December 21, 2016
Ajay Kumar, Csoonline.com, December 15, 2016
As we approach the holidays and get ready for 2017, let’s take a moment to review our great work in preventing and defending advisories and attacks on the organizations. We know cyber criminals keep trying to evade the cyber defenses we have deployed. There have been big security incidents and breaches in 2016. Spam and spear phishing email campaigns touched unprecedented heights delivering ransomware to millions of potential victims.
Tim Greene, Networkworld.com, December 14, 2016
Cyber incidents dominated headlines this year, from Russia’s hacking of Democrat emails to internet cameras and DVRs launching DDoS attacks, leaving the impression among many that nothing should be entrusted to the internet.|
These incidents reveal technical flaws that can be addressed and failure to employ best practices that might have prevented some of them from happening.
Samuel Gibbs, Theguardian.com, December 15, 2016
From Yahoo, MySpace and TalkTalk to Ashley Madison and Adult Friend Finder, personal information has been stolen by hackers from around the world. But with each hack there’s the big question of how well the site protected its users’ data. Was it open and freely available, or was it hashed, secured and practically unbreakable?
Brian Krebs, Krebsonsecurity.com, December 14, 2016
Both Adobe and Microsoft on Tuesday issued patches to plug critical security holes in their products. Adobe’s Flash Player patch addresses 17 security flaws, including one “zero-day” bug that is already actively being exploited by attackers. Microsoft’s bundle of updates tackles at least 42 security weaknesses in Windows and associated software.
Steve Ragan, Csoonline.com, December 19, 2016
On Friday, The LA County Chief Executive Office issued a public notice that 756,000 Californians were going to be receiving breach notification letters, after a single Phishing email scammed more than one hundred county employees.
Lucian Constantin, Networkworld.com, December 19, 2016
Cybercriminals are adding file-encrypting features to traditional mobile banking trojans, creating hybrid threats that can steal sensitive information and lock user files at the same time.
Christopher Ensey, Thehill.com, December 16, 2016
In recent years, more and more companies across a range of industries have fallen victim to cyber attacks, including Sony Pictures, Yahoo!, and LinkedIn; however, we have yet to see a successful large scale breach of a major U.S. financial institution.
Darkreading.com, December 19, 2016
Confidential financial data worth tens of millions of about 350 Ameriprise clients were exposed unwittingly by one of its financial advisors while taking a back-up on an Internet-connected drive at home, reports ZDNet. The discovery, by security researcher Chris Vickery of MacKeeper during a random scan with Shodan search engine, has raised questions about the security practices followed by the company’s franchise operators across the US.
Paybefore.com, December 13, 2016
The European Banking Authority (EBA) working with the European Central Bank (ECB) recently released a consultation paper on guidelines for payment service providers (PSPs) to follow in the event of security breaches. Among the suggested mandates is notifying authorities of an incident within two hours from the moment the breach is detected—that’s significantly faster than the breach notification requirements set to go into force next year under the General Data Protection Regulation (GDPR), which requires notice within 72 hours of breach detection. The GDPR also applies to U.S. companies that process information and intend to offer products or services to people in the EU, or monitor people in the EU, according to legal experts at Bryan Cave.
William W. Hellmuth, Adam H. Greene and Rebecca L. Williams, Privsecblog.com, December 13, 2016
What’s worse than receiving an email indicating that you have been selected for an audit by your favorite government regulator? Clicking on a link in the email and discovering that it is a phishing attack that has just compromised your computer and your network.
Taylor Armerding, Csoonline.com, December 19, 2016
How valuable is personal healthcare data?
Apparently it depends. Based on at least some price comparisons on the Dark Web – the underground online marketplace for cyber criminals – electronic health records (EHR) are not even close to premium goods.