Posted September 29, 2015
We publish this weekly threat intelligence brief keep you informed on the latest security incidents and threats. For security news throughout the day, follow us on Twitter. Subscribe to our blog to stay up-to-date on findings from our analyst research reports!
“The U.S. Office of Personnel Management (OPM) recently announced that, of the 21.5 million people whose Social Security numbers and other personal information were exposed by data breaches disclosed earlier this year, approximately 5.6 million people’s fingerprints were also exposed. “Federal experts believe that, as of now, the ability to misuse fingerprint data is limited,” OPM press secretary Sam Schumach said in a statement. “However, this probability could change over time as technology evolves.””
– eSecurity Planet
“A major cyber attack on routers from Cisco Systems is worse than previously believed, according to a report Monday by security research group Shadowserver Foundation. Hackers have installed a nasty type of malware called SYNfull Knock on nearly 200 Cisco routers used by businesses worldwide, the report said. The malware is dangerous because it lets attackers hijack the devices used to direct Internet traffic and steal company data.”
Legal and Regulations
The federal office of the Privacy Commissioner of Canada (OPC) published its findings following a “privacy sweep” of mobile apps and websites that target, or are popular among, children. This privacy sweep was part of an annual series and it involved the participation of 29 privacy authorities in 21 countries around the world. Drawing from its findings, the OPC released general guidance regarding best practices for organizations releasing online and mobile content directed at children. Key points identified were the significant portion of apps and websites that did not collect PII (personally identifiable information), demonstrating this is a viable approach. However, they did cite that redirects and external links might lead to pages and apps that would collect PII, and the broad use of chat features, which could be used to share personal information with third parties.
“Systema Software, a provider of claims management software solutions, is investigating a breach that exposed the personal information of at least 1.5 million of its customers. According to The Register, insurers using Systema Software allegedly posted the names, addresses, phone numbers, medical records, and other personal information in the clear to Amazon Web Services (AWS).”
“The US and Chinese governments are reportedly locked in discussions to develop the world’s first cyber peace deal, on the understanding that neither nation will be the first to launch a cyber attack on critical infrastructure. According to The New York Times, the deal would include rules against the hacking of critical institutions such as power stations, banking systems, telecommunications networks and hospitals. However, it remains unclear if the deal will extend to government breaches and cyber espionage, which both nations conduct regularly.”