Threat Intelligence Blog

Posted November 24, 2015


We publish this weekly threat intelligence brief keep you informed on the latest security incidents and threats. For security news throughout the day, follow us on Twitter. Subscribe to our blog to stay up-to-date on findings from our analyst research reports!



“Four senators are asking the Department of Health and Human Services what it’s doing to prevent data breaches at provider and payer organizations. In a letter to Andy Slavitt, acting administrator for the Centers for Medicare & Medicaid Services, and Jocelyn Samuels, director of the HHS Office for Civil Rights, the senators point to five major breaches in the past year […] that have affected up to 105 million people. The danger of medical identity theft increases with the proliferation of breaches, they note. The authors include Lamar Alexander, chairman of the Senate Committee on Health, Education, Labor and Pensions (HELP); Patty Murray, ranking member of the HELP committee; Orin Hatch, chairman of the Senate Finance Committee; and Ron Wyden, the finance committee’s ranking member.”

– Fierce HealthIT

Financial Services

“Security researchers […] have discovered an attack campaign that has injected computer profiling and tracking scripts into over 100 websites visited by business executives, diplomats, government officials and academic researchers. The researchers believe the compromised websites attract visitors involved in international business travel, diplomacy, energy production and policy, international economics and official government work. They include sites belonging to embassies, educational and research institutions, governments, visa services, energy companies, media organizations and non-profit organizations. While no exploits or malicious code have been served through the injected scripts, the goal of the attackers appears to be the identification of unique users who can be targeted with attacks tailored for their specific computer and software configurations. [The research team] has named the reconnaissance campaign WITCHCOVEN and believe that it’s the work of state-sponsored attackers.”

CIO Online

Legal and Regulations

“[On November 12], the UK and US governments conducted a joint exercise with leading global financial firms to enhance [their] cooperation and ability to respond effectively to a cyber-incident in the finance sector. Announced earlier this year by Prime Minister Cameron and President Obama, this exercise is part of enhanced transatlantic engagement on cybersecurity. It reflects the importance of international co-operation in cyber space, especially given the interconnectedness of the global financial system.”

UK Government


“A new point-of-sale (PoS) malware has been widely distributed by cybercriminals alongside ad fraud and information-stealing threats. The malware, dubbed by Proofpoint “AbaddonPOS,” has been spotted on systems infected with the banking Trojan Vawtrak, also known as Neverquest and Snifula. PoS malware can help cybercriminals earn a lot of money, but such threats are often used in more targeted attacks. However, researchers have spotted AbaddonPOS in campaigns that appear to be mainly aimed at consumers.”

– Security Week


“A persistent cross-site scripting (XSS) vulnerability impacting recruitment network LinkedIn has been fixed within hours of being reported. India-based security researcher Rohit Dua discovered the website’s vulnerability and disclosed the flaw Wednesday on Full Disclosure. The persistent XSS security flaw, dubbed a “more devastating variant” of a cross-site scripting flaw as malicious data provided by an attacker is saved by the server and permanently displayed on Web pages accessed by normal users of the website, impacted LinkedIn’s help forums. The vulnerability lay within LinkedIn’s help portal. To exploit the flaw, a user had to sign in, go to the LinkedIn Help Center and then start a discussion. In the “give more details” tab which opens up when asking a question, an attacker could submit lines of code which resulted in the potential execution of code when the question was automatically posted to the forum.”


Law Enforcement

“The FBI is warning politicians and law-enforcement officials that they could be at increased risk of having their email accounts hacked. The agency’s Internet Crime Complaint Center issued an alert on Wednesday advising officers and public officials to be “highly aware of their email account security and their online presence and exposure.” The advisory comes as investigators try to track down the hacker or hackers who last month breached an AOL email account used by CIA Director John Brennan and posted screenshots of some of his personal information online.”



“The inspector general of the Office of Personnel Management says a $20 million contract to offer identity theft protection to millions of hacked federal employees ran afoul of contracting regulations. Officials in OPM’s Office of Procurement Operations violated the Federal Acquisition Regulation and the agency’s own policies in awarding a $20.7 million contract to provide credit monitoring and ID theft services, according to a summary of IG findings included in an Oct. 30memo to acting OPM Director Beth Cobert.”

Next Gov

Additional Posts

Cyveillance Weekly Threat Intelligence Brief: December 1, 2015

We publish this weekly threat intelligence brief keep you informed on the latest security ...

‘Tis the Season for Mobile Safety: Safe Mobile Shopping for the Holidays [Infographic]

By Cyveillance A report last month revealed that 51 percent of U.S. online holiday shopping will ...