Industry News: ESG5

The target: United States Customs and Border Security Protection, the largest federal law enforcement agency of the US Department of Homeland Security.

The take: Photos of the faces and license plates of almost 100,000 travellers to have entered and exited the US via a single (unnamed) land border entry port.

The attack vector: A ‘malicious cyberattack’ against federal contractor ‘Perceptics’ led to the images being made available on the dark web, along with other proprietary information.

Read more...

2019-06-13

BankOfEngland: The Monetary Authority of Singapore (MAS), the Bank of England and the Financial Conduct Authority announced today that they will be working together to strengthen cyber security in their financial sectors. MAS and the UK financial authorities will commence work towards a Memorandum of Understanding to signify this enhanced collaboration. The collaboration will involve MAS and the UK financial authorities identifying effective ways to share information and exploring potential for staff exchanges. As hosts to global financial centres and FinTech firms, Singapore and the UK have much to benefit from enhanced collaboration on cyber security...

2019-06-13

TheGuardian: According to a new report from the Nuclear Threat Initiative (NTI), Cyber Nuclear Weapons Study Group, US nuclear weapons can’t be effectively protected against cyberattacks with technical means alone. “Any system containing a digital component, including nuclear weapons, is vulnerable to cyber threats,” Page Stoutland, NTI’s vice president for scientific and technical affairs, said...

2019-06-13

TheGuardian: The American cybersecurity giant Symantec has downplayed a data breach that allowed a hacker to access passwords and a purported list of its clients, including large Australian companies and government agencies. The list extracted in the February incident, seen by Guardian Australia, suggests that all major federal government departments were among the targets of a hacker who also claimed to be responsible for Medicare data being available for sale on the dark web...

2019-06-12

IbTimes: The popular online e-inviations and social planning service Evite confirmed falling victim to a data breach. The breach saw a hacker called “Gnosticplayers” put Evite users' personal data up for sale on the dark web. According to ZDNet, the hacker also obtained data from five other companies and put them all up for sale in April. The cybercriminal reportedly hacked and stole data from firms such as Canva, 500px, ShareThis, UnderArmor, GyfCat and more. Gnosticplayers reportedly claimed to have obtained ten million Evite user records, which included users' full names, IP addresses, email addresses and cleartext passwords. ZDNet reported that in April, the hacker Gnosticplayers demanded $1,900 worth of bitcoins for 10 million Evite user records...

2019-06-12

Wamu: Maryland’s Attorney General is warning residents that their medical information and other personal details might have been exposed in a medical data breach affecting more than 20 million patients nationwide. A cyber attack against American Medical Collection Agency, a debt collection company for LabCorp, Quest Diagnostics and other medical providers and companies, potentially exposed patients’ information, including bank account information and social security numbers, officials said...

2019-06-11

ITWorldCanada: The FBI this week warned that criminals are taking advantage of the security features of web pages to fool people. Here’s how it works: You click on a link in an email and it goes to a web page asking you to log in. The site looks legit. You look at the address bar and see the site name starts with HTTPS, and beside that is a little green lock. But that doesn’t mean the site is legitimate. HTTPS or that green lock only means the site uses encryption to scramble a login username and password or credit card number. It’s not proof the site is genuine. So here’s the advice from the FBI: Do not simply trust the name of a sender or a company in an email; look at the intent of the message. Suspicious messages have a sense of urgency — you’ve got to act now. If you get a suspicious email with a link from someone you know, confirm it’s legitimate by calling or emailing the contact; don’t reply directly to the email...

2019-06-11

SaudiGazette: A report titled, MEA Cybersecurity Market forecast to 2023, predicted that Saudi Arabia's cybersecurity market will grow to $5.5 billion by 2023. This year alone will witness the rise of the cybersecurity market value to $3 billion as more investments are being made in the sector. The report pointed out that enterprises operating in the Kingdom are adopting the best-in-class cybersecurity solutions and that the Kingdom is witnessing increasing awareness about threats among SMEs and large enterprises. This has created a high demand for consulting and advisory services among security experts...

The target: Quest Diagnostics, the largest blood testing provider in the US, and LabCorp, a leading health care diagnostics company.

The take: Almost 20 million patient records, including names, dates of birth, addresses, phone numbers, dates of service, providers, and balance information, including 200,000 credit card or bank account details.

The attack vector: American Medical Collection Agency, a third-party collections firm, reported that their web billing site had been breached as of Aug 1, 2018 through March 30, 2019, resulting in the theft of information held on behalf the entities for whom they provided collection services.

Read more...

2019-06-07

CoinDesk: Cryptocurrency wallet developer Komodo has effectively hacked its own customers to avert an attack that could have resulted in the theft of funds worth nearly $13 million. A blog post from the npm JavaScript package repository, first reported by ZDNet, indicated that its security system raised an alert about a backdoor on June 5 that could have been used by hackers to rob users of one of Komodo’s older wallets, Agama. An audit showed a malware threat with the potential to steal cryptocurrency wallet seeds and logins...