Get the latest cybersecurity news.

In this week’s roundup, we see news for so many familiar topics: phishing attacks, ransomware, attacks against government officials and efforts to thwart these attacks, including tactics such as Domain-based Message Authentication, Reporting and Conformance (DMARC).

Plus, there’s word about how the European Union General Data Protection Regulation (GDPR) may actually be hampering efforts in Europe to investigate organized cybercrime.

  1. Education Department warns that students on financial aid are being targeted in phishing attacks, via The Washington Post
    • Malicious attackers have recently tried to gain access to students' financial aid refunds at multiple colleges in a scheme that involves sending fraudulent emails to students, according to a warning issued by the US Education Department. The target is federal student aid refunds, money distributed to students after tuition and other education costs are paid.
  2. This new phishing attack uses an old trick to steal passwords and credit card details, via ZDNet
    • A new phishing campaign is using an old trick to steal login credentials, payment details and other sensitive information from victims by claiming to offer them a tax refund which can only be claimed online.
  3. Ransomware attack blacks out screens at Bristol Airport, via ZDNet
    • Flight information screens were blacked out over the weekend at the Bristol Airport in the UK. Airport officials blamed the incident on a ransomware infection that affected the computers running the airport's in-house TV screens displaying arrival and departure flight information.
  4. Russian hackers aren’t the only ones to worry about, via Bloomberg
    • On the surface, John Podesta and Elliott Broidy are not at all alike. And yet both seem to be victims of a new kind of political warfare: state-sponsored hacking and leaking. Podesta’s privacy was violated when his emails were pilfered by Russian operatives and distributed in 2016 through fake websites and WikiLeaks. In Broidy’s case, the hacker and leaker is Qatar.
  5. Hackers selling research phished from universities on WhatsApp, via Naked Security
    • Iranian hackers have reportedly breached top British universities – including Oxford and Cambridge – to steal what the Telegraph says are “millions” of papers and academic research documents that they then put up for sale via WhatsApp and websites.
  6. Facebook increases security for political campaign staff, via Forbes
    • CEO Mark Zuckerberg admitted that the company fell short when it came to keeping control during the 2016 presidential election. Since then, the company has worked to remove fake accounts at a rate of millions per day and has hired 10,000 people to work on safety and security.
  7. Cybercrime: Ransomware remains a 'key' malware threat says Europol, via ZDNet
    • Ransomware remains the top malware threat to organizations, causing millions of dollars of damage and remaining a potent tool for cyber criminals and nation-state attackers. The rise of highly targeted file-locking malware campaigns and the threat posed by nation-state backed campaigns, means ransomware "remains the key malware threat in both law enforcement and industry reporting," warns Europol's 2018 Internet Organised Crime Threat Assessment report.
  8. Equifax hit with maximum £500,000 fine after massive security breach, via ITPro
    • The Information Commissioner's Office (ICO) has fined Equifax £500,000 for failing to protect millions of UK citizens' personal data during a cyberattack last year. Contact information, email addresses and credit card information of 15 million UK Equifax customers were compromised in a massive hack on its US parent company, Equifax Inc, between May 13 and July 30, 2017.
  9. FBI: Phishing attacks aim to swap payroll information, via Dark Reading
    • The FBI's Internet Crime Complaint Center (IC3) has reported a wave of social engineering attacks that aim to steal employees' login credentials so they can break into online payroll accounts. According to the IC3, attackers send their targets phishing emails designed to capture login credentials.
  10. As tech drives the business, so do CISOs, via Dark Reading
    • Security leaders are evolving from technicians to business executives as tech drives enterprise projects, applications and goals. The tasks topping the CISO's to-do list are slowly shifting, as their core priorities transition from primarily technical expertise to securing business applications and processes.
  11. Phishing email claims you're locked out of your Wells Fargo account, via Consumer Affairs
    • There’s an email phishing scam making the rounds using the ruse of telling users to verify their account or lose permanent access. The message claims to be from Wells Fargo and reads "Dear Customer, For your security unusual incorrect sign in attempt to your Wells Fargo account. Kindly verify the correct information below to avoid supspension (sic). Verify Here," with "verify here" in the form of a link.
  12. DMARC policies for Whitehouse.gov make spoofing emails easier, via Bleeping Computer
    • Federal executive branch departments and agencies have until Oct. 16 to configure a policy-based email domain validation system configured with the strongest setting. Most domains already comply with the mandatory requirement but whitehouse.gov is not yet among them.
  13. Wyden warns foreign gov’t cyberattacks aimed at personal accounts of senators, aides, via SC Magazine
    • The personal email accounts of senators and their aides are in the crosshairs of nation-state hackers, US Sen. Ron Wyden (D-Ore.) warned Senate leaders in a letter that took the body’s security office to task for failing to safeguard them. Wyden said the US Senate Sergeant at Arms claimed its hands were tied because it wasn’t authorized to see to the security of personal accounts.
  14. Phishing, vishing and smishing: Organized cybercrime under GDPR, via Media Post
    • Technology is fueling all manner of cybercrime, from credit card skimming to extortion of money from data breach victims, according to the Internet Organised Crime Assessment 2018, a report by Europol. And far from helping, GDPR and other privacy laws could actually hamper investigation of these crimes.
  15. Warning issued as Netflix subscribers hit by phishing attack, via Naked Security
    • Netflix phishing scammers are at it again – sending emails that try to steal sensitive details from subscribers. Late last week, Action Fraud – a joint initiative between the City of London Police and the National Fraud Intelligence Bureau – warned Netflix subscribers about a new spate of phishing emails.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Blocking Impersonation, Phishing and Malware Attacks with DMARC

Combine DMARC Analyzer’s email channel v…

Combine DMARC Analyzer’s email channel visibility and report… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Jul 11, 2018

Have You Done These 4 Things for GDPR Compliance?

The May 25th GDPR deadline is upon us. …

The May 25th GDPR deadline is upon us. In the last edition … Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted May 17, 2018

'PhishPoint': How to Tackle the Latest Office 365 Threat

There’s a new phishing attack targeting …

There’s a new phishing attack targeting Office 365/SharePoin… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Sep 19, 2018