Catch up on the latest cybersecurity news.

All manner of cyberattacks, email or otherwise, continue to dominate the news cycle and make up the bulk of this week’s roundup. A major new phishing scam is targeting PayPal users; a ransomware attack decimated the IT infrastructure of an Alaskan town; and governmental organizations across the globe are facing threats from a new group committing combined spear-phishing and malware attacks. Plus, a new study this week has some alarming facts about the lack of IT security personnel working at SMBs.

At the same time, there’s word of strong attempts to fight back against these attacks both as part of the federal implementation of the Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol and the city government staff of Washington, D.C. thwarting off an attempted breach of their critical systems.

Learn more in this week’s roundup below.

  1. Health and Human Services (HHS) leads federal agencies in email security implementation, via Heath IT Security
    • The US HHS department has secured the most domains of any federal agency as part of the DMARC email security protocol implementation mandated by the Department of Homeland Security, according to a study by email security firm Agari.
  2. Phishing scam masquerades as Square to target businesses, via PYMNTS
    • Reports in the Victoria Advocate said scammers are sending emails that appear to be from payment service provider Square. While there are several versions of the email, they all include the Square logo, according to reports. There are also links in the email to request a payment or view payment or refund details, as if a payment had already been made.
  3. New Spectre variant hits the network, via Dark Reading
    • Spectre is back, and this time in a variant that adds something truly new: remote access to cached data. The good news is that access comes at a snail's pace. In a research paper published last week, four researchers from Graz University of Technology detailed NetSpectre.
  4. Washington, D.C., officials block 'widespread' attempt to breach cyberdefenses, via Government Technology
    • The nation’s capital city successfully fended off a large-scale, multinational attempt to breach its cyberdefenses on July 24. The Office of the Chief Technology Officer’s Security Operations Center was made aware through “prompt reporting by D.C. government employees” that they were receiving phishing emails requesting sensitive information including passwords.
  5. Spear-phishing remains big e-threat to preparers: IRS, via Accounting Today
    • Spear-phishing emails remains the most common way data thieves enter tax practitioner’s digital networks and steal client information, according to the US Internal Revenue Service (IRS). Tax pros who fall victim to spear-phishing voluntarily disclose password information or download malicious software that helps thieves breach their security systems, according to the IRS.
  6. This destructive ransomware has made crooks $6M by encrypting data and backups, via ZDNet
    • The cyber gang behind the SamSam ransomware have netted almost $6M since they started distributing the file-locking malware in late 2015 -- and their profits are still on the rise, netting around an additional $300,000 each month.
  7. Yale University discloses old school data breach, via ZDNet
    • Yale University has disclosed a security breach which occurred a decade ago. The prominent US university revealed this week the existence of a "data intrusion" which took place between 2008 and 2009. On July 26 and 27, the academic institution notified members of Yale, alumni, faculty members, and staff that Yale believes were impacted by the breach. According to the university, 119,000 individuals were affected.
  8. New phishing scam targets PayPal users, via Komando
    • PayPal users should be on the lookout for a scam email designed to install malware on their computer, security experts have warned. The malicious email is disguised to look like an official communication from PayPal, and even appears to be sent from the address “service@paypal.com.”
  9. Hacking group combines spear-phishing with mass malware campaign, via ZDNet
    • A hacking group is attempting to carry out targeted attacks against nation states while at the same time using the same infrastructure to carry out spam campaigns with the intention of delivering malware. Active since at least Feb. 2018, the attackers are using phishing attacks to target governmental organizations of the UK, Spain, Russia and the US.
  10. Ransomware attack absolutely wrecks Alaskan town's IT infrastructure, via Mashable
    • A borough in Alaska has been hit by a devastating ransomware attack, forcing employees to completely forego computers and go back to typewriters and hand receipts. Matanuska-Susitna has declared disaster on Tuesday after being hit by several different strains of malware that crippled its computer infrastructure, including computers, servers, phones and email exchange.
  11. Less than 30% of SMBs have an IT security pro on staff, via TechRepublic
    • Within the past 12 months, phishing attacks, malware, and ransomware remained the most common attack vectors for SMBs, with almost 40% of SMBs having experience an attack, stated the report. While SMBs face many hurdles when it comes to protecting themselves, there are small measures that can still be taken.
  12. Google to warn enterprises of potential attacks on G Suite accounts, via eWeek
    • Google has added an optional new feature in G Suite's Admin Console that alerts customers of cyber-attacks on their accounts. Administrators of Google's G Suite collection of cloud-hosted productivity apps can now get alerts from Google of potential government-sponsored backed attempts to break into their account.

To learn more about how you can combat email-borne threats, connect with us at Black Hat USA 2018 in Las Vegas this week. Here’s how.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Internal Cyber Threats – How to Protect Against the Enemy Within

Get the truth about malicious insiders. …

Get the truth about malicious insiders. In general, organiz… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Jul 31, 2018

Blocking Impersonation, Phishing and Malware Attacks with DMARC

Combine DMARC Analyzer’s email channel v…

Combine DMARC Analyzer’s email channel visibility and report… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Jul 11, 2018

Two Major Reasons We’re Failing at Cybersecurity

Good enough security is good enough no l…

Good enough security is good enough no longer. You use emai… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Jul 24, 2018