Posted November 29, 2016
This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.
“The healthcare industry will likely continue to be plagued by technological issues, such as healthcare data breaches and ransomware attacks, going into next year, according to recent predictions.
The latest Black Book poll of healthcare PR clients showed that physician satisfaction and medico-legal problems are no longer the key concerns, and that 2017 will see a higher focus on technological and financial issues. This includes data breaches, system failures, hacking, ransomware, and a disrupted flow of financial records.”
“Hackers managed to obtain information from 133,000 user accounts after breaching the system used by U.K. telecommunications company Three to identify which customers are eligible for a device upgrade.
The firm revealed last week that there had been an uptick in attempted phone fraud over the past four weeks, including through burglaries at Three stores and intercepted phone upgrades. In eight cases, the company believes phone upgrades were intercepted using information unlawfully obtained from its upgrade system.
According to Three CEO David Dyson, the attackers accessed information from 133,827 customer accounts via “authorized log-ins.” For 107,000 of these customers, the hackers obtained information such as name, billing data, payment type, Three account number, contract details, and handset type.”
– Security Week
“Seattle station KIRO-TV, tipped off by a whistleblower and bolstered by confirming employees, is accusing Office Depot staffers of doing just that: diagnosing brand-new, just out of the box computers with malware infections that some stores suggested would cost up to $200 to clean up.
According to Shane Barnett, an ex-Office Depot employee turned whistleblower, staffers need to sell fixes to keep their jobs.
“It’s not an option to run the program. You have to run it on all machines that come in the building.”
Sales targets for support services – including the so-called PC Health Check that found “malware” on four out of six computers reporters brought to Office Depot stores in Washington and Oregon – are posted in the employees’ break room.”
“Several high-profile Twitter accounts got hacked last night to start posting links to services that are supposed to help users get free followers.
The hacked accounts included @PlayStation, Microsoft’s @XboxSupport, @Viacom, @ICRC (owned by the Red Cross), @Money and others, and all tweeted ads to websites whose purpose is to increase the number of followers for other accounts.
The hack didn’t target the aforementioned accounts themselves, but Twitter Counter, a service that provides statistics of Twitter usage and monitors tweets reach and clicks. Hackers thus obtained access to linked Twitter accounts and managed to post messages on their behalf.”
“The United States Department of Defense (DoD) and partner company HackerOne announced a new bug bounty program that essentially offers rewards to hackers who manage to successfully break into US army domains and find unpatched vulnerabilities.
The so-called Hack the Army bug bounty challenge was originally announced on November 11 by Secretary of the Army Eric Fanning, but starting today, hackers can register for the first phase of the program.
Only 500 security researchers will be included in the first part of the program, but the US DoD says that depending on how this goes, it could expand it with more seats.”
You May Also Be Interested In…
- [WEBINAR] Building a Threat Intelligence Program
- [WHITE PAPER] Building a Threat Intelligence Program That Works For You
- [Data Sheet] LookingGlass Cyber Threat Center
- [Data Sheet] Information Protection