Primary Health Care Experiences Multiple Email Hacks
A non-profit network of community health centers in Des Moines, Marshalltown and Ames, IA, Primary Health Care Inc. has reported that hackers gained access to the email accounts of four workers and may have viewed or downloaded patients’ PHI. A press release issued by Primary Health Care and published a substitute breach notice to its website on March 16, 2018 outlining that the breach occurred on February 28, 2017. The breach was...
Infosec Institute Training Library Now Includes More Than 1,200 Training Resources
The Infosec Institute, developer of the SecurityIQ phishing awareness training platform, has been steadily increasing its training modules to help businesses, non-profits, and educational institutions improve the security awareness of employees and train staff on cybersecurity and compliance. The latest update to the training library sees five new modules added covering the Criminal Justice Information System (CJIS). The five new...
Two Thirds of Indian Companies Have been Targeted with Ransomware
Sophos has published a new State of Enterprise Security Report that provides insight into the main threats faced by organizations around the world. The report was based on a survey conducted on 2,700 IT managers based in 10 countries (USA, UK, Canada, France, Germany, India, South Africa, Japan, Mexico, and Australia). One of the key points from the report is the extent to which Indian businesses are being attacked and just how...
Top Healthcare Security Threats Revealed in HIMSS Survey Results
HIMSS has released the findings of its 2017 healthcare cybersecurity survey, which gives us valuable insights into the state of cybersecurity in the healthcare sector and names the top healthcare security threats. The HIMSS 2018 cybersecurity survey was carried out on 239 respondents from the healthcare sector between December 2017 and January 2018. The findings of the survey were revealed at the HIMSS 2018 Conference & Exhibition...
Future of Cybersecurity Scholarship Program Launched by PhishLabs
PhishLabs, a leading provider of security awareness training and anti-phishing solutions for enterprises, has announced the launch of a new ‘Future of Cybersecurity’ Scholarship Program. The aim of the scholarship program is to help talented individuals further their studies in the field of cybersecurity, one of the most in demand areas of the IT industry. There is currently a major shortage of skilled cybersecurity professionals and...
InfoSec Institute Launches Security Awareness Training Program for Healthcare
The cybersecurity awareness training solution provider the InfoSec Institute has announced it has launched a new security awareness training program for healthcare teams – the first such program to be developed specifically for the healthcare industry in the United States. The training material is available through the company’s SecurityIQ AwareEd training platform, which now contains the largest interactive security awareness...
HHS’ Office for Civil Rights Offers Anti-Phishing Advice for Healthcare Organizations
The Department of Health and Human Services’ Office for Civil Rights has issued anti-phishing advice for healthcare organizations. The warning and advice comes after several major phishing attacks in healthcare. The risk from phishing is greater than ever before and healthcare organizations are being extensively targeted. If technical controls are not implemented and the workforce is not trained to recognize phishing attacks, data...
Phishing Attack on Sutter Health Business Associate Impacts Patients
Sutter Health is contacting certain patients to advise them that their protected health information may have been exposed in a phishing attack on the legal firm Salem and Green, one of its business associates. It is thought that the attack took place on or around October 11, 2017, a phishing email was received by a worker at Salem and Green. The worker responded and, in doing so, allowed the attackers access to their email account....
PhishLabs Research Reveals Extent of Cybercriminals’ Abuse of HTTPS
The Q3 2017 phishing Activity Trends Report from the Anti Phishing Working Group has revealed the extent to which cybercriminals are abusing the Hypertext Transfer Protocol Secure (HTTPS) protocol in phishing campaigns. Websites using HTTPS encrypt the connection between the website and browser to prevent man-in-the-middle attacks. There has been a major transition from HTTP to HTTPS by online retailers and other businesses to provide...
Sophos Launches Phish Threat 2.0
Sophos has launched a new version of its Phish Threat simulator. Phish Threat 2.0 is an enterprise-class phishing simulation platform that allows businesses to run their own internal phishing campaigns to test the effectiveness of their security awareness programs and discover how susceptible their employees are to phishing threats. Training employees to be more security aware is now an essential element of any cybersecurity strategy....
Ironscales Phishing Threat Technology Recognized for Spear Phishing Protection Capabilities
Ironscales, a provider of an automated phishing protection, detection and response platform has had its advanced spear phishing threat technology recognized as a key innovation in the spear phishing market by the global market research and consulting firm Markets&Market in its recent spear phishing market report. The company’s technology was developed specifically to identify and block advanced spear phishing threats that often...
Ron’s Pharmacy Services’ Patients Receive Email Account Breach Alerts
San Diego, CA-based Ron’s Pharmacy Services has found that an employee’s email account containing limited protected health information has been logged onto by an unknown individual. Unusual activity was noticed on the employee’s email account during October 3, 2017 resulting in an investigation; however, it was not until December 21, 2017 that it was revealed that an unauthorized individual had obtained messages in the email...
Agari Reveals 90% of Brands Extremely Vulnerable to Phishing and Fraud
A joint research study conducted by Agari and Farsight Security has been published this month that shows almost every domain is vulnerable to phishing and domain name spoofing due to the failure to adopt the Domain Message Authentication Reporting & Conformance (DMARC) email authentication standard. Globally, fewer than 1% of domains are protected by DMARC, which helps domain owners prevent abuse of their brands. An analysis of...
FBI Issues Warning About Internet Crime Complaint Center Phishing Scams
The FBI has spent the past few months investigating reports of Internet Crime Complaint Center phishing scams. IC3 has been impersonated in several campaigns that attempt to convince people to reveal sensitive information that can be used to drain bank accounts and steal identities. The FBI has identified three email templates that are being used by scammers to obtain sensitive information from victims. In some cases, victims have...
Poor DMARC Adoption in Retail Industry Placing Customers at Risk
A recent study conducted by the email analytics firm 250ok has revealed DMARC adoption in retail is particularly poor and the lack of email validation is placing consumers at risk. SPF – or Sender Policy Framework to give it its full name – is an email validation system that helps businesses to detect attempts to spoof their domains. Domain spoofing is a common tactic used by cybercriminals to fool email recipients into thinking an...
Google Security Checkup Emails Raise Concern Due to Similarity to Phishing Emails
Google security checkup emails have been hitting inboxes over the past few days. The purpose of the emails is to get Google email account holders to check their security settings as potential vulnerabilities have been discovered – Vulnerabilities that could potentially be exploited by malicious actors to take control of users’ email accounts and view potentially sensitive information contained therein. The Google security emails may...
New Necurs Botnet Phishing Campaign Spreads Dridex Banking Trojan
The operators of the Necurs botnet have launched several phishing campaigns in the past few days that are being used to spread the Dridex banking Trojan. Malware and cryptocurrency miners are also being sent in large scale campaigns. New tactics are being used to ensure infection and avoid detection. The latest Dridex malware campaign was launched in the past few days and targets customers of major US and European banks. When users...
Beware of W2 Phishing Scams This Tax Season
Employers are being warned to be wary of W2 phishing scams this tax season. The past two years have seen hundreds of employers scammed into disclosing the W2 forms of their employees. The credentials on the forms were subsequently used to file false tax returns. This year is likely to be no different. Last year, accounts department and payroll staff were targeted with W2 phishing scams, using an attack method termed business email...
Threat from Phishing at an All Time HIgh
The 2018 State of the Phish Report from Wombat Security Technologies confirms the threat from phishing is at an all-time high. Fortunately, employees do appear to be getting better at recognizing phishing emails. The data for the latest State of the Phish Report comes from an analysis of millions of phishing email simulations using the Wombat platform, along with quarterly surveys on more than 10,000 information security professionals...
Phishing Attack Sees School District Network Crippled by Emotet Malware
Employees of the Rockingham County Schools District in North Carolina have inadvertently disabled their entire network after falling for phishing emails. Several employees opened malicious Microsoft Word documents that resulted in multiple copies of Emotet malware being installed. Emotet malware is a computer Trojan that steals financial information first by injecting code into the networking stack, then installing itself in software...
Sophos Warns Users About Fake Antivirus Apps
Sophos has alerted users to the risk of downloading fake antivirus apps. The firm has also released a new white paper on a specific antivirus app called Super Antivirus 2018. According to the report, the app has been downloaded 50,000 times, presumably by users who are concerned about security. While the app does appear to be scanning the mobile device on which it is installed, all the app really offers is the illusion of security....
Phishing Emails Pushing Fake Meltdown and Spectre Patches
The recently disclosed microprocessor vulnerabilities – Meltdown and Spectre – have had software and hardware firms working hard to develop patches. Cybercriminals have also been busy developing phishing campaigns that push fake Meltdown and Spectre patches. It should not come as a surprise that cybercriminals are capitalizing on the rush to secure computers and patch the vulnerabilities. The vulnerabilities can potentially be...
PhishLabs Poll Shows Many Employers Do Not Ask Staff to Report Suspicious Emails
A recent online poll conducted by the anti-phishing solution provider PhishLabs has revealed a considerable cybersecurity gap exists at many organizations. While most companies now have solutions in place to block spam and malicious emails, those solutions rarely block every unwanted email. Many spam emails are still delivered. Some of those emails will contain malware and links to phishing websites. It is for this reason that it is...
DMARC Adoption by Federal Agencies Increases 38% in 30 Days
A new report from Agari suggests the decision made by the Department of Homeland Security (DHS) to make DHS adoption by federal agencies mandatory is having a positive impact. However, the deadline for compliance is fast approaching and the majority of federal agencies have still not implemented DMARC. Prior to the DHS directive (BOD 18-01), relatively few government agencies were using DMARC to secure their domains. The DHS directive...
Florida Agency for Health Care Administration Hit by Phishing Attack
An unauthorized individual has gained access to a single email account of a staff member at the Agency for Health Care Administration in Florida using a phishing scam. The staff member was sent, and responded to, a malicious phishing email on November 15, 2017 and shared login details that permitted the attacker to remotely access his/her email account and, potentially, the protected health information of up to 30,000 Medicaid...
Half of Users Click Links Sent by Unknown Senders
A new report from Komodo security suggests that until at least 2020, phishing will remain the most commonly used tactic of conducting advanced attacks on businesses, for a very good reason. 50% of the time those attacks are successful. The worrying statistic comes from research conducted at Friedrich Alexander University in Germany in 2016, which suggests one in two computer users routinely click hyperlinks in emails from unknown...
Bronson Healthcare Group Phishing Attack Impacts 8,256 Patients
A recent Bronson Healthcare Group phishing attack has resulted in a hacker gaining access to the protected health information (PHI) of 8,256 patients. The attack allowed the hacker to gain access to the health system’s email system, which contained the names, medications, and treatment information of patients. No Social Security numbers or patients’ financial information was compromised, and its electronic medical record system was...
PhishLine Bought by Barracuda Networks
The phishing simulation and security awareness training company PhishLine has been bought by Barracuda Networks. Barracuda Networks is expanding its phishing defense solutions and is planning on creating a comprehensive anti-phishing platform that includes data protection, gateway security, AI-based threat intelligence, security awareness training and phishing simulation exercises. Barracuda already offers its customers a broad range...
Cyberattacks on Hospitals on the Rise: 78% of Providers Attacked in 2017
There has been an increase in cyberattacks on hospitals in 2017, according to a recent Mimecast survey. The survey was conducted on 76 healthcare IT professionals in the United States. 78% said they had experienced a cyberattack in the past 12 months. Cyberattacks on hospitals take many forms. Hackers often take advantage of poor patching policies and misconfigured servers and databases, although email is the primary attack vector....
IRS Phishing Scam Targets Hotmail Users
A new IRS phishing scam has been detected that targets tax professionals and taxpayers who hold Hotmail email accounts. The scam has prompted the Internal Revenue Service to issue a warning to Hotmail users to be wary of emails that request personal and financial information. Each year, cybercriminals target tax payers and attempt to get them to reveal their personal information and Social Security numbers, which are used to file...
Soaring Value of Bitcoin Triggers Rise in Phishing Attacks on Bitcoin Wallets
Over the past few days, the value of Bitcoin has soared from $11,000 to more than $17,500, prompting hackers to increase the number of phishing attacks on Bitcoin wallets. While investors are cashing in on the surge in value, so too are attempts to steal Bitcoin. The purpose of the phishing attacks on Bitcoin wallets is simple. Get investors to reveal their account credentials and Bitcoin wallets can be plundered. There is also no...
Rise in HTTPS Phishing Websites Detected
The past few years have seen many businesses transition from HTTP to HTTPS websites, but HTTPS phishing websites have similarly increased. A green padlock next to the URL indicates the website is secure and traffic between the browser and website is encrypted, but it does not mean the website is legitimate. All HTTPS means is the connection between the user and the website is secure and any data transferred between the two cannot be...
IronScales Raises $6.5 Million in Series A Funding
Tel Aviv-based anti-phishing company IronScales has raised $6.5 million in Series A funding, bringing total equity funding to more than $8 million. IronScales has enjoyed continued double-digit growth over the past three years and has invested heavily in its threat detection, incident response, and threat intelligence sharing technologies. The company has recently been rated as one of the top ten companies to watch by Momentum...
DMARC Adoption Study Reveals Healthcare Industry Lags Behind Other Industry Sectors
A recent DMARC adoption study by Agari has revealed the healthcare industry lags behind most other industry sectors on email authentication. Most of the top healthcare firms in the United States are failing to protect their customers and partners from phishing threats. Domain-based message authentication, reporting and conformance (DMARC) protects domains and stops domain abuse by phishers. While DMARC is highly effective at...
Medical College of Wisconsin Phishing Attack Affects 9,500 Patients
The exposure of approximately 9,500 patients’ protected health information at the Medical College of Wisconsin has been caused by a phishing attack. The attackers were able to gain access to several staff members’ email accounts, which included a variety of sensitive information of patients and some faculty employees. The types of data in the accessed email accounts included names, addresses, medical record numbers, dates of birth,...
MediaPro Launches New Travel Security Awareness Training Course
Organizations can train their employees to be more security aware in the office, but when it comes to business trips, employees face additional security risks. Training employees to be more security aware when travelling can help them to avoid risky behaviors that could potentially lead to malware infections or the accidental disclosure of sensitive information. To help businesses deal with the added risks that come from business...
Warning Issued by IRS About Christmas Phishing Scams
Each year there is a wave of Christmas phishing scams during the holiday season, as cybercriminals attempt to steal sensitive information to enable them to file fraudulent tax returns. This year is likely to be no different. Last year saw a major increase in Christmas phishing scams, and the prospect of another barrage of phishing emails has prompted the IRS to issue a warning to consumers to be alert to new, sophisticated email scams...
Sophos Helps Consumers Avoid Phishing Scams When Shopping Online
Holiday season is a busy time for cybercriminals just as it is for online shoppers, so how can you avoid phishing scams when shopping online this festive season? Sophos has recently offers tips for consumers to help them avoid phishing scams when shopping online, highlighting some of the common tactics used by scammers, and how to recognize phishing websites and scam emails. One of the most common ways that scammers fool victims is...
Suspected UPMC Susquehanna Phishing Attack Exposes 1,200 Patients’ PHI
A network of hospitals and medical centers in Williamsport, Wellsboro and Muncy in Pennsylvania, called UPMC Susquehannam has revealed that the protected health information of 1,200 patients has possibly been accessed by unauthorized people. Access to patient information is thought to have been obtained after an worker replied to a phishing email. While information regarding the breach date have not been published, UPMC Susquehanna...
Phishing is the Biggest Security Threat in Australia
The biggest security threat in Australia for businesses is phishing, according to a recent survey of IT professionals by anti-phishing solution provider PhishMe. The survey was conducted on IT professionals from a wide range of industry sectors including healthcare, finance, retail, manufacturing, high-tech, services, transportation, telecoms, and consumer services. The survey revealed that 89% of IT professionals that took part in...
Contacts Stolen and Spear Phishing Emails Sent by Ursnif Trojan
The financial sector banking Trojan Ursnif, one of the most commonly experienced banking Trojans, has before been used to attack banking institutions. However, it seems the individuals behind the malware have expanded their horizons, with cyberattacks now being carried out on a wide variety of groups across many different sectors, including healthcare. The new strain of the Ursnif Trojan was found by researchers at security firm...
Wombat Security Technologies Ranks #135 on Deloitte Technology Fast 500 List
Deloitte has released its latest Technology Fast 500 List – A list of the fastest growing companies in the technology, life sciences, and telecommunications sectors in North America. For the third straight year, the anti-phishing vendor Wombat Security Technologies has been included in the list and has ranked in the top 150 companies in the United States. This year, the impressive 840% growth has seen Wombat Security Technologies rank...
PhishLabs Launches New Phishing Threat Monitoring and Forensics Service
The Charleston, South Carolina-based anti-phishing solution provider PhishLabs has launched a new Phishing Threat Monitoring & Forensics Service, which helps to identify phishing emails that have evaded spam filtering technologies. Even with a wide range of technologies in place to catch and quarantine phishing emails, some messages evade detection and are delivered to inboxes. This is why security awareness training for employees...
InfoSec Institute Launches New Phishing Defense Tool
The security awareness training company, the InfoSec Institute, has launched a new phishing defense tool called PhishDefender, which the firm claims can reduce phishing susceptibility to 0%. PhishDefender allows administrators to automatically set security controls based on real-time learner data, adjusting controls automatically based on the level of risk. PhishDefenser has been added to the firms SecurityIQ security awareness...
MediaPro Included in 2017 Gartner Magic Quadrant for Security Awareness
Bothell, WA-based learning services company MediaPro has been named one of the leaders in the 2017 Gartner Magic Quadrant for Security Awareness Computer-Based Training. The company has been recognized for completeness of vision and ability to execute. This is the fourth consecutive year that the firm has earned the accolade and has made the Leaders Quadrant. Gartner explained that the company offers “one of the most flexible...
PhishLine Partners with Pipeline Security and Moves into the Japanese Market
Milwaukee-based security awareness training and anti-phishing vendor PhishLine has announced a new partnership with the Tokyo-based firm Pipeline Security. It is hoped that this new partnership will help PhishLine improve its footprint in east Asia and fortify its presence in the Japanese security market. Pipeline Security is a well-respected security firm that serves many top-tier businesses in Japan, offering a range of security...
Study Reveals Extent to Which Combosquatting is Used by Hackers
The use of combosquatting is on the rise, although until recently, the extent to which combosquatting was being used by cybercriminals was not known. However, a new study that examined more than 468 billion DNS records has revealed the practice is far more common than typosquatting. More than 100 times as common in fact. What is Combosquatting? Combosquatting is the use of a trademark in combination with another word in a domain. For...
Inky Awarded Cyber Start-Up Company of the Year Award
A new player in the anti-phishing arena, Inky, has received a Cyber Start-up Company of the Year Award at the inaugural Infosecurity North America conference in Boston. Inky was one of four start-ups pitching a panel of four venture capitalist judges for the award. The company and its innovative anti-phishing solution won over the judges. Inky has developed a new phishing defense solution called Phish Fence. Phish Fence is a platform...
New Matrix Ransomware Malvertising Campaign Detected
A new Matrix ransomware malvertising campaign has been detected. The campaign uses malicious adverts to direct users to a site hosting the Rig exploit kit. Flash and IE vulnerabilities are exploited to download the malicious file-encrypting payload. The new Matrix ransomware malvertising campaign was detected by security researcher Jérôme Segura. Matrix ransomware is not a new threat, having first been detected in late 2016. The...
New MyEtherWallet Phishing Campaign Detected
A new MyEtherWallet phishing campaign has been detected that uses a convincing domain and MyEtherWallet branding to fool MyEtherWallet users into revealing their credentials and providing criminals with access to their MyEtherWallet accounts. In the first few hours of the campaign, the criminals behind the scam had obtained more than $15,000 of MyEtherWallet funds, including $13,000 from one MyEtherWallet user. The individuals behind...
Data Breaches Drop For Second Consecutive Month
The latest report of the Breach Barometer from Protenus/Databreaches.net Healthcare shows that data violations have dropped for the second consecutive month, according to . In August, there were 33 reported healthcare data violations, down from 36 incidents in July and 56 in June. While the drop int he number of data breaches is encouraging, that is still more than one healthcare data breach per day. While it was the second best month...
51,000 Plan Subscribers Hit by Network Health Phishing Attack
Network Health has advised 51,232 of its plan subscribers that some of their protected health information (PHI) has possibly been accessed by unauthorized people. In August 2017, some Network Health Wisconsin-based employees received sophisticated phishing emails. Two of those staff members responded to the scam email and divulged their login credentials to the attackers, who used the details to gain access to their private email...
Department of Education Issues Advisory to Hacking and Extortion Threats
Recently, the hacking group TheDarkOverlord has been targeting K12 schools; gaining access to networks, stealing data and attempting to extort money. In response to the hacking and extortion threats, the U.S. Department of Education has issued an advisory to K12 schools and has provided advice to help educational institutions mitigate risk and protect their networks from attack. The attacks on schools by TheDarkOverlord in recent...
Most Effective Phishing Emails Revealed
Phishing is an effective method of obtaining login credentials and installing malware and ransomware, and email is the most common vector used for these scams, but what are the most effective phishing emails? What types of emails are most likely to fool your employees into installing malware or disclosing their login credentials? This week, security awareness training company KnowBe4 has released its Q3 phishing report, detailing the...
Phishing Has Been the Leading Vector for Cyberattacks in 2017
A recent email security report from anti-phishing vendor IronScales shows that throughout 2017, the leading cyberattack vector is phishing emails, which account for almost 95% of successful cyberattacks. For the report, IronScales surveyed 500 cybersecurity professionals and asked questions about recent cyberattacks, their causes, mitigating those attacks, and cybersecurity defenses deployed to block attacks. Even though many of the...
MediaPro Report Reveals 7 Out of 10 Employees Lack Appropriate Level of Security Awareness
The phishing simulation and security awareness training firm MediaPro has released its second annual State of Privacy and Security Awareness Report, which reveals 7 out of 10 employees do not have sufficient security awareness to prevent cyberattacks on their organization. Even though the risk of phishing attacks has been widely publicized in the media over the past few years, and data breaches and cyberattacks have increased...
Ransomware and Phishing Rated Top Threats by IT Professionals
A recent survey by Cyren, conducted by Osterman Research, has revealed the biggest concerns of IT professionals are ransomware and phishing. When asked about their biggest security concerns, 62% said ransomware, 61% said phishing, and 54% said data breaches. The survey also showed that investment in cyber defenses has increased, yet for many firms, even further investment in security solutions has failed to prevent data breaches. It...
More than 1 Million New Phishing Websites are Created Each Month
The Quarterly Threat Trends Report published by WebRoot this month shows there has been a significant increase in the number of new phishing websites being launched each month. May 2017 saw a record number of new phishing websites created, with more than 2.3 million new websites detected in the month of May alone. Figures for the quarter show there are now well over 1 million new phishing websites created each month, which equates to...
2017 Has Seen Major Improvements in Phishing Awareness
The latest Beyond the Phish Report from Wombat Security Technologies has shown employees are getting better at identifying phishing emails, and investment in security awareness training is paying off. Last year’s report included an analysis of responses to a Q&A conducted on employees which assessed security awareness and susceptibility to phishing attacks. In 2016, more than 20 million answers were analyzed, with this year’s...
Three Quarters of UK Businesses Have Experienced Email Security Incidents
Phishing is the number one cybersecurity threat in the UK, and UK businesses are increasingly coming under attack. A new report from the leading provider of security awareness computer-based training, PhishMe, shows just how serious the threat from phishing has become. 75% of UK businesses have had to deal with an email-based security incident, while almost a quarter are having to deal with more than 500 phishing emails a week. Even...
Beware of Equifax Data Breach Phishing Scams
Consumers are being warned to be on high alert for Equifax data breach phishing scams, telephone and text message scams, and fraudulent use of their sensitive information. Almost Half of All Americans Impacted by Equifax Data Breach The massive Equifax data breach has resulted in the personal information of almost half of the population of the United States being stolen. More than 143 million Americans have been impacted by the...
LinkedIn Phishing Scam Uses InMail and Personal Messages to Obtain Sensitive Information
A new LinkedIn Phishing scam has been detected that uses compromised LinkedIn Premium accounts to send InMail messages and private messages to other LinkedIn users. The messages appear genuine as first glance, but are being used to obtain email login credentials. Those email accounts will undoubtedly be used in more extensive phishing scams. Phishers have been gaining access to genuine LinkedIn accounts and using them to send InMail...
90% of IT Professionals Most Concerned About Phishing, Spear Phishing and Whaling
Phishing, spear phishing, and whaling attacks are the leading cause of concern for IT professionals in the United States, according to the latest Phishing Response Trends Survey from the leading provider of human phishing defense solutions, PhishMe. The survey was conducted on two hundred IT executives in the United States, and came from a wide range of industry sectors, including business, healthcare, the financial services, retail,...
Kaleida Health Suffers Second Phishing Attack in Space of 2 Months
Kaleida Health has announced an employee has fallen for a phishing scam that resulted in the protected health information of 744 patients being exposed, and potentially obtained by an unauthorized individual. The phishing attack occurred on June 26, 2017 and resulted in access being gained to the employee’s email account. The email account contained a range of protected health information including names, medical record numbers,...
Webroot Acquires Securecast and Starts Offering Anti-Phishing Training
Webroot, a leading provider of endpoint security systems, has announced it has acquired Securecast – A provider of a fully automated security awareness training platform. The Securecast security-awareness-as-a-service platform has been renamed Webroot Security Awareness Training, and a beta version of the platform has now been made available. Webroot will be offering the new platform to its customers to help them train their...
City of Hope Phishing Attack Impacts 3,400 Patients
A recent City of Hope phishing attack has potentially resulted in the PHI of 3,400 patients being accessed by cybercriminals. City of Hope employees were sent phishing emails on May 31 and June 2, 2017. Four employees responded to the emails and disclosed their email credentials to the attackers. Four email accounts were accessed by the attackers. While the email accounts contained sensitive information, City of Hope officials do not...
2,789 Patients’ PHI Compromised in Phishing Attack
Kaleida Health has announced that a phishing attack has resulted in an email account being compromised, and along with it, the protected health information of 2,789 of its patients. Kaleida Health became aware of the incident on May 24, 2017, and called on a computer forensics firm to assess which patients have been affected and the extent to which its systems had been compromised. The firm determined the attack was limited to one...
Call Issued for Federal Agencies to Adopt DMARC to Prevent Phishing
Over the past few months there have been several cases of criminals impersonating government departments in phishing campaigns, prompting Sen. Ron Wyden (D-OR) to write to the Department of Homeland Security calling for the use of DMARC to prevent phishing attacks using federal email domains. Phishers are gaining access to real domains used by federal agencies and are sending out phishing emails. The official domains add authenticity...
Google Makes It Harder to Install Malicious Apps
In May, a phishing campaign took advantage of users of Google Docs. Emails were sent containing a link to Google Docs that appeared to be an invitation to collaborate on a document. The emails contained all the typical branding one would expect from a legitimate request. However, the request was not sent via Google Docs. It was sent via a third-party app that had been named Google Docs. Clicking the link to accept the request to...
Southern Oregon University Phishing Attack Results in Theft of $1.9 Million
A Southern Oregon University phishing attack has resulted in the theft of $1.9 million from the university’s accounts – Arguably the worst phishing attack of the year to date. While the Southern Oregon University phishing attack stands out due to the amount of money obtained by the attackers, it is sadly just one of a large number of attacks that have affected U.S organizations this year. The scam is known as Business Email Compromise...
Q2 Saw a 400% Increase in Phishing Attacks on Businesses
The threat from phishing has been growing steadily over the past few years, but a new report from Mimecast shows the threat is greater than ever before with more phishing attacks on businesses than any other time in history. The report shows there has been a 400% increase in phishing attacks on businesses in Q2, 2017. For the study, Mimecast analyzed the inbound emails of 44,000 business users. That analysis showed cybercriminals are...
Phishing Trends and Intelligence Report Published by PhishLabs
PhishLabs, a leading provider of phishing defense solutions, has published its Phishing Trends and Intelligence Report for Q1, 2017. The report shows that cybercriminals have changing tactics and targets in the first quarter of 2017, attacking different industries with different methods compared to the previous quarter. PhishLabs CEO Tony Price said, “The first quarter of 2017 shows just how quickly the phishing threat landscape...
Farm Bureau Bank Chooses Agari to Protect Against Phishing Attacks
San Antonio, TX-based Farm Bureau Bank has signed up with Agari and is now using the company’s Email Trust Platform™ to protect its customers and employees from phishing attacks. The Agari Customer Protect™ solution has been adopted to protect customers from phishing attacks that abuse its brand, while employees are protected from business email compromise and spear phishing attacks by the Agari Enterprise Protect™ solution. In...
New Ironscales Report Delves into Current Phishing Trends
Ironscales, a leading vendor of anti-phishing solutions, has published a new report on the latest phishing trends. The report shows how phishing tactics have changed, the effectiveness of phishing campaigns and how traditional anti-spam technologies are failing to block spear phishing attacks. The report – titled ‘How Modern Email Phishing Attacks Have Organizations on the Hook’ – was the result of a study of 8,500 verified...
Purple Increases Security Following Recent Ransomware Attacks
The global WiFi analytics and WiFi marketing service provider Purple has taken the decision to improve security for its customers with a new WiFi content filtering service. The decision to improve security was taken at an appropriate time. The recent WannaCry attacks, which affected more than 300,000 computers around the world, shows just how important it is for WiFi companies to take steps to improve security to protect their...
Healthcare Data Breach Reporting Improves; IT Security Incidents Rise
The monthly Breach Barometer Report from Protenus shows healthcare data breach reporting is improving, data breaches are down, and there was a significant reduction in healthcare data breach victims in April, 2017. The Health Insurance Portability and Accountability Act (HIPAA) places a time limit on reporting healthcare data breaches to the HHS’ Office for Civil Rights (OCR) and sending breach notifications to patients. That time...
Webroot Antivirus Update Problems Mount: Servers, PCs and Apps Crippled
Webroot antivirus update problems are mounting with many thousands of the company’s customers experiencing severe issues after installing an April 24 update. Customers who had their computers running between 7PM and 9PM UTC on April 24 and had their AV set to update automatically had the update applied. While the update should have simply loaded the latest malware signatures, hundreds of critical files were accidentally marked as...
Security Management Process HIPAA Violations Resolved with $400,000 OCR Settlement
Yesterday, the Department of Health and Human Services’ Office for Civil Rights (OCR) announced that a $400,000 settlement had been agreed with Metro Community Provider Network (MCPN) to resolve potential security management process HIPAA violations. The Denver, CO-based federally-qualified health center (FQHC) experienced a phishing attack in December 2011 that resulted in unauthorized access to the email accounts of employees. The...
Philadelphia Ransomware Used in Targeted Attacks on US Hospitals
Cybercriminals are conducting targeted attacks on U.S. healthcare organizations using Philadelphia ransomware; a relatively new ransomware variant developed from Stampedo ransomware. Philadelphia ransomware was first seen in September 2016, although recently, a new campaign has been detected that has already seen two U.S hospitals have sensitive files encrypted. The actors behind the latest attacks are targeting physicians using spear...
Ironscales Announces New Partnership with Check Point to Improve Detection and Remediation of Email Security Threats
Ironscales has announced it has partnered with Check Point Software Technologies Ltd and will be integrating its innovative IronTraps™ anti-phishing solution with Check Points’ Sand Blast Zero-Day Protection – a threat emulation solution that tests suspicious email attachments in a safe and secure sandbox. At present, Ironscales is the only company to offer an anti-phishing solution that combines human intelligence with machine...
Cybersecurity Tips for Healthcare Providers Offered by WEDI
The Workgroup for Electronic Data Interchange (WEDI) has published a white paper offering cybersecurity tips for healthcare providers to help them ensure the sensitive protected health information of patients remains confidential and resilience against healthcare cyberattacks is improved. The white paper – The Rampant Growth of Cybercrime – explains the scale of the current problem. The healthcare industry has been extensively...
Expanded Awareness Video Campaigns to be Showcased by Wombat Security at the SXSW Conference
Wombat Security Technologies will be showcasing a new addition to its Awareness Video Campaigns at this month’s South by Southwest (SXSW) Conference. The Awareness Video Campaigns are a new addition to the Security Awareness Materials produced by Wombat, the purpose of which is to remind employees of the need to be security aware and how simple changes to behavior can have a major impact on their organizations. Cybersecurity concepts...
Wombat Security Included in Gartner 2016 Magic Quadrant for Security Awareness Computer-Based Training
Gartner Inc., has included Wombat Security Technologies in its 2016 Magic Quadrant for Security Awareness Computer-Based Training. This is the third consecutive year than the cyber security awareness training provider has been included in the Magic Quadrant. Gartner rates companies on two main criteria: The ability to execute and completeness of vision. Each vendor is assessed and given a score in each area. Based on the score for...
Guidance on Cyber Threats Issued to Healthcare Organizations by OCR
The U.S. Department of Health and Human Services’ Office of Civil Rights has issued new guidance on cyber threats, advising HIPAA-covered entities to obtain the latest intelligence on new cyber threats that could potentially allow cybercriminals to gain access to the protected health information of patients and health plan members. Threat intelligence is issued by many organizations, although OCR recommends in its guidance on cyber...
Agari Wins Security PG 2017 Global Excellence Award for Best Security Software
The cybersecurity firm Agari has been crowed winner of the Best Security Software category at this year’s Security Product Guide 2017 Global Excellence Awards. The Security Products Guide is used by decision makers to determine the best IT security products to deploy to protect digital assets. The reviews in the guide are invaluable for helping narrow down products to those that are best suited for each individual organization. The...
Largest Healthcare W-2 Phishing Scam of 2017: 17,000 Employees Impacted
The largest healthcare W-2 phishing scam of the year to date has recently been reported by American Senior Communities of Indiana. While many organizations have already reported being fooled by phishing emails this tax season, this was the largest healthcare W-2 phishing scam by some distance, impacting more than 17,000 of the organization’s employees. This year has already seen 74 organizations scammed, and that number is certain to...
Ironscales Wins Best Messaging Security Solution Award
Cyber Defense Magazine has announced the winners of its 2017 Awards, with Ironscales winning an Editor’s Choice Award in the Best Messaging Security Solution category for its automated phishing defense platform IronTraps™. The Cyber Defense Magazine Awards are decided by a panel of independent information security experts, with nominated products assessed on a wide range of criteria over a period on months. The prestigious awards...
Healthcare Data Breach Report for January 2017 Highlights Insider Risk
The healthcare data breach report for January 2017 published by Protenus this week highlights the danger of insider data breaches. Insider data breaches accounted for the largest percentage of healthcare data breaches disclosed in January 2017, considerably more than those caused by hackers. Summary of the Protenus Healthcare Data Breach Report for January 2017 In January 2017, 31 healthcare data breaches were disclosed publicly....
Phishing Attacks on Cloud Storage Providers Causing Concern
Phishing is one of the most common ways that cybercriminals gain access to sensitive data. While logins for online banking services are still a major prize, cybercriminals are now increasingly conducting phishing attacks on cloud storage providers. Software-as-a-service (SaaS) attacks have also soared. A recent report from PhishLabs shows the extent to which cloud storage providers are being targeted. In 2013, cloud storage and...
IRS Issues W2 Phishing Scam Warning
Cybercriminals have been sending huge numbers of W2 phishing scam emails over the past few weeks. Tax season usually sees an increase in scam emails being sent, although this year cybercriminals have started their scamming campaigns even earlier. The victim count is also growing rapidly. The W2 phishing scam in question is an email request for copies of employees’ W-2 forms. The scammers impersonate the CEO, CFO or another executive...
Kroll Publishes Global Fraud and Risk Report for 2016/2017
The 2016/2017 Kroll Annual Global Fraud and Risk Report has just been released, highlighting just how frequently cybersecurity incidents are experienced by businesses. According to Kroll’s Global Fraud and Risk Report, 85% of surveyed company executives have experienced a cybersecurity incident in the past 12 months. 68% reported at least one security incident, while 82% of executives said their company had experienced at least one...
Ironscales Announces 302% Growth of Annual Revenue
Israeli cybersecurity firm Ironscales has announced it has recorded an increase in annual revenue of 302% in 2016. Ironscales provides services that help organizations deal with the threat from phishing. Phishing is now the biggest cyberthreat that must be mitigated by organizations. More than 9 out of 10 data breaches occur as a result of employees clicking on phishing emails, with attacks becoming increasingly sophisticated....
Agari Reports 6-Month Revenue Growth of 95%
Over the past 6 months, the anti-phishing solution provider Agari has enjoyed 95% revenue growth, helped by uptake of its new Enterprise Protect™ platform – an innovative solution developed to tackle the problem of spear phishing. The solution effectively blocks spear phishing, business email compromise and social engineering-based email attacks by analysing and verifying the senders of emails. Email-based attacks have grown in...
2017 Global Application and Network Security Report Published by Radware
A recent survey conducted by Radware, and published in its 2016-2017 Global Application and Network Security report, shows that almost half of companies have been subjected to a cyber-extortion attempt in 2016, mostly with ransomware. 49% of polled businesses said they had been issued with a ransom demand after a cyberattack in the past 12 month showing the threat of ransom-related attacks has risen considerably. Ransomware and data...
ESEA Hacking Incident Results in Leaking of 1.5 Million Player Profiles
E-Sports Entertainment Association (ESEA) has announced it has been the victim of an extortion attempt after a hacker infiltrated one of its game servers. The ESEA hacking incident resulted in the theft of 1.5 million player profiles and other user data. The hack occurred on December 27, 2016. Access was gained to an ESEA game server, data were exfiltrated, and a $100,000 ransom demand was issued by the attacker. The hacker said that...
Twitter Credit Card Phishing Scam Offers Quick Account Verification
A new Twitter credit card phishing scam has been detected by cybersecurity firm Proofpoint. Twitter users are offered verified account status via native Twitter ads; however, signing up involves providing credit card details, which will be handed directly to the attackers. Achieving verified account status can be a long-winded process. Users of public interest accounts are required to complete multiple steps to verify the identity of...
Yahoo Breach the Work of Cybercriminals with Nation-State Connections
Data from the Yahoo breach of 1 billion user accounts has already been sold on the black market on multiple occasions, according to InfoArmor. While Yahoo maintains that the attack was performed by a nation-state sponsored hacking group, InfoArmor’s research suggests otherwise and many security experts agree. Instead of a nation-state sponsored hacking group, it has been suggested that it was a criminal organization behind the attack,...
Over 400,000 New Phishing Webpages are Created Every Day
Cybercriminals are now creating record numbers of phishing sites and are using those sites to steal login and email credentials and credit card information. The malicious websites can be convincing. Images are taken from legitimate websites to make the webpages appear genuine. Sites perform complementary – but fake – virus and malware scans and convince visitors that their computers have been infected, and new scams are constantly...
Samsa Ransomware Nets Criminals at Least $450,000 in a Year
The cybercriminals who have been infecting consumers and businesses with the ransomware variant SamSa have reportedly extorted $450,000 from businesses and consumers over the past 12 months, according to a recent report from Palo Alto Networks Unit 42 team. Researchers were able to calculate the cybercriminals’ minimum earnings by monitoring the Bitcoin Wallet addresses used by the attackers. Palo Alto Networks was able to see...
Agari’s Chief Scientist Helps Organizations Understand Social Engineering Based Scams
Criminals have been using social engineering techniques for centuries to con victims into handing over their hard-earned money. However, cybercriminals are now using advanced social engineering techniques to commit digital crimes. Use of social engineering is growing, especially in email attacks on organizations. These phishing, spear phishing (targeted phishing) and Business Email Compromise (BEC) attacks – also known as CEO...