Threat Intelligence Blog

Posted December 1, 2015


We publish this weekly threat intelligence brief keep you informed on the latest security incidents and threats. For security news throughout the day, follow us on Twitter. Subscribe to our blog to stay up-to-date on findings from our analyst research reports!



“When health care data has been stolen, many victims find out too late or not at all. Two major problems with health care data hacking, mentioned by the 2014 Bitglass report:

  • Today’s health care organizations are not set up to identify illicit records activity and are therefore unable to eliminate it
  • Healthy patients may not learn about a breach until they have a reason to seek treatment, which is the most stressful time to have to deal with such a problem

It can be misleading to think a hacker’s sole purpose is to harm patients, when actually this is just an extremely unpleasant side effect of criminal business. Medical identity theft can cause difficulties like lost insurance coverage, mixed up records, higher premiums, medical harm and false diagnosis. But the reason healthcare data hacking exists is that there’s a lucrative market for the data, and a working supply-and-demand model with both buyers and sellers.”

– eSecurity Planet

Financial Services

The United States Computer Emergency Readiness Team (US-CERT) reported that a popular computer company has been shipping product containing a serious security vulnerability that exposes users to online eavesdropping and malware attacks since August 2015. The company said it is prepping a fix for the issue, but experts say the threat may ultimately need to be stomped out by the major web browser makers. The issue is a root certificate installed on the company’s newer computers that also includes the private cryptographic key for that certificate. Attackers can use this key to sign phony browser security certificates for any HTTPS-protected site.


Legal and Regulations

“Exploiting loopholes in Internet users’ cookie-blocking settings while claiming to protect them from cookies is a serious and deceitful invasion of privacy, the Third Circuit held November 10. Ruling on an appeal from consumer plaintiffs, whose multi-district litigation against Google and several other companies that run Internet advertising businesses was dismissed in Delaware District Court, the Third Circuit in In re Google Inc. Cookie Placement Consumer Privacy Litigation affirmed the dismissal of the federal law claims and some state law claims, but kept the California privacy claims alive. When Google told users in its Privacy Policy that using the cookie blockers in the Safari and Internet Explorer browsers was effective, and then took advantage of loopholes in those blockers to allow the placement of cookies, it was deceptively engaging in actionable invasion of privacy under California law, the court held. ”

– Technology Law Dispatch


“As the holiday shopping season swings into high gear, a cybersecurity firm is warning of a “highly sophisticated” malware framework that could pose a threat to U.S. retailers using point-of-sale (POS) systems. Called ModPOS (for “modular POS”), the malware has been seen in the wild as far back as 2012, and was observed actively targeting businesses throughout 2014.”



“A massive VTech breach earlier this month exposed the personal details of 4.8 million parents and more than 200,000 children. VTech has temporarily suspended its Learning Lodge app store and a number of related websites “for thorough security assessment and fortification.” […] The hacked data includes names, email addresses, passwords, and home addresses, and download history of adults who purchased VTech products, as well as the first names, genders, and birthdays of hundreds of thousands of kids.”

PC Mag


DHS Inspector General found that DHS is running dozens of unpatched databases, some of which are rated “secret” and even “top secret.” An audit of the department’s IT infrastructure has found large security gaps, including the fact that 136 systems had expired “authorities to operate” – that is, no one was in charge of keeping them updated. Of the 136, 17 were classified as “secret” or “top secret.””

– Homeland Security News Wire

Additional Posts

Revisiting Security in Egypt, Part I: Why Terrorists Targeted a Russian Airline Out of Sharm el-Sheikh

By Hans Mathias Moeller This is part 1 of a series following-up a blog and white paper, ...

LookingGlass Weekly Threat Intelligence Brief: November 24, 2015

We publish this weekly threat intelligence brief keep you informed on the latest security ...