Threat Intelligence Blog

Weekly Threat Intelligence Brief

Insurance/Healthcare

The New York State Department of Financial Services (DFS) has proposed cybersecurityCybersecurity: A set of security techniques that are designed to protect the integrity of computer systems, programs and data from theft and damage to their hardware, software or other information as well as the disruption and misappropriation of their services. LookingGlass Cyber (n) - Professional paid ninjas who protect the cyber world from cyber attacks. Everybody is doing it, but we have the double black belt with the Versace logo. So yeah, we’re really good. regulation for financial services companies that aims to protect New York state’s financial services industry from an increasing risk of cyber attacks, Governor Andrew Cuomo announced.

The proposed regulation is the first of its kind in the U.S. It requires banks, insurance companies and other financial services institutions that are regulated by the Department of Financial Services (DFS) to establish and maintain a cybersecurity program designed to protect consumers and ensure safety within New York’s financial services industry, according to a DFS press release.”

– Insurance Journal

Legal

The Department of Homeland Security will not classify election systems as critical infrastructure before the November presidential election, DHS Assistant Secretary for Cybersecurity Andy Ozment said at the Billington Cybersecurity Summit Tuesday.

“This is not something we’re looking to in the near future. This is a conversation we’re having in the long term with state and local government, who are responsible for voting infrastructure,” said Ozment, a former senior director for cybersecurity on the National Security Council. “We’re focused right now on what we can usefully offer that local and state government will find valuable.”

– Fedscoop

Retail

“According to an analysis by Have I Been Pwned owner Troy Hunt, the data appears to belong to Bluesnap, a payments processing service.

Hunt says that several Have I Been Pwned users have confirmed that the breach contains accurate personal details, including the ones relating to payment card information.

According to Hunt, the data contains browser user agent details, IP addresses, credit card CVVs, partial credit card data, email addresses, names, phone numbers, physical addresses, and a list of purchases and financial transactions. Hunt says the data spans from March 10, 2014, to May 20, 2016.”

Softpedia

Technology

“Hardware maker Seagate is facing a lawsuit mounted by some of its own employees whose personal information has been lost by the firm.

The data, including names, addresses and social security numbers, was sent out in response to a phishingPhishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. email.

The fake message appeared to come from the firm’s chief executive.

The lawsuit alleges that attackers have already started to make use of the confidential data for fraud but Seagate is contesting those claims.”

BBC

Law Enforcement

“The FBI can no longer hack a suspect’s computer to infect it with spying malwareMalware: A generic term for a software that is designed to disable or otherwise damage computers, networks and computer systems LookingGlass Cyber (n) - another type of cold that can destroy a computer by latching on to destroy other programs. without a warrant, a federal judge in Texas ruled.

Following the child pornography case involving Jeffrey Torres’ activity on dark web child porn site Playpen, US District Judge David Ezra has ruled that secretly collecting information from a computer is still a search under the Fourth Amendment, thus requiring a warrant.

“The Network Investigative Technique (NIT) placed code on Mr Torres’ computer without his permission, causing it to transmit his IP address and other identifying data to the government. That Mr Torres did not have a reasonable expectation of privacy in his IP address is of no import. This was unquestionably a ‘search’ for Fourth Amendment purposes.””

Hot for Security

Defense

“Hackers are claiming to have accounts at major United States government agencies for sale, including NASA, the Navy, and the Department of Veteran Affairs.

The unverified cache found by Infoarmor chief intelligence officer Andrew Komarov includes 33,000 records tied to the US Government, plus research and educational organisations and universities.

Agencies on the list include the US General Services Administration, National Parks Service, and the Federal Aviation Administration. One government data listing visited by The Register promised alleged access to six unnamed accounts for subdomains of the US Navy including 3.5 bitcoins (US$2132).”

The Register

Follow and connect with us on Twitter, Facebook, and LinkedIn if you would like to discuss any of our blogs in more detail!


You May Also Be Interested In…

Additional Posts

Cyber Criminals are Targeting Healthcare, Not Even Your X-Rays are Safe

The healthcare sector remains a fertile target for cyber criminals seeking to steal information and ...

Weekly Phishing Activity: September 19, 2016

Phishing Activity: TOP TARGETS Week of September 11 – September 17, 2016 In this week’s ...