shutterstock_490960141-1

Industry News: ESG5

Know Your Breach: British Airways

The target: British Airways, the largest airline in the United Kingdom.

The take: Payment card information for more than 380,000 customers.

The attack vector: By injecting altered scripts into third-party webpages called during the payment and check-out process, malicious actors performed a digital ‘card skimming’ attack, stealing payment card information from BA’s clients from August and September of 2018.

Read more...

California Proposes Tougher Customer Protections After Data Breaches

2019-02-20

CNN: California officials proposed legislation that, if passed, would set stricter guidelines for when companies need to inform customers of a data breach. The bill would require companies to notify California residents when their passport, passport card or green card numbers are compromised in data breaches. It would also require customers be notified of compromised biometric information such as fingerprints...

Read more...

AI cybersecurity Specialist Senseon Secures USD6.4m in Seed Funding

2019-02-20

PrivateEquityWire: Senseon, an AI platform for cyber defence, has completed a USD6.4 million seed funding round led by venture capital fund MMC Ventures, alongside Mark Weatherford, former Deputy Under Secretary for Cybersecurity, US Department of Homeland Security. Additional investors include Amadeus Capital Partners, Crane Venture Partners and CyLon. The funding will allow Senseon to continue its rapid expansion in the UK and increase its presence in EMEA and the US...

Read more...

Was Jeff Bezos the Weak Link in Cyber Security?

2019-02-16

BBC: Mr Bezos is the world's richest man, building his fortune via a company that is transforming the way we live with innovative technology. His business, Amazon, has cyber-security at the heart of everything it does. So how come he risked sending highly embarrassing photos to his lover's phone only to see them hacked and end up in the hands of a tabloid newspaper?...

Read more...

Cyber Security Provider Palo Alto to Buy Demisto for $560 Million

2019-02-19

Reuters: Cyber security company Palo Alto Networks Inc said on Tuesday it would buy U.S.-Israeli information security firm Demisto Inc for $560 million in cash and stock. Demisto, founded in 2015 by four McAfee executives, develops and markets automation tools for information security management, including a chatbot that assists in handling tasks...

Read more...

Healthcare Cyber Security Market to Reach $12.46 Bn, Globally, by 2023 at 15.6% CAGR: Allied Market Research

2019-02-18

PRNewswire: Rise in cyber-attacks, increase in demand for cloud services, and favorable regulatory requirements & government policies facilitate the growth in the global healthcare cyber security market...

Read more...

Employees are Major Risk to Employers’ Cyber Security, Study Finds

2019-02-18

IrishTimes: Employees are still the weak link in the security system, with poor habits that potentially put organisations at risk of critical data and intellectual property loss, and severe legal and reputational repercussions, new research from Microsoft has found...

Read more...

Chinese And Iranian Hackers Increase Cyber Attacks On US

2019-02-18

Telegraph: Businesses and government agencies in the United States have been targeted in aggressive attacks by Iranian and Chinese hackers who security experts believe have been energized by President Trump’s withdrawal from the Iran nuclear deal last year and his trade conflicts with China...

Read more...

Know Your Breach: Aadhaar

The target: India’s national ID database, Aadhaar.

The take: Names, unique identity numbers, bank details and other private information for more than 1.1 billion registered Indian citizens.

The attack vector: One utility’s channel to access the Aadhaar database was without any access control in place, used a hardcoded access token, and enforced zero rate-limiting – meaning that an attacker could cycle through all possible Aadhaar numbers and obtain information every time a valid number was hit.

Read more...

Cyber attack on Malta bank tried to transfer cash abroad

2019-02-13

Reuters: Prime Minister Joseph Muscat told parliament the cyber attack involved the creation of false international payments totaling 13 million euros ($14.7 million) to banks in Britain, the United States, the Czech Republic and Hong Kong...

Read more...

Home Loan Details of 100,000 Customers Hacked in Major Data Breach

2019-02-12

TheSydneyMorningHerald: The nation's biggest banks are scrambling to contact up to 100,000 customers who may have been caught up in a major data breach at property valuation firm, LandMark White. The breach, which LandMark White first revealed late on Friday, could include property valuations and personal contact information of home owners, residents, and property agents, including first and last names, residential addresses and contact numbers...

Read more...

The Great Equifax Mystery: 17 Months Later, The Stolen Data Has Never Been Found, and Experts are Starting to Suspect a Spy Scheme

2019-02-13

CNBC: It was the consumer data security scandal of the decade. The information included Social Security numbers, driver's license numbers, information from credit disputes and other personal details. CEO Richard Smith stepped down under fire. Lawmakers changed credit freeze laws and instilled new regulatory oversight of credit ratings agencies. Then, something unusual happened. The data disappeared completely...

Read more...

Hong Kong Banks Must Step Up Cybersecurity, Protect Customers’ Data as Online Scams Multiply, Warns Industry Leader

2019-02-13

SouthChinaMorningPost: Mary Huen Wai-yi, chairwoman of the Hong Kong Association of Banks (HKAB), said that as lenders have rolled out more digital banking services allowing customers to conduct transactions on their computers or smartphones, so the risks have multiplied. Her concerns are supported by figures from the Hong Kong Monetary Authority (HKMA), the city’s de facto central bank, which show cyberattacks on banks doubled last year. Online scams – including false banking websites, phishing emails and fake banking apps – reached 142 cases in 2018, a threefold increase from the 44 reported incidents in 2017 and a big leap from 35 a year before that...

Read more...

Russia considers 'unplugging' from internet

2019-02-11

BBC: The test will mean data passing between Russian citizens and organisations stays inside the nation rather than being routed internationally. A draft law mandating technical changes needed to operate independently was introduced to its parliament last year. The test is expected to happen before 1 April but no exact date has been set...

Read more...

Cybercrime Skyrockets in NSW as Murders and Robberies Fall

2019-02-10

ABCAustralia: In the first three months of 2017, the Australian Cybercrime Online Reporting Network (ACORN) received 11,775 reports, and the number increased to 14,189 at the start of 2018 — a rise of around 20 per cent. The reporting of cybercrime to police led to Katherine Nguyen, 23, becoming the first person in Australia to be charged over the alleged theft of crypto-currency last October...

Read more...

Ex-US Intel Officer Charged with Helping Iran Target her Former Colleagues

2019-02-13

DarkReading: A former US Air Force intelligence specialist and counterintelligence agent with the Defense Department has been indicted for conspiring to provide national defense information to four Iranian nationals acting on behalf of the Iranian Revolutionary Guard Corps (IRGC)......

Read more...

Know Your Breach: Firebase

The target: Firebase, a Backend-as-a-Service offering from Google that is marketed towards mobile app developers .

The take: Over 100 million records from thousands of mobile apps, including plaintext user id & password combinations, GPS location records, financial records, health records and session tokens

The attack vector: Security researchers discovered that the default configuration for Firebase databases does not secure data or require authentication, allowing unauthorized third parties to view and exfiltrate application data.

Read more...

‘Abuse of Trust’: Former AMP Worker Pleads Guilty to Downloading Customers’ Personal Data

2019-02-07

SydneyMorningHerald: A former AMP contract worker who tried to install a dark web browser on his work laptop after downloading personal identification of 20 customers has pleaded guilty to taking the sensitive data from the financial services company. The Chinese national faced the Downing Centre Local Court on Thursday, charged with possessing identification information with the intention of committing and facilitating the commission of an indictable offence...

Read more...

China Hacked Norway’s Visma to Steal Client Secrets: Investigators

2019-02-06

Reuters: Hackers working on behalf of Chinese intelligence breached the network of Norwegian software firm Visma to steal secrets from its clients, cyber security researchers said, in what a company executive described as a potentially catastrophic attack. The attack was part of what Western countries said in December is a global hacking campaign by China’s Ministry of State Security to steal intellectual property and corporate secrets, according to investigators at cyber security firm Recorded Future..

Read more...

Cost of a Cyber Security Breach Reaches a Record High as Canadian Businesses Spend up to $5.8 Million to Recover

2019-02-07

FinancialPostCyber security incidents have become the new normal for Canadian companies, with one hundred per cent of organizations experiencing attacks, according to the findings of a new study from Scalar Decisions Inc. of more than 400 Canadian IT and security workers. Released today, the 2019 Scalar Security Study (commissioned by Scalar and conducted independently by IDC Canada) showed that cyber security incidents are occurring on a regular basis and the cost of these compromises is at an all-time high. The average cost per organization of responding to, and recovering from, cyber security incidents increased to between $4.8 million to $5.8 million, up from $3.7 million last year...

Read more...

Federal MPs' computer network hacked in possible foreign government attack

2019-02-08

SMH: National security agencies are continuing to scour the Parliament's computer network for threats to MPs' data after what is being described as a "sophisticated" hack attack that could be the work of a foreign government. The hacking comes just three months ahead of the federal election, prompting fears that if MPs emails or data were stolen they could be used to cause political interference of the style Russia perpetrated against the United States in the 2016 presidential campaign...

Read more...

Cyber-warfare Could be Entering a New and Alarming Phase, ex-CIA Analyst tells MPs

2019-02-06

CBC: Online attacks on Canada's financial system could become far more destructive as more militaries around the globe get involved in cyber operations, a security expert and former CIA analyst told a House of Commons committee Wednesday. Christopher Porter, the chief intelligence strategist for the cyber security company Fireeye, Inc., testified that as NATO countries share their expertise on how to defend against and defeat online threats, "major cyber powers outside the alliance" will likely do the same...

Read more...

Cyber-Security in New York City, the Financial Capital of the United States

2019-02-05

CyberDefenseMagazineNew York’s position as a financial capital makes the city especially vulnerable to cyber attacks. Although Manhattan is an established gateway for financial services and business in general, it’s still developing as a cyber hub. As hackers’ tools become increasingly sophisticated, it’s no secret that there’s room for improvement in cybersecurity in NYC. To address this urgent need, the New York City Economic Development Corporation (NYCEDC) unveiled Cyber NYC, a huge initiative to transform NYC into a global leader in cybersecurity innovation and talent through collaborations with world-renowned partners in tech, academia, and finance...

Read more...

Hackers Targeting Canadian Banks, Mining Companies, Expert Tells MPs

2019-02-07

NationalPost: Foreign hackers have targeted Canadian banks, mining companies and government institutions in recent years to steal valuable secrets and spread malware, a leading cybersecurity analyst warns. In February 2017, multiple major Canadian financial institutions were exposed to the risk of state-sponsored cybertheft from North Korea in a scheme to redirect people to malicious downloads that would seize control of their computer, says Christopher Porter, chief intelligence strategist at California-based security firm FireEye...

Read more...

EU Cyber Defense Agency Warns Against Iran's Expansion Of Cyber Espionage

2019-01-28

JPost: Iran is likely to expand its cyber espionage activities as its relations with Western powers worsen, the European Union digital security agency. Online disinformation campaigns in recent years as the country tries to strengthen its clout in the Middle East and beyond, a Reuters Special Report published in November found. This month the European Union imposed its first sanctions on Iran since world powers agreed a 2015 nuclear deal with Teheran, in a reaction to Iran's ballistic missile tests and assassination plots on European soil...

Read more...

UAE Used Cyber Super-Weapon To Spy On Iphones Of Foe

2019-01-31

A team of former US government intelligence operatives working for the United Arab Emirates hacked into the iPhones of activists, diplomats and rival foreign leaders with the help of a sophisticated spying tool called Karma, in a campaign that shows how potent cyber-weapons are proliferating beyond the world’s superpowers and into the hands of smaller nations...

Read more...

Cyber Attacks Outpacing Physical Terror Attacks

2019-01-27

BusinessStandard: With increasing cases of data breaches and information loss happening on the Internet, cyber attacks are outpacing physical attacks among far-left groups and can cause greater destruction, researchers say. According to lead author Thomas Holt, Professor at the Michigan State University (MSU), the high-profile nature of the internet -- on which the ideological groups can manipulate traffic -- is the ideal platform to attack...

Read more...