Posted February 9, 2016
We publish this weekly threat intelligence brief keep you informed on the latest security incidents and threats. For security news throughout the day, follow us on Twitter. Subscribe to our blog to stay up-to-date on findings from our analyst research reports!
“Hospitals are responding to healthcare data security threats, with nearly 29 percent of them targeting facility IT spending toward increased security, according to a recent IDC study. Over the course of the past year, healthcare data security has been thrust into the spotlight as a result of several large-scale healthcare data breaches such as the Anthem data breach or the Premera Blue Cross data breach. As a response, hospitals are working to adopt better security practices.”
“Police in Zhejiang province recently convened a press conference to announce that a group of hackers obtained information pertaining to approximately 99 mln accounts on Alibaba Group’s C2C e-commerce site Taobao. The hack, which occurred between October 14-16, 2015, originated from rented space on Alibaba Group’s cloud services platform AliCloud. Of the 99 mln accounts in question, 20.59 mln are active user accounts with matching passwords. The hackers’ goal was to acquire the accounts in order to perform order brushing and supply manipulation on Taobao, as well as to sell to scammers.”
Legal and Regulations
“The recent terrorist attacks in the European Union and beyond demonstrate the need for a strong coordinated European response to combatting terrorism. The European Agenda for Security had identified a number of areas to improve the fight against terrorist financing. Today’s comprehensive Action Plan will deliver a strong and swift response to the current challenges, building on existing EU rules and complementing them where necessary. Through concrete measures, it will adapt or propose additional rules to deal with new threats.”
“[…] researchers have unearthed serious flaws in two Internet of Things devices:
- The Fisher-Price Smart Toy, a “stuffed animal” type of toy that can interact with children and can be monitored via a mobile app and WiFi connectivity, and
- The hereO GPS Platform, a smart GPS toy watch that allows parents to track their children’s physical location.
In both cases the problem was with the authentication process, i.e. in the platform’s web service (API) calls.”
“A meeting of EU data watchdogs is set to have wide-ranging ramifications for the way businesses handle data. Regulators need to decide how to act in light of a court ruling last year that invalidated the Safe Harbour agreement with the US. The pact made it relatively easy for companies to send personal information from Europe to data centres in the US for processing. Lawmakers are still negotiating a replacement trade deal.”
“A hacker followed through on his threats by posting a database including details of almost 10,000 Department of Homeland Security (DHS) employees online and promised to post a similar database today, featuring details of 20,000 Federal Bureau of Investigations (FBI) employees. The hacker announced the publication of the DHS hack on Twitter, soon followed by the promise to publish the FBI database Monday. The DHS database — published on text-sharing website Cryptobin — contains names, titles, email addresses and phone numbers of 9,355 DHS employees.”