Most Notable Info
Since news of the Target breach broke four months ago, it seems like more and more data breaches are happening with retailers. Any kind of data breach is scary and daunting, but when it comes to retail cybersecurity threats and our financial information being at risk, the threat feels bigger. When a hacker has found a way into your bank account and taken your money, the immediate impact is real.The good news for retailers and consumers is that the National Retail Federation just announced that they are creating an industry information sharing and analysis center (ISAC) for retailers and merchants. What this program will do is “provide retailers cyber security information from government, law enforcement agencies, retailers, and partners in the financial services sector.” This is good news because this can help big and small businesses protect themselves and their customers from devastating data breaches.
With the retail community on board with sharing and collaborating on cybersecurity issues and protocols, they are also stressing the importance of knowing that there isn’t one solution to keep all cyber-attacks from being successful, “Implementing robust security solutions with innovative technologies and information sharing to protect consumer data and the integrity of our payment systems is a start, but we will always need to stay one step ahead of these determined criminals.”
Being proactive and aware of the threats that exist is a critical element in staying secure and protected.
On to the daily roundup...
IT – Gravity 42, Risk 43The Galaxy S5 is brand new, but the fingerprint scanner has already been hacked by the same "fake finger" method which works on iPhones. The permissions on the Samsung, however, mean this method could work after a reboot and even let an attacker use PayPal. If you use fingerprint authentication, keep some backstops in place.goo.gl/m30wiJ
Top Targets: Management Software- Orbit Open Ad Server
GOVERNMENT – Gravity 19, Risk 21
The Canadian Revenue Agency reports that 900 taxpayers had their social insurance numbers exposed in a breach stemming from the infamous heartbleed exploit. In a statement, the agency said it is analyzing data to understand that breach. The CRA will notify individuals about the breach and offer free credit protection. goo.gl/xfyALY
Top Targets: Data- Social Insurance Numbers (SINs)
FINANCIALS – Gravity 13, Risk 19
The Bulgarian-based Bitcoin exchange BTC-e went down briefly Sunday after a DDoS attack on their server. The company made a statement that nothing was taken and that this DDoS attack was similar to previous attacks and "not special in anyway". bit.ly/1iT4Mpp
Top Targets: Financial Networks- Cryptocurrency exchanges
OTHER ORGANIZATIONS – Gravity 10, Risk 14
The Veterans of Foreign Wars Organization suffered a major data breach losing approximately 55,000 records to alleged Chinese hackers. The VFM knew about the breach in early March and informed affected veterans in a letter.bit.ly/1etFiml
Top Targets: Users- Anonymous members
CONSUMER GOODS – Gravity 5, Risk 7
The National Retail Federation, the world’s largest retail trade association, plans to create an information sharing and analysis center that will help companies deal with cyber threats in the retail and merchant industry. It will be developed in partnership with the Financial Services Information Sharing and Analysis Center. goo.gl/VY6OxF
Top Targets: Mobile Device- News Corp. consumers phones
UTILITIES – Gravity 1, Risk 6
A report from Connecticut state utility regulators reveals that electric, natural gas and water companies and regional distribution systems have been penetrated by hackers and other cyber attackers, but that defenses prevented interruption. The report does not specify incidents or elaborate publicly on security details.goo.gl/Or10Kf
Top Targets: Infrastructure- Crucial infrastructure
HEALTHCARE – Gravity 1, Risk 3
Personal details of nearly 500,000 people who sought information about plastic surgery via the UK's Harley Medical Group’s website were stolen in an apparent bid to blackmail the company. The stolen details submitted by potential customers include phone numbers, email address and date of birth. goo.gl/hkrIXn
Top Targets: Patients- La Palma Intercommunity Hospital's patients
ENTERTAINMENT – Gravity 2, Risk 2
Three major record labels are suing Russian social media website vKontakte. The labels claim the company fosters large scale music piracy. Sony Music Russia, Universal Music Russia, and Warner Music UK filed suit in court. The labels claim the site stores a user generated catalogue of music and has refused to a licensing deal. goo.gl/LtIiVj
Top Targets: Web Presence- Tens of pornographic websites
INDUSTRIALS – Gravity 1, Risk 2
US Airways apologized for tweeting an explicit photo in response to a customer complaint. In a statement, the airline says it was trying to flag the image but it was mistakenly included. One social media mistake can harm your brand, especially if you are a small business. Therefore, managing social media is recommended. goo.gl/k6Gid8
Top Targets: Social Media Accounts- US Airways Twitter account
TELECOM – Gravity 1, Risk 1
The internet is awash with various sites who may have been affected by heartbleed but very few go into detail about the appropriate mobile devices. Here is a comprehensive list of what heartbleed means to mobile devices and apps. Yes, your phone could have been or may be vulnerable as well. onforb.es/1gWS2wK
Top Targets: Users- AT&T Inc. website Apple iPad users
ENERGY – Gravity 1, Risk 1
The New York Times released an article discussing watering hole attacks aimed at an unknown energy company. Hackers compromised a food takeout website popular with employees. The compromised website enabled the hackers to upload malicious code onto the victims computers, giving the attackers a foothold in the targeted network. goo.gl/sNtody
Top Targets: Desktop/Laptops-Oil company private computers
MATERIALS – Gravity 0, Risk 0
On Sunday Anonymous attacked the Monsato Brazil website via a DDoS and took it offline. This is not the first attack Anonymous has conducted against Monsato. The hacktivist organization is protesting the use of GE Trees that they claim poisons land and displaces communities in Latin America. inagist.com/all/4478...
No comments:
Post a Comment