hackers

#InformationSecurity News - China Stole Data From Major U.S. Law Firms

A series of security breaches that stuck prestigious law firms last year was more pervasive than reported and was carried out by people with ties to the Chinese government, according to evidence seen by Fortune.

The incidents involved hackers getting into the email accounts of partners at well-known firms, and then relaying messages and other data from the partners’ in-boxes to outside servers.

In the case of one firm, the attacks took place over a 94 day period starting in March of 2015, and resulted in the hackers stealing around seven gigabytes of data, according to information obtained by Fortune. That figure would typically amount to tens or hundreds of thousands of emails.

Read the exclusive story at Fortunehttp://fortune.com/2016/12/07/china-law-firms

#InformationSecurity News - 4/17/15

  • Read comments from the SMP team in this IE3 article "You've Been Hacked ... But You Can Hack It!" about how to handle a cyberattack. 
  • After a three-year delay, federal regulators remain tight-lipped about when the next round of HIPAA compliance audits will begin reports Healthcare Info Security
  • Threatpost shares that Chinese attackers used a system named the Great Cannon to launch a recent series of distributed denial of service attacks.
  • From ZDNet: A number of prominent French technology companies are threatening to leave the country in the wake of mass surveillance plans. 
  • "We TOLD you not to use WPS on your Wi-Fi router! We TOLD you not to knit your own crypto!" says Naked Security

#InformationSecurity News - 2/6/15

  • President Obama proposes to spend $14 billion in fiscal year 2016, which starts Oct. 1, to support cybersecurity efforts across the government, including continuous monitoring and intrusion detection initiatives. Read more at Bank Info Security.
  • Krebs On Security reports that for the second time in a year, multiple financial institutions are complaining of fraud on customer credit and debit cards that were all recently used at a string of Marriott properties run by hotel franchise firm White Lodging Services Corporation. 
  • Federal Communications Commission Chairman Tom Wheeler officially proposed tough new rules for Internet lines Wednesday, regulations he said would prohibit wired and wireless broadband providers from “paid prioritization and the blocking and throttling of lawful content and services.” Details at Re / code
  • The FBI is investigating a potentially massive computer hacking attack on Anthem, Inc., one of the nation's largest health insurance companies, a federal official told NBC News late Wednesday. The company confirmed the attack.
  • Book2Park.com, an online parking reservation service for airports across the United States, appears to be the latest victim of the hacker gang that stole more than a 100 million credit and debit cards from Target and Home Depot. Full story at Krebs On Security

#InformationSecurity News - 1/27/15

  • Reporting HIPAA Breaches: A New Approach - The Department of Health and Human Services is taking steps to make the process of using online tools to report breaches more efficient, hoping that will help ease the launching of investigations. More at Healthcare Info Security
  • Sixty percent of organizations have increased their security spending by one-third -- but many security managers still don't think that's enough, Ponemon study finds. Details via InformationWeek DarkReading.  
  • The details of three high-severity vulnerabilities affecting Apple’s OS X operating system have been disclosed over the past two days by Google. The security holes were made public this week after the 90-day disclosure deadline given by Project Zero to vendors expired. Learn more at Security Week
  • As a result of President Obama's "Buy Secure" initiative, the federal government this month is kicking off its EMV rollout, which includes the issuance of chip-and-PIN cards for all federal employees and benefits programs. Read the story at Bank Info Security
  • According to the latest research by Trend Micro, a variant of Curve-Tor-Bitcoin (CTB) Locker ransomware – also known as Critroni – being distributed in a spam campaign now offers victims additional time to pay the ransom, but also requires them to pay a whole lot more than previously. Details via SC Magazine

#InformationSecurity News - 8/15/14

Here's a look at this week's top information security news stories: