Posted June 21, 2016
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“A settlement between the Federal Trade Commission and Practice Fusion, an electronic health records system vendor, serves as a reminder that regulations other than HIPAA apply to protecting patient privacy, says attorney Adam Greene, a healthcare regulations expert.
The FTC announced on June 8 that Practice Fusion agreed to settle charges that the cloud-based EHR vendor “misled consumers by soliciting reviews for their doctors, without disclosing adequately that these reviews would be publicly posted on the internet, resulting in the disclosure of patients’ sensitive personal and medical information.”“
“A criminal group going under the name of The CC Buddies is selling a hi-tech device on the Dark Web that’s capable of copying details from contactless debit cards if held as close as eight centimeters away from a victim’s card.
CC Buddies claim that their device, named Contactless Infusion X5, can copy up to 15 bank cards per second, something that may come in handy if a crook is going through a crowd at a concert or through a jammed subway car.”
Legal and Regulations
“A German regulator has fined three companies for still relying on a Safe Harbour agreement to electronically transfer personal data to the United States, despite the deal being declared invalid by the EU’s highest court last year on concerns about U.S. mass surveillance activities.
The Hamburg Data Commissioner said on Monday it had fined Adobe Systems, fruit juice maker Punica, a subsidiary of PepsiCo, and Anglo-Dutch consumer goods group Unilever a total of 28,000 euros ($32,000) for failing to set up alternative legal channels for cross-border data transfers quickly enough.“
“Home Depot Inc. filed an antitrust lawsuit against Visa Inc. and MasterCard Inc. reigniting claims from a decade ago that merchants pay too much for debit- and credit-card transactions and adding new contentions about the effectiveness of chip-based cards to reduce fraud.
The lawsuit comes several years after Home Depot and hundreds of other retailers opted out of a settlement, then valued at $7.25 billion, in a price-fixing case that addressed many of the same issues.“
“US authorities have charged Chinese national Xu Jiaqiang with three counts of economic espionage for allegedly stealing valuable source code from his former employer in the US.
The Department of Justice did not name the employer, but it is widely reported to be software developer IBM.
Mr Xu intended to sell the code for his own profit and for the benefit of the Chinese government, authorities said.“
“A cyberespionage group called Sofacy has launched a fresh attack against the US government, using a “new persistence mechanism” designed to help evade detection. The campaign involves sending government officials spear-phishing emails from the email address belonging to the ministry of foreign affairs of another nation, indicating that the sender’s account may have been compromised.
Security firm Palo Alto Networks uncovered that the email came with the subject of “FW: Exercise Noble Partner 2016” and incorporated an RTF (Rich Text Format) file attachment with a similar name (“Exercise_Noble_Partner_16.rtf), which referred to a joint US-Georgia military exercise.“
– IB Times