This weekly brief highlights the latest Threat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.
“A former Tampa General Hospital worker has been sentenced to 37 months in federal prison in a case involving criminal HIPAA violations and tax fraud.
Some privacy and security experts say such prosecutions of HIPAA cases could be on the rise – especially when the violations are tied to other crimes. The Tampa case joins a handful of other recent cases involving insiders who also received prison sentences for their illegal access or disclosure of patient data.”
“Did security researchers at financial solutions provider NCR unveil a security flaw with EMV – one that could allow hackers to steal card data from EMV chips and clone it on magnetic stripes?
At the recent Black Hat USA conference in Las Vegas, point-of-sale security researchers at NCR (which sells, among other things, POS terminals, software and encryption solutions) reportedly demonstrated how fraudsters could fool POS terminals into thinking chip cards are actually chipless by altering mag-stripe data contained on those cards.”
“A Russian organized cybercrime group known for Hacking: The using of a computer and/or program in order to gain unauthorized access to data in a computer, system or network. LookingGlass Cyber (n) - not the axe swinging you’re thinking of. This type of hacking is unauthorized access to another computer, or system. into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.
Asked this weekend for comment on rumors of a large data breach potentially affecting customers of its retail division, Oracle acknowledged that it had “detected and addressed malicious code in certain legacy MICROS systems.” It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal.”
“Over at Wired, Andy Greenberg reports that security researchers have discovered how to use software defined radio (SDR) to remotely unlock hundreds of millions of cars. The findings are to be presented at a security conference later this week and detail two different vulnerabilities.
The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company’s vehicles.”