The fallout from the breach at the Democratic National Committee continued as WikiLeaks published more information and Julian Assange vowed that there was more to come. UK Telecom O2 became the latest company to be victimized by batches of previously exposed credentials. Shapeways, Kimpton Hotels, and Korean online store Interpark all made headlines for data breaches. Cybercrime advisories included researcher Tavis Ormandy warning of flaws in password manager LastPass, NIST advising organizations to move beyond SMS-based two-factor authentication, a flaw in Amazon's Silk web browser, the KeySniffer flaw affecting wireless keyboards, and news of the Chthonic banking Trojan. On the legal front a Miami judge ruled that bitcoin is not real money, Target shareholders' derivative lawsuit was dismissed, the University of Mississippi Medical Center was hit with a $2.7 million HIPAA settlement, a breach led to a Minnesota county paying a $1 million settlement, and a former Citibank employee was sentenced to prison. Finally, one internet star asked his followers to hand over their passwords, and they did.
The popular Pokemon Go was this week's top trending cybercrime target following several incidents including DDoS attacks that disrupted service. DDoS attacks against the U.S. Congress, Philippines Government and WikiLeaks also made news. Data breach announcements include more than 130 stores being impacted by Cici's Pizza's point-of-sale breach, Asiana Airlines having 47,000 documents containing customer information stolen, and 2 million users being impacted by a hack at Ubuntu Forums. On the advisory front, SurfWatch Labs released its Mid-Year 2016 Cyber Trends report, Adobe Flash is back in the news, a Stagefright-like vulnerability is affecting Apple devices, and legitimate remote administration software is being used to spread banking malware. The GOP led the way on the legal side of cybercrime as the party unveiled its official platform, including cyber. Oregon Health & Science University was fined $2.7 million. The Department of Commerce will soon being accepting self-certifications for the EU-U.S. Privacy Shield. The St. Louis Cardinals hacking case wrapped up with a 46-month prison sentence. The alleged operator of Kickass Torrents was also arrested this week. Lastly, Pokemon Go is leading many people to get hurt in strange ways.
Download the Mid-Year 2016 Cyber Trends report from SurfWatch Labs: http://info.surfwatchlabs.com/cyber-threat-trends-report-1h-2016
Several large healthcare databases have been put up for sale on the dark web, and the actor behind the leaks is promising more. Point-of-sale breaches made headlines this week at Hard Rock Hotel & Casino Las Vegas and Noodles & Company. More SWIFT attacks are impacting "dozens of banks." Sports and cybercrime intersected as ransomware hit NASCAR and the SEC was the victim of a Twitter hack. Advisories this week include vulnerabilities in Symantec products that Google's Project Zero called "as bad as it gets," Bart and Cerber ransomware warnings, Marcher and Retefe banking Trojan developments, and a botnet utilizing CCTVs. The legal side saw congressmen urging HHS to examine ransomware, the FTC clarifying what they're looking for during investigations, privacy lawsuits affecting both researchers and the FBI, and new and potential cybersecurity laws in Rhode Island and China. Lastly, a man is using technology to fight parking tickets.