This weekly brief highlights the latest Threat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.
“The Food and Drug Administration’s recently issued final guidance on the post-market Cybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. of medical devices outlines important steps that hospitals, clinics and others must take to better protect patient data and keep patients safe, say Karl West, CISO at Intermountain Healthcare, and Mike Nelson of DigiCert.
“An overarching theme of the guidance is to make sure a risk assessment is done, and for healthcare organizations … that’s a very important step in understanding the vulnerabilities and risks that are present in those devices,” Nelson points out in an interview with Information Security Media Group.”
“A researcher has discovered an SSL bug affecting Big-IP appliances from F5 Networks and dubbed it “Ticketbleed” for its similarities to the 2014 Heartbleed bug.
According to Cloudflare’s Filippo Valsorda, the bug strikes when virtual servers running on Big-IP appliances are configured with a Client SSL profile that has the non-default Session Tickets option enabled. The server can be tricked into leaking 31 bytes of memory at a time.”
“The UK’s largest sporting retailer, Sports Direct, reportedly suffered a data breach last year but has been accused of failing to tell its workforce that their personal details – including names, email addresses and phone numbers – may have been accessed by a hacker.
The cyberattack allegedly hit the firm in September after a hacker was able to exploit software bugs in an unpatched content management system (CMS) platform that was being used as a staff web portal, The Register reported on 8 February.”
– IB Times
“Following a breach, the Taiwan-based computer manufacturer Acer will pay $115,000 and improve its security practices in a settlement with the New York State Attorney General (NYSAG) Eric T. Schneiderman.
The breach, first reported in June 2016, included personally identifiable information (PII) – including names, addresses, email addresses, card numbers, expiration dates, security codes and user names and passwords – and was accessed over a one-year period, May 2015 through April 2016. The PII of more than 35,000 Acer customers across the U.S., Canada and Puerto Rico was compromised, including more than 2,200 in New York State.”
“According to Claudio Guarnieri and Collin Anderson, two independent security researchers who have been tracking Iranian hackers for the past few years, the Malware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. has also been used against a human rights advocate.
The malware, dubbed MacDownloader, attempts to pose as both an installer for Adobe Flash, as well as the Bitdefender Adware Removal Tool, to extract system information and copies of OS X keychain databases.”
You May Also Be Interested In…
- [WEBINAR] Building a Threat Intelligence Program
- [WHITE PAPER] Building a Threat Intelligence Program That Works For You
- [Data Sheet] LookingGlass Cyber Threat Center
- [Data Sheet] Information Protection