Posted March 8, 2017
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“As the insurance industry has closely followed developments regarding The New York State Department of Financial Services’ (DFS) cybersecurity regulation, concerns remain in terms of how the final regulation, set to go into effect March 1, may impact mid-sized companies in particular.
“It is the mid-sized covered entities that may see the biggest impact, as it’s unlikely they will qualify for an exemption, [they] are more likely to have a meaningful cyber risk profile, and they may not have sufficient resources or budget to meet their obligations,” said Ben Zviti, senior vice president in Marsh’s Financial and Professional Products (FINPRO) Specialty Practice.”
“Yahoo has just revealed that around 32 million user accounts were accessed by hackers in the last two years using a sophisticated cookie forging attack without any password.
These compromised accounts are in addition to the Yahoo accounts affected by the two massive data breaches that the company disclosed in last few months.
The former tech giant said that in a regulatory filing Wednesday that the cookie caper is likely linked to the “same state-sponsored actor” thought to be behind a separate, 2014 data breach that resulted in the theft of 500 Million user accounts.”
“News broke yesterday that Dridex, one of the most destructive banking Trojans in the financial cybercrime landscape, recently underwent a version update which has equipped the malware with new capabilities known as AtomBombing.
Researchers from IBM X-Force discovered that Dridex now has a new sophisticated injection technique and evasive capabilities which are already active in the wild, being used in online banking attacks in Europe.”
“Global aerospace firm Boeing earlier this month sent a notification to Washington State Attorney General Bob Ferguson, as required by law, about a company employee who mistakenly emailed a spreadsheet full of employee personal data to his spouse in November, 2016.
The spreadsheet, sent to provide the employee’s spouse with a formatting template, contained the personal information of roughly 36,000 other Boeing employees, including Social Security numbers and dates of birth, in hidden columns. Some 7,288 of the affected employees resided in Washington State.”
You May Also Be Interested In…
- [WEBINAR] Building a Threat Intelligence Program
- [WHITE PAPER] Building a Threat Intelligence Program That Works For You
- [Data Sheet] LookingGlass Cyber Threat Center
- [Data Sheet] Information Protection