Get the latest cybersecurity news.

Cyber Resilience News.png

Cyberattackers have no scruples when it comes to their targets. In this week’s news roundup, we look at a particularly galling story of an email scam that stole a significant sum of money from a charity in the US state of Virginia.

Plus, we’ve got the low-down on some interesting new statistics including the confidence level of small-to-medium sized organizations when it comes to ransomware protection as well as the number of security jobs expected to be unfilled over the next three years.

To get this post and others delivered directly to your inbox every week, plug in your email here to subscribe. It’s the easiest thing you’ll do all day.

Onto the news!

  1. Four million Aussies were affected in Under Armor data breach, via Tech Radar
    • Fresh details have surfaced regarding the February 2018 data breach that affected 150 million users of the MyFitnessPal app, a service run by health and fitness company Under Armor. The breach notification submitted by the company to the Australian Government has been made public due to the country’s Freedom of Information Act.
  2. Private messages stolen from 81,000 Facebook accounts are up for sale, via Komando
    • Hackers are reportedly selling private messages stolen from at least 81,000 Facebook user accounts. First reported by the BBC, a majority of the compromised accounts appear to belong to Facebook users based in Ukraine and Russia, but there are some from UK, U.S., Brazil and other countries too.
  3. SMS phishing + cardless ATM = Profit, via Krebs on Security
    • Thieves are combining SMS-based phishing attacks with new “cardless” ATMs to rapidly convert phished bank account credentials into cash. Recent arrests in Ohio shed light on how this scam works.
  4. International hotel chain suffers a massive data breach - Has your data been compromised?, via Komando
    • Hotel chain Radisson Hotel Group has confirmed that it was recently hit by a data breach that's affecting some of its most loyal customers who are members of the chain's Radisson Rewards loyalty and reward program. The Radisson Hotel Group may not sound familiar to you, but it has 1,400 hotels across 70 countries.
  5. This time it’s personal – the growing threat of SMiShing attacks, via Infosecurity Magazine
    • The blurred line between professional and personal security is clear in the increasing popularity of SMiShing attacks. This technique uses the same tricks commonly seen in normal phishing, but with SMS texting as the medium rather than email and is often used in conjunction with other attacks.
  6. $25,000 stolen from Virginia charity in email scam, via NBC Washington
    • Scammers hacked into an email account and used it to steal enough money to feed 100 children for a year from a Virginia charity. David Gifford was emailing with two churches, one that currently handles the charity's finances and another set to take over at the end of the year. Scammers hacked into one of their email accounts, learned about the transition and sent an email from that account asking for $25,000 to be wired to a bank in California.
  7. The ‘biological interface’ is the weakest link in cybersecurity, via Tech HQ
    • For security teams, concentrating on protecting C-Suite executives is an error. Smart cybercriminals know the people that are the best targets might be Finance Department juniors, IT Helpdesk interns, or temporary staff. Just about anyone is capable of clicking a rogue link, and anyone who hasn’t been taken in, even momentarily, by good phishing email scams is probably a liar.
  8. You're going to get breached -- so how should you respond?, via Forbes
    • According to Ponemon Institute's 2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB) report, 52% of organizations are not confident their current anti-virus software will protect them from ransomware. Hackers have shown themselves to be consistently one step ahead.
  9. What is behind the growing trend of BEC attacks?, via TechTarget
    • Business email compromise (BEC) is a scam that relies heavily on social engineering techniques to trick its victims into transferring money or goods to accounts owned by those behind the scam. The Beazley Breach Insights report is not the only report that reveals how prevalent this type of attack is becoming.
  10. The mad dash to find a cybersecurity force, via The New York Times
    • An estimated 3.5 million cybersecurity jobs will be available but unfilled by 2021, according to predictions from Cybersecurity Ventures and other experts. According to a report from the Identity Theft Resource Center, the number of data breaches in the United States in 2017 hit a high of more than 1,500, up almost 45% over 2016.
  11. The rise of the intelligent machine in cybersecurity, via Forbes
    • Protecting your data today means dealing with hacking attempts powered by machine learning (ML), the science of computers learning and acting like humans. These ML computer algorithms are based on an analytical model designed to collect data and adapt its processes and activities according to use and experience, getting “smarter” over time.
  12. WannaCry highlighted weaknesses in emergency responses to cyberattacks, via Healthcare IT News
    • Last year’s WannaCry ransomware attack on the UK health service exposed weaknesses in healthcare cyber resilience and highlighted weaknesses in emergency responses to cyberattacks. Extreme Networks Healthcare Solutions Director Bob Zemke said a key lesson from the attack was the importance of having defined response plans when systems are compromised.
  13. How email fraud tactics continue to find new life, via Help Net Security
    • Losses due to BEC scams are escalating, and criminals are targeting organizations with emails that, more often than not, foil conventional email security solutions because they do not carry malicious payloads or links. The problem stems from the fact that it’s easy to spoof senders or compromise email accounts.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

How Does the GDPR Data Breach Notification Work?

The way you prevented data breaches has …

The way you prevented data breaches has changed forever. The… Read More >

Jake O'Donnell

by Jake O'Donnell

Global Editorial Content Manager

Posted Jun 06, 2018

Cybersecurity Awareness: Take the Right Approach

Asking the experts on cyber awareness tr…

Asking the experts on cyber awareness training. There’s nev… Read More >

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Nov 06, 2018

'PhishPoint': How to Tackle the Latest Office 365 Threat

There’s a new phishing attack targeting …

There’s a new phishing attack targeting Office 365/SharePoin… Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Sep 19, 2018