Weekly News Roundup

Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.

1. Russian hackers 'target' presidential candidate Macron

Russian hackers are targeting the campaign of French presidential candidate Emmanuel Macron, security experts say. Read more…

2. U.S. regulators to review decision denying Bitcoin ETF: filing

The U.S. Securities and Exchange Commission plans to review its decision last month to block the listing of the first U.S. exchange-traded fund tracking the digital currency bitcoin, a regulatory filing showed. Read more…

3. Denial-of-service, web app attacks plague banks

Cybercriminals who hack banks are mainly taking aim at their web servers and websites according to a new report. Read more…

4. Malware shuts down Virginia State Police email

The Virginia State Police network Wednesday was hit with a malware attack which shut down the department's email services. Read more…

5. FalseGuide malware victim count jumps to 2 million

An estimated 2 million Android users have now fallen victim to malware mistakenly downloaded from Google Play, which was initially reported to have affected approximately 600,000 users. Read more…

BOHH Labs Shares Its Take on the 2017 Atlanta Fraud & Breach Prevention Summit

This week BOHH Labs CTO, Ken Hawkins, attended the 2017 Atlanta Fraud & Breach Prevention Summit. Below he offers insight on the event.

Who Was the Most Interesting Speaker You Heard?
One of the most interesting talks was given by Bryce Austin, the former Program Manager and Technology Lead for Target during the infamous November 2013 breach. He offered more insight surrounding the attack that compromised millions of its customers’ credit card and debit card accounts. Due to the volume of people affected, you would have thought it was a highly-sophisticated attack. In fact, all it took was changing one line to the source code in the payment processing system and voilà. It is quite eye opening that all it takes for 70 million people to have their credentials stolen is the result of a single code tweak and weak network security.

What Was your Main Take Away on the Event?
The main takeaway for me is two-fold.

1. Cyberattacks when they happen are still often related to malicious code that has more than likely been on a system for some time. That said, any updates to network traffic monitoring more than likely will never see the attack coming no matter how often those systems or services are updated. The Target breach is a prime example because when it happened it was a flood of traffic that Target was unprepared to stop once it started.

2. We still have a long way to go in the industry before making progress in tackling cybersecurity attacks. So much of the conversation is focused on early detection and bracing for and minimizing the impact of the next imminent attack.

The metaphor of an M&M is used to mean hardened outer shell (network access) with a soft inner center (your network). Too much emphasis today is still being put on detecting network traffic and not dealing with hardening the systems internally. Moving forward there needs to be more focus on securing data, access to said data from within as well as outside access and looking at securing the actual tools inside the network and not just monitoring for unusual activity.

To learn more about the 2017 Atlanta Fraud & Breach Prevention Summit or to hear more on all of the speakers click here.

Weekly News Roundup

Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.

1. Hacker Documents Show NSA Tools for Breaching Global Money Transfer System

The Shadow Brokers released documents and files indicating NSA had accessed the SWIFT money-transfer system through service providers in the Middle East and Latin America. Read more…

2. Over 1,000 Intercontinental hotels hit by a data breach

The Intercontinental Hotels Group (IHG) thought only a handful of Holiday Inns were affected by a data breach that happened last year, but it turned out to be a much bigger deal. Read more…

3. Half of all UK businesses experienced a cyberattack in the last year

Some 46% of all UK businesses identified at least one cybersecurity breach or attack in the past year, according to a new report from the UK Department for Culture, Media and Sport. That number rises to 66% among medium-sized firms, and 68% among large firms, the report found. Read more…

4. Millions of game accounts exposed in data breach, responsibility thrown to the wind

In yet another example of a data breach, eyes have recently turned to a fashion gaming website which appears to have either ignored or is completely unaware of compromise. Read more…

Weekly News Roundup

Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.

1. Incredible Shrinking Bank Populations

The number of U.S. banks has fallen by 24% since the end of 2010, a result of mergers, failures and a dearth of de novo activity. Read more…

2. Targeting the Weak Link in the Supply Chain: Amazon Third-Party Sellers Hacked

Tens of thousands of dollars have been stolen from seller accounts, and fake items have been listed for sale to steal even more money. Read more…

3. Simply Entering your Phone's Password Is Now Enough to Compromise It

As more and more of our personal data is stored on smartphones, the ways of securing those phones continue to be revealed as less and less robust. Next on the chopping block is your trusty PIN. Read more…

4. Hacked Dallas Sirens Get Extra Encryption to Fend Off Future Attacks

After being hacked last week setting off 156 emergency sirens, Dallas city officials have added extra encryption and other security measures to the outdoor warning sirens. Read more…

Weekly News Roundup

Too busy working all week to keep up with the most interesting stories coming out of the technology and security industries? Below are our recommendations for a roundup of the top stories happening now that you need to know.

1. Scottrade Bank data breach exposes 20,000 customer records

Scottrade Bank recently secured a MSSQL database containing sensitive information on at least 20,000 customers that was inadvertently left exposed to the public. Read more…

2. China-Based Threat Actor APT10 Ramps Up Cyber Espionage Activity

An unknown number of managed service providers and their customers are victims of a massive, global cyber espionage campaign by a China-based threat actor that this week was also fingered in another attack against a U.S. group involved in lobbying around foreign trade policy. Read more…

3. Finicity first to ink data exchange deal with Wells Fargo

Wells Fargo and data aggregation provider Finicity have signed a deal that provides an API-based method for sharing Wells Fargo customer information with the financial apps and services that Finicity supports. Read more…

4. Google Discovery Shows Fragility of Mobile Phone Security

Flaws in a microchip used widely in Apple and Android mobile devices could be used to remotely hack a device over Wi-Fi. Read more…