Blog

CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

Taking stock of a tough trade

Taking stock of a tough trade
October 5, 2015

sh_stock hack_750

Stock trading service Scottrade has been hacked—and it lost information on 4.6 million customers. The breach affected those who signed up for a Scottrade brokerage account before February 2014. Hackers gained access to a massive database of Scottrade customers, pulling names and physical addresses. The data base also contained emails and Social Security numbers, but Scottrade says it does not believe that data was taken. The company said it didn’t know about the theft until it was alerted by the FBI. Federal agents are investigating. “All indications show that this was an external criminal act,” said company spokeswoman Shea Leordeanu. Source: CNN

On the road, again

sh_car computer_280Regulatory agencies are trying to use copyright law to crack down on tampering with automobile computers, sparking fears that they will stymie cybersecurity research. As Internet-connected cars proliferate on the roads, so do opportunities for hackers to exploit software security flaws. Critics—including car manufacturers—suggest that researchers who go public with their findings recklessly expose vulnerabilities to bad guys and give manufacturers no time to resolve concerns. The Department of Transportation has joined other agencies petitioning the U.S. Copyright Office to stop researchers from circumventing protected technology. Others say silencing researchers has dangerous implications for public safety and national security. “The enemy of security is not a security researcher who wants to report a bug,” said Katie Moussouris, chief policy officer at vulnerability management firm Hacker One. “The enemy of security is nondisclosure of the vulnerabilities, because then there’s nothing you can do about them.” Source: The Hill

No fun at this funding site

sh_crowdfunding_280Crowdfunding site Patreon has become the victim of a data breach, saying that hackers gained access to names, email addresses, posts, shipping addresses and some billing addresses. The site also reported unauthorized access to encrypted passwords, Social Security numbers, and tax information. Credit card data wasn’t compromised. The theft of encrypted passwords and Social Security numbers isn’t unheard of in data breaches, and while it’s possible to crack the encryption, Patreon used a powerful hashing function called bcrypt that should make any cracking attempts slower and more difficult due to the computational power required. The problem is that the hacked data appears to include source code. Hackers could use this code to dig up programming errors that might aid the password cracking process. If Patreon’s encryption key is discovered, it also could reveal users’ Social Security numbers and Tax IDs. Source: PC World

Public servant problems in New Mexico …

New Mexico’s secretary of state, who oversees campaign finance reporting and once bemoaned a “culture of corruption” in the state, has been accused of using her election fund for personal use at jewelry stores, ATMs and casinos. The state attorney general’s office alleged in a criminal complaint that Dianna K. Duran also falsified campaign finance reports by forging the name of a former state Senate colleague and claiming him as her campaign treasurer. Duran faces 64 charges related to fraud, embezzlement and money laundering. The attorney general’s office alleged that she frequented casinos while depositing campaign funds into her personal accounts. Source: Los Angeles Times

… and also in New York

A former New York Department of Taxation and Finance employee was charged with stealing more than $50,000 in a 63-count identity theft case that stemmed from a criminal scheme that involved a dozen state taxpayer accounts compromised between 2013 and 2015. Nicholas Iannone was charged with felony counts of grand larceny, forgery, identity theft, scheme to defraud and other misdemeanor counts. Iannone allegedly used his employee access to confidential tax records, stole information on taxpayers’ bank accounts, and then created more than a dozen false and unauthorized electronic checks ranging from $96 to $6,500. According to the state’s felony complaint, after his state employment was terminated in 2014, Iannone allegedly continued the scam for a year by creating bogus checks and using a credit card account set up in other names at Iannone’s home address. Source: The Albany Times Union

Overtaking terrorism, WMDs

sh_cyber attacks_280Cyber attacks to the national and economic security of the United States are increasing in frequency, scale, sophistication and severity, ranking “higher than terrorism, than espionage, than weapons of mass destruction,” said Pamela Witmer, Commissioner of the Pennsylvania Public Utility Commission. A cyber attack could cripple a utility or an agency and have a “devastating domino effect” on consumer, especially as infrastructure becomes more interconnected. Witmer said more than 500 million devices are connected to the Internet in the United States, and cybersecurity attacks happen every day. “These attacks are becoming more and more prevalent,” said Marcus Brown, director of Pennsylvania’s Office of Homeland Security. “Our cyber infrastructure will increasingly be a prime target.” Source: WESA, Pittsburgh, Pa.

Doing big business means becoming a target

Safeguarding multinationals and banks from Internet attacks is a priority for the Ireland’s government, said Defense Minister Simon Coveney. “Ireland is in many ways an international trading platform for an awful lot of multinationals that are based on IT and software development here, and, obviously, managing social media platforms as well,” he said. “We have an obligation to work with the financial system and with those companies to make sure that Ireland is a safe place to do business—it’s a priority.” Source: The (Dublin) Independent

Danger from the East

sh_kremlin_280Cyber crime originating from Russia and Eastern Europe is increasing in scale and sophistication, says Italian police investigator said Paolo Sartori, who works with Interpol in Romania. “The way cyber crime has changed criminality is the biggest challenge for us. It is a huge challenge to face this criminal phenomenon,” he said. Cyber crime is changing the nature of traditional organized crime groups who are using hackers to make fast, easy money. He said Russian cyber crime activities are focusing on malicious software in handheld devices, as well as cyber extortion and theft of credit card numbers. Authorities also are concerned about terrorist groups conducting cyber attacks. “We are very concerned about attacks against military and civilian infrastructures, denial of service, recruitment, propaganda, training, financing, and operational logistics support to terrorist groups and extremist movements,” Sartori said. Source: The Washington Free Beacon

More people buying insurance is good … right?

Corporations will pay an estimated $2.75 billion this year for cyber insurance, says specialty insurance consultant Rick Betterly, a 40 percent increase from last year. It sounds like good news for the insurance industry, but masks trends that are less encouraging. Cyber coverage capacity has diminished in the past year for large accounts, said Toby Merrill, who heads the cyber risk practice at ACE USA. That retreat, following large cyber incidents at companies such as Home Depot and JPMorgan Chase, has been driven by insurance carriers concerned that they underpriced policies, Merrill said. Boosting cyber insurance is a priority of the Obama administration. Source: Politico

A little bit of irony here

sh_bank hack_280The American Bankers Association, a major financial industry trade group that lobbies for stronger data protection laws, announced that its computer systems had been breached and thousands of members’ personal information had been compromised. On the same day, the organization declared that it would participate in National Cybersecurity Awareness Month, an awareness campaign that spans the month of October and is organized by the U.S. Department of Homeland Security as well as the nonprofit National Cybersecurity Alliance, which includes board members from Microsoft, Facebook, Symantec, Google and other big tech companies. The association said that the attack affected users of its website’s shopping cart tool. In total, the association counts 6,400 records—user names and passwords—as having been compromised. “We have seen no evidence that the hacker has also accessed credit card information or other personal financial information,” said CEO Frank Keating in a statement, which also notes that the data were posted online. Source: Fortune

The post Taking stock of a tough trade appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started