Posted March 10, 2015
Welcome to the Cyveillance Weekly Cyber Security Trends Report
Since threat intelligence is constantly evolving, we publish this weekly cyber security trends report to keep our customers updated on the latest threats across a variety of industries. You can read an abridged version below. Follow us on Twitter and subscribe to our blog to make sure you don’t miss any of the latest security articles from Cyveillance experts.
Top Cyber Security Incidents
- The recent cyber-attack against Anthem Inc. that exposed personal information on 78.8 million individuals is just the latest siren that the healthcare threat landscape is becoming more menacing. But while cyberthreats are rising, budgets for information security are not at many healthcare organizations. – HealthCareInfoSecurity.com
- Security experts discovered a potentially catastrophic flaw known as FREAK (Factoring attack on RSA-EXPORT Keys) that for more than a decade has made it possible for attackers to decrypt HTTPS-protected traffic passing between Android or Apple devices and hundreds of thousands or millions of websites, including high-profile government, Fiserv, and media sites. A recent scan of more than 14 million websites that support the secure sockets layer or transport layer security protocols found that more than 36% of them were vulnerable to the decryption attacks. Microsoft recently announced the security vulnerability affects all Windows users. – ArsTechnica.com
- Mandarin Oriental Hotel Group confirmed on March 4 that the company is investigating a potential malware infection that breached the point-of-sale (PoS) systems in some of the chain’s 24 locations worldwide, including hotels in the U.S., which impacted an unknown number of customers. The investigation was initiated after financial institutions reported a pattern of fraudulent charges on payment cards used at Mandarin hotels dating back to December 2014.
- ASML, a Netherlands-based machine manufacturing company for integrated circuits have been breached. The company stats that it hasn’t determined the identity of the attackers, but anonymous sources have cited that the attack was carried out by Chinese government.
- A group of hackers calling themselves Team Hans managed to gain access to corporate information belonging to Canadian telecommunication and media company Rogers Communications relying mostly on their charm. The dump is over 400MB in size and contains contracts with corporate customers, business emails, sensitive employee information (ID, documents), as well as credentials for the VPN (virtual private network), which would allow access to the internal computer infrastructure of the company. – Softpedia.com
- Significant security weaknesses in the Federal Aviation Administration’s information security program have placed the nation’s air traffic control system at risk of being hacked, according to a Government Accountability Office audit report released Monday. – HSToday.com
- The FBI is investigating the hacking of several business websites in the U.S. that showed a black ISIS flag on the homepage. NBC News reports that the home pages showed the words, “hacked by ISIS, we are everywhere,” with a link to a Facebook page that doesn’t exist. – TickleTheWire.com