Threat Intelligence Blog

threat intelligence news

This weekly brief highlights the latest threat intelligence news to provide insight into the latest threats to various industries.

Insurance/Healthcare

“So far in 2017, hacking incidents continue to affect the largest number of individuals impacted by major health data breaches. Meanwhile, incidents involving lost or stolen unencrypted computing devices continue to decline, according to the latest snapshot of the federal breach tally.

As of March 9, 50 major breaches impacting 424,286 individuals have been added to the Department of Health and Human Services’ Office for Civil Rights’ “wall of shame” website of major breaches affecting 500 or more individuals.

Of those 2017 incidents, 20 are listed as unauthorized access/disclosure breaches; 14 are hacking incidents; and 14 are breaches involving loss/theft of protected health information. Of the incidents involving loss or theft, eight involved paper/film records, and six involved unencrypted desktop or laptop computers, or other portable devices.

As of March 9, more than 171.66 million individuals in total have been impacted by the 1,852 major breaches that have been reported to HHS since September 2009.”

– Healthcare Info Security

Information Security

“The CVE-2017-5638 remote code execution zero-day has been exploiting by attackers in the wild, it affects Struts 2.3.5 through 2.3.31 and Struts 2.5 through 2.5.10.

According to the experts from Cisco Talos, the flaw affects the Jakarta-based file upload Multipart parser under Apache Struts 2.

Tinfoil Security has published an online tool that allows website owners to check if they are vulnerable to CVE-2017-5638 attacks.

The issue was first spotted by the Chinese developer Nike Zheng, the attack sends an invalid Content-Type value to the uploader throwing an exception creating the condition for the remote code execution.

The issue is documented at Rapid7’s Metasploit Framework GitHub site and attackers in the wild are exploiting a publicly available PoC code that triggers the vulnerability.”

The Hacker News

Pharmaceuticals

“The personal information of approximately 7,500 British Columbians may have been compromised through the provincial government’s PharmaNet system, according to the Ministry of Health.

A letter from the ministry was sent last week to B.C residents affected by the breach. The letter says an “unknown/unauthorized person obtained and used a physician’s login to access PharmaNet.”

PharmaNet is the province-wide network that links all B.C. pharmacies to a central information system.”

CBC News

Retail

“Verifone, the company behind many of the payment systems you see at retailers across the country, is reportedly the latest hack attack victim.

Krebs on Security reports that Verifone, the largest maker of credit and debit card payment terminals, is investigating a breach of its corporate computer networks that may have targeted payment systems at dozens of gas stations.

The company tells Krebs that the possible breach, which began sometime in January, does not affect its payment service networks used by hundreds of retailers.”

Consumerist

Technology

“The United States announced charges Wednesday against two Russian intelligence officers and two hackers, accusing them of a mega data breach at Yahoo that affected at least a half billion user accounts.

The hack targeted the email accounts of Russian and U.S. officials, Russian journalists, and employees of financial services and other businesses, officials said.”

Yahoo News

Defense

“Chinese state-sponsored actors are spying on military and aerospace interests in Russia and Belarus. According to the experts from Proofpoint, the attacks began in the summer of 2016, the Chinese hackers launched a spear-phishing campaign leveraging a new downloader known as ZeroT in order to deliver the PlugX RAT.

Researchers explained that in the past the same threat actors conducted spear-phishing campaigns using Microsoft Word document attachments that were able to trigger the CVE-2012-0158, or containing malicious URLs pointing to .rar-compressed executable nasties.”

Security Affairs

Follow and connect with us on Twitter, Facebook, and LinkedIn if you would like to discuss any of our blogs in more detail!


You May Also Be Interested In…

Additional Posts

LookingGlass Cyber Solutions Inaugurates New Corporate Headquarters

Reston, VA – March 22, 2017—LookingGlass™ Cyber Solutions, a leader in threat ...

Weekly Phishing Activity: March 21, 2017

Phishing Activity: TOP TARGETS Week of March 12 – March 19, 2017 This week, we saw a ...