Threat Intelligence Blog

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Insurance/Healthcare

“In United States ex rel. Sheldon v. Kettering Health Network, 816 F.3d 399 (6th Cir. 2016), the Sixth Circuit affirmed the lower court’s dismissal of a False Claims Act (“FCA”) suit based on a data breach involving electronic health records. The relator alleged that defendant Kettering Health Network (“Kettering”) violated the FCA by falsely certifying its compliance with the Health Information Technology for Economic and Clinical Health Act (the “HITECH Act” or the “Act”), under which it received incentive payments from the federal government. The Sixth Circuit held that the conduct the relator complained of in this case did not constitute a violation of the Act, particularly as the Defendant had policies and procedures in place to protect the information. As a result, the relator had not alleged facts that established a false statement or false attestation of compliance. The panel also held that dismissal of the complaint was independently warranted because the relator had failed to plead any false claims for payment by the government with the particularity required by Rule 9(b).

– Lexology

Retail

Since March 2016 (and possibly even earlier), someone has been compromising a variety of online shops and injecting them with malicious JavaScript code that exfiltrates payment card and other kinds of information users entered to pay for their shopping.

The threat actor has compromised more than 100 online shops, including that of UK book publishing house Faber and Faber, clothing/fitness company Everlast, GUESS Australia, fashion brand Rebecca Minkoff, beauty products retailer The Beauty Place, and many, many more.”

– Help Net Security

Technology

“Yahoo Inc last year secretly built a custom software program to search all of its customers’ incoming emails for specific information provided by U.S. intelligence officials, according to people familiar with the matter.

The company complied with a classified U.S. government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or FBI, said three former employees and a fourth person apprised of the events.

Some surveillance experts said this represents the first case to surface of a U.S. Internet company agreeing to an intelligence agency’s request by searching all arriving messages, as opposed to examining stored messages or scanning a small number of accounts in real time.”

Reuters

Law Enforcement

“The F.B.I. secretly arrested a former National Security Agency contractor in August and, according to law enforcement officials, is investigating whether he stole and disclosed highly classified computer code developed by the agency to hack into the networks of foreign governments.

The arrest raises the embarrassing prospect that for the second time in three years, a contractor for the consulting company Booz Allen Hamilton managed to steal highly damaging secret information while working for the N.S.A. In 2013, Edward J. Snowden, who was also a Booz Allen contractor, took a vast trove of documents from the agency that were later passed to journalists, exposing surveillance programs in the United States and abroad.”

NY Times


You May Also Be Interested In…

Additional Posts

LookingGlass is a Champion of National Cyber Security Awareness Month

Cybersecurity leader emphasizes importance of educating organizations on effective phishing ...

Kim Kardashian Robbery and Social Media Overexposure

Recently, reality TV star Kim Kardashian West was attacked and robbed at gunpoint in Paris, ...