CyberScout is the nation’s premier consultative provider of identity and data risk management, resolution and education services.

I’ll have a burger, fries and a credit check

I’ll have a burger, fries and a credit check
January 29, 2016


Wendy’s is investigating reports of “unusual activity” on payment cards used at some restaurants. Fraudulent charges may have occurred on cards that had been used legitimately at some of its locations. Wendy’s has launched an investigation with the help of cybersecurity experts and is cooperating with law enforcement officials. “Until this investigation is completed, it is difficult to determine with certainty the nature or scope of any potential incident,” the company said. Wendy’s encouraged customers to watch for unauthorized charges on their cards. Source: Fox News

Fake it ’til you make it safe

sh_deception_280More cybersecurity companies are creating “honeytraps” with fake data or “polymorphic” technology that constantly changes the structure of applications. “We view (deception technologies) as a $3 billion market over the next three years, with Israel and Silicon Valley being the epicenter of this innovation wave,” said Daniel Ives, a senior technology analyst at FBR Capital Markets. Companies are using techniques partly developed by the U.S. and Israeli military. Consultancy Gartner sees 10 percent of businesses using deception tactics by 2018, but Gartner analyst Laurence Pingree noted that they “have so far had only nascent adoption” as many companies don’t yet understand the technology. “Educating security buyers on its usefulness will be crucial,” he said. Source: Reuters

Be patient, and the information will come

New Jersey state and federal agencies will share information on cybersecurity threats to New Jersey’s hospitals. The agreement creates a formal reporting and notification system that could help prevent breaches of patient data and malicious disruptions of hospital operations, state officials claim. They also say it could provide crucial information during a national emergency or terrorist attack. The agreement will help authorities more quickly identify such threats as malicious software, or malware, targeting state hospitals, says Dave Weinstein, a cybersecurity adviser at the New Jersey Office of Homeland Security. Source:

The only thing they have to fear …

sh_cloud storage_280More than half of U.S. consumers think that storing their credit and banking information in the cloud is more risky than driving without a seat belt, according to a report from Symantec. Consumers globally lost $158 billion to cyber crime in the past year. In the United States alone, the figure is nearly $30 billion. Director of the FBI, James Comey, called the Internet, “the most dangerous parking lot imaginable,” and warned people to be just as aware of scams, compromised websites, malware and other threats as they would be of a physical theft. Some report findings: 594 million people worldwide were victims of online crime; consumers who have been the victim of cyber crime lost an average of 21 hours dealing with the fallout, and nearly $358 on average per person; and 81 percent of people surveyed would feel devastated if their financial information were compromised. Source: Forbes

Drone case is shot down, but not out

sh_drone_280A lawsuit filed against a man who shot down a drone over his Hillview, Ky., home last summer seeks to resolve what expectations homeowners have to privacy as their property is seen from the air. A judge dismissed charges against William Merideth for firing a gun within city limits. Merideth said he feared the drone was spying on his teenage daughters on the back porch. Now the drone’s owner, John David Boggs, is suing Merideth in federal court, seeking damages for the $1,800 drone. Boggs also is asking the court to resolve the “boundaries of the airspace surrounding real property, the reasonable expectation of privacy as viewed from the air, and the right to damage or destroy an aircraft in flight.” The Federal Aviation Administration has sole authority over the national airspace, but Kentucky law gives landowners the right to use force necessary to prevent trespassing. Despite the FAA’s authority, 26 states enacted laws involving drones last year. Source: Insurance Journal

Diving into the water controversy

sh_Flint water_280A cyber attack hit Flint, Mich.-based Hurley Medical Center, soon after the hacktivist group Anonymous released a video promising “justice” for the city’s ongoing water crisis. “Patient care was not compromised, and we are closely monitoring all systems to ensure IT security is consistently maintained,” spokeswoman Ilene Cantor said. Source: Health Care IT News

Getting prepared at the highest level …

Information and a solid response plan are essential for corporate directors and officers as cyber liability issues evolve. “As cybersecurity exposures continue to evolve, the responsibility of protecting an organization from key cyber exposures has shifted away from the (information technology) department and toward the board of directors,” Christian Hoffman, national practice leader of Aon Risk Solutions’ financial services group, said. “As data breaches continue to occur, the responsibility and expectation of the board of directors will only increase.” Most directors’ and officers’ liability insurance policies do not specifically exclude cyber-related claims, and corporate officials must understand the nature of the risk they face. Source: Business Insurance

… And among the rank and file

Preparation can significantly lower the long-term costs of a breach, according to a SANS report. Companies that had plans in place, that spent time identifying and classifying data, and that used in-house teams were able to lower their long-term expenses—as did companies that successfully stayed out of the news. The majority of companies affected by a breach also invested in new security tools and services, as well as administrative and physical controls, training, and staffing. Once a breach has been identified and mitigated, residual financial and brand impact lasted anywhere from a month to three years, according to the report. Source: CSO Online

That’s personal, but it might not be private

sh_biometrics_280Fingerprints, iris scans, blood samples and faceprints are biometric identifiers, some of the most sensitive forms of identification in existence, and are almost exclusively permanent. If an unauthorized party gains access to that data, it can’t be changed with the ease of a credit card number or email address. Once biometric data is breached, improperly shared, or used for tracking, it’s very difficult for an individual to regain control and prevent misuse. Regulatory proposals that require the collection of biometric samples need to be re-evaluated in an era in which such data is collected from many more individuals—and in which that data is much more vulnerable. Source: The Center for Democracy and Technology

When the fire went out, what was put in the cold?

sh_firewall_280Congress wants answers from federal agencies on how a potentially dire breach to Juniper Networks’ firewalls could be affecting federal networks. The bipartisan leadership of the House Oversight and Government Reform Committee sent letters to the heads of major agencies asking them to produce any evidence that their agencies used the compromised Juniper products. Lawmakers also want to know how agencies discovered any Juniper-related vulnerabilities on their networks; what remedial steps the agencies took, including applying the software patch issued by Juniper; and what version of the company’s operating system the agencies were using. Juniper, whose firewalls are used extensively in the public and private sectors, announced in December 2015 that it had discovered unauthorized code in its operating system that could allow a “knowledgeable attacker” to gain administrative access to its firewalls and decrypt virtual private network connections. Source: FCW

Settling the case for $9 million … maybe

sh_class action_280Software developer Carrier IQ and several mobile phone manufacturers will pay a total of $9 million to settle a class-action privacy lawsuit. If a judge accepts the deal, it will resolve a four-year-old lawsuit alleging that Carrier IQ’s software violated smartphone users’ privacy by logging their keystrokes. Allegations of a privacy breach surfaced in November 2011, when a researcher posted a video that appeared to show keystroke logging. The report led to lawsuits against Carrier IQ as well as Motorola, Pantech, Samsung, LG Electronics, HTC and Huawai. The cases were consolidated in 2012. Source: Media Post


The post I’ll have a burger, fries and a credit check appeared first on Third Certainty.

Offer 24/7 CyberScout Protection

CyberScout's partnership options help you safeguard the identity and privacy of your policyholders, customers, members and employees. Discover how a customized program can help build brand loyalty, customer retention, and quickly generate long-term recurring revenue.

Get Started