Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

FBI Releases Article on IoT Risks

The Federal Bureau of Investigation (FBI) released a Public Service Announcement on August 2, 2018 entitled “Cyber Actors Use Internet of Things Devices as Proxies for Anonymity and Pursuit of Malicious Cyber Activities,” which outlines how cyber criminals search for and compromise vulnerable IoT devices “for use as proxies or intermediaries for Internet requests to … Continue Reading

FBI Issues Private Warning to Banks about Unlimited ATM Cash-outs

On August 10, 2018, the Federal Bureau of Investigation (FBI) issued a private warning to banks that cybercriminals are planning to “conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation.’” A typical unlimited operation uses … Continue Reading

TCM Bank Website Flaw Compromises About 10,000 Customers’ Data

TCM Bank, a subsidiary of ICBA Bancard Inc., notified some 10,000 credit card applicants in the past week that their names, addresses, dates of birth, and Social Security numbers were compromised between March 2017 and the middle of July 2018. TCM assists approximately 750 community and smaller banks with issuing credit cards to account holders. … Continue Reading

Russian Hackers Successfully Phished Hundreds of U.S. Companies Last Year

The Department of Homeland Security (DHS) has indicated that Russian hackers successfully attacked the energy, nuclear, aviation and critical manufacturing sectors through targeted phishing campaigns throughout 2017. According to DHS, the coordinated attacks started in 2016 with one compromise that was dormant for a year until other infiltrations occurred. The hackers targeted real people by … Continue Reading

Putin Gives Trump Computer Chipped Soccer Ball

While meeting with Russian President Vladimir Putin, President Trump was given a soccer ball, symbolic of the 2018 World Cup played in Russia. Bloomberg has reported that the soccer ball contained a chip, known as near-field communication (NFC) tag, which can transmit information to nearby cellphones, presumably including Trump’s as well. The chips can send … Continue Reading

FERC Requires New NERC Reliability Standards for Reporting Cyber Incidents

The Federal Energy Regulatory Commission (FERC) announced on July 19, 2018, that it is directing the North American Electric Reliability Corporation (NERC) “to develop and submit modifications to the NERC Reliability Standards to augment the mandatory reporting of cybersecurity incidents, including incidents that might facilitate subsequent efforts to harm the reliable operation of the bulk … Continue Reading

Virginia Bank, Hacked Twice with Phishing Schemes, Losing $2.4 Million

In a lawsuit against its insurance company requesting reimbursement for close to $2.4 million from two different hacking incidents, National Bank of Blacksburg detailed the intrusions, which are instructive of a sophisticated scheme against the financial services industry. According to the lawsuit, the first theft took place on Memorial Day weekend of 2016. In that … Continue Reading

iPhone Users Targeted by New Malware Campaign

Cisco Talos has discovered a new menace to iPhone users—a sophisticated malware campaign targeting iPhones to trick users into downloading an open-source Mobile Device Management (MDM) solution that gives the hackers control of the phone. It is reported that Cisco and Apple are working together to combat the threat. According to reports, once the MDM … Continue Reading

FDA Classifies St. Jude Defibrillators as Class 2 Recalls for Cybersecurity Updates

We have previously reported on the ongoing cybersecurity issues with St. Jude defibrillators [view related posts here, here, and here]. On June 29, 2018, the Food and Drug Administration (FDA) classified the required firmware updates to St. Jude defibrillators as Class 2 recalls, which is the medium-severity category of classifications that is applicable to issues … Continue Reading

Missouri Hospital Diverts Patients, Shuts Down EHR due to Ransomware Attack

On July 9, 2018, Cass Regional Medical Center (CRMC) in Harrisonville, Missouri was hit with a ransomware attack that led to a complete shutdown of its electronic health record (EHR) and the diversion of trauma and stroke patients. According to CRMC, the attack affected CRMC’s internal communications system and “access to” its EHR. In response, … Continue Reading

Ticketmaster Hit With Malware Compromising UK Customers’ Data

Ticketmaster has reported that it has “identified malicious software on a customer support product hosted by Inbenta Technologies, an external third-party supplier to Ticketmaster.” As a result, UK customers who bought theater, concert or sporting event tickets between February and June 23, 2018, may have been affected by the breach. The malware deployed was designed … Continue Reading

Are Your APIs Secure?

Application Programming Interface (API), provides a way for programmers and developers to allow systems to exchange data with one another. For instance, all of your company’s important employee data may be contained in Active Directory (AD), but it also needs to be contained in the firm’s CRM system. Instead of having to perform tedious manual … Continue Reading

Chilean Bank Struck by “Virus” that Steals $10 Million

Just weeks after Mexico’s central bank was targeted by hackers who stole $15 million, Chile’s biggest bank, Banco de Chile, announced on May 28, 2018, that it had been struck by a “virus” that affected its workstations, including malware that contained disk-wiping capabilities. The malware sabotaged approximately 9,000 master boot records of the bank’s computers … Continue Reading

Hackers Steal $31 Million in Cryptocurrency from Bithumb

Bithumb, located in South Korea and ranked the seventh largest cryptocurrency exchange, has confirmed that it was hacked and that the thieves absconded with approximately $32 million in coins, including the XRP token issued by Ripple. Following the hack, the exchange stopped processing cryptocurrency deposits and withdrawals and moved assets offline. Bithumb has reported that … Continue Reading

FBI and DHS Warn of Malicious Malware (HIDDEN COBRA) Attributed to North Korea

Just days after the summit between the U.S. and North Korea, the Federal Bureau of Investigation (FBI) and the Department of Homeland Security issued a warning about a malicious malware, a Trojan malware variant known as “TYPEFRAME,” has been dubbed HIDDEN COBRA, which is believed to be backed by the North Korean government and is … Continue Reading

Financial Conduct Authority Warns Banking Industry of ICOs and Cryptocurrency

Writing a “Dear CEO” letter to banking executives, the Financial Conduct Authority (FCA) warned executives on June 11, 2018, to perform enhanced due diligence on clients who use or trade cryptocurrency for business transactions. The letter urges banks to check the use and value of cryptocurrencies in the same manner as banks check their clients’ … Continue Reading

MA Clean Energy Center Victim of Wire Fraud

A recent State audit has discovered that the Massachusetts Clean Energy Center wired $93,679 to a cyber-criminal in February 2017, and didn’t advise its board about the incident for 7 months. Following the audit, the auditor recommended that the agency conduct a risk assessment, develop written policies and procedures to address the potential for cybercrime, … Continue Reading

VPNFilter Worse Than Previously Reported

We previously reported that the FBI has warned consumers about a nasty malware, known as VPNFilter and believed to have been launched by a Russian government hacking group is infecting hundreds of thousands of small business and home router [view related post here]. Apparently the malware is much worse than anyone thought and Cisco’s Talo … Continue Reading

Opening a Bank Account with a Smartphone—Dodd-Frank Roll-Back Making Online Banking Easier

President Trump recently signed into law the Economic Growth, Regulatory Relief and Consumer Protection Act, which is already making waves in the financial sector for its repeal of certain Dodd-Frank provisions that were passed in the wake of the 2008 financial crisis. Banks and other financial institutions should take note, however, that the Act also … Continue Reading

FBI Warning: Russian Hackers Attacking Routers

Late last week, the Federal Bureau of Investigation (FBI) issued a warning to U.S. consumers that Russian hackers (dubbed Sofacy and a/k/a Fancy Brear and APT28, and believed to be backed by the Russian government) had compromised “hundreds of thousands” of home and office routers through malware known as VPNFilter in order to collect information … Continue Reading
LexBlog