Get the latest cybersecurity news.

In this week’s roundup, we’ve got a follow-up story from the major breach that recently impacted British Airways, a look back at the massive Equifax breach from a year ago and what’s been done in the aftermath and a particularly diabolical new phishing attack targeting Microsoft Office 365™ users.

Also, a new issue has been uncovered regarding enforcement of the European Union General Data Protection Regulation (GDPR): overreporting. Learn more by reading to the end of this week’s Cyber Resilience News.

  1. Key trends that fuel phishing inside an enterprise, via eWEEK
    • Even though enterprises have invested billions in cybersecurity training and point solutions, the problems aren’t going away anytime soon. The FBI reported that business email compromise (BEC) attacks enabled cybercriminals to steal more than $12 billion from Oct. 2013 to May 2018.
  2. Alert: 'Ryuk' ransomware attacks the latest threat, via Bank Info Security
    • Organizations should be on guard for attacks involving an apparent variant of Hermes ransomware—dubbed Ryuk—that attempts to encrypt network resources. It has already victimized several global organizations in the U.S. and elsewhere, according to a federal alert, which offers mitigation advice.
  3. Hacker accesses email accounts, PHI at retirement communities, via Health Data Management
    • A hacker accessed an employee’s email account at an Ohio retirement community and post-acute care organization, jeopardizing personal health information. Ohio Living discovered on July 10 suspicious activity in an employee’s email account and determined that an unknown individual accessed employee accounts on that date.
  4. 'Father of Zeus' Kronos malware exploits Office bug to hijack your bank account, via ZDNet
    • Kronos, also known as the "father of Zeus," is a pernicious form of malware that will not go away. First uncovered in Russian underground forums in 2014, Kronos comes with a price tag of $7,000, as well as a one-week "trial" option for $1,000. The Kronos developers, in return for these payments, promise constant updates, bug fixes and the development of new modules.
  5. British Airways breach was affected by Magecart attackers, via Help Net Security
    • The British Airways breach was the work of a well-known criminal group dubbed Magecart, which managed to put payment card skimming code on the company’s website, says RiskIQ researcher Yonathan Klijnsma. The group has been compromising online shops left and right for years and its most recent known target was Ticketmaster.
  6. Equifax data breach was a year ago – what has DC done about it?, via CBS News
    • A new report by congressional investigators details how hackers broke into Equifax last year in a breach that exposed the financial information of more than 140 million Americans. The lawmakers who requested the report say they'll press the Trump administration on the lack of enforcement actions against the giant credit-reporting agency.
  7. Phishing is the Internet’s most successful con, via The Atlantic
    • In this age, the online equivalent of The Sting is a phishing site: a fake reality that lives online, set up to capture precious information such as logins and passwords, bank-account numbers, and the other functional secrets of modern life.
  8. Lawmakers slam State Department for failing to meet basic cybersecurity standards, via The Washington Post
    • A bipartisan group of senators is criticizing the State Department for failing to meet what they say are basic federal cybersecurity standards — even neglecting to equip employees with multi-factor authentication that could protect them from the types of phishing attacks that Russian hackers have used to target political campaigns.
  9. One way Office 365 phishing attacks are getting sneakier, Redmond Magazine
    • Phishing attacks have probably been around for as long as email itself. We all know the drill: An attacker sends an email message containing a malicious link, an unsuspecting user clicks on that link, and bam! The user gets infected with who knows what type of devious malware.
  10. Jaxx wallet phishing campaign aimed to steal user cryptocurrency, ZDNet
    • The official Jaxx cryptocurrency wallet has become embroiled at the center of an elaborate phishing scheme designed to drain user wallets. The legitimate Jaxx Liberty domain is located at jaxx .io. Unfortunately, scam artists recently saw an opportunity for criminal gain due to the simple address and launched a website with a similar name, jaxx .ws.
  11. Companies wary of cyberattacks, phishing during hurricanes, Wall Street Journal
    • Hurricane Florence could make companies vulnerable to cyberattacks as firms race to protect computer systems and networks ahead of the storm that hit the Southeast US Friday, cybersecurity experts say. Corporate technology managers should expect more phishing attacks and intrusion attempts as cybercriminals target companies that are moving computers.
  12. Windows support scam uses evil cursor attack to hijack Google Chrome sessions, ZDNet
    • A tech support scam is using a novel technique to hijack the browsing sessions of Google Chrome users. Tech support scams -- Microsoft Windows being one of the main brands abused in this manner -- and general phishing operations often use what is known as malvertising to secure potential victims.
  13. Ransomware attack on fetal diagnostic lab breaches 40,800 patient records, Healthcare IT News
    • The Fetal Diagnostic Institute of the Pacific (FDIP) was hit by a ransomware attack on June 30 that breached the data of 40,800 patients. Hackers breached FDIP servers in June, which included patient records. Officials took action to contain the incident and enlisted a cybersecurity firm. They were able to remove the virus, clean the system and confirm no malware remained.
  14. ICO swamped with GDPR breach overreporting, Infosecurity Magazine
    • The ICO has received 500 calls each week to its breach reporting helpline since the GDPR came into force in May, but around a third of these don’t meet the minimum threshold, according to the deputy commissioner of operations. James Dipple-Johnstone told the CBI Cyber Conference in London that the UK privacy watchdog had been inundated as anxious firms overreport.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Have You Done These 4 Things for GDPR Compliance?

The May 25th GDPR deadline is upon us. …

The May 25th GDPR deadline is upon us. In the last edition … Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted May 17, 2018

Azure/Office 365 Outages: The IT Admin's Guide to Continuity

A major outage in the US takes down a ke…

A major outage in the US takes down a key Microsoft datacent… Read More >

J.Peter Bruzzese

by J.Peter Bruzzese

Office 365 MVP

Posted Sep 06, 2018

Two Major Reasons We’re Failing at Cybersecurity

Good enough security is good enough no l…

Good enough security is good enough no longer. You use emai… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Jul 24, 2018