In-brief: Federal data protection authorities from 29 countries including the U.S. and Canada have turned their collective attention to The Internet of Things in an annual “privacy sweep” that is looking at connected devices including personal health products.
The information security industry has long operated with the premise of two, very different kinds of threats: indiscriminate, cyber criminal activity aimed at making money quick and sophisticated, targeted attacks intended to provide long term competitive advantage to another company (or economy), disrupt the operation of the target or provide a (future) strategic advantage in some kind of cyber conflict. But new research from FireEye suggests that the lines between sophisticated and unsophisticated cyber operations are blurred, making it hard for organizations to know if a given infection is merely bad luck, or evidence of a larger and more dangerous operation. Writing about a new financially motivated hacking crew called Fin6, FireEye said that the group, which targeted point-of-sale systems made off with “millions of payment card numbers.” Still, FireEye said that it couldn’t figure out how the group compromised its victims. “In Mandiant’s investigations of FIN6, the group already […]
In-brief: Researchers at Cisco Systems said that they had identified more than 3 million “at risk” application servers running a vulnerable component that has been linked to ransomware infections. More than 1,600 of those systems have already been compromised, including many school libraries. Updated to add comment from Follett Corp. PFR 4/18/2016
In-brief: The discovery of a malicious link buried in software for a common IP camera sold on Amazon and other online retail outlets is just the latest example of supply chain based threats to connected products.
In-brief: Carnegie Mellon CERT warned drivers that a popular aftermarket product for vehicles could leave them open to potentially “life threatening” wireless attacks. Update: added info on recommended remediation. PFR 4/8/2016
