Threat Intelligence Blog

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

 

Insurance/Healthcare

“A former Tampa General Hospital worker has been sentenced to 37 months in federal prison in a case involving criminal HIPAA violations and tax fraud.

Some privacy and security experts say such prosecutions of HIPAA cases could be on the rise – especially when the violations are tied to other crimes. The Tampa case joins a handful of other recent cases involving insiders who also received prison sentences for their illegal access or disclosure of patient data.”

Healthcare Info Security

Financial Services

Did security researchers at financial solutions provider NCR unveil a security flaw with EMV – one that could allow hackers to steal card data from EMV chips and clone it on magnetic stripes?

At the recent Black Hat USA conference in Las Vegas, point-of-sale security researchers at NCR (which sells, among other things, POS terminals, software and encryption solutions) reportedly demonstrated how fraudsters could fool POS terminals into thinking chip cards are actually chipless by altering mag-stripe data contained on those cards.”

– Bank Info Security

Retail

A Russian organized cybercrime group known for hacking into banks and retailers appears to have breached hundreds of computer systems at software giant Oracle Corp., KrebsOnSecurity has learned. More alarmingly, the attackers have compromised a customer support portal for companies using Oracle’s MICROS point-of-sale credit card payment systems.

Asked this weekend for comment on rumors of a large data breach potentially affecting customers of its retail division, Oracle acknowledged that it had “detected and addressed malicious code in certain legacy MICROS systems.” It also said that it is asking all MICROS customers to reset their passwords for the MICROS online support portal.”

– Krebs on Security

Technology

“Over at Wired, Andy Greenberg reports that security researchers have discovered how to use software defined radio (SDR) to remotely unlock hundreds of millions of cars. The findings are to be presented at a security conference later this week and detail two different vulnerabilities.

The first affects almost every car Volkswagen has sold since 1995, with only the latest Golf-based models in the clear. Led by Flavio Garcia at the University of Birmingham in the UK, the group of hackers reverse-engineered an undisclosed Volkswagen component to extract a cryptographic key value that is common to many of the company’s vehicles.”

Ars Technica

Additional Posts

Weekly Phishing Report: August 22, 2016

PHISHING REPORT: TOP TARGETS Week of August 14 – August 20, 2016 Internet Search & Navigation ...

Weekly Phishing Report: August 14, 2016

PHISHING REPORT: TOP TARGETS Week of August 7 – August 13, 2016 Storage & Systems Mgmt ...