We publish this weekly threat intelligence brief keep you informed on the latest security incidents and threats. For security news throughout the day, follow us on Twitter. Subscribe to our blog to stay up-to-date on findings from our analyst research reports!
Legal and Regulations
“The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) recently published additional information on the areas of focus for OCIE’s second round of cybersecurity examinations of registered investment advisers and registered broker-dealers. SEC examiners will gather information on cybersecurity-related controls and procedures and will also test to assess implementation of certain firm controls and procedures[…]”
“A Russian national accused of hacking payment systems of major retailers and the Nasdaq stock market, resulting in $300 million in losses, pleaded guilty Tuesday to US criminal charges. […] Drinkman was accused of leading what officials called “the largest international hacking and data breach scheme ever prosecuted in the United States.””
– Security Week
“Apple Inc APPL.O said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet. The company disclosed the effort after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of legitimate apps. It is the first reported case of large numbers of malicious software programs making their way past Apple’s stringent app review process.”
“With law enforcement nationwide complaining that encrypted communications are hindering investigations, senior FBI and Department of Justice officials on Tuesday made one of the government’s most detailed arguments yet for why it needs easier access to secure consumer data. The government wants tech companies to “develop a solution” that both maintain users’ privacy but ensures police and federal agents can obtain data with a warrant or court order, said Amy Hess, executive assistant director for the FBI’s technology division.”
“A high-level hacking group dubbed Iron Tiger has been observed stealing trillions of bytes of confidential data from the United States government, US defense contractors and related companies in the United States and abroad, security company Trend Micro reports in its research paper posted Tuesday[…] Numerous U.S.-based security tech intensive companies were hacked and continuously monitored since 2013 until this year, Trend Micro reports.”