Threat Intelligence Blog

Posted September 27, 2016

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.


Keck Medical Center of USC is notifying patients of a ransomware attack that they discovered on August 1.

The ransomware affected two servers that did not contain EMR but that did contain internal documents that included demographic information, date of birth,  health information including treatment and diagnosis, and in some cases, Social Security numbers. Other files in the encrypted folders contained medical record numbers, date of service, insurance information, and CPT codes, but no patient names.”



“Hackers are claiming to have hacked Australian point-of-sale technology (PoS) company H&L Australia, and have been claiming to potential buyers that they had lifted its customer database. They were already offering it for sale for AU$22,000 ($16,580, £12,723) more than two months ago.

If indeed they have hacked into H&L, credit card data and personal information would potentially be at risk: the firm’s clients include several major retailers.

The Register received information about an alleged breach at H&L Australia two weeks ago, plus the credentials required to access what was alleged to be an active backdoor on the company’s network and an open public link to a large SQL database dump.”

The Register


Information from at least 500 million Yahoo accounts was stolen from the company in 2014, the company said Thursday, indicating it believes a state-sponsored actor was behind the hack.

The theft may have included names, email addresses, telephone numbers, dates of birth, and in some cases, encrypted or unencrypted security questions and answers, Yahoo said.”

– USA Today

Law Enforcement

“The FBI can no longer hack a suspect’s computer to infect it with spying malware without a warrant, a federal judge in Texas ruled.

Following the child pornography case involving Jeffrey Torres’ activity on dark web child porn site Playpen, US District Judge David Ezra has ruled that secretly collecting information from a computer is still a search under the Fourth Amendment, thus requiring a warrant.

“The Network Investigative Technique (NIT) placed code on Mr Torres’ computer without his permission, causing it to transmit his IP address and other identifying data to the government. That Mr Torres did not have a reasonable expectation of privacy in his IP address is of no import. This was unquestionably a ‘search’ for Fourth Amendment purposes.””

Hot for Security


“Several members of the German political scene were the targets of two waves of spear-phishing campaigns that took place over the summer, multiple German media outlets report.

According to Süddeutsche Zeitung, the German newspaper that broke the Panama Papers story, local political figures received spear-phishing emails from a man named Heinrich Krammer claiming to be a NATO employee, and who used a email address. The emails were sent on August 15 and then on the second wave on August 24.

The emails offered recipients information about the Turkey failed coup and the earthquakes that hit Italy’s Amatrice region. Inside the emails, links lured politicians to a malicious website that attempted to install spyware on their computers.”


You May Also Be Interested In…

Additional Posts

Four Steps to Protecting Against Phishing Attacks

Although it’s been around for years, phishing is still one of the most common and effective ...

LookingGlass Sponsors ESG White Paper and Webcast on Keys to Successfully Operationalizing Threat Intelligence

Reston, Virginia – September 28, 2016 – LookingGlass Cyber Solutions, a leader in threat ...