Threat Intelligence Blog

Posted October 19, 2016

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations make inform decisions regarding their response to the threat. news to provide insight into the latest threats to various industries.

Insurance/Healthcare

As ransomwareRansomware: A type of malicious software designed to block access to a computer system until a sum of money is paid. and other cyberattacks on healthcare entities continue to surge, federal regulators are alerting organizations about the importance of safeguarding network-attached storage devices and other gear that supports or enables file transfer protocol services.

The Department of Health and Human Services’ Office for Civil Rights’ monthly cyber awareness alert for October reminds HIPAA covered entities and their business associates that FTP services are proving particularly vulnerable to cyberattacks.”

– Healthcare Info Security

 Financial Services

A previously undocumented banking Trojan is targeting financial institutions across the globe and is being used by cybercriminals to spy on networks of compromised organisations and stealthily defraud them of funds.

The Odinaff trojan has been active since January this year, carrying out attacks against organisations operating in the banking, securities, trading, and payroll sectors, as well as those which provide support services to these industries.”

– ZDNet

Legal and Regulations

The Vermont Attorney General announced a settlement with business-to-business software developer Entrinsik, Inc., regarding allegations that the company’s Informer program violated state law placing restrictions on the use and disposal of data containing Social Security numbers. The Informer program is used by businesses, including seven colleges in Vermont, to analyze and create reports of data by extracting that data from databases and presenting it in a web browser. However, when a plain-text, unsecured file of this extraction with 14,000 Social Security numbers was stored on a users’ local hard drive and backed up to a later misplaced external drive, Vermont’s data breach notification statute was triggered – probably causing the investigation into Extrinsik and the Informer program.

Vermont Government

Retail

“Vera Bradley, a US handbags manufacturer and retailer, has announced today a breach of its payment card processing system that exposed the card details of some of its in-store customers.

According to a statement posted on Vera Bradley’s website, law enforcement approached the company last month and informed them of a potential intrusion.

After investigating the tip with the help of a cyber-security firm, the two concluded that a hacker (or a group) had gained access to Vera Bradley’s payment processing system and installed PoS malwareMalware: Software that is intended to damage or disable computers and computer systems..”

Softpedia


You May Also Be Interested In…

Additional Posts

Phishing Prevention: Be Suspicious and Don’t Get Hooked

View on Demand - Although it’s been around for years, phishing is still one of the most common ...

Social Engineering – Why Are We Still Fooled By Phishing?

Social Engineering – Why Are We Still Fooled By Phishing? Today's blog is a guest post from Terry ...