Cyber Resilience News May 23, 2018

The deadline for GDPR compliance kicks off Friday! Can you believe it? It’s been a hot topic for months and of course, in the weeks leading up to the deadline, there was news everywhere about how to get prepared. The Efail vulnerability made headlines all week as well as news was leaked out ahead of a scheduled disclosure. And a teenager in California hacked a teacher, changed some grades and ended up catching 14 felony charges.  What a week!

1. GDPR: Biggest pain points, now and later, Via Enterprisers Project
   • The General Data Protection Regulation (GDPR) goes into effect May 25. Here’s expert advice on top pain points and what to worry less – and more – about
2. Efail disclosure troubles highlight branded vulnerability issues, Via Tech Target
   • The Efail disclosure process was one day away from completion, but attempts to generate hype for the vulnerabilities led to details leaking earlier than researchers intended.
3. Hacker Phishes Teachers, Catches 14 Felonies, Via Infosecurity
   • After targeting teachers with a phishing scam, a 16-year-old student at Ygnacio Valley High School was reportedly arrested by police in Concord, California, on 10 May. The young man hacked into the computer system of Mount Diablo Unified School District and changed not only his grades but those of other students as well.
4. 'EFAIL' Email Encryption Flaw Research Stirs Debate, Via Dark Reading
   • Two common methods of encrypting email messages are broken and could lead to an attacker seeing every encrypted detail in plain text, according to a group of researchers in Europe. But several security experts meanwhile contend that the flaws don't lie within the S/MIME and OpenPGP protocols but instead in certain email clients.
5. Here's how cyber criminals are targeting attorneys in scams to steal cash, Via fin24
   • Attorneys are the latest targets facing attack by cyber criminals intent on stealing money.  According to research conducted by Stalker Hutchison Admiral (SHA) Specialist Underwriters, attorneys have proved to be vulnerable to spear phishing attacks.  In these scams, cyber crooks send a conveyancing attorney a fraudulent email purporting to be from a home seller.
6. How privacy is moving data security to the top of corporate agendas, Via CSO
   • For cybersecurity professionals, this focus on protecting privacy means that their concerns, and budget requests, are now getting attention from senior executives and corporate boards.
7. Get ready for 'WannaCry 2.0', Via Dark Reading
   • Security experts say another worm-spreading mass attack akin to WannaCry is inevitable. It may not be a ransomware attack, but it likely will be another SMB-type worm that exploits the fact that so many organizations leave Windows machines unattended and with open ports to the Internet — and unpatched for the newest flaws.
8. Risk & Repeat: Business email compromise on the rise, Via SearchSecurity
   • Ransomware may be the most talked-about and concerning type of cyberattack today, but the FBI's Internet Crime Report for 2017 offers troubling data on the growing threat of business email compromise.