Security firm FireEye has released a report indicating the mobile banking trojan, SlemBunk, is becoming more and more sophisticated as the number of mobile banking users rises. The malware is designed to attack Android devices and steals mobile banking credentials. The original report identified at least 30 mobile banking applications that were affected, including those in North America, Europe and Asia Pacific. An update to the report indicates the attack is even larger than originally identified.
A Ukrainian news outlet has reported a recent power blackout that affected 1.4 million members of the population. Half of all homes in the western region of the country were left without power for a few hours. Investigators believe that the outage was the first time that malware has been used to facilitate a large-scale power disruption. The “hacker attack” involved remote access to industrial control systems at a local energy supplier called Prykarpattyaoblenergo.
On December 18, both houses of Congress enacted the Cybersecurity Information Sharing Act (CISA), which will establish a process for the government to share cyberthreat information with businesses that voluntarily agree to participate in the program. President Obama has signed the legislation.
VTech has issued a notification that customer accounts and related kids profiles worldwide have been affected. User profile information includes name, email address, password, secret question and answer for password retrieval, IP address, mailing address and download history. Moreover, children’s name, gender and birthdate were also stored.
The FBI is investigating a possible breach by Russian hackers, which included 1.2 billion unique email and password combinations stored at premises controlled by Microsoft.
A group of hackers claims to have breached the FBI’s Law Enforcement Enterprise Portal (LEEP), which includes records of individuals who have been arrested by U.S. federal agencies as well as tools for sharing information between U.S. federal agencies and partners located both domestically and abroad.
Members of the Federal Financial Institutions Examination Council issued a statement alerting financial institutions to the increasing frequency and severity of cyber attacks involving extortion. The statement includes steps financial institutions should take to respond to these attacks and highlights resources that can be used to mitigate the risks posed by such attacks.
I hope everyone enjoyed October’s Cybersecurity Awareness Month as much as I did. To end the month, the FDIC held an industry teleconference on October 28th. The teleconference included updates on the cybersecurity landscape, cybersecurity assessment tool (CAT) and information sharing with a brief Q&A that followed. Contine reading
Traina & Associates was honored as one of the 2015 LSU 100: Fastest Growing Tiger Businesses during the LSU 100 Honoree Luncheon on Friday, October 23, at the L’Auberge Casino & Hotel Baton Rouge. This is the fifth consecutive year that Traina & Associates has been honored. Contine reading
The new Building Security in Maturity Model (BSIMM) study, BSIMM6, found healthcare organizations scored much lower than their counterparts in the financial services, independent software vendor and consumer electronics industries, when it comes to internal software security programs and practices.
The FBI, DOJ and DHS have released a Technical Alert on the Dridex P2P Malware. A system infected with Dridex may be employed to send spam, participate in distributed denial-of-service (DDoS) attacks and harvest users’ credentials for online services, including banking services.
The $67 billion acquisition makes it the largest the technology industry has ever seen. Dell will ramp up its existing powerhouse of security components (SecureWorks, SonicWALL and Quest Software) with the addition of EMC’s RSA product offerings.
E*Trade and Dow Jones have issued separate warnings to customers and subscribers about possibly compromised personal information, including payment card data. E*Trade has alerted about 31,000 customers about the compromise of personal data in late 2013, while Dow Jones issued a warning of a possible breach from August 2012 until July 2015 that it claims affected less than 3,500 individuals.
The FFIEC issued a tool in June of this year to aid financial institutions (FI) in identifying and mitigating cyber risks. The verdict is still out on whether or not this tool is a requirement, highly recommended or completely optional. Upon first look at this tool in PDF format, it can appear confusing and cumbersome. So let’s first break down the pieces of the CAT and then I’ll explain how Traina & Associates can help you with your CAT if you choose to implement this at your FI. Contine reading
Law enforcement has informed the discount stock brokerage firm Scottrade that hackers accessed its computer network nearly two years after the start of the breach. Names and addresses of 4.6 million clients between late 2013 and early 2014 were exposed.
We’ve seen how easy it is to hack a civilian vehicle, but this time, the consequences could be deadly. A research initiative in Virginia is trying to get ahead of the game by testing hacking capabilities of police vehicles.
Apple has confirmed the presence of the malicious iPhone, iPad and iPod touch software “XcodeGhost.” Prior to the discovery, only five malicious applications had ever been uncovered in the app store.
The popular health insurer has announced a potential 10.5 million individuals were exposed in a cyber-attack that began a year and a half ago. The hack was only discovered after Excellus hired an independent firm to conduct an assessment of its IT systems.
The gang behind the Carbanak banking malware, which was tied to at least $1 billion in fraud from 2012 to 2014, appears to be back, wielding new tactics. Recently, four new variants of Carbanak have been used to target victims in the United States and Europe via spear-phishing attacks, warns Denmark-based CSIS Security Group.
Organizations seeking to protect sensitive data from cybercriminals must worry about more than their own operations when assessing potential threats. Vendors represent one of the highest risk areas in an organization’s cybersecurity structure. Here’s what you need to know when vetting vendors’ security practices.
Traina & Associates will be honored as one of the 2015 LSU 100: Fastest Growing Tiger Businesses during the LSU 100 Honoree Luncheon, scheduled for Friday, October 23, at the L’Auberge Casino Hotel Baton Rouge. This is the fifth consecutive year that Traina & Associates has been honored.
The LSU 100 is hosted by the LSU Stephenson Entrepreneurship Institute (SEI), housed in the E. J. Ourso College of Business. The event identifies, recognizes and celebrates the 100 fastest growing companies owned or led by former LSU students and alumni.
Traina & Associates was selected as one of the 2015 LSU 100 honorees based upon its compounded annual growth rate from 2011-2013. Other requirements for eligibility include having been in business for at least five years as of 2014, having verifiable revenues of at least $100,000 or more for each of the years measured, and having a former LSU student or alumnus either own 50% or more of the company or serve as the company’s chief executive for each of the years measured.
Carphone Warehouse experienced a breach affecting 2.4 million customers. Breached data included names, birthdates, addresses and bank account information. It is believed that the breach began with a phishing attack.
A second Android flaw has been discovered. The new flaw, Certifi-gate, if exploited could allows attackers to access the microphone, camera or location of the Android device.
The company Ubiquiti Networks fell victim to a phishing scam. An employee received a phishing email that resulted in submitting multiple wire transfers totaling $39 million.
The FDA issued a statement encouraging the transition away from a specific type of medical device. The device has several flaws one of which allows remote access. These types of warnings may become more common in the future. It’s imperative to apply cybersecurity controls to medical devices.
Healthfirst, a not-for-profit managed care organization, was a victim to a scam that resulted in a breach of patient data. The perpetrators posed as medical suppliers and were granted access to Healthfirst’s web portal and stole information as authorized users.
Planned Parenthood has been hacked by an anti-abortion group. The group was able to access the data by using SQL-injection attacks. The data includes internal emails and information about employees.
A major vulnerability was discovered on Android devices. It requires no user interaction and 95% of Androids are at risk. Due to the nature of Androids, remediation of the vulnerability will not be simple due to the number of vendors involved.
Lisa Traina shares the top 5 cybersecurity solutions for CPAs in the AICPA CPA Insider.
Car security hackers tested their latest hacks on a journalist driving a 2014 Jeep Cherokee. From 10 miles away, the hackers made the car, which was driving 70mph, come to an immediate stop.