Threat Intelligence Blog

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.


“Federal regulators have issued new guidance to clarify what uses and disclosures of patient information for public health reporting, surveillance and investigations are permitted under HIPAA’s privacy regulations.

The new fact sheet was issued Dec. 8 by the Department of Health and Human Services Office for Civil Rights, which enforces HIPAA, in collaboration with the HHS’ Office of National Coordinator for Health IT, which oversees policies and standards for electronic health records.

Privacy attorney Kirk Nahra of the law firm Wiley Rein says the new guidance could be helpful in reducing confusion and also in urging healthcare providers to voluntarily share information that isn’t legally required, in most cases, to be disclosed, but which is important to public health agencies’ efforts.”

Healthcare Info Security

Financial Services

“Just months after disclosing a breach that compromised the passwords for a half billion of its users, Yahoo now says a separate incident has jeopardized data from at least a billion more user accounts. The company also warned attackers have figured out a way to log into targeted Yahoo accounts without even supplying the victim’s password.

On September 22, Yahoo warned that a security breach of its networks affected more than 500 million account holders. Today, the company said it uncovered a separate incident in which thieves stole data on more than a billion user accounts, and that the newly disclosed breach is separate from the incident disclosed in September.”

Krebs on Security


“Hackers are stealing people’s computer files and only giving them back if they pay money or accept to infect two other users with the malicious virusVirus: A hidden, self-replicating piece of code written to have a detrimental effect that is designed to become a part of another program. LookingGlass Cyber (n) - it’s when your computer catches a cold and it may or may not make it., cybersecurityCybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. researchers have found.

This type of attack is known as “ransomware” and it involves hackers encrypting files and the user having to pay a ransom in the form of money to get it back. In this ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! case – known as Popcorn Time – the attackers ask for 1 bitcoin, which is equivalent to $778.79 at the time of publication. If a person pays up, the hackers will unlock the files.”


Law Enforcement

“Twitter has confirmed to The Daily Dot that it has terminated access to user data for Media Sonar, a Canadian company that marketed social-media monitoring tools to U.S. police departments. The service offered to help police “identify illegal activity and threats to public safety” by flagging keywords referencing drugs, bullying, and prostitution.

But flagged terms also included “policebrutality,” “Dissent,” and “justiceformike,” a reference to the 2014 shooting of Michael Brown which sparked widespread protest. That fact was uncovered last year through a public records request by the ACLU of Northern California, which called social media monitoring “part of a pattern of unchecked surveillance” that “risks targeting communities that are already vulnerable to police misconduct.””



“An unclassified email system used by the Pentagon was compromised by Russian hackers in 2015, forcing security teams to take the entire network down in order to fix the breach.

Martin Dempsey, who was at that time Chairman of the Joint Chiefs, told CBS that he was informed of the breach by the Director of the National Security Agency, Admiral Mike Rogers, revealing that in approximately one hour, hackers seized control of the entire email system. ”


You May Also Be Interested In…

Additional Posts

FloCon 2017 – San Diego

Join us at FloCon 2017 in sunny San Diego, CA. - “Assessing Targeted Attacks in Incident ...

Are APT Reports Still Valuable or Have They Become Marketing Fluff?

Now that APT reports have been exposed, the “thrill” of discovering and calling out suspected ...