Security Affairs

NOVEMBER 15, 2024

Glove Stealer is a.NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data. The malware could harvest a huge trove of data from infected systems, including cookies, autofill, cryptocurrency wallets, 2FA authenticators, password managers, and email client information.

Encryption 118

Encryption Password Management Cryptocurrency Social Engineering 118

Malwarebytes

FEBRUARY 25, 2025

But when the apps are installed, they steal information from the victims device that can be used to blackmail the victim. Among the stolen information are listed contacts, call logs, text messages, photos, and the devices location. You can make a stolen password useless to thieves by changing it. Set up identity monitoring.

Passwords 145

Passwords Password Management Phishing Authentication 145

Krebs on Security

JULY 29, 2021

Every time there is another data breach, we are asked to change our password at the breached entity. But the reality is that in most cases by the time the victim organization discloses an incident publicly the information has already been harvested many times over by profit-seeking cybercriminals. TARGETED PHISHING.

Passwords 363

Passwords Password Management Phishing Scams 363

Malwarebytes

JANUARY 27, 2025

Stolen information The data breach at Change Healthcare is the largest healthcare data breach in US history. However, the exposed information may include: Contact information: Names, addresses, dates of birth, phone numbers, and email addresses. Choose a strong password that you dont use for anything else. Take your time.

Data breaches 126

Data breaches Healthcare Insurance Passwords 126

Malwarebytes

SEPTEMBER 13, 2023

The consequences of last year's LastPass breach continue to be felt, with the latest insult to users coming in the form of a highly convincing phishing email. Although the " unauthorized party" that compromised LastPass users' data was able to steal password vaults, it's likely that they are having a hard time cracking them open.

Phishing 144

Phishing Accountability Passwords Password Management 144

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. Redefining Change Your Password Day Well start with Change Your Password Day because, frankly, its a little complicated.

Phishing 62

Phishing Passwords Password Management Authentication 62

Malwarebytes

APRIL 24, 2025

In a data breach notice on its website, Blue Shield says it had begun notifying certain members of a potential data breach that may have included elements of their protected health information. This likely included protected health information. Choose a strong password that you dont use for anything else. Take your time.

Insurance 114

Insurance Data breaches Passwords Phishing 114

Malwarebytes

NOVEMBER 4, 2024

The attack was later claimed by the Rhysida ransomware group on their leak site, where the group posts information about victims that are unwilling to pay. Later, a security researcher disclosed information about the content of the stolen data with the media. Choose a strong password that you don’t use for anything else.

Data breaches 114

Data breaches Passwords Ransomware Phishing 114

Jane Frankland

MAY 16, 2025

MFA Bypass Methods: SIM swaps, malware, or phishing sites that trick you into revealing or approving access. Auto-fill Exploits: A small but critical sign when your password manager doesnt autofill it might be a scam site. Passkeys are the gold standard phishing-resistant, cryptographic credentials tied to your device.

Scams 130

Scams Password Management Passwords Banking 130

Malwarebytes

OCTOBER 25, 2024

The Office for Civil Rights (OCR) at the HHS confirmed that it prioritized and opened investigations of Change Healthcare and UnitedHealth Group, focused on whether a breach of protected health information (PHI) occurred and on the entities’ compliance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Rules.

Healthcare 118

Healthcare Data breaches Passwords Identity Theft 118

Google Security

JANUARY 30, 2024

Posted by Sherif Hanna, Group Product Manager, Pixel Security Helping Pixel owners upgrade to the easier, safer way to sign in Your phone contains a lot of your personal information, from financial data to photos. This is why the Pixel team has been especially excited about passkeys —the easier, safer alternative to passwords.

Password Management 122

Password Management Passwords Accountability Phishing 122

Malwarebytes

OCTOBER 10, 2024

Cybercriminals managed to breach the site and steal a user authentication database containing 31 million records. The stolen database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data.

Data breaches 129

Data breaches DDOS Internet Internet 129

Malwarebytes

FEBRUARY 25, 2025

The attacker may have accessed over three million files containing personal information. This is one of these cases where a company most people have never heard of has amassed a mountain of information about many people. These data brokers gather information from several sources and sell them on to interested buyers.

Data breaches 97

Data breaches Passwords Phishing Password Management 97

Malwarebytes

APRIL 28, 2025

This means those 21 million images could reveal everything from work processes to employees private information. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device cant be phished.

Passwords 92

Passwords Phishing Spyware Password Management 92

Webroot

MAY 5, 2025

Phishing attacks are a significant threat to consumers, with cybercriminals constantly evolving their tactics to deceive unsuspecting individuals. The integration of artificial intelligence (AI) into phishing schemes has made these attacks even more sophisticated and challenging to detect. How AI enhances phishing attacks 1.

Phishing 62

Phishing Antivirus Education Artificial Intelligence 62

Krebs on Security

JUNE 15, 2024

“He stands accused of hacking into corporate accounts and stealing critical information, which allegedly enabled the group to access multi-million-dollar funds,” Murcia Today wrote. The security firm Group-IB called the gang by a different name — 0ktapus , a nod to how the criminal group phished employees for credentials.

Hacking 344

Hacking Cybercrime Phishing Passwords 344

Malwarebytes

APRIL 15, 2025

The Hertz Corporation, on behalf of Hertz, Dollar, and Thrifty brands, is sending breach notifications to customers who may have had their name, contact information, driver’s license, andin rare casesSocial Security Number exposed in a data breach. Choose a strong password that you dont use for anything else. Take your time.

Data breaches 101

Data breaches Ransomware B2B Passwords 101

Malwarebytes

JANUARY 10, 2025

BayMark) notified an unknown number of patients that attackers stole their personal and health information. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password.

Ransomware 97

Ransomware Data breaches Passwords Phishing 97

Malwarebytes

MARCH 25, 2025

With concerns now swirling about exactly who will become the new steward of 23andMes data following its bankruptcy, customers are asking how they can secure their most private genetic information, if at all. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Passwords 114

Passwords Accountability Data breaches Phishing 114

Malwarebytes

MAY 16, 2024

A type of phishing we’re calling authentication-in-the-middle is showing up in online media. It works like this: A user gets lured to a phishing site masquerading as a site they normally use, such as a bank, email or social media account. Use a password manager. The user is then prompted for their MFA step.

Authentication 145

Authentication Phishing Password Management Scams 145

Troy Hunt

OCTOBER 28, 2020

But let's also keep some perspective here; look at how many pixels are different between an "i" and an "l": Are we really saying we're going to combat phishing by relying on untrained eyes to spot 6 pixels being off in a screen of more than 2 million of them?! Poor Googie! More on that soon. Is it a button? A notification somewhere?

Phishing 364

Phishing Password Management Passwords Internet 364

Malwarebytes

MARCH 19, 2025

Sperm donor giant California Cryobank has announced it has suffered a data breach that exposed customers’ personal information. The information potentially involved varies by customer but includes names and one or more of the following: Drivers license numbers Bank account and routing numbers. Watch out for fake vendors.

Banking 93

Banking Data breaches Computers and Electronics Insurance 93

Krebs on Security

DECEMBER 1, 2022

ConnectWise , which offers a self-hosted, remote desktop software application that is widely used by Managed Service Providers (MSPs), is warning about an unusually sophisticated phishing attack that can let attackers take remote control over user systems when recipients click the included link. build and the then-canary 22.9

Phishing 315

Phishing Architecture Passwords Accountability 315

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Millions of customers were put at risk when their social security numbers, phone numbers, and other sensitive personal information were leaked.

Consumer Protection 99

Consumer Protection Identity Theft Scams Social Engineering 99

Malwarebytes

JULY 23, 2021

The Dutch police announced that they arrested two Dutch citizens, aged 24 and 15, for developing and selling phishing panels. For cybercriminals that lacked the technical knowledge or means, the Fraud Family also offered to host the phishing sites and backend panels. 2FA bypass.

Phishing 131

Phishing Banking Password Management Scams 131

Malwarebytes

AUGUST 18, 2021

Phishing scammers love well known brand names, because people trust them, and their email designs are easy to rip off. Earlier this year, DocuSign specifically warned about phishing campaigns using its brand. We’ve included some examples of DocuSign phishing campaigns below. Real DocuSign emails used for phishing.

Phishing 145

Phishing Password Management Passwords Accountability 145

Malwarebytes

MARCH 14, 2025

Depending on the type of app these records can contain financial data, location data, and other personal information. But you can keep this information in mind before you install an app. Choose a strong password that you dont use for anything else. Better yet, let a password manager choose one for you.

Passwords 87

Passwords Data breaches Phishing Password Management 87

Malwarebytes

MAY 1, 2025

Phishing In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts. In reality, those usernames and passwords are delivered directly to cybercriminals on the other side of the website.

Small Business 88

Small Business Cybersecurity Scams Passwords 88

Webroot

FEBRUARY 21, 2025

Phishing scams, ransomware attacks, data breaches, and identity theft are part of a growing list of online dangers that are a daily reality. Today, your personal information , online activities, financial data, and even your familys privacy are targets for attack. Anti-phishing protection Shields you from phishing attempts.

Antivirus 84

Antivirus Identity Theft Cyber threats Phishing 84

Malwarebytes

SEPTEMBER 22, 2023

Some T-Mobile customers logged into their accounts on Wednesday to find another customer’s billing and account information showing on their online dashboards. It said a "temporary system glitch" had misplaced some subscriber account information, causing it to appear on other subscribers’ profile pages. So, stay tuned!

Mobile 123

Mobile Data breaches Accountability Passwords 123

Malwarebytes

SEPTEMBER 10, 2024

Payment provider Slim CD has disclosed a security incident that may have exposed the full credit card information of anyone paying at a merchant that uses Slim CD’s services. However, the company said the criminals only had access to credit card and other information between June 14 and June 15, 2024. Watch out for fake vendors.

Data breaches 121

Data breaches Identity Theft Passwords Phishing 121

Malwarebytes

JUNE 4, 2024

Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished. Enable two-factor authentication (2FA).

Data breaches 120

Data breaches Passwords Phishing Password Management 120

IT Security Guru

APRIL 25, 2025

Phishing is a great example of this, with it evolving from simple email scams to more malicious and carefully thought-out attacks. As more people shift to online financial platforms or cryptocurrencies, digital wallets have become a common target for phishing scams.

Scams 44

Scams Phishing Cryptocurrency Cyber threats 44

Krebs on Security

AUGUST 5, 2019

The first involves spear phishing attacks to gain access to that second authentication factor, which can be made much more convincing once the attackers have access to specific details about the customer’s account — such as recent transactions or account numbers (even partial account numbers).

Banking 279

Banking Passwords Risk Accountability 279

Security Affairs

MAY 13, 2024

Experts reported that since April, the Phorpiex botnet sent millions of phishing emails to spread LockBit Black ransomware. Password Management : Use strong, unique passwords and implement multi-factor authentication (MFA) whenever possible, prioritizing authentication apps or hardware tokens over SMS text-based codes.

Phishing 134

Phishing Ransomware Security Awareness Authentication 134

Krebs on Security

JANUARY 30, 2024

” Group-IB dubbed the gang by a different name — 0ktapus — which was a nod to how the criminal group phished employees for credentials. The missives asked users to click a link and log in at a phishing page that mimicked their employer’s Okta authentication page. On July 28 and again on Aug. According to an Aug.

Social Engineering 359

Social Engineering Mobile Cybercrime Passwords 359

The Last Watchdog

MARCH 6, 2021

Remote workers face having both their personal and work-related information compromised. Passwords for accounts should be unique for every account and should compromise a long string of distinct characters, lower and upper case letters, and numbers. It is difficult to remember all passwords. Keep an eye out for phishing emails.

VPN 214

VPN Firewall Antivirus Passwords 214