Tag: factor authentication
136 articles
Aussie Telco Limited Stunning Data Leak: Risky Fallout
A stolen login at iiNet has put roughly 280,000 customers’ names, emails, phone numbers and addresses in the hands of attackers — the exact kind of info scammers use to launch convincing phishing and account-fraud attempts. If you’re affected, enable MFA, stay alert for suspicious messages, and follow any guidance from your provider.
Taiwanese web hosting Exclusive: Critical Espionage Risk
Imagine an invisible enemy living inside the servers that power your websites and email — Cisco Talos found a Chinese‑linked APT using a Taiwanese web host to intercept traffic, harvest credentials and stage persistent espionage. This supply‑chain breach is a wake‑up call: treat hosts as critical infrastructure and demand stronger controls, logging and incident guarantees now.
FortiSIEM vulnerability: Critical, Risky Exploit Emerges
A critical FortiSIEM flaw with exploit code now circulating turns your SIEM into a prime target. Patch, tighten access, and hunt for signs of compromise immediately to protect visibility and contain risk.
phishing campaign: Stunning Risk to UK Sponsors
A slick phishing campaign is targeting Home Office sponsor licence holders, risking fraud, extortion and even licence revocation by stealing the credentials used to manage migrant sponsorships. If you manage a sponsor account, verify any Home Office contact, enable MFA, and treat unexpected emails with extreme caution to protect your organisation and the people you sponsor.
ShinyHunters cybercrime group: Critical Exclusive Threat
When your bank calls about a transaction you didn’t make, it’s a stark reminder that the ShinyHunters cybercrime group is now homing in on banks, fintechs and their vendors to harvest credentials and personal data for large-scale fraud. Institutions must act fast—tightening credential defenses, shoring up vendor security, and boosting detection—to protect customers, reputation and regulatory standing.
sextortion scams: Must-Have Best Survival Guide
Most sextortion emails are bluffs—ask where’s the tape? and demand verifiable proof instead of paying. Secure your accounts with unique passwords and 2FA, scan devices, preserve evidence, and report the scam.
Connex Credit Union breach: Shocking Risky Wake-Up
A recent cyber-attack at Connex Credit Union exposed the personal data of 172,000 members, leaving many understandably worried about identity theft and financial safety. While Connex notifies affected members and steps up security, now’s a good time to review your accounts and enable extra protections like monitoring and multi-factor authentication.
UK Discovers Microsoft Malware Linked to GRU Cyberspies
In a world where our inboxes are under siege, the UKs alarming discovery of a new Microsoft-targeting malware by the notorious APT28 group raises urgent questions about the safety of our communications. With cyber threats evolving rapidly, it’s time to rethink our digital defenses before its too late!
SharePoint zero-day: Must-Have Fixes for Critical Risk
A critical SharePoint zero-day has surfaced that can let attackers move from a foothold to full data theft—here’s what to patch, harden, and monitor now to stop it. With simple fixes like prompt updates, stricter configs, MFA, and better logging, you can turn a risky platform back into a safe collaboration tool.
On-Prem SharePoint Security: Must-Have Urgent Fixes
Microsoft’s blunt warning is a wake-up call: treat on‑prem SharePoint as if it’s already been compromised and act now. Start with urgent patches, MFA, segmentation and enhanced monitoring, run breach‑assumption drills, and bake backups, audits, and user training into an ongoing security plan.
Microsoft malware threat: Stunning, Alarming Risks
Imagine your inbox becoming a spying ground — UK officials warn Fancy Bear-linked hackers are using new malware to hijack Microsoft email accounts and siphon private messages and sensitive documents. Take it seriously: enable MFA, tighten access controls, and monitor for unusual logins to stay one step ahead.
Microsoft malware: Stunning Critical Threats Exposed
Russian state-backed hackers have unleashed stealthy Microsoft-targeted malware to hijack Outlook accounts—exposing how fragile our email defenses can be. Now’s the time to tighten security with phishing-resistant MFA, vigilant monitoring, and smarter user habits to stay one step ahead.
npm package security: Must-Have Guide to Risky Breaches
A targeted phishing attack that slipped malicious code into five npm packages shows how easily supply chains can be weaponized. Treat publish tokens like private keys—enable 2FA, rotate credentials, and demand package signing and provenance to stop the next breach.
Public Wi-Fi security: Must-Have Best Protections
Enjoy free café Wi‑Fi? Think twice—over 5 million public networks are vulnerable, so use a VPN, avoid sensitive transactions, and check for HTTPS to keep your data safe.
Public Wi-Fi security: Must-Have Tips to Stay Safe
Free public Wi‑Fi is convenient, but that coffee-shop connection could be an open door for attackers — learn simple, must-have tips like using a trusted VPN, verifying network names, avoiding sensitive transactions, and enabling 2FA to keep your data safe.
Russian email malware: Exclusive Dangerous Threat
A sophisticated Russian-linked malware campaign called Authentic Antics is quietly hijacking Microsoft cloud email accounts to harvest credentials and spy on high-value targets. Treat email security as strategic—enable MFA, monitor mailbox rules, and train users to spot convincing phishing so a single message can’t turn into a national-security headache.
Retail cybersecurity threats: Essential Best Defenses
Retailers are now prime targets for attacks on payment systems, customer data, and supply chains — this guide explains why the risk is rising and gives practical, prioritized defenses you can implement now to protect revenue, reputation, and customers.
AI Cloaking Tools: Stunning, Dangerous Threat
Imagine an email that looks exactly like your bank’s—logos, tone, and all—but hides a living trap that only reveals itself when you click; AI cloaking tools let attackers craft adaptive, hyper-real scams that evade detection. We need smarter defenses, practical user training, and faster policy action to stay ahead.
Identity-Based Attacks: Critical Must-Have Defense Tips
Identity-based attacks—up 156%—are using infostealers and lifelike phishing kits to steal logins, but you can push back with simple steps like unique passwords, a reputable password manager, and phishing-resistant MFA. Stay skeptical of unexpected prompts, keep devices patched, and teach your family the warning signs to dramatically reduce your risk.
Scattered Spider Stunning Arrests: Risky Networks Crippled
UK police have arrested four people tied to the notorious Scattered Spider ransomware group, a major win in protecting businesses and customers from costly data theft and extortion. Experts warn, though, that arrests are only the beginning of a longer fight to shore up security and rebuild trust.
Mobile Security: Stunning Must-Have Best Defenses
Our phones hold more than photos—they can unlock secrets and national risks. Simple, practical protections like built-in encryption, hardware-backed MFA, device management, and hands-on training can stop attacks before they spread.
Small Business Cybersecurity: Must-Have Essential Defenses
A single cyberattack can sink a small business—NCCoE’s Cybersecurity Connections turns NIST guidance into practical, budget-friendly steps (MFA, patching, tested backups) and real-world tools to help owners protect customers, preserve trust, and keep their business running.
Were 16 Billion Passwords Breached? Claims Under Scrutiny
Is the claim of 16 billion leaked passwords the biggest breach ever—or just a recycled mix of old data? Let’s dive into what experts are really saying about this eye-popping figure.
NIST Webinar: Essential Phishing Protection for Small Businesses
Worried about phishing scams putting your small business at risk? Discover simple, powerful strategies from NIST’s latest webinar to keep your digital doors locked tight against cyber threats.