Get the latest cybersecurity news.

There are different approaches organizations can take to cybersecurity awareness training for employees. In this week’s news roundup, we look at one Canadian municipality that is taking a hard stand against employees who fail phishing tests.

Elsewhere there’s news about usage of Domain Message Authentication Reporting & Conformance (DMARC) practices among the Fortune 500, more details on the expanding impact of the British Airways data breach and how a large amount of bad behavior by an employee infected a US government network with malware.

Subscribe to our blog today to get this story and more delivered to your inbox every week. Just enter your email here. It's that simple.

  1. An Ontario city’s solution for phishing test failure: Deny staff Internet access, via IT World Canada
    • Getting employees to stop and think before clicking on email attachments is the bane of CISOs. Studies show that at least 10% of staff just can’t resist no matter how much awareness training they receive. But an Ontario city’s IT staff has come up with a solution, which might be called tough love: Temporarily kick those who fail phishing tests off the network.
  2. Only half of the Fortune 500 use DMARC for email security, via TechCrunch
    • New data from Agari shows that just half of the Fortune 500 have deployed DMARC. Email systems use DMARC policies to verify the identity of an email sender, ensuring it’s not impersonating another domain. Depending on the DMARC settings, an email system can monitor, quarantine or entirely reject spoofed emails, cutting down on the number of phishing emails that land in corporate inboxes.
  3. TimpDoor Android malware silently infiltrates networks in coordinated attacks, via Security Boulevard
    • A new attack campaign has been found to carry the newly discovered TimpDoor Android malware. It is distributed using phishing email messages and one of its main goals is to infiltrate the internal networks. Since it features non-standard behavior any infections should be removed as soon as possible.
  4. Gift card scam uses bosses' email addresses when phishing, via ABC News
    • A new phishing scam involving gift cards is fooling people by sending emails that appear to come from their bosses. As head of the Chicago office of the Better Business Bureau, Steve Bernas hears about scams all the time. His office even runs a scam tracker on their website.
  5. British Airways data breach victim list grows, via SC Magazine
    • British Airways discovered an additional 185,000 customer payment cards had been compromised while investigating an earlier data breach that affected 380,000 customers. The airline said the records contained the holder’s name, billing address, email address, card payment information, including card number, expiration date and CVV.
  6. Reputation in the era of phishing and Facebook, via Tech Radar
    • Rarely out of the spotlight these days, Facebook’s most recent scandal saw information on 30 million users stolen at the hands of hackers. With public opinion of Facebook continuing to flux, we took the opportunity to poll businesses at the IP Expo earlier last month on the state of their cyber defenses in the wake of this latest high-profile attack.
  7. Data breach compromises 64,000 Tomorrowland festival attendees, via SC Magazine
    • Threat actors managed to access the information of 64,000 Tomorrowland festival-goers who attended the 2014 event in Boom, Antwerp, Belgium. Personal information including names, addresses, age, postcodes, and genders may have been compromised in the incident although this may be enough information to commit identity theft and other forms of fraud.
  8. Phishing spikes as private health continues to be most breached sector in Australia, via ZDNet
    • One-fifth of all Notifiable Data Breaches (NDB) in Australia for the three months between July and September were a result of phishing, while private health retains its crown as Australia's most breached sector.
  9. Iranian hackers hit U. cybersecurity universities, via Forbes
    • Iranian cybercriminals tried to hack into UK universities offering government-certified cybersecurity courses, successfully accessing at least one university’s accounts during a campaign lasting months. The hacking group has targeted at least 18 British universities, according to researchers. The list includes top-flight institutions.
  10. How cybersecurity is developing to combat Russian hackers, via Tech Republic
    • CNET's Dan Patterson interviewed Leo Taddeo, CISO at Cyxtera Technologies and a former FBI special agent in charge of cyber operations in New York City, about Russia's involvement in the 2016 US presidential election.
  11. How’d this government agency get infected with malware? 9,000 pages of porn., via The Washington Post
    • A federal employee infected a US government network with malware after viewing more than 9,000 pornographic Web pages at work, according to an inspector general’s report. The report, published Oct. 17, shows that the employee’s actions were discovered during a security audit of the computer network at the U.S. Geological Survey.
  12. Emotet malware gang is mass-harvesting millions of emails in mysterious campaign, via ZDNet
    • A notorious malware family that has been on a resurgent path since last year has received a major update this week that will send shivers down any organization's back. According to a report from Kryptos Logic shared earlier today with ZDNet, the Emotet malware family has started mass-harvesting full email messages from infected victims, starting yesterday.
  13. Oregon elections director says government seeing 'huge increase' in phishing attempts, via KATU
    • Stephen Trout, Oregon's elections director, said Tuesday that employees in his office and other government agencies are seeing a "huge increase" in phishing attempts.  Phishing is when someone sends you an email that looks like it comes from a reputable company or a person you know but is in fact a scam.
  14. FIFA admits hack and braces for new leaks, via ZDNet
    • FIFA officials are bracing for new damaging leaks to be published this week after soccer's governing body fell victim to a phishing attack. FIFA President Gianni Infantino admitted to the new hack while talking to the press after a FIFA Council meeting last week in Kigali, Rwanda.
  15. Aussie shipbuilder Austal hit with data breach, via SC Magazine
    • Australian shipbuilder Austal Limited’s data management system was hit with a data breach that exposed staff contact information, but the company does not believe any sensitive defense data was involved. The malicious actor managed to access some employee email and phone numbers and then tried to sell the illegally collected information on the internet, as well as, extort money from the company. No response was given to the blackmail attempt.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Cyber Risk, Cyber Insurance and Reducing Human Error

Here's the deal with cyber insurance. Co…

Here's the deal with cyber insurance. Companies evaluating c… Read More >

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Oct 16, 2018

No One Wants to Deal with Data Leaks…No One

With Cybersecurity Awareness Month here,…

With Cybersecurity Awareness Month here, we’re ready to help… Read More >

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Oct 02, 2018

Blocking Impersonation, Phishing and Malware Attacks with DMARC

Combine DMARC Analyzer’s email cha…

Combine DMARC Analyzer’s email channel visibility and … Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Jul 11, 2018