Get the latest cyber resilience news.

This week we have news of attacks against a sales intelligence firm, a dApp development community and a large number of individuals in the nation of Iceland.

There is also news about how many US federal agencies will be compliant with the standard Domain Message Authentication Reporting & Conformance (DMARC) deadline and just how much WannaCry ransomware cost the UK’s National Health Service (NHS).

  1. Unreported Google data exposure affects hundreds of thousands: report, via CBS
    • A vulnerability in the Google+ social network exposed the personal data of "hundreds of thousands" of people using the site between 2015 and March 2018, according to a report Monday by the Wall Street Journal. A vulnerability in the Google+ social network exposed the personal data of up to 500,000 people using the site between 2015 and March 2018.
  2. A recent startup breach exposed billions of data points, via WIRED
    • The sales intelligence firm Apollo sent a notice to its customers last week disclosing a data breach it suffered over the summer. "On discovery, we took immediate steps to remediate our systems and confirmed the issue could not lead to any future unauthorized access," cofounder and CEO Tim Zheng wrote. The scale and scope of the breach has a lot of people concerned.
  3. Vancity says service outage not a cyber or ransomware attack; no ETA on fix, via CBC
    • The president and CEO of Vancity says the service outage that hit the credit union over a day and a half ago is not related to any kind of security breach. "The first thing we did was check to make sure there was no evidence of any type of cyberattack or hacking," said Tamara Vrooman. "And there has been no ransomware detected on our part. But we continue to monitor that."
  4. New phishing campaign drops Ursnif into conversation threads, via Bleeping Computer
    • A new phishing campaign shows increased sophistication from the operators, who take over email accounts and insert a banking trojan in conversation threads. The malware comes through replies to existing discussions, a powerful social engineering approach likely to guarantee a high rate of success because it relies on the familiar context the victim already trusts.
  5. Half of all federal agencies are ready for DMARC deadline, via MediaPost
    • Half of federal government domains will meet the today’s deadline for employing the email security standard DMARC, according to a study by Valimail. Of 1,315 federal government domains, 655 have fully complied with a Department of Homeland Security requirement that they employ DMARC policies.
  6. How banks can protect their data from the next cyberattack, via Forbes
    • Digitizing our monetary assets works great – until it doesn’t. One danger that is perhaps less spoken about – but still dangerous – is the possibility that bad players can do great harm via that digitization.
  7. Election security groups warn of cyber vulnerabilities for emailed ballots, via The Hill
    • Election security groups are sounding the alarm about emailed ballots ahead of the November midterm elections, warning in a new report that PDF and JPEG ballot attachments sent to election officials could be exploited by hackers. The organizations issued a report that found election workers who receive emailed ballots are at risk of clicking on unsafe attachments, sent from unknown sources, that could contain malware.
  8. How did Netflix phishing attacks use legitimate TLS certificates?, via TechTarget
    • These Netflix phishing attacks begin with phishing emails containing links to a hacker-owned site or to a site the hacker has compromised, often asking the user to validate their username and password due to an error with their account.
  9. EOS Black community hit by phishing attack, via Unhashed
    • EOS Black, a dApp development initiative, has reported the existence of a website that is attempting to steal private keys by impersonating the official site. The real EOS Black site is located at eosblack.io, while the fake site is located at eos-black.com. Both sites look almost identical, but the latter is a phishing attempt.
  10. New state-backed espionage campaign targets military and government using freely available hacking tools, via ZDNet
    • A newly uncovered and likely state-backed hacking operation is attacking governments and military organizations, using publicly available tools to execute a targeted cyber-espionage campaign. Dubbed Gallmaker, the group has been active since at least December 2017 and doesn't use malware to gain access to and control Windows systems; instead using tools like Metasploit and PowerShell to gain access to information in targeted attacks.
  11. Data games: phishing as an endless quest for exploitable data, via SC Magazine
    • Ransomware is the best example of this relentless innovation in phishing, with hundreds of ransomware strains or variants deployed in the wild over the past few years. We see a similar level of innovation and development around backdoor trojans, which have steadily become stealthier, more capable, and increasingly deadly.
  12. Largest cyberattack against Iceland driven by Fareit-Remcos Combo, via Bleeping Computer
    • A brazen phishing campaign took Iceland by surprise the last weekend, sending out malicious emails to thousands of individuals, in an attempt to fool them into installing a new threat that mixes code from different sources.
  13. This is how much the WannaCry ransomware attack cost the NHS, via ZDNet
    • One third of NHS hospital trusts and around eight percent of GP practices found their IT systems disrupted by WannaCry ransomware, which left PCs encrypted and unusable, causing significant disruption to patients and care. Now, almost 18 months on from the incident, the Department of Health has attempted to calculate the financial cost of WannaCry and puts the total at £92m.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Blocking Impersonation, Phishing and Malware Attacks with DMARC

Combine DMARC Analyzer’s email channel v…

Combine DMARC Analyzer’s email channel visibility and report… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Jul 11, 2018

Why Look-Alike Domain Attacks Are Rising

Here’s what to know about look-alike dom…

Here’s what to know about look-alike domain attacks. There … Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Oct 11, 2018

WannaCry Ransomware Outbreak

WannaCry? – Yes, I do! The general medi…

WannaCry? – Yes, I do! The general media, the Web, the Twit… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted May 16, 2017