TCM Bank, a subsidiary of ICBA Bancard Inc., notified some 10,000 credit card applicants in the past week that their names, addresses, dates of birth, and Social Security numbers were compromised between March 2017 and the middle of July 2018. TCM assists approximately 750 community and smaller banks with issuing credit cards to account holders. … Continue Reading
The Department of Homeland Security (DHS) has indicated that Russian hackers successfully attacked the energy, nuclear, aviation and critical manufacturing sectors through targeted phishing campaigns throughout 2017. According to DHS, the coordinated attacks started in 2016 with one compromise that was dormant for a year until other infiltrations occurred. The hackers targeted real people by … Continue Reading
While meeting with Russian President Vladimir Putin, President Trump was given a soccer ball, symbolic of the 2018 World Cup played in Russia. Bloomberg has reported that the soccer ball contained a chip, known as near-field communication (NFC) tag, which can transmit information to nearby cellphones, presumably including Trump’s as well. The chips can send … Continue Reading
The Federal Energy Regulatory Commission (FERC) announced on July 19, 2018, that it is directing the North American Electric Reliability Corporation (NERC) “to develop and submit modifications to the NERC Reliability Standards to augment the mandatory reporting of cybersecurity incidents, including incidents that might facilitate subsequent efforts to harm the reliable operation of the bulk … Continue Reading
In a lawsuit against its insurance company requesting reimbursement for close to $2.4 million from two different hacking incidents, National Bank of Blacksburg detailed the intrusions, which are instructive of a sophisticated scheme against the financial services industry. According to the lawsuit, the first theft took place on Memorial Day weekend of 2016. In that … Continue Reading
It is being reported that a hacker is attempting to sell on the dark web classified U.S. Air Force documents related to the MQ-9 drone program. The reports state that a single hacker with moderate technical skills was able to infiltrate the computer of “a captain at the 432nd Aircraft Maintenance Squadron Reaper AMU OIC” … Continue Reading
Cisco Talos has discovered a new menace to iPhone users—a sophisticated malware campaign targeting iPhones to trick users into downloading an open-source Mobile Device Management (MDM) solution that gives the hackers control of the phone. It is reported that Cisco and Apple are working together to combat the threat. According to reports, once the MDM … Continue Reading
A new report issued by Positive Technologies finds that cyber incidents have increased 32 percent from the first quarter of 2017 to the first quarter of 2018. It also notes that the theft of account credentials is on the rise. Alarmingly, the report states that the greatest increase in cyber-attacks was the use of malware … Continue Reading
We have previously reported on the ongoing cybersecurity issues with St. Jude defibrillators [view related posts here, here, and here]. On June 29, 2018, the Food and Drug Administration (FDA) classified the required firmware updates to St. Jude defibrillators as Class 2 recalls, which is the medium-severity category of classifications that is applicable to issues … Continue Reading
On July 9, 2018, Cass Regional Medical Center (CRMC) in Harrisonville, Missouri was hit with a ransomware attack that led to a complete shutdown of its electronic health record (EHR) and the diversion of trauma and stroke patients. According to CRMC, the attack affected CRMC’s internal communications system and “access to” its EHR. In response, … Continue Reading
Ticketmaster has reported that it has “identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.” As a result, UK customers who bought theater, concert or sporting event tickets between February and June 23, 2018, may have been affected by the breach. The malware deployed was designed … Continue Reading
Application Programming Interface (API), provides a way for programmers and developers to allow systems to exchange data with one another. For instance, all of your company’s important employee data may be contained in Active Directory (AD), but it also needs to be contained in the firm’s CRM system. Instead of having to perform tedious manual … Continue Reading
Just weeks after Mexico’s central bank was targeted by hackers who stole $15 million, Chile’s biggest bank, Banco de Chile, announced on May 28, 2018, that it had been struck by a “virus” that affected its workstations, including malware that contained disk-wiping capabilities. The malware sabotaged approximately 9,000 master boot records of the bank’s computers … Continue Reading
Bithumb, located in South Korea and ranked the seventh largest cryptocurrency exchange, has confirmed that it was hacked and that the thieves absconded with approximately $32 million in coins, including the XRP token issued by Ripple. Following the hack, the exchange stopped processing cryptocurrency deposits and withdrawals and moved assets offline. Bithumb has reported that … Continue Reading
Just days after the summit between the U.S. and North Korea, the Federal Bureau of Investigation (FBI) and the Department of Homeland Security issued a warning about a malicious malware, a Trojan malware variant known as “TYPEFRAME,” has been dubbed HIDDEN COBRA, which is believed to be backed by the North Korean government and is … Continue Reading
Writing a “Dear CEO” letter to banking executives, the Financial Conduct Authority (FCA) warned executives on June 11, 2018, to perform enhanced due diligence on clients who use or trade cryptocurrency for business transactions. The letter urges banks to check the use and value of cryptocurrencies in the same manner as banks check their clients’ … Continue Reading
A recent State audit has discovered that the Massachusetts Clean Energy Center wired $93,679 to a cyber-criminal in February 2017, and didn’t advise its board about the incident for 7 months. Following the audit, the auditor recommended that the agency conduct a risk assessment, develop written policies and procedures to address the potential for cybercrime, … Continue Reading
This week, Wells Fargo & Co. announced that it will not allow customers to buy cryptocurrency with its credit cards. This follows other banks’ prohibitions on the use of credit cards for the purchase of cryptocurrency over the past several months. Some surmise that the prohibition is due to the volatility in the price of … Continue Reading
We previously reported that the FBI has warned consumers about a nasty malware, known as VPNFilter and believed to have been launched by a Russian government hacking group is infecting hundreds of thousands of small business and home router [view related post here]. Apparently the malware is much worse than anyone thought and Cisco’s Talo … Continue Reading
We have been watching the LabMD/FTC case for a long time. We have written about it [view related posts here], read the book about it that was hand delivered to our office by the CEO of LabMD, debated it in privacy law class and marveled at the energy and focus of Mike Daugherty over the … Continue Reading
President Trump recently signed into law the Economic Growth, Regulatory Relief and Consumer Protection Act, which is already making waves in the financial sector for its repeal of certain Dodd-Frank provisions that were passed in the wake of the 2008 financial crisis. Banks and other financial institutions should take note, however, that the Act also … Continue Reading
Late last week, the Federal Bureau of Investigation (FBI) issued a warning to U.S. consumers that Russian hackers (dubbed Sofacy and a/k/a Fancy Brear and APT28, and believed to be backed by the Russian government) had compromised “hundreds of thousands” of home and office routers through malware known as VPNFilter in order to collect information … Continue Reading
Over the past several weeks, as the GDPR deadline of May 25 loomed, thousands of organizations sent individuals, including U.S. citizens, notices requesting consent and opt-in to receive further communications. Riding on that wave of confusion and inundating emails, criminals have used the implementation of GDPR to their advantage by impersonating legitimate businesses, including financial … Continue Reading
South Carolina Governor Henry McMaster signed the South Carolina Insurance Data Security Act into law on May 3, 2018. The law, parts of which become effective January 1, 2019, requires entities licensed by the Department of Insurance to, “develop, implement and maintain a comprehensive information security program based on the licensee’s Board of Directors, if … Continue Reading
