Catch up on the latest cybersecurity news.

Another week, another story about the implementation of the European Union General Data Protection Regulation (GDPR): this time, there’s a belief GDPR could make personally identifiable information (PII) more valuable on the black market.

There are also a couple of news items around Google this week. First, the company is claiming they haven’t had a single employee get successfully phished since early last year thanks to a new security key procedure. At the same time, the US government is voicing concerns over a new Gmail feature that could open the door to more phishing attacks.

Check out all the stories in our weekly roundup below to learn more.

  1. Microsoft security executive reveals Russians tried to hack 3 congressional candidates, via Vox
    • A Microsoft executive said at the Aspen Security Forum panel — the same that US Director of National Intelligence (DNI) Dan Coats and other US officials attended — that the company had detected phishing attacks targeting three US congressional candidates, a bit like the strategy the Russian GRU agents used in the 2016 election against Democrats and Hillary Clinton.
  2. Google: security keys neutralized employee phishing, via Krebs on Security
    • Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told Krebs On Security.
  3. Industry should 'pool resources' to address email phishing attacks, top DNI cyber official says, Inside Cybersecurity
    • Private companies should “pool” their “training exercises” on email phishing to mitigate risks from cyber actors using machine learning to create mass phishing attacks, Jason Matheny, the director of the Intelligence Advanced Research Projects Activity at the Office of the DNI, said at an event Friday.
  4. Beware of Amazon Prime Day phishing scams that are spreading now!, via Komando
    • Amazon Prime Day 2018 has come to a close, which means it is time for all of us to enjoy the fruits of our shopping labor. No matter what we bought, our items have arrived and now the fun really begins. But as the dust settles and everyone moves on from one of the greatest shopping days of the year, scammers are getting to work. That means phishing scams, of course.
  5. Understanding why spear phish are highly effective, via Security Boulevards
    • A spear phish is a particularly damaging kind of email attack. Unlike a traditional phishing attack (which is bulk mailed to a large audience of potential victims) a spear phish is a one-of-a-kind email that has been built specifically to achieve a simple purpose. It is built to attack, beguile, and exploit its intended victim. It is the product of hours of research by the con artists.
  6. How to protect businesses from phishing, spear-phishing and whaling, via Biz Tech Magazine
    • Although phishing attacks have been around nearly as long as email, it would seem that most businesses are still vulnerable to these bogus emails. According to a recent survey by Keeper Security, 79 percent of respondents who suffered ransomware attacks said that phishing emails were to blame for allowing the threat to enter their systems.
  7. Bill to block feds' personal email, social media access advances, via Nextgov
    • The US House Oversight Committee forwarded a bill that would give federal agency leaders authority to block employees’ access to personal email and social media without consulting their unions. The goal is to allow agency leaders to act quickly to counter cyberthreats coming from web-based email and social media, both of which are common vectors for phishing.
  8. 2.3B credentials were stolen in 2017: These industries suffered the most, via TechRepublic
    • In 2017, some 2.3 billion account credentials were stolen because of 51 independent credential spill incidents, according to Shape Security's second annual Credential Spill Report. The main industries affected were consumer banking, retail, airline, and hospitality, which were primarily attacked via credential stuffing and account takeovers.
  9. New Gmail feature could open more users to phishing risks: Government officials, via ABC News
    • Google is rolling out a sweeping redesign of its popular Gmail service, but federal cybersecurity authorities warn that a key new feature on the system could make its 1.4 billion users more susceptible to dangerous phishing attacks that compromise users’ vital personal information.
  10. GDPR fueling rise of PII theft, cryptomining plateauing, via InfoSecurity Magazine
    • According to Malwarebytes's Cybercrime tactics and techniques: Q2 2018 report, the new GDPR could be fueling this increase in PII theft, as the information could be more valuable on the black market. The company observed that a victim had allowed a phishing scammer entry into their computer, which resulted in stolen email credentials.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Three Steps to Take When Migrating Email to Office 365™

Migrate email to the cloud without pain—…

Migrate email to the cloud without pain—or compromise. For t… Read More >

J.Peter Bruzzese

by J.Peter Bruzzese

Office 365 MVP

Posted Jul 20, 2018

Mimecast + Ataata: The Coolest Security Solutions on the Block

It's the cybersecurity awareness trainin…

It's the cybersecurity awareness training platform you've be… Read More >

Peter Bauer

by Peter Bauer

CEO and co-founder

Posted Jul 16, 2018

Have You Done These 4 Things for GDPR Compliance?

The May 25th GDPR deadline is upon us. …

The May 25th GDPR deadline is upon us. In the last edition … Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted May 17, 2018