Threat Intelligence Blog

This weekly brief highlights the latest threat intelligenceThreat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... news to provide insight into the latest threats to various industries.


Keck Medical Center of USC is notifying patients of a ransomwareRansomware: A type of malware that serves as a form of extortion by one party on a group of persons or organizations. Oftentimes takes the form of encrypting a victim’s hard drive denying them access to files or other information with demands taking the form of a ransom before access is restored. LookingGlass Cyber (n) - when an organization, group, or hacker takes control of your system to extort a user or organization for money.  Ch-ching! attack that they discovered on August 1.

The ransomware affected two servers that did not contain EMR but that did contain internal documents that included demographic information, date of birth,  health information including treatment and diagnosis, and in some cases, Social Security numbers. Other files in the encrypted folders contained medical record numbers, date of service, insurance information, and CPT codes, but no patient names.”



“Hackers are claiming to have hacked Australian point-of-sale technology (PoS) company H&L Australia, and have been claiming to potential buyers that they had lifted its customer database. They were already offering it for sale for AU$22,000 ($16,580, £12,723) more than two months ago.

If indeed they have hacked into H&L, credit card data and personal information would potentially be at risk: the firm’s clients include several major retailers.

The Register received information about an alleged breach at H&L Australia two weeks ago, plus the credentials required to access what was alleged to be an active backdoor on the company’s network and an open public link to a large SQL database dump.”

The Register


Information from at least 500 million Yahoo accounts was stolen from the company in 2014, the company said Thursday, indicating it believes a state-sponsored actor was behind the hack.

The theft may have included names, email addresses, telephone numbers, dates of birth, and in some cases, encrypted or unencrypted security questions and answers, Yahoo said.”

– USA Today

Law Enforcement

“The FBI can no longer hack a suspect’s computer to infect it with spying malwareMalware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. without a warrant, a federal judge in Texas ruled.

Following the child pornography case involving Jeffrey Torres’ activity on dark web child porn site Playpen, US District Judge David Ezra has ruled that secretly collecting information from a computer is still a search under the Fourth Amendment, thus requiring a warrant.

“The Network Investigative Technique (NIT) placed code on Mr Torres’ computer without his permission, causing it to transmit his IP address and other identifying data to the government. That Mr Torres did not have a reasonable expectation of privacy in his IP address is of no import. This was unquestionably a ‘search’ for Fourth Amendment purposes.””

Hot for Security


“Several members of the German political scene were the targets of two waves of spear-phishing campaigns that took place over the summer, multiple German media outlets report.

According to Süddeutsche Zeitung, the German newspaper that broke the Panama Papers story, local political figures received spear-phishing emails from a man named Heinrich Krammer claiming to be a NATO employee, and who used a email address. The emails were sent on August 15 and then on the second wave on August 24.

The emails offered recipients information about the Turkey failed coup and the earthquakes that hit Italy’s Amatrice region. Inside the emails, links lured politicians to a malicious website that attempted to install spyware on their computers.”


You May Also Be Interested In…

Additional Posts

Four Steps to Protecting Against Phishing Attacks

Although it’s been around for years, phishing is still one of the most common and effective ...

LookingGlass Sponsors ESG White Paper and Webcast on Keys to Successfully Operationalizing Threat Intelligence

Reston, Virginia – September 28, 2016 – LookingGlass Cyber Solutions, a leader in threat ...