Posted March 15, 2016
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“Large-scale data breaches, like the ones that have been affecting the healthcare industry in recent years, are a key issue in several industries. Numerous organizations are becoming highly concerned about the possibility of being affected by one.
In fact, 80 percent of organizations handling sensitive information report concern for large-scale data breaches, according to a survey conducted by Advisen. This survey included organizations from several different industries, but the most highly represented industry was healthcare, comprising 22 percent of the respondent sample.”
“A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Federal Reserve, banking officials said.
Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history.”
Legal and Regulation
“A technology company that allegedly replaced a Web browser game with a program that installed apps on mobile devices without permission has settled charges that it violated the Federal Trade Commission Act.
Vulcun purchased Running Fred, a Google Chrome browser extension game used by more than 200,000 consumers. According to the FTC’s complaint, the technology company then replaced the game with its own extension, Weekly Android Apps, without notifying consumers. The Vulcun app claimed to offer unbiased recommendations of Android applications, but actually installed apps directly without consumer permission—or as Jessica Rich, the agency’s Director of Consumer Protection said in a statement, “commandeer[ed] people’s computers and bombard[ed] them with ads.””
“Home Depot Inc (HD.N) agreed to pay at least $19.5 million to compensate U.S. consumers harmed by a 2014 data breach affecting more than 50 million cardholders.
The home improvement retailer will set up a $13 million fund to reimburse shoppers for out-of-pocket losses, and spend at least $6.5 million to fund 1-1/2 years of cardholder identity protection services.”
“The W-2 tax documents of several thousand current and former employees of data storage company Seagate ended up in the hands of fraudsters after an employee fell victim to a phishing attack.
Seagate confirmed to SecurityWeek that the 2015 W-2 tax form information for current and former employees based in the United States was sent to an “unauthorized party” in response to a phishing scam. The company noted that only tax information for the year 2015 was exposed in the breach that came to light on March 1.”
– Security Week
“The Justice Department is drawing up an indictment that lays blame for the 2013 cyber-attack against a dam in Westchester squarely on hackers working for the Iranian government, a law enforcement source confirmed to The Post.
The FBI has been investigating since the discovery of the breach, with the indictment expected to be handed down soon, the source said.”
– NY Post