Catch up on the latest cybersecurity news.
Tried-and-true methods by cybercriminals of cracking into systems and stealing important data or money continues to dominate the news this week. The latest is included in a new report from Dark Reading in the roundup below. To combat these kind of attacks, there’s news about anti-spoofing efforts underway by the U.S. government.
Plus, this week we have a follow-up on how Google employees have avoided falling for phishing scams over the last few years and some new data about breach reports under the European Union General Data Protection Regulation (GDPR).
- 'Password check required'? not so fast, via Dark Reading
- The most successful phishing emails tell users to check their passwords or investigate security alerts. Hackers are exploiting their increasingly security-savvy targets by sending emails disguised with subject lines about security alerts and password verification. Consumers are taking the bait.
- Russian hackers used phishing tools in 2017 attack on grid, via PBS
- Russian hackers who penetrated hundreds of U.S. utilities, manufacturing plants and other facilities last year gained access by using the most conventional of phishing tools, tricking staffers into entering passwords, officials said Wednesday.
- Defense Department will implement anti-spoofing email protections, CIO says, via Nextgov
- The U.S. Defense Department is implementing an anti-spoofing email security tool that’s already required for civilian agency email domains, according to the Pentagon chief information officer. The DoD is preparing a task order implementing that tool, known as Domain-based Message Authentication, Reporting and Conformance, or DMARC, by the end of 2018.
- U.S. gov't outpacing enterprises in adopting DMARC email security policy, via eWEEK
- Ahead of the Oct. 16 deadline, 81 percent of U.S. government agencies are now implementing the DMARC email security specifications. Eighty-one percent of U.S. government agency domains have now enabled the DMARC email security standard, according to a new report released on July 26 by email security firm Agari.
- Claire McCaskill, a vulnerable Democrat running for re-election, targeted in hacking attempt by Russian spies, via The Washington Post
- U.S. Sen. Claire McCaskill of Missouri, one of the most vulnerable Democrats running for re-election this year, was targeted by Russian government hackers who sought but failed to compromise her Senate computer network.
- Senate Dem: ‘Widespread’ phishing attacks targeting political parties, senators, via The Hill
- U.S. Sen. Jeanne Shaheen of New Hampshire warned of "widespread" phishing attacks against Senate offices and political parties across the country, revealing that her office had already notified authorities of one suspicious experience. "There has been one situation that we have turned over to authorities to look into," Shaheen said, "We're hearing that this is widespread with political parties across the country, as well as with members of the Senate."
- Chinese shipping firm infected by ransomware, via BBC News
- The infection has knocked out some electronic communications at several of its North American locations. In a statement, it said a "local network breakdown" had hit its American region. It said it had isolated the offices as it investigated. China Ocean Shipping is China's largest carrier of containerised goods and the fourth-largest of these maritime operators in the world.
- D.C. government targeted by overseas hacking attempt; referred matter to feds, via The Washington Post
- City employees received strange emails on Tuesday that attempted to lure them into revealing their passwords and other sensitive information. Officials say they aren’t aware of any information that was compromised because of the phishing attacks.
- Google Employees’ secret to never getting phished is using physical security keys, via Gizmodo
- If you’ve been hacked in recent years, odds are you fell for that perfectly-crafted phishing message in your email. Even the most mindful individuals can slip up, but Google’s employees have reportedly had a flawless security record for more than a year thanks to a recent policy requiring them to use physical security keys.
- Under GDPR, data breach reports in UK have quadrupled, via Bank Info Security
- GDPR imposes a number of new requirements, but one of the biggest changes is that organizations must track all breaches and report certain types of breaches to authorities within 72 hours where feasible. So it should be no surprise that the number of breach reports being filed to the ICO by organizations—based inside the U.K. and out—has already increased.
To learn more about how you can combat email-borne threats, connect with us at Black Hat USA 2018 in Las Vegas next week. Here’s how.
Want more great articles like this?Subscribe to our blog.
Get all the latest news, tips and articles delivered right to your inbox
You will receive an email shortly
Take me back to the article please