Threat Intelligence Blog

Posted September 20, 2016

Weekly Threat Intelligence Brief


The New York State Department of Financial Services (DFS) has proposed cybersecurity regulation for financial services companies that aims to protect New York state’s financial services industry from an increasing risk of cyber attacks, Governor Andrew Cuomo announced.

The proposed regulation is the first of its kind in the U.S. It requires banks, insurance companies and other financial services institutions that are regulated by the Department of Financial Services (DFS) to establish and maintain a cybersecurity program designed to protect consumers and ensure safety within New York’s financial services industry, according to a DFS press release.”

– Insurance Journal


The Department of Homeland Security will not classify election systems as critical infrastructure before the November presidential election, DHS Assistant Secretary for Cybersecurity Andy Ozment said at the Billington Cybersecurity Summit Tuesday.

“This is not something we’re looking to in the near future. This is a conversation we’re having in the long term with state and local government, who are responsible for voting infrastructure,” said Ozment, a former senior director for cybersecurity on the National Security Council. “We’re focused right now on what we can usefully offer that local and state government will find valuable.”

– Fedscoop


“According to an analysis by Have I Been Pwned owner Troy Hunt, the data appears to belong to Bluesnap, a payments processing service.

Hunt says that several Have I Been Pwned users have confirmed that the breach contains accurate personal details, including the ones relating to payment card information.

According to Hunt, the data contains browser user agent details, IP addresses, credit card CVVs, partial credit card data, email addresses, names, phone numbers, physical addresses, and a list of purchases and financial transactions. Hunt says the data spans from March 10, 2014, to May 20, 2016.”



“Hardware maker Seagate is facing a lawsuit mounted by some of its own employees whose personal information has been lost by the firm.

The data, including names, addresses and social security numbers, was sent out in response to a phishing email.

The fake message appeared to come from the firm’s chief executive.

The lawsuit alleges that attackers have already started to make use of the confidential data for fraud but Seagate is contesting those claims.”


Law Enforcement

“The FBI can no longer hack a suspect’s computer to infect it with spying malware without a warrant, a federal judge in Texas ruled.

Following the child pornography case involving Jeffrey Torres’ activity on dark web child porn site Playpen, US District Judge David Ezra has ruled that secretly collecting information from a computer is still a search under the Fourth Amendment, thus requiring a warrant.

“The Network Investigative Technique (NIT) placed code on Mr Torres’ computer without his permission, causing it to transmit his IP address and other identifying data to the government. That Mr Torres did not have a reasonable expectation of privacy in his IP address is of no import. This was unquestionably a ‘search’ for Fourth Amendment purposes.””

Hot for Security


“Hackers are claiming to have accounts at major United States government agencies for sale, including NASA, the Navy, and the Department of Veteran Affairs.

The unverified cache found by Infoarmor chief intelligence officer Andrew Komarov includes 33,000 records tied to the US Government, plus research and educational organisations and universities.

Agencies on the list include the US General Services Administration, National Parks Service, and the Federal Aviation Administration. One government data listing visited by The Register promised alleged access to six unnamed accounts for subdomains of the US Navy including 3.5 bitcoins (US$2132).”

The Register

Follow and connect with us on Twitter, Facebook, and LinkedIn if you would like to discuss any of our blogs in more detail!

You May Also Be Interested In…

Additional Posts

Cyber Criminals are Targeting Healthcare, Not Even Your X-Rays are Safe

The healthcare sector remains a fertile target for cyber criminals seeking to steal information and ...

Weekly Phishing Activity: September 19, 2016

Phishing Activity: TOP TARGETS Week of September 11 – September 17, 2016 In this week’s ...