Threat Intelligence Blog

weekly_1

We publish this weekly threat intelligence brief keep you informed on the latest security incidents and threats. For security news throughout the day, follow us on Twitter. Subscribe to our blog to stay up-to-date on findings from our analyst research reports!

Legal and Regulations

“The SEC’s Office of Compliance Inspections and Examinations (“OCIE”) recently published[1] additional information on the areas of focus for OCIE’s second round of cybersecurityCybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. examinations of registered investment advisers and registered broker-dealers. SEC examiners will gather information on cybersecurity-related controls and procedures and will also test to assess implementation of certain firm controls and procedures[…]”

Lexology

Retail

“A Russian national accused of hackingHacking: The using of a computer and/or program in order to gain unauthorized access to data in a computer, system or network. LookingGlass Cyber (n) - not the axe swinging you’re thinking of. This type of hacking is unauthorized access to another computer, or system. payment systems of major retailers and the Nasdaq stock market, resulting in $300 million in losses, pleaded guilty Tuesday to US criminal charges. […]  Drinkman was accused of leading what officials called “the largest international hacking and data breach scheme ever prosecuted in the United States.””

– Security Week

Technology

Apple Inc APPL.O said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet. The company disclosed the effort after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of legitimate apps. It is the first reported case of large numbers of malicious software programs making their way past Apple’s stringent app review process.”

Reuters

Law Enforcement

“With law enforcement nationwide complaining that encrypted communications are hindering investigations, senior FBI and Department of Justice officials on Tuesday made one of the government’s most detailed arguments yet for why it needs easier access to secure consumer data. The government wants tech companies to “develop a solution” that both maintain users’ privacy but ensures police and federal agents can obtain data with a warrant or court order, said Amy Hess, executive assistant director for the FBI’s technology division.”

CS Monitor

Defense

“A high-level hacking group dubbed Iron Tiger has been observed stealing trillions of bytes of confidential data from the United States government, US defense contractors and related companies in the United States and abroad, security company Trend Micro reports in its research paper posted Tuesday[…] Numerous U.S.-based security tech intensive companies were hacked and continuously monitored since 2013 until this year, Trend Micro reports.”

Forbes

Additional Posts

SYNful Knock: What the Cisco Router Vulnerability Means for Your Business

By Michael Perry and Val Vask In the aftermath of Cisco’s announcement that several discontinued ...

Weekly Phishing Report – September 21, 2015

Phishing Report: Top Targets Week of September 13-19, 2015 Author: Robert McDaniel   In this ...