertz data breach caused by CL0P ransomware attack on vendor

The 3 biggest cybersecurity threats to small businesses

16 billion passwords leaked across Apple, Google, more: What to know and how to protect yourself

Heard about the 16 billion passwords leak? Here are the facts and how to protect yourself

Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider

National Consumer Protection Week: Keeping your personal data safe in a digitally connected world

Still Using Passwords? Get Started with Phishing-Resistant, Passwordless Authentication Now!

CISA Cuts: What They Mean for Cyber Defense for All

8 security tips for small businesses

Your Android phone just got a big upgrade for free - these Pixel models included

Facebook's new passkey support could let you ditch your password once and for all

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

ROUNDTABLE: Targeting the supply-chain: SolarWinds, then Mimecast and now UScellular

Angry Likho: Old beasts in a new forest

Happy 13th Birthday, KrebsOnSecurity!

Dark Pink APT Group Strikes Government Entities in South Asian Countries

How to Use A Password Manager: Setup, Benefits & Best Practices in 2024

The danger of data breaches — what you really need to know

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

Data Provided by the Estonian Central Criminal Police is Now Searchable on Have I Been Pwned

P@ssW0rdsR@N0T_FUN!

MoneyGram confirms customer data breach

How to improve your workplace’s cybersecurity

Healthcare giant Norton breach leads to theft of millions of patient records

Cybersecurity in the SMB space — a growing threat

A Deep Dive on the Recent Widespread DNS Hijacking Attacks

Chinese Police Data Leak Exposes 1 Billion Records

A week in security (July 19 – August 1)

2.9 Billion Records Exposed in NPD Breach: How to Stay Safe

Number of data breach victims goes up 1,000%

Hackers Intercept USPS Workers' Paychecks in Direct Deposit Scam

What you need to know: The biggest cyber threats in 2024

Security Affairs newsletter Round 402 by Pierluigi Paganini

“Hello pervert” sextortion scam includes new threat of Pegasus—and a picture of your home

Change Healthcare confirms the customer data stolen in ransomware attack

Stay Connected