Cybersecurity Firm Warns That Hackers Can Take Control of Cars

From “Cybersecurity Firm Warns That Hackers Can Take Control of Cars”
Wall Street Journal (04/13/17) Dawson, Chester. Reprinted by ASIS International.

An Israeli cybersecurity firm is raising fresh concerns about hackers taking control of moving cars, remotely shutting down an engine with the help of a smartphone app, a Bluetooth connection, and a type of device commonly plugged into ports located under vehicle dashboards. On 13 April, Argus Cyber Security Ltd. said it was able to use a so-called dongle, a device often installed by insurance companies to monitor driving patterns or by owners wanting in-vehicle Wi-Fi, to crack into a vehicle’s internal communication system. The firm triggered a signal meant to disable the fuel pump, something that normally would happen only after a collision. Argus didn’t disclose the model of car it hacked, but the breach is the latest in a series of high-profile hacks, including an incident two years ago staged by two security researchers who controlled a Jeep Cherokee via a wireless internet connection.

IBM Report Details 2017 Tax Scams as IRS Filing Deadline Nears

From “IBM Report Details 2017 Tax Scams as IRS Filing Deadline Nears”
eWeek (04/05/17) Kerner, Sean Michael. Printed by ASIS International.

IBM Security is warning of an increase in tax-related spam email and related fraud scams that aim to exploit tax filers as the April 18 tax filing deadline nears. IBM’s “Cybercrime Riding Tax Season Tides: Trending Spam and Dark Web Findings” report, released on April 5, details how attackers are increasing their efforts ahead of the deadline. IBM X-Force security researchers have tracked a 6,000 percent increase in tax-related spam emails from December 2016 to February 2017. Limor Kessem, executive security advisor at IBM Security, says that this is the first year that IBM is seeing campaigns targeting businesses. “Last year, consumer tax fraud was the most common illicit activity linked with compromised taxpayer information,” she says. “This year, things are getting bigger and bolder.” She went on to say that attackers have several different ways to get taxpayer information, depending on their technical skill levels. “The more technically inclined may breach a company’s infrastructure to steal data directly from their internal servers,” she explains.

Homeland Security’s Terror Warning for NJ Hospitals and Hotels

From “Homeland Security’s Terror Warning for NJ Hospitals and Hotels”
New Jersey 101.5 (03/27/2017) Matthau, David. Reprinted by ASIS.

As authorities continue to investigate last week’s terror attack outside the British Parliament, homeland security officials in the United States are advising the public to be vigilant. The New Jersey Office of Homeland Security and Preparedness is calling on hospitals, hotels, and motels to keep an eye out for anything out of the ordinary. Eric Tysarczyk, the director of policy and planning for the New Jersey Office of Homeland Security and Preparedness, stressed no specific, credible threat has been made against any of these areas in New Jersey. However, hospitals are considered potential terror targets because they have open access and they are mass gathering sites. Tysarczyk notes some hospitals have chemicals and devices that could interest terrorist attackers, and hospitals play a prominent role in prevention and protection, which might also catch the attention of those planning an attack. He says the public should remain vigilant and report anomalies such as people wearing bulky coats inappropriately and congregating around delivery docks when they are not making deliveries. He says the first point of information should be either the security guard or the local police, adding that it is better to report a situation that does not pose a threat than to fail to report an actual threat.

Workplace Violence: Prevention and Response

From “Workplace Violence: Prevention and Response”
CSO Online (03/08/17) Wackrow, Jonathan. Reprinted by ASIS.

Almost 2 million Americans are the victims of workplace violence every year. The Occupational Safety and Health Administration says that corporations spend over $36 billion each year on remediating the after effects of such incidents. Studies have shown that training and implemented policies to prevent threats and violence significantly decrease the incident rate. The best risk management strategy includes a combination of sound protocols, access to expert professional resources, and quality insurance coverage. The most effective prevention methods identify and address potential problems early. Workplace violence generally breaks down into four broad categories: violence by unknown individual with criminal intent, violence by known customer, violence by employee, and violence by associated party. Organizations should also implement a hiring process that emphasizes pre-employment screening and background checks. Understanding the risk factors can also prove extremely beneficial. In the event of an incident, crisis response plans are most effective when tailored to the needs and resources of a particular employer and workforce.

The Intruder in the Brigham OR – How Did She Get There?

From “The Intruder in the Brigham OR – How Did She Get There?”
Boston Globe (02/05/17) Kowalczyk, Liz. Re-posted by ASIS.

A former surgical resident impersonated a physician and gained access to restricted areas to observe operations and attend patient rounds at Brigham and Women’s Hospital in Boston. Cheryl Wang, previously dismissed from a residency program in New York City, wandered into operating rooms in official Brigham scrubs she may have obtained from a previous visit. Although Brigham staff are required to scan their identification badges to enter operation rooms, Wang slipped into the surgical suites by walking in behind other employees who were holding the door open for each other. Following the security breach, the hospital says it has strengthened its policy for allowing observers into its operating rooms. Physicians now are required to verify that a doctor-in-training is in good standing with his or her educational institution. The hospital also plans to educate staff about the dangers of “tailgating,” or letting people follow staff into restricted areas without scanning an ID card. Electronic card access and surveillance cameras are considered security best practices, but hospital security experts are considering other safeguards, including turnstiles, security officers, and biometric systems.

Share Facebook  LinkedIn  Twitter  | Web Link | Return to Headlines

Can You Hear Me? Just Say “NO!” (Or Hang Up)

Reports have surfaced about a new scam using a familiar line.  Scammers call, identify themselves by name and company and during the momentary pause that follows, the scammer says, “Can you hear me?”  Of course we all respond, “yes,” and then we hang up or say we’re not interested or let loose a string of expletives.  You get my point.  But no matter how you respond– the damage is done.

The scammer records your yes response and neatly places it in a recording making it sound like you answered yes to ordering various goods.  When you later call to complain, you are met with the sound of your own voice verifying the purchase.  As a matter of fact, these folks are bold enough to threaten to sue you if you don’t pay for your “order.”

There are so many creative scams out there it is important to remember a few simple rules that might eliminate a great deal of inconvenience (or money loss) later:

DO NOT answer calls from numbers you don’t recognize.

DO NOT verify your phone number with anyone you didn’t call.

DO NOT give out personal information on any call you did not initiate.

It is not likely we can avoid all scammers– but let’s not make it easy for them!