Writing a “Dear CEO” letter to banking executives, the Financial Conduct Authority (FCA) warned executives on June 11, 2018, to perform enhanced due diligence on clients who use or trade cryptocurrency for business transactions. The letter urges banks to check the use and value of cryptocurrencies in the same manner as banks check their clients’ … Continue Reading
A recent State audit has discovered that the Massachusetts Clean Energy Center wired $93,679 to a cyber-criminal in February 2017, and didn’t advise its board about the incident for 7 months. Following the audit, the auditor recommended that the agency conduct a risk assessment, develop written policies and procedures to address the potential for cybercrime, … Continue Reading
This week, Wells Fargo & Co. announced that it will not allow customers to buy cryptocurrency with its credit cards. This follows other banks’ prohibitions on the use of credit cards for the purchase of cryptocurrency over the past several months. Some surmise that the prohibition is due to the volatility in the price of … Continue Reading
We previously reported that the FBI has warned consumers about a nasty malware, known as VPNFilter and believed to have been launched by a Russian government hacking group is infecting hundreds of thousands of small business and home router [view related post here]. Apparently the malware is much worse than anyone thought and Cisco’s Talo … Continue Reading
We have been watching the LabMD/FTC case for a long time. We have written about it [view related posts here], read the book about it that was hand delivered to our office by the CEO of LabMD, debated it in privacy law class and marveled at the energy and focus of Mike Daugherty over the … Continue Reading
President Trump recently signed into law the Economic Growth, Regulatory Relief and Consumer Protection Act, which is already making waves in the financial sector for its repeal of certain Dodd-Frank provisions that were passed in the wake of the 2008 financial crisis. Banks and other financial institutions should take note, however, that the Act also … Continue Reading
Late last week, the Federal Bureau of Investigation (FBI) issued a warning to U.S. consumers that Russian hackers (dubbed Sofacy and a/k/a Fancy Brear and APT28, and believed to be backed by the Russian government) had compromised “hundreds of thousands” of home and office routers through malware known as VPNFilter in order to collect information … Continue Reading
Over the past several weeks, as the GDPR deadline of May 25 loomed, thousands of organizations sent individuals, including U.S. citizens, notices requesting consent and opt-in to receive further communications. Riding on that wave of confusion and inundating emails, criminals have used the implementation of GDPR to their advantage by impersonating legitimate businesses, including financial … Continue Reading
South Carolina Governor Henry McMaster signed the South Carolina Insurance Data Security Act into law on May 3, 2018. The law, parts of which become effective January 1, 2019, requires entities licensed by the Department of Insurance to, “develop, implement and maintain a comprehensive information security program based on the licensee’s Board of Directors, if … Continue Reading
The Federal Bureau of Investigation’s Internet Crime Complaint Center (IC3) recently released its yearly internet crime report, which states that more than 300,000 consumers reported cyber-fraud and malware attacks in 2017, costing over $1.4 billion. Yes, that is with a “b.” The threats at the top of the list reported by consumers include phishing, ransomware … Continue Reading
The U.S. Attorney’s Office in the Southern District of New York has announced that a federal grand jury has returned an indictment against three Florida men who co-founded the cryptocurrency company Centra Tech, Inc. The indictment alleges they defrauded investors of $25 million through conspiracy and securities and wire fraud, and that they lied to … Continue Reading
A new Harris Poll for the American Institute of CPAs (AICPA), which called 1,006 U.S. adults for the report, shows interesting statistics regarding American adults’ attitudes and fears about identity theft and financial loss as a result of cyber intrusions. The poll’s conclusion is that 48 percent of U.S. adults believe that identity theft will … Continue Reading
Chinese cyber espionage and cyber-attack capabilities will continue to support China’s national security and economic priorities,” says Dan Coats, the Director of National Intelligence “Americans should not buy Huawei or ZTE products.” In March 2017 the Chinese Telecom company, ZTE, plead guilty to shipping US technology to Iran and North Korea, and reached a settlement … Continue Reading
Kromtech Security has reported that the sensitive personal information of more than 25,000 investors of Bezop cryptocurrency was exposed when a MongoDB database was left unsecured. The security incident is reported to be linked to a distributed-denial-of-service attack that occurred earlier this year. The investors’ compromised information included their names, addresses, email addresses, photocopies of … Continue Reading
In what is being called a systematic targeting of large health care organizations, pharmaceutical companies, and IT companies and equipment manufacturers that service the health care industry, Symantec has reported that a new hacking group, dubbed “Orangeworm,” is carefully selecting its targets and strategy prior to launching an attack. According to Symantec, the hackers have … Continue Reading
Abbott Laboratories has issued software patches to some of its implantable cardiac devices (manufactured by St. Jude) for cybersecurity flaws and battery issues that have plagued the devices, necessitating the U.S. Food and Drug Administration (FDA) to previously issue warnings to patients about the devices [view related posts here and here]. There are more than … Continue Reading
On April 10, the Federal Financial Institutions Examination Council (FFIEC) members issued a joint statement discussing cyber insurance and its potential role in the risk management programs of financial institutions. Members of the FFEIC include the Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union … Continue Reading
Inogen, which manufactures portable oxygen devices, has alerted the Securities and Exchange Commission in a recent filing that it is notifying 30,000 individuals that their personal information was compromised when a hacker gained access to one of its employees’ email accounts through a phishing scheme. The incident illustrates how the manufacturing sector is continuing to … Continue Reading
The health care industry continues to get hammered by SamSam ransomware attacks, to the point that the Department of Health and Human Services Healthcare Cybersecurity and Communications Integration Center (HCCIC) has issued a report outlining the danger of ongoing SamSam ransomware campaigns, with tips to help organizations detect and block SamSam. According to the report, … Continue Reading
Reports show that U.S. energy companies reported more than 350 cybersecurity incidents to the U.S. Department of Homeland Security between 2011 and 2015. Pipeline companies are included in that statistic. Last week, Energy Transfer Partners (ETP) notified its oil and gas shippers that its pipeline network system was hacked. According to ETP, the hacking targeted … Continue Reading
On the heels of the ransomware that had the City of Atlanta scrambling last week, Mayor Bill de Blasio announced the launch of “NYC Secure,” a free mobile app that will alert New York City residents of suspicious activity detected on their smartphones. According to the Mayor, “New Yorkers aren’t safe online. We can’t wait … Continue Reading
Vendor management continues to be a problem for all industries, but some are scarier than others. The North American Electric Reliability Corp. (NERC) recently provided notice to the Federal Energy Regulatory Commission that an unidentified power company has reached a settlement with the Western Electricity Coordinating Council for $2.7 million to resolve two violations of … Continue Reading
One only needs to read the headlines to understand that critical infrastructure in the U.S., including the energy sector, is an obvious target for malicious actors. According to a new report by Marsh, entitled “Could Energy Industry Dynamics be Creating an Impending Cyber Storm?”, more than one in four respondents of a survey aimed at … Continue Reading
According to the National Institute of Standards and Technology (NIST), the energy sector relies on industrial control systems assets to “generate, transmit, and distribute power and to drill, produce, refine, and transport oil and natural gas.” These industrial control systems include supervisory control and data acquisition (SCADA) systems, distributed control systems, programmable logic controllers and … Continue Reading
