Get the latest cybersecurity news.

In the past week, we learned more about the crisis that is election cybersecurity and discovered that personal email accounts for high-profile politicians are becoming a big target.

There was also news of a large phishing attack against a major US healthcare company as well as a ransomware attack  against the Port of San Diego. Plus, there’s been a new series of malware attacks (with a rather delicious sounding name) against financial institutions.

Learn more in this week’s news roundup.

  1. Executive branch makes significant progress as DMARC deadline nears, via Dark Reading 
    • The latest progress report published by Agari, which has worked with the US Department of Homeland Security (DHS) to monitor progress toward the deadline, shows that 83% of executive branch domains have enabled DMARC (Domain-based Message Authentication, Reporting, and Conformance).
  2. Senators’ Gmail accounts targeted by foreign hackers, via New York Post
    • State-backed hackers are still trying to break into the personal email accounts of US senators and their aides — and a lawmaker focused on cybersecurity says the Senate’s security office should stop refusing to help defend them.
  3. Warning issued as Netflix subscribers hit by phishing attack, via Naked Security
    • Late last week, Action Fraud – a joint initiative between the City of London Police and the National Fraud Intelligence Bureau – warned Netflix subscribers about a new spate of phishing emails. The scammers are urging victims to enter their Netflix account information and payment details.
  4. SC Officials: Phishing scam targets those donating to Florence victims, via Fox
    • South Carolina Secretary of State Mark Hammond issued a public alert in reference to a scam that exploits those donating to Florence recovery. A press release said that an email appearing to be sent from the SC Sec. of State and the SC Department of Public Safety is actually a phishing scam.
  5. Zoho pulled offline after phishing complaints, CEO says, via TechCrunch
    • was pulled offline on last Monday after the company’s domain registrar received phishing complaints, the company’s chief executive said. The web-based office suite company, which also provides customer relationship and invoicing services to small businesses, tweeted that the site was “blocked” earlier in the day by TierraNet, which administers its domain name.
  6. The crisis of election security, via The New York Times Magazine
    • It was mid-July 2016 when Neil Jenkins learned that someone had hacked the Illinois Board of Elections. Jenkins was a director in the Office of Cybersecurity and Communications at the Department of Homeland Security, the domestic agency with a congressional mandate to protect “critical infrastructure.” It was increasingly clear that the presidential election was becoming a national-security issue.
  7. SHEIN breach exposes emails, encrypted passwords of 6.42M customers, via SC Magazine
    • When hackers breached SHEIN, a US-based online fashion retailer, they were able to access the emails and encrypted passwords of 6.42 million customers. “On August 22, SHEIN became aware that personally identifiable information of its customers was stolen during a criminal cyberattack on its computer network,” the retailer said in a statement on its UK website.
  8. Outlook mobile gets new enterprise management features, improved calendar sharing, and more, via VentureBeat
    • In addition to new enterprise capabilities on the device management side of things, the cross-platform email client will gain tighter integration with Microsoft Teams, native Office Lens integration, and miscellaneous calendar, notifications, and sharing improvements.
  9. Aspire Health hacked by phishing scheme, loses some patients' protected health information, via USA Today
    • Aspire Health, a healthcare company that offers in-home treatment in 25 states, was hacked earlier this month and lost some patient information to an unknown cyberattacker. The hack, disclosed for the first time in federal court records filed Tuesday, occurred after a phishing attack gained access to Aspire’s internal email system Sept. 3.
  10. Explosion of look-alike domains poses phishing risks to online shoppers, via Information Age
    • As the rate of online shopping increases, a new study by Venafi found that online customers are being targeted through look-alike domains. Cyberattackers create false domains by substituting a few characters in the URLs. Because they point to malicious online shopping sites that mimic legitimate retail websites, it makes it difficult for customers to detect the fake domains.
  11. Cobalt threat group serves up SpicyOmelette in fresh bank attacks, via ZDNet
    • Advanced persistent threat group (APT) the Cobalt Gang, also known as Gold Kingswood, is spreading SpicyOmelette malware in campaigns targeting financial institutions worldwide. In a world where cyberattacks against businesses and consumers alike are spreading and evolving in nature and sophistication, it is often financial institutions which bear the brunt.
  12. Port of San Diego hit by ransomware attack, via Reuters
    • The Port of San Diego said on Thursday that the FBI and DHS were investigating a ransomware attack that disrupted the port’s information technology systems. The cyberattack has not affected public safety operations or ship and boat traffic. Public services related to park permits, public records requests and business services have been disrupted.
  13. Mobile password managers vulnerable to phishing apps, via Naked Security
    • Password managers can be used to create, store, enter and autofill passwords into apps and websites. As well as allowing users to maintain scores of strong passwords, password managers can also provide some defense against phishing – their autofill features will enter passwords on sites they’re associated (and their mobile apps), but not on fakes.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

Ransomware Attacks on the Rise – By the Numbers

Ransomware attacks aren’t going away. It…

Ransomware attacks aren’t going away. It’s a fact. Among th… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Sep 26, 2018

Blocking Impersonation, Phishing and Malware Attacks with DMARC

Combine DMARC Analyzer’s email channel v…

Combine DMARC Analyzer’s email channel visibility and report… Read More >

Dan Sloshberg

by Dan Sloshberg

Product Marketing Director

Posted Jul 11, 2018

New Phishing Attack Targets Online Payroll Systems

Using advanced cybersecurity technology …

Using advanced cybersecurity technology and user education c… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Sep 20, 2018