Posted April 5, 2016
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“A new strain of malware is targeting PoS terminals in the US, aimed at small businesses and banks that have not yet transitioned to the new EMV chip and PIN card system.
Named TresureHunt, this new PoS (Point of Sale) malware piece has been around since late 2014, when FireEye researchers discovered traces of its early variants.”
Legal and Regulations
The Federal Trade Commission (FTC) issued warning letters to app developers who have installed a piece of software that can monitor a device’s microphone to listen for audio signals that are embedded in television advertisements. Known as Silverpush, the software is designed to monitor consumers’ television use through the use of “audio beacons” emitted by TVs, which consumers can’t hear but that can be detected by the software. The letter warns developers that if their statements or user interfaces state or imply that the apps in question are not collecting and transmitting television viewing data when in fact they do, then the app developers could be in violation of Section 5 of the FTC Act.
“A self-described pro-ISIS group posted the names of 55 New Jersey Transit police officers, their addresses and phone numbers in social media, and urged followers to carry out lone wolf attacks, according to several news reports.
The so-called Caliphate Cyber Army first posted the threats on Twitter on March 6, and then again on Monday, according to NBC New York. They have since been taken down.”
“On Monday, the FBI said in a court filing that it has found a way to circumvent the passcode requirement on one of the San Bernardino shooters’ iPhones and doesn’t need help from Apple anymore—ending a consequential legal showdown over whether the government can compel a company to participate in an investigtion involving one of its devices. The statement comes a week after the FBI delayed a court hearing to vet an unlocking tool from a third party.”
“A finance executive fell victim to a phishing scam that saw the Los Angeles-based maker of children’s toys wire a cool $3 million to Chinese hackers.
Expertly timed during a period of corporate change, the email hit the inbox of the unnamed executive and requested a new vendor payment in the amount of $3 million to a vendor in China. Mattel, of late, has been in a period of change as new CEO Christopher Sinclair had only officially taken over after Mattel had fired his predecessor — a move that aided the con artists.”