Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

Financial Conduct Authority Warns Banking Industry of ICOs and Cryptocurrency

Writing a “Dear CEO” letter to banking executives, the Financial Conduct Authority (FCA) warned executives on June 11, 2018, to perform enhanced due diligence on clients who use or trade cryptocurrency for business transactions. The letter urges banks to check the use and value of cryptocurrencies in the same manner as banks check their clients’ … Continue Reading

MA Clean Energy Center Victim of Wire Fraud

A recent State audit has discovered that the Massachusetts Clean Energy Center wired $93,679 to a cyber-criminal in February 2017, and didn’t advise its board about the incident for 7 months. Following the audit, the auditor recommended that the agency conduct a risk assessment, develop written policies and procedures to address the potential for cybercrime, … Continue Reading

VPNFilter Worse Than Previously Reported

We previously reported that the FBI has warned consumers about a nasty malware, known as VPNFilter and believed to have been launched by a Russian government hacking group is infecting hundreds of thousands of small business and home router [view related post here]. Apparently the malware is much worse than anyone thought and Cisco’s Talo … Continue Reading

Opening a Bank Account with a Smartphone—Dodd-Frank Roll-Back Making Online Banking Easier

President Trump recently signed into law the Economic Growth, Regulatory Relief and Consumer Protection Act, which is already making waves in the financial sector for its repeal of certain Dodd-Frank provisions that were passed in the wake of the 2008 financial crisis. Banks and other financial institutions should take note, however, that the Act also … Continue Reading

FBI Warning: Russian Hackers Attacking Routers

Late last week, the Federal Bureau of Investigation (FBI) issued a warning to U.S. consumers that Russian hackers (dubbed Sofacy and a/k/a Fancy Brear and APT28, and believed to be backed by the Russian government) had compromised “hundreds of thousands” of home and office routers through malware known as VPNFilter in order to collect information … Continue Reading

Criminals Cashing in on GDPR Privacy Notices

Over the past several weeks, as the GDPR deadline of May 25 loomed, thousands of organizations sent individuals, including U.S. citizens, notices requesting consent and opt-in to receive further communications. Riding on that wave of confusion and inundating emails, criminals have used the implementation of GDPR to their advantage by impersonating legitimate businesses, including financial … Continue Reading

South Carolina Enacts Insurance Data Security Act

South Carolina Governor Henry McMaster signed the South Carolina Insurance Data Security Act into law on May 3, 2018. The law, parts of which become effective January 1, 2019, requires entities licensed by the Department of Insurance to, “develop, implement and maintain a comprehensive information security program based on the licensee’s Board of Directors, if … Continue Reading

Cyber Fraud Cost $1.4 Billion in 2017

The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) recently released its yearly internet crime report, which states that more than 300,000 consumers reported cyber-fraud and malware attacks in 2017, costing over $1.4 billion. Yes, that is with a “b.” The threats at the top of the list reported by consumers include phishing, ransomware … Continue Reading

AICPA Survey Shows U.S. Adults Worried About Identity Theft and Financial Fraud and Concerned Businesses Can’t Protect Their Data

A new Harris Poll for the American Institute of CPAs (AICPA), which called 1,006 U.S. adults for the report, shows interesting statistics regarding American adults’ attitudes and fears about identity theft and financial loss as a result of cyber intrusions. The poll’s conclusion is that 48 percent of U.S. adults believe that identity theft will … Continue Reading

Chinese Telecom Companies in Hot Water

Chinese cyber espionage and cyber-attack capabilities will continue to support China’s national security and economic priorities,” says Dan Coats, the Director of National Intelligence “Americans should not buy Huawei or ZTE products.” In March 2017 the Chinese Telecom company, ZTE, plead guilty to shipping US technology to Iran and North Korea, and reached a settlement … Continue Reading

Bezop Cryptocurrency Investors’ Personal Information Exposed

Kromtech Security has reported that the sensitive personal information of more than 25,000 investors of Bezop cryptocurrency was exposed when a MongoDB database was left unsecured. The security incident is reported to be linked to a distributed-denial-of-service attack that occurred earlier this year. The investors’ compromised information included their names, addresses, email addresses, photocopies of … Continue Reading

“Orangeworm” Targeting Health Care Industry

In what is being called a systematic targeting of large health care organizations, pharmaceutical companies, and IT companies and equipment manufacturers that service the health care industry, Symantec has reported that a new hacking group, dubbed “Orangeworm,” is carefully selecting its targets and strategy prior to launching an attack. According to Symantec, the hackers have … Continue Reading

Abbott Laboratories Releases Patches for Cardiac Devices

Abbott Laboratories has issued software patches to some of its implantable cardiac devices (manufactured by St. Jude) for cybersecurity flaws and battery issues that have plagued the devices, necessitating the U.S. Food and Drug Administration (FDA) to previously issue warnings to patients about the devices [view related posts here and here]. There are more than … Continue Reading

FFIEC Members Issue Joint Statement to Financial Institutions on Role of Cyber Insurance as Risk Management Tool

On April 10, the Federal Financial Institutions Examination Council (FFIEC) members issued a joint statement discussing cyber insurance and its potential role in the risk management programs of financial institutions. Members of the FFEIC include the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union … Continue Reading

Manufacturing Sector Getting Hit with Cyber-Attacks: Portable Oxygen Device Manufacturer Notifies 30,000 Patients of Breach

Inogen, which manufactures portable oxygen devices, has alerted the Securities and Exchange Commission in a recent filing that it is notifying 30,000 individuals that their personal information was compromised when a hacker gained access to one of its employees’ email accounts through a phishing scheme. The incident illustrates how the manufacturing sector is continuing to … Continue Reading

HHS Warns Health Care Organizations About SamSam Ransomware

The health care industry continues to get hammered by SamSam ransomware attacks, to the point that the Department of Health and Human Services Healthcare Cybersecurity and Communications Integration Center (HCCIC) has issued a report outlining the danger of ongoing SamSam ransomware campaigns, with tips to help organizations detect and block SamSam. According to the report, … Continue Reading

Pipeline Companies Targeted by Cyber-Attacks

Reports show that U.S. energy companies reported more than 350 cybersecurity incidents to the U.S. Department of Homeland Security between 2011 and 2015. Pipeline companies are included in that statistic. Last week, Energy Transfer Partners (ETP) notified its oil and gas shippers that its pipeline network system was hacked. According to ETP, the hacking targeted … Continue Reading

Power Company Fined for Contractor Copying Data to its Own Insecure Network

Vendor management continues to be a problem for all industries, but some are scarier than others. The North American Electric Reliability Corp. (NERC) recently provided notice to the Federal Energy Regulatory Commission that an unidentified power company has reached a settlement with the Western Electricity Coordinating Council for $2.7 million to resolve two violations of … Continue Reading

Energy Sector: Hit Hard and Worried

One only needs to read the headlines to understand that critical infrastructure in the U.S., including the energy sector, is an obvious target for malicious actors. According to a new report by Marsh, entitled “Could Energy Industry Dynamics be Creating an Impending Cyber Storm?”, more than one in four respondents of a survey aimed at … Continue Reading

NIST Issues Energy Sector Asset Management Project

According to the National Institute of Standards and Technology (NIST), the energy sector relies on industrial control systems assets to “generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas.” These industrial control systems include supervisory control and data acquisition (SCADA) systems, distributed control systems, programmable logic controllers and … Continue Reading
LexBlog