Catch up on the latest cybersecurity news.

In our final news post for the month of August, we learn about threats to US elections via cyberthreats and attempts to attack one particular politician that recently came to light. We’ve also got news about attacks against a healthcare company and a popular babysitting app.

Lastly, we’ve got an article from Real Business that explores why companies need to think like hackers to get ahead of their attacking techniques.

  1. URL scheme vulnerabilities patched in Airmail 3 email client, via SC Magazine
    • Developers behind the Airmail 3 email client for iPhone and Mac OS X have issued a software update after researchers from the security firm Versprite used reverse engineering to find vulnerabilities in its URL scheme.
  2. Inside the midterm campaigns’ fight to ward off cyberattacks — before it’s too late, via New York Magazine
    • Midterm campaigns are entering the fall more anxious than ever about looming threats of email phishing, text hacking, and countless other ominous possibilities that could derail their hopes with the touch of a Muscovite button. And it’s becoming increasingly clear to many that they may just not be ready for what’s coming — or what’s already occurred.
  3. Sen. Pat Toomey's campaign latest political email hacking target, via New York Daily News
    • Toomey is the latest U.S. politician to announce his campaign was the target of attempted email hacking. Google notified Toomey's office that "hackers from a nation state may have attempted to infiltrate specific email accounts associated with his campaign apparatus" through a phishing scam, Steve Kelly, a spokesman for the Pennsylvania Republican, said in a statement.
  4. T-Mobile hack may have exposed data of 2 million customers, via CNET
    • T-Mobile has revealed that hackers may have stolen personal information on some of its customers. The intrusion took place on Monday, and some customer data "may have been exposed" before the carrier's cybersecurity team shut off access and reported the breach to law enforcement, it said in a statement.
  5. Google unveils Iran-linked 'state-sponsored phishing attack' on its properties, via Fox News
    • Google said it has uncovered a "state-sponsored phishing attack" that is connected to the Islamic Republic of Iran Broadcasting, marking the first time the tech giant has found a direct link between Iran's state media and misinformation attacks.
  6. In payments fraud, bad guys play go phish, via PYMNTS
    • Barclays Corporate Banking warned business owners that a number of methods must be considered to protect against bad actors. The fact remains that “fraudsters often employ low-tech methods, rather than trojans or other malicious software.”
  7. Fox variant of Matrix ransomware installed on computers running Remote Desktop Services, via SC Magazine
    • A new variant of the Matrix ransomware dubbed “Fox Ransomware” was discovered renaming encrypted files and appending the .FOX extension to the file name. MalwareHunterTeam security researchers spotted the ransomware and noted that like its predecessor, the newest variant communicates a lot with its Command and Control server.
  8. DNC phishing hack was actually a false alarm, CNET
    • A scheme shut down last Tuesday involved someone who seemed to be trying to steal usernames and passwords of Democratic Party officials by way of a fake login page for VoteBuilder, the service that hosts the DNC's voter database. But the trickery uncovered Tuesday seems to have been benign. The DNC said Wednesday that the phishing site was an unauthorized simulation.
  9. Government leads industry in anti-spoofing email protection, report finds, via Nextgov
    • The federal government is leading major industries in setting up anti-spoofing email security features, according to an industry report released Wednesday. More than 70 percent of federal government email domains are protected by the tool known as DMARC, according to the report from the company ValiMail.
  10. Phishing attack breaches 38,000 patient records at Legacy Health, via Healthcare IT News
    • Portland, Oregon-based Legacy Health is notifying 38,000 patients that a phishing attack may have breached their data. According to the notice, officials discovered unauthorized access to some employee email accounts on June 21. However, the access began several weeks before in May 2018. The health system hired a third-party forensic firm to help with its investigation.
  11. Babysitting app suffers ‘temporary data breach’ of 93,000 users, via Naked Security
    • Babysitting-booking app Sitter “temporarily” exposed the personal data of 93,000 account holders. In a LinkedIn post, Bob Diachenko explains how he found the 2GB MongoDB database on Aug. 13, which contained phone numbers, addresses, transaction details, phone book contacts, partial credit card numbers and encrypted account passwords.
  12. Email marketing: threats and opportunities, via Forbes
    • Let's start with the issues you'll need to address when leveraging this marketing tactic. The main threat involves cybersecurity where more emails addresses are getting hacked through phishing schemes as well as ransomware embedded in email attachments.
  13. Phishing for the big fish: Why employers should think like a hacker, via Real Business
    • Industry giants like JP Morgan Chase, Sony Pictures, Yahoo! and Home Depot have experienced debilitating cybersecurity attacks in addition to hundreds of SMEs. The thought that hackers won’t bother with smaller firms simply isn’t true. In fact, SMEs make for easier targets because of a lack funds and expertise to improve security.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Is Moving to the Cloud the Right Time to Rethink Your Email Security S…

Here’s what to think about when consider…

Here’s what to think about when considering an Office 365™ m… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Aug 22, 2018

Blocking Impersonation, Phishing and Malware Attacks with DMARC

Combine DMARC Analyzer’s email channel v…

Combine DMARC Analyzer’s email channel visibility and report… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Jul 11, 2018

Two Major Reasons We’re Failing at Cybersecurity

Good enough security is good enough no l…

Good enough security is good enough no longer. You use emai… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Jul 24, 2018