Catch up on the latest cybersecurity news.

In this week’s news we check in on the European Union General Data Protection Regulation (GDPR) and just how many complaints related to the regulation have been received these last three months.

We’ve also got updates on the cost of cyberattacks against US financial institutions, attacks on WhatsApp, what Yahoo plans to do with email data and a sobering reality check about hacking in the upcoming US election.

Read more below in this post-Labor Day news roundup.

  1. Free, easy to use, and available to anyone: The powerful malware hiding in plain sight on the open web, via ZDNet
    • When people hear about a cyberattack or hacking campaign, they may picture a well-oiled machine that's taken time, skills, and resources to build. They imagine underground forums on the dark web, where attackers can buy powerful malware and unleash it on their target of choice.
  2. If you have to simulate a phishing attack on your org, at least try to get something useful from it, via The Register
    • Just when it looked as if the US Democratic National Committee had finally got one over on the phishing hackers that had been owning it since 2016, the triumph was torn away by a moment of rebellious fakery.
  3. GDRP effect: Data protection complaints spike, via Bank Info Security
    • Three months after GDPR went into full effect, the UK's data privacy watchdog says that the number of complaints it has received under GDPR has nearly doubled.
  4. Laughing all the way to the bank: cybercriminals targeting U.S. financial institutions, via Forbes
    • The risk of cyberattack on financial services firms cannot be overstated. Cyberattacks cost financial services firms more to address than firms in any other industry at $18 million per firm (vs. $12 million for firms across industries). Financial services firms also fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries.
  5. WhatsApp: mobile phishing's newest attack target, via Dark Reading
    • In 2018, mobile communication platforms such as WhatsApp, Skype and SMS have far less protection against app-based phishing than email. Mobile phishing is a topic that just won't go away. According to Verizon, 90% of all data breach incidents begin with a phish — and mobile is the fastest-growing vector of attack.
  6. Privacy: Yahoo still scans your emails... and wants to sell data to advertisers, via BetaNews
    • Oath—the owner of Yahoo—is in talks with advertisers, promoting a service that scans the content of emails and provides a wealth of information about users. The service would give advertisers access to data contained in over 200 million Yahoo Mail inboxes. Email scanning would also apply to AOL Mail inboxes, also owned by Oath.
  7. Unprotected MongoDB account exposes 200K files, via Infosecurity Magazine
    • A security researcher has discovered yet another misconfigured MongoDB installation online, this time exposing over 200,000 highly sensitive corporate documents. The 142GB MongoDB account was hosted on Amazon Web Services infrastructure in the US and belonged to global document recognition and content capture software developer ABBYY.
  8. Sacrilegious spies: Russians tried hacking Orthodox clergy, via NBC News
    • The Russian hackers indicted by the U.S. special prosecutor last month have spent years trying to steal the private correspondence of some of the world's most senior Orthodox Christian figures, The Associated Press has found, illustrating the high stakes as Kiev and Moscow wrestle over the religious future of Ukraine.
  9. Google shuts down nation-state activity, thwarts phishing, names Iran, via SC Magazine
    • In recent months Google has spurned phishing attacks and thwarted and terminated untoward activity by nation-states aimed to influence the political stage and attributed suspicious activities on some accounts to actors working on behalf of the Islamic Republic of Iran Broadcasting (IRIB).
  10. Fileless malware attacks rise 94% in 2018, via BetaNews
    • The first half of 2018 has seen a 94% rise in fileless malware attacks according to the latest Enterprise Risk Index Report from endpoint security company SentinelOne. It also finds that PowerShell attacks jumped to a record of 5.2 attacks per 1000 endpoints, compared to 2.5 in May. Ransomware attacks remain popular too, ranging from 5.6 to 14.4 attacks per 1000 endpoints.
  11. Simple but extremely effective: Inside the world's most prolific mobile banking malware, via ZDNet
    • Asacub is one of the world's most successful mobile banking trojans, responsible for stealing funds from hundreds of thousands of users worldwide. But how did this unremarkable piece of malware become so prolific?
  12. Election hacking: security upgrades are too little, too late for 2018 midterms, and race is already on for 2020, experts say, via Newsweek
    • Election experts, cybersecurity experts and those who are overseeing the upcoming midterms have one thing to say about stopping Russian interference in American elections: Forget 2018. It's too late. Focus on 2020.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

GDPR Right to Be Forgotten: How Does It Work?

Upon request, be ready to delete EU resi…

Upon request, be ready to delete EU resident data—forever. T… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Jun 27, 2018

Cyber Awareness Lessons Learned on a Train Ride

Users: here’s how not to handle an email…

Users: here’s how not to handle an email security incident. … Read More >

Bradley Sing

by Bradley Sing

Technical Consultant

Posted Jul 18, 2018

August ESRA Report: Incumbent Email Security Systems Missed 200,000 Ma…

Learn more in Mimecast’s latest Email Se…

Learn more in Mimecast’s latest Email Security Risk Assessme… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Aug 28, 2018