Threat Intelligence Blog

Posted June 7, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Energy

“Homeland Security has said that an internet-connected industrial monitoring device — typically used in US industrial power plants and energy facilities — is vulnerable to a string of serious security vulnerabilities.

The US government department’s Computer Emergency Readiness Team (CERT) posted an advisory, saying that the ESC 8832 data controller, which allows a plant worker to see exactly how an industrial unit is working at a glance, could be trivially exploited by a “low skilled” attacker.”

ZDNet

Insurance/Healthcare

“Last year is often referred to as the “Year of the Hack” for healthcare, with the majority of healthcare data breaches being caused by third-party cyber attacks. The top three incidents alone combined to potentially affect nearly 100 million individuals, and were all involved hacking.

So far, 2016 is not immune from healthcare data breaches, but the leading cause of incidents is unauthorized access, according to the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) data breach reporting database.

HealthIT Security

Financial Services

Earlier this month Tumblr revealed that a third party had obtained access to a set of e-mail addresses and passwords dating back from early 2013, before being acquired by Yahoo.

At that time, Tumblr did not reveal the number of affected users, but in reality, around 65,469,298 accounts credentials were leaked in the 2013 Tumblr data breach, according to security expert Troy Hunt, who runs the site Have I Been Pwned.

The Hacker News

Legal and Regulations

Half of all EU Member States have penned a letter to the European Commission and the Netherlands (which currently holds the rotating presidency) calling for the removal of barriers to the free flow of data within and outside of the EU. The countries responsible for  the letter, include the UK, Finland, Ireland, Denmark, and Sweden. They cite the need to ensure that the EU continues to benefit from new data-driven technologies. The letter, delivered on May 23, urged the Commission to ensure that the development of these technologies is not hampered by regulation and encouraged it to avoid a “one size fits all” approach.

Netherlands Minister of Economic Affairs

Retail

CiCi’s Pizza, an American fast food business based in Coppell, Texas with more than 500 stores in 35 states, appears to be the latest restaurant chain to struggle with a credit card breach. The data available so far suggests that hackers obtained access to card data at affected restaurants by posing as technical support specialists for the company’s point-of-sale provider, and that multiple other retailers have been targeted by this same cybercrime gang.”

Krebs on Security

Additional Posts

The U.S. and Russia Re-Engage in Cyber Cooperation

By Emilio Iasiello, LookingGlass CTIG In late March 2016, the governments of the Russian Federation ...

Newswatch April 15th: LookingGlass Cyber Solutions

Reston, Va.-based LookingGlass Cyber Solutions has a threat intelligence solution meant to help ...