Weekly Threat Intelligence Brief: November 22, 2016

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.

Insurance/Healthcare

“Starting in 2017, data breach notification will be required for instances when encrypted personal information of California residents has been breached and certain conditions are met, according to a recently amended state law.

Previously, California’s data breach notification law required organizations to notify individuals only if unencrypted personal information was, or was reasonably believed, to have been acquired by an unauthorized third party.

However, Governor Jerry Brown recently approved changes to Assembly Bill No. 2828, requiring instances of breached encrypted data to be part of the notification process.”

– Healthcare Info Security

Entertainment

“A massive data breach targeting adult dating and entertainment company Friend Finder Network has exposed more than 412 million accounts.

The hack includes 339 million accounts from AdultFriendFinder.com, which the company describes as the “world’s largest sex and swinger community.”

That also includes over 15 million “deleted” accounts that wasn’t purged from the databases.”

– ZDNet

Retail

“UK retailers are expected to see a dangerous spike in online criminal activity in the run up to Christmas 2016 that could result in losses of millions of pounds[…].

More than 20 million cyber attacks are expected to target online retailers and shoppers in the UK alone, during the last three months of the year, according to the firm’s Q3 2016 Cybercrime Report.”

– Computer Weekly

Technology

“A Russian court in Moscow upheld a decision to block LinkedIn across Russia after the company had failed to abide by a law mandating that all foreign companies store data on Russian users inside the country’s borders.

Behind the decision to ban LinkedIn is Russian communications regulator Roskomnadzor, translated as the Federal Service for Supervision in the Sphere of Telecom, Information Technologies, and Mass Communications.”

– Bleeping Computer

Defense

“The #NotMyPresident Alliance, a national anti-Donald Trump protest group, has released the personal information of dozens of Electoral College members in states that voted Republican.

A spreadsheet distributed to supporters Wednesday included the personal phone numbers, addresses, religions, races, genders, and candidate preference of the electors. The document does not have a complete set of data on every elector.”

– BuzzFeed