Insurance data security laws skirt political turmoil

Across the United States, a unique approach to lawmaking has proved radically successful in making data security stronger for one industry—insurance providers. The singular approach has entirely sidestepped the prolonged, political arguments that have become commonplace when trying to pass federa...

Think you’ve had a breach? Top 5 things to do

Realising that you may have had a data breach can be the start of a stressful and confusing time. Ideally, you would reach for your carefully crafted and practised incident management plan to guide you through the process. In reality though these plans fall into two camps: They don’t exist yet Th...

Operational resilience begins with your commitment to and investment in cyber resilience

Operational resilience cannot be achieved without a true commitment to and investment in cyber resilience. Global organizations need to reach the state where their core operations and services won’t be disrupted by geopolitical or socioeconomic events, natural disasters, and cyber events if they...

On Cybersecurity Insurance

Good paper on cybersecurity insurance: both the history and the promise for the future. From the conclusion: Policy makers have long held high hopes for cyber insurance as a tool for improving security. Unfortunately, the available evidence so far should give policymakers pause. Cyber insurance...

Threat Source newsletter (Aug. 22)

Newsletter compiled by Jon Munshaw. Welcome to this week’s Threat Source newsletter — the perfect place to get caught up on all things Talos from the past week. A lot of people may think that cyber insurance is this new, unexplored field that carries a lot of questions. But did you know that thes...

What you — and your company — should know about cyber insurance

By Jon Munshaw and Joe Marshall. It’s no longer a question of “if” any given company or organization is going to be hit with a cyber attack — it’s when. And when that attack comes, who is willing to take on that risk? For some groups, it may be that they feel they are fully prepared to take on th...

Lojack’d: Pwning Smart vehicle trackers

This research is by @evstykas with help from @Yekki1 and @TheKenMunroShow. Many car insurers insist that smart trackers are fitted to high end vehicles. In the event of theft, the car can be tracked and recovered. Probably the most well-known is LoJack, also known as Tracker in Europe. We also...

insuranceinstitute.ca Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-932009 Security Researcher elmahdibenrs Helped patch 15 vulnerabilities Received 1 Coordinated Disclosure badges Received 1 recommendations , a holder of 1 badges for responsible and coordinated disclosure, found a security vulnerability affecting insuranceinstitute.ca...

The App Creeping on Your IG Location, Jakarta’s Insurance Crisis, and More News

Catch up on the most important news from today in two minutes or less...

Mirai Botnet Sees Big 2019 Growth, Shifts Focus to Enterprises

The infamous Mirai internet of things botnet is spiking in growth while changing up its tactics, techniques and procedures so far in 2019, to target more and more enterprise-level hardware, It’s a state of affairs that presents a greater concern than ever before given the ongong migration to the...

On TikTok, Teens Meme Life360, the Safety App Ruining Their Summer

Parents can use Life360 to track their teen’s location in real time. The company can use that data to sell car insurance...

MongoDB Leak Exposed Millions of Medical Insurance Records

An online database belonging to insurance marketing website MedicareSupplement.com was found exposing more than 5 million records with personal information. MedicareSupplement.com is a U.S.-based marketing site that allows users to find supplemental medical insurance available in their area...

Two Florida Cities Paid $1.1 Million to Ransomware Hackers This Month

In the last two weeks, Florida has paid more than $1.1 million in bitcoin to cybercriminals to recover encrypted files from two separate ransomware attacks—one against Riviera Beach and the other against Lake City. Lake City, a city in northern Florida, agreed on Monday to pay hackers 42 Bitcoin...

Two Florida Cities Paid $1.1 Million to Ransomware Hackers This Month

In the last two weeks, Florida has paid more than $1.1 million in bitcoin to cybercriminals to recover encrypted files from two separate ransomware attacks—one against Riviera Beach and the other against Lake City. Lake City, a city in northern Florida, agreed on Monday to pay hackers 42 Bitcoin...

First American Financial Corp. Data Records Leak

Krebs on Security is reporting a massive data leak by the real estate title insurance company First American Financial Corp. "The title insurance agency collects all kinds of documents from both the buyer and seller, including Social Security numbers, drivers licenses, account statements, and eve...

A week in security (May 20 – 26)

Last week on Malwarebytes Labs, we took a look at a skimmer pretending to be a payment service provider, gave an overview of what riskware is, took a deep dive into concerns about PACS leaks, and dug around in the land of “These Governments said fix it…hurry up”. Other cybersecurity news Changes...

First American Financial Corp. Leaked Hundreds of Millions of Title Insurance Records

The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. NYSE:FAF leaked hundreds of millions of documents related to mortgage deals going back to 2003, until notified this week by KrebsOnSecurity. The digitized records -- including bank account numbers and...

U.S. Charges Chinese Hacker For 2015 Anthem Data Breach

The United States Justice Department today announced charges against a Chinese hacker and his hacking team member for their alleged role in the 2015 massive data breach at health insurance giant Anthem and three other unnamed American companies. Fujie Wang 王 福 杰 and another hacker named John Doe...

Business banking fraud. Keep your eggs in TWO baskets. Here’s why…

This post has a cautionary tale all about spreading your business banking fraud risk. So, does your business have two bank accounts, with different banks? No? Then you would be well advised to do so, or risk being left unable to trade. WHY? Business banking ‘cyber’ fraud is increasingly common; I...

iChain Insurance Wallet App for iOS Directory Traversal Vulnerability

iChain Insurance Wallet App for iOS is an e-wallet application based on the iOS platform. A directory traversal vulnerability exists in iChain Insurance Wallet App for iOS. A remote attacker can gain access to arbitrary files, such as those associated with an application on an iOS device...