INFOSECURITY NEWSLETTER

December 21, 2016

A look back to 2016 and what to expect in 2017 in cybersecurity space

Ajay Kumar, Csoonline.com, December 15, 2016

As we approach the holidays and get ready for 2017, let’s take a moment to review our great work in preventing and defending advisories and attacks on the organizations. We know cyber criminals keep trying to evade the cyber defenses we have deployed. There have been big security incidents and breaches in 2016. Spam and spear phishing email campaigns touched unprecedented heights delivering ransomware to millions of potential victims.

Read More

Lessons learned from the 7 major cyber security incidents of 2016

Tim Greene, Networkworld.com, December 14, 2016

Cyber incidents dominated headlines this year, from Russia’s hacking of Democrat emails to internet cameras and DVRs launching DDoS attacks, leaving the impression among many that nothing should be entrusted to the internet.|
These incidents reveal technical flaws that can be addressed and failure to employ best practices that might have prevented some of them from happening.

Read More

Passwords and hacking: the jargon of hashing, salting and SHA-2 explained

Samuel Gibbs, Theguardian.com, December 15, 2016

From Yahoo, MySpace and TalkTalk to Ashley Madison and Adult Friend Finder, personal information has been stolen by hackers from around the world. But with each hack there’s the big question of how well the site protected its users’ data. Was it open and freely available, or was it hashed, secured and practically unbreakable?

Read More

New Critical Fixes for Flash, MS Windows

Brian Krebs, Krebsonsecurity.com, December 14, 2016

Both Adobe and Microsoft on Tuesday issued patches to plug critical security holes in their products. Adobe’s Flash Player patch addresses 17 security flaws, including one “zero-day” bug that is already actively being exploited by attackers. Microsoft’s bundle of updates tackles at least 42 security weaknesses in Windows and associated software.

Read More

Phishing email scams 108 government employees, 756,000 people affected by breach

Steve Ragan, Csoonline.com, December 19, 2016

On Friday, The LA County Chief Executive Office issued a public notice that 756,000 Californians were going to be receiving breach notification letters, after a single Phishing email scammed more than one hundred county employees.

Read More

Mobile banking trojans adopt ransomware features

Lucian Constantin, Networkworld.com, December 19, 2016

Cybercriminals are adding file-encrypting features to traditional mobile banking trojans, creating hybrid threats that can steal sensitive information and lock user files at the same time.

Read More

New York’s cybersecurity regulations may seem burdensome, but they’re necessary

Christopher Ensey, Thehill.com, December 16, 2016

In recent years, more and more companies across a range of industries have fallen victim to cyber attacks, including Sony Pictures, Yahoo!, and LinkedIn; however, we have yet to see a successful large scale breach of a major U.S. financial institution.

Read More

Financial Data Worth Millions Unwittingly Exposed In Ameriprise Accounts

Darkreading.com, December 19, 2016

Confidential financial data worth tens of millions of about 350 Ameriprise clients were exposed unwittingly by one of its financial advisors while taking a back-up on an Internet-connected drive at home, reports ZDNet. The discovery, by security researcher Chris Vickery of MacKeeper during a random scan with Shodan search engine, has raised questions about the security practices followed by the company’s franchise operators across the US.

Read More

EBA’s Proposed Guidelines Call for 2-Hour Notice of Data Breach

Paybefore.com, December 13, 2016

The European Banking Authority (EBA) working with the European Central Bank (ECB) recently released a consultation paper on guidelines for payment service providers (PSPs) to follow in the event of security breaches. Among the suggested mandates is notifying authorities of an incident within two hours from the moment the breach is detected—that’s significantly faster than the breach notification requirements set to go into force next year under the General Data Protection Regulation (GDPR), which requires notice within 72 hours of breach detection. The GDPR also applies to U.S. companies that process information and intend to offer products or services to people in the EU, or monitor people in the EU, according to legal experts at Bryan Cave.

Read More

No Phishing: OCR Warns of Phishing Attempts Disguised as Official HIPAA Audit Program Emails

William W. Hellmuth, Adam H. Greene and Rebecca L. Williams, Privsecblog.com, December 13, 2016

What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just compromised your computer and your network.

Read More

Medical data: Accessible and irresistible for cyber criminals

Taylor Armerding, Csoonline.com, December 19, 2016

How valuable is personal healthcare data?
Apparently it depends. Based on at least some price comparisons on the Dark Web – the underground online marketplace for cyber criminals – electronic health records (EHR) are not even close to premium goods.

Read More
Infosecurity Newsletter Archive

June 2018: 6th

May 2018: 2nd, 9th, 30th

April 2018: 4th, 11th, 18th, 25th

March 2018: 7th, 14th, 21st, 28st

February 2018: 7th, 14th, 21st, 28th

January 2018: 3rd, 10th, 17th, 24th, 31st

December 2017: 6th, 13th, 20th

November 2017: 1st, 15th, 29th

October 2017: 4th, 11th, 18th, 25th

September 2017: 6th, 13th, 20th, 27th

August 2017: 2nd, 9th, 16th, 23rd, 30th

July 2017: 5th, 12th, 19th, 26th

June 2017: 7th, 14th, 21st, 28th

May 2017: 3rd, 10th, 17th, 24th, 31st

April 2017: 5th, 12th, 19th, 26th

March 2017: 1st, 8th, 15th, 22nd, 29th

February 2017: 1st, 8th, 13th, 22nd

January 2017: 4th, 11th, 18th, 24th

December 2016: 7th, 14th, 21st, 28th