Get the latest cybersecurity news.

In this week’s roundup we’ve got news about a massive data breach at a major British company that could result in a huge fine for a General Data Protection Regulation (GDPR) violation. It’s one of the first major breaches announced since the regulation went into effect in May.

Elsewhere, municipalities in the US are attempting to get ahead of cyberattacks, there’s more news on the efforts to thwart attacks on the upcoming midterm elections and a curious new strain of ransomware includes the face of an extremely famous individual.

Learn more in this week’s edition of Cyber Resilience News.

  1. Government website exposed Social Security numbers, personal info, via Komando
    • FOIA.gov is for people to learn about how to submit a Freedom of Information Act (FOIA) request. Its home page states that the "basic function of the Freedom of Information Act is to ensure informed citizens, vital to the functioning of a democratic society." The site is run by the Environmental Protection Agency and seemed innocent enough until it was discovered there was a software bug in the site's search facility.
  2. British Airways reveals massive data breach, could face £500m fine under GDPR, via ITPro
    • British Airways revealed it's been the subject of a massive data breach thought to have affected hundreds of thousands of customers over a two week-period last month. It has now recruited the help of the National Crime Agency and National Cyber Security Centre to investigate into how the incident happened.
  3. Mobile phishing campaign offered free flights, via Infosecurity Magazine
    • A campaign recently reported by Farsight Security involved an internationalized domain name "homograph-based" phishing website that tricked mobile users into inputting their personal information. The suspected phishing websites presented as commercial airline carriers and offered free tickets, fooling users with the age-old bait-and-switch technique.
  4. Kansas County fortifies its defenses after failed cyberattacks, via Government Technology
    • A couple recent unsuccessful cyberattacks on Dickinson County, Kan.’s computer system has spurred an investment in new antivirus software. “We’ve had a couple attempted attacks come through our firewall and into the software. Luckily, staff were able to deal with those,” County Administrator Brad Homman told commissioners on Aug. 23.
  5. Meet ransomware which wears the face of former president Barack Obama, via ZDNet
    • Cybercriminals often use the threat of the FBI and law enforcement to frighten victims enough to pay up. It's unusual, though, to see the face of a former head of a country as a brand of malware. Barack Obama's Everlasting Blue Blackmail Virus Ransomware, is perhaps one of the more peculiar strains of ransomware which have emerged over the course of this year.
  6. This malware disguises itself as bank security to raid your account, via ZDNet
    • Banking malware, including Trojans which steal your online credentials and screen grabbers, usually place heavy emphasis on remaining undetected for as long a period of time as possible. TrickBot, Emotet, BackSwap and the experimental MysteryBot are only a handful of the countless forms that banking malware can take.
  7. What to expect when the internet gets a big security upgrade, via NetworkWorld
    • More secure keys protecting the directory name system (DNS) are ready to deploy, but for those using DNS servers that haven't been upgraded, it could cause problems reaching websites. Changing these keys and making them stronger is an essential security step.
  8. CamuBot Brazilian banking trojan puts new spin on phishing attacks, via SC Magazine
    • A new financial malware camouflaged as a security module and dubbed “CamuBot” is targeting Brazilian Banking customers. The malware was first spotted in Brazil in August 2018 in a series of targeted attacks against business banking users and has been since been actively used to target companies and public sector organizations, IBM X-Force researchers said in a Sept. 4 blog post.
  9. Atlanta meets self-imposed transparency portal deadline, via Government Technology
    • Working to deliver on one of five goals set earlier this year with the debut of the new Mayor’s Office of Equity, Diversity and Inclusion, Atlanta officials gathered to mark the debut of a portal aimed at tracking city funds Sept. 4. The initiative known as Open Checkbook was announced on April 10, less than a month after the city suffered a debilitating ransomware cyberattack.
  10. More U.S. cities brace for ‘inevitable’ hackers, via The Wall Street Journal
    • Hackers are constantly probing for “the one flaw overlooked” in Houston’s computer networks, the official responsible for safeguarding the fourth-largest US city’s system said. His presentation helped persuade local lawmakers they needed a $30 million cybersecurity insurance plan with a $471,400 premium, an example of a burgeoning trend across the country.
  11. HHS HCCIC cybersecurity alert: New Ryuk ransomware quickly racking up damage, via Healthcare IT News
    • Researchers have seen an uptick in a new ransomware strain similar to the notorious SamSam virus, warned the US Department of Health and Human Services Healthcare Cybersecurity Communications and Integration Center in an alert. Ryuk isn’t technically advanced, but the highly targeted, planned ransomware variant has several interesting features that ensures its victims are hit hard, according to research from Check Point.
  12. Phishing for political secrets: Hackers take aim at midterm campaigns, via CBS News
    • When Russian hackers successfully attacked Hillary Clinton's presidential campaign chairman John Podesta in 2016, they didn't need to use crippling ransomware or a complex zero-day exploit. Instead, the Russians used one of the oldest tricks in the hacker playbook: Email phishing.
  13. Silence group quietly emerges as new threat to banks, via Dark Reading
    • A pair of Russian-speaking hackers, likely working in legitimate information security roles, has quietly emerged as a major threat to banks in Russia and numerous other former Soviet republics in recent months. The duo, called "Silence," is known to have stolen at least $800,000 from banks in Russia, Ukraine, Belarus, Poland, Kazakhstan and Azerbaijan over the past year.
  14. Browser password hack puts millions of home Wi-Fi networks at risk, via Komando
    • Researchers from software security company SureCloud recently published a report about a security flaw in Chromium-based browsers, like Chrome and Opera. The issue appears to revolve around a browser's password autosaving features and the way home routers use unsecured HTTP connections on their administration pages.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Prioritizing GDPR Hurdles

4 GDPR Hurdles to Prepare For In the …

4 GDPR Hurdles to Prepare For In the second installment o… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Apr 26, 2018

3 Ways to Take Down an Organization: Technical Failures, Targeted Atta…

What are you doing about the threats aga…

What are you doing about the threats against your organizati… Read More >

Bob Adams

by Bob Adams

Product Marketing Manager - Security

Posted Apr 17, 2018

Two Major Reasons We’re Failing at Cybersecurity

Good enough security is good enough no l…

Good enough security is good enough no longer. You use emai… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Jul 24, 2018