The Most Comprehensive Data Protection Solution
Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.
First and Only Solution to Converge:
- Data Loss Prevention
- Endpoint Detection and Response
- User and Entity Behavior Analytics
Happy March! It’s been a busy week in information security; as the RSA Conference draws to a close, here are some of the top security headlines you may have missed.
It’s tax (fraud) season, and the past few weeks have seen reports of widespread tax fraud attempts and tax-related social engineering scams. This week, however, brought new details to light surrounding an incident during the 2015 tax season in which hackers were able to access taxpayers’ information by spoofing the IRS’ GetTranscript feature using taxpayer PII obtained through previous data breaches. According to a new statement from the IRS, the number of taxpayers who had their information exposed in that attack was a whopping 700,000 – significantly more than the originally reported figure of 114,000. Read the article from Doug Olenick for more.
On Monday a New York judge ruled against the government’s request for Apple to provide information from an iPhone seized as part of a drug case dating back to 2014. According to Benner and Goldstein, this is a landmark case in that it is represents “the first time that the government’s legal argument for opening up devices like the iPhone has been put to the test.” Apple’s victory in this case could have an impact on the decisions in other instances where government agencies have requested manufacturers and service providers to share information or provide access to devices – most notably the hotly-debated dispute between Apple and the FBI over unlocking an iPhone that belonged to one of the San Bernardino shooters. Read the article for more on the story.
Researchers at the University of New Haven just released the findings from their analysis of password policies at 17 major banks, highlighting six in particular – Wells Fargo, Capital One, Chase Bank, Citibank, Webster First Federal Credit Union, and BB&T Corp. – for having password policies that are lacking from a security standpoint. According to UNH assistant professor and cybersecurity expert Frank Breitinger, “We couldn’t believe that the passwords people rely on to protect their financial crown jewels were less secure than those required to lockdown social media accounts like Twitter.” The six banks with weak password security requirements represent a total of 350 million online users, which UNH researchers have deemed vulnerable based on their findings. Read the report for more.
SnapChat became the latest major company to fall victim to phishing this week when an employee in their payroll department sent payroll information to a phisher masquerading as SnapChat’s CEO. SnapChat has not disclosed what kind of data was leaked or how many employees have been affected and has notified the FBI of the incident. Employees whose information was leaked have received two years of free credit monitoring from the company, as is common in the wake of data breaches. Read the article for more on the story.
It seems that two major threat trends – attacks targeting healthcare companies and a surge in ransomware – are converging, as two hospitals in Germany were hit with ransomware attacks late last week. The attacks used similar methods to the ransomware attack that hit a Hollywood hospital back in February, however the two German hospitals were able to limit damages by quickly detecting and containing the infections. In both cases the hospitals’ IT departments saved the day by unplugging computers and servers as soon as they recognized the attack, and both had backed up their data recently enough that they were able to restore most of it. Read the article for more on the emerging trend of ransomware attacks targeting the healthcare industry.