Earlier this month, hotelier Marriott International reported that data on roughly 500 million customers staying at hotels operated under Starwood had been compromised in a breach that gave unknown attackers access to the hotel chain’s network since 2014.
Details of the breach are still emerging - there is of yet no word if this is related to another breach from 2015 or what infection vector was used, however it has been pointed out that Starwood had hundreds of instances of RDP (the computer’s “gateway” to the network) exposed to the internet, many using an outdated version of Windows.
Source: Security Week
Heading into the busiest time of the year, the United States Postal Service (USPS) has finally patched a critical security vulnerability that exposed the data of more than 60 million customers to anyone with an account on the USPS.com website. An unnamed cybersecurity researcher discovered the vulnerability over a year ago and promptly reported it, but USPS declined to address the problem until a journalist recently asked for a comment:
Source: The Hacker News
Hospital network Atrium Health informed 2.6 million patients that their personal information was compromised following a breach at technology solutions provider AccuDoc, which provides billing and tech services to the healthcare industry. AccuDoc claims there is no evidence that any data was actually stolen, or that any of the compromised information was misused, despite the fact that unauthorized users had access to its databases for about a week in September of 2018.
MageCart is a broad term given to at least six cybercriminal groups, according to a new report from security firms RiskIQ and Flashpoint, with a common goal of skimming credit card information from compromised online checkouts.
In a few short months, MageCart has gone from relative obscurity to dominating national headlines and becoming public enemy number one for the online retail industry. Recent high-profile breaches of global brands, including Ticketmaster, British Airways, and Newegg, as reported in a previous Threat Intelligence article, have made MageCart a household name. However, its activity isn't new and points to a complex and thriving criminal underworld that has operated in the shadows for years.
RiskIQ and Flashpoint profile six leading MageCart groups in their report, highlighting each group’s tactics and targets, and what makes them unique:
Source: Bank Info Security
On November 28, 2018, the United States Department of Justice (DOJ) announced charges brought against two Iranian citizens for their involvement in creating and deploying SamSam, ransomware notorious for targeting hospitals, cities, and public institutions.
Involving over 200 victims and $36 million dollars in ransom and damages, this is the first ever indictment issued by the U.S. involving responsibility for ransomware:
Ransomware-as-a-service has become a rapidly growing business model, with a particular dark web seller offering a package of highly effective encryption malware, including SamSam, one of the more troubling forms of ransomware to hit the market this past year:
How safe is your organization? Take the Cyber Risk Scorecard survey to assess your current cybersecurity standing and find additional steps your organization can take to protect against common cyber threats.
Source: ZD Net
Jake Omann specializes in providing clients with risk management and executive risk services that cover their liabilities as a corporation, as well as the personal liabilities of their directors and officers. He started his career over 10 years ago in sales at a multinational financial services co
Jake Omann specializes in providing clients with risk management and executive risk services that cover their liabilities as a corporation, as well as the personal liabilities of their directors and officers. He started his career over 10 years ago in sales at a multinational financial services corporation before beginning his broker career in managing executive risk programs for Fortune 500 companies. Jake currently sits on the board for ACES for Kids.
The world is different than it once was. It used to be that you needed a 30-foot phone cord to take the phone into another room just so you could have a little privacy, and that when you left work, you really left work, since there wasn’t any way to login remotely.
Nowadays, technological advances have made us truly mobile by enabling us to stay connected 24/7/365. While the workplace impact of 24/7 connectivity has meant that employee productivity has been on the rise, along with it comes challenges that couldn’t have been imagined even 15 years ago.
With massive data breaches at organizations such as Target, Dairy Queen, and JPMorgan, businesses are becoming more aware of the threat of hackers and external threats to their data. And while it’s important to protect yourself from such exposures, history has shown that the real enemy lies within our own companies. Don’t believe it?
Send a Message
Find a Location