Practice a Zero-Trust mindset by never automatically trusting people, emails, phone calls, messages, or links—even if they appear to come from legitimate organizations like your bank or workplace. Always verify requests independently by contacting the person or company through an official website or trusted phone number, rather than responding directly to the original message. By pausing to confirm before clicking, sharing information, or making payments, you significantly reduce your risk of falling victim to phishing, scams, or identity theft.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Cybersecurity firm ThreatFabric has identified a new Android malware strain called Massiv that enables criminals to take over victims’ phones and steal money from their bank accounts.

The malware spreads through fake IPTV apps distributed via SMS phishing. Posing as an “important update,” it tricks users into granting permissions that give attackers full control of the device. Findings shared with The Hacker News warn that despite limited campaigns so far, the threat to mobile banking users is significant.

Massiv has primarily targeted users in Portugal and Greece. In one campaign, attackers impersonated Portugal’s government services app, gov.pt, stealing phone numbers and PIN codes — in some cases using the data to open bank accounts for fraud or money laundering.

Once installed, Massiv can remotely control the phone, hide activity with a black screen, intercept text messages, capture banking credentials, and install additional malware. Unlike...

Always question anyone who asks for confidential information in public spaces. Sensitive data such as passwords, financial details, or personal identification numbers should never be shared openly. Verify the identity and purpose of the person making the request before providing any information. If you are uncertain, pause the conversation and confirm the request through a trusted and secure communication channel. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Leaving Bluetooth on can expose your device to attacks or tracking. Only enable it for trusted devices.

Dos:
• Turn off when not in use
• Pair with trusted devices only
• Remove old connections
• Keep your device updated
• Use in secure environments

Avoid:
× Leave on all day
× Accept unknown pairing requests
× Use in public carelessly
× Ignore updates or security alerts
× Assume convenience means safety

“Pair Less, Protect More”

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

For better online security, use a password manager like Passbolt to store all your passwords in one encrypted vault. It can generate strong, unique passwords for every account, which protects you from hacking attempts and credential stuffing attacks if one site is breached. You only need to remember one strong master password, making it both safer and easier than reusing simple passwords across multiple websites.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support

Cybersecurity starts with awareness, not fear. Stay alert to suspicious emails, unexpected links, and requests for personal information—especially those claiming urgency. Use strong, unique passwords and enable multi-factor authentication whenever possible to add an extra layer of protection. By building smart digital habits and staying informed, you reduce risks and keep your information secure with confidence. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Never share one-time codes or OTP sent to your phone, email, or authenticator app, as these codes are intended only for you and serve as a critical layer of protection for your account. Legitimate companies and organizations will never contact you to request these codes. If anyone asks for your code, it's a scam, refuse to share it to keep your account secure.

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.

Report suspicious emails or unusual activity as soon as you notice them—don’t wait. Acting quickly can prevent potential security breaches or data loss. Even if you’re unsure, it’s better to report something that turns out to be harmless than to ignore a real threat. Prompt reporting helps protect both you and your organization. 

Do you have a question? Submit a ticket at [PB8324.3] Data Security Support. 

Cybersecurity experts have revealed a new way hackers can misuse AI assistants like Microsoft Copilot and Grok to secretly control infected computers. The method, called “AI as a C2 proxy” by Check Point, lets attackers send commands and steal information through AI tools, all while blending into normal online activity.

The process works like this: a hacker first infects a computer with malware. Then, the malware talks to the AI assistant using specially designed prompts. The AI fetches instructions from the hacker and sends back responses, effectively acting as a hidden communication channel. Surprisingly, this can happen without needing any account or API key, making it harder to detect or stop.

Experts warn that this is more than just a way to sneak commands past defenses. Hackers could use AI to plan attacks in real time, figure out which computers are valuable targets, and even avoid detection—turning AI into a smart accomplice.

This...

Always remove or completely destroy shipping labels before disposing it, as they contain personal information such as your full name, address, phone number, and tracking number. Criminals can use these details for phishing scams, identity theft, or to track delivery patterns and target your home. To stay protected, shred the label or thoroughly black out all personal and barcode information before throwing packaging away.

 Do you have a question? Submit a ticket at [PB8324.3] Data Security Support.