Wire transfer requests top the list of business email compromise (BEC) objectives, according to a study by Barracuda Networks. Additional objectives laid out by the report include duping users into clicking on malicious links, establishing rapport and stealing information, with the end goal of extorting millions of dollars from unsuspecting companies:
Source: Bank Info Security
Self-described as "The World's Favorite Airline," British Airways has confirmed a data breach that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks. The airline has been calling it data theft, rather than a breach, which could indicate someone with inside access may have stolen the information.
Threat management group RiskIQ determined the attack was perpetrated by MageCart, a group known for compromising other websites including Ticketmaster and Feedify. Similar to a physical credit card skimmer at an ATM, MageCart injects a malicious script onto a website’s payment page to skim credit card details from consumers:
Sources: The Hacker News and Bleeping Computer
A Fortune 500 Company recently found itself infected with a cryptocurrency miner using EternalBlue.
WannaCry, which infected upwards of 300,000 computers worldwide in May 2017, was potent because it used an exploit called EternalBlue that had been stolen or leaked from the U.S. National Security Agency.
The exploit took advantage of a Windows vulnerability, designated CVE-2017-0144, in Microsoft's Server Message Block protocol, which remained widely unpatched when WannaCry hit:
Source: Bank Info Security
Government Payment Service Inc. has leaked more than 14 million customer records dating back at least six years, including names, addresses, phone numbers and the last four digits of the payer’s credit card.
Source: Krebs on Security
Scan4You, a notorious cornerstone of the cybercrime-as-a-service economy that allowed malware developers to easily create code to bypass anti-virus defenses, has been dismantled and its Latvian technical administrator has been sent to prison.
While this is welcome news, in reality, it’s no more than a temporary reprieve; demand remains high and cyber criminals will look to set up an alternative to take its place:
For more information about cyber risks or related issues, please contact us.
Jake Omann specializes in providing clients with risk management and executive risk services that cover their liabilities as a corporation, as well as the personal liabilities of their directors and officers. He started his career over 10 years ago in sales at a multinational financial services co
Jake Omann specializes in providing clients with risk management and executive risk services that cover their liabilities as a corporation, as well as the personal liabilities of their directors and officers. He started his career over 10 years ago in sales at a multinational financial services corporation before beginning his broker career in managing executive risk programs for Fortune 500 companies. Jake currently sits on the board for ACES for Kids.
This month's Threat Intelligence Report is about a large hotel chain that reports an “unauthorized access” to its customer database since 2014, exposing data of 500 million guests; a vulnerability in a postal service site that left 60 million customers exposed for more than a year; a third-party vendor breach that exposes data of millions of healthcare patients; a new report that profiles notorious MageCart cyber criminals; court documents that reveal first-ever indictment on ransomware charges; and a bundled pack that makes SamSam and other ransomware easier for hackers to obtain and deploy.
Massive Q&A website Quora suffers a data breach, exposing 100 million users. Signet Jewelers, the parent company of retailers Jared and Kay Jewelers, has fixed a vulnerability found in its websites. Adobe released update closing Flash Player backdoor vulnerability. Schools, government agencies and private organizations were the target of bomb threat emails that struck nationwide in December 2018. Microsoft urges users to install updates preventing Internet Explorer vulnerability.Researchers at Trend Micro have identified a new type of malware hidden in memes posted to the social media site, Twitter. Malware targets online shoppers with "convincing" Amazon emails.
Send a Message
Find a Location