SurfWatch Labs

SurfWatch Labs SurfWatch Labs helps quickly establish a strategic cyber threat intelligence operation that drives more effective use of tactical defenses.
(8)

SurfWatch Labs helps organizations and service providers quickly establish a strategic cyber threat intelligence operation that drives more effective use of their tactical defenses. Founded in 2013 by former US Government intelligence analysts, SurfWatch Labs solutions provide a 360-degree view of cyber threats in the context of your business, along with practical and personalized support to create immediate insights and meaningful action. Combining useful analytics, applications and human expertise, SurfWatch solutions can be your off-the-shelf, cyber threat intelligence team or delivered as a comprehensive product suite that easily integrates with your existing cybersecurity operations. SurfWatch Labs: Cyber In Sight. For more information, visit www.surfwatchlabs.com.

Under Armor announced this week that approximately 150 million users of the diet and fitness app MyFitnessPal had their ...
03/31/2018
Weekly Cyber Risk Roundup: MyFitnessPal Breach, Carbanak Leader Arrested

Under Armor announced this week that approximately 150 million users of the diet and fitness app MyFitnessPal had their personal information acquired by an unauthorized third party sometime in February 2018. As Reuters noted, it is the largest data breach of 2018 in terms of the number of records affected.

Under Armor announced this week that approximately 150 million users of the diet and fitness app MyFitnessPal had their personal information acquired by an unauthorized third party sometime in Febr…

Facebook has faced a week of criticism, legal actions, and outcry from privacy advocates after it was revealed that the ...
03/25/2018
Weekly Cyber Risk Roundup: Orbitz Breach, Facebook Privacy Fallout

Facebook has faced a week of criticism, legal actions, and outcry from privacy advocates after it was revealed that the political consulting Cambridge Analytica had accessed the information of 50 million users and leveraged that information while working with the Donald Trump campaign in 2016.

One of the biggest data breach announcements of the past week belonged to Orbitz, which said on Tuesday that as many as 880,000 customers may have had their payment card and other personal informat…

Two of the largest data breaches of recent memory were back in the news this week due to Mossack Fonseca announcing that...
03/17/2018
Weekly Cyber Risk Roundup: Russia Sanctions, Mossack Fonseca Shutdown, Equifax Insider Trading

Two of the largest data breaches of recent memory were back in the news this week due to Mossack Fonseca announcing that it is shutting down following the fallout from the Panama Papers breach as well as a former Equifax employee being charged with insider trading related to its massive breach.

On Thursday, the U.S. government imposed sanctions against five entities and 19 individuals for their role in “destabilizing activities” ranging from interfering in the 2016 U.S. presidential elect…

Last week, researchers observed a 1.35 Tbps distributed denial-of-service attack (DDOS) attack targeting GitHub. It was ...
03/05/2018
Weekly Cyber Risk Roundup: Record-Setting DDoS Attacks, Data Breach Costs

Last week, researchers observed a 1.35 Tbps distributed denial-of-service attack (DDOS) attack targeting GitHub. It was the largest DDoS attack ever recorded, surpassing the 1.2 Tbps attack against DNS provider Dyn in October 2016.

Last week, researchers observed a 1.35 Tbps distributed denial-of-service attack (DDOS) attack targeting GitHub. It was the largest DDoS attack ever recorded, surpassing the 1.2 Tbps attack against…

The FBI is once again warning organizations that there has been an increase in phishing campaigns targeting employee W-2...
02/26/2018
Weekly Cyber Risk Roundup: W-2 Theft, BEC Scams, and SEC Guidance

The FBI is once again warning organizations that there has been an increase in phishing campaigns targeting employee W-2 information. In addition, this week saw new breach notifications related to W-2 theft, as well as reports of a threat actor targeting Fortune 500 companies with business email compromise (BEC) scams in order to steal millions of dollars.

The FBI is once again warning organizations that there has been an increase in phishing campaigns targeting employee W-2 information. In addition, this week saw new breach notifications related to …

More information was revealed this week about the Olympic Destroyer malware and how it was used to disrupt the availabil...
02/19/2018
Weekly Cyber Risk Roundup: Olympic Malware and Russian Cybercrime

More information was revealed this week about the Olympic Destroyer malware and how it was used to disrupt the availability of the Pyeonchang Olympic’s official website for a 12-hour period earlier this month.

More information was revealed this week about the Olympic Destroyer malware and how it was used to disrupt the availability of the Pyeonchang Olympic’s official website for a 12-hour period e…

With the holiday season in full swing, be on the lookout for tampered Gift Cards, if giving them out this year.“I just...
12/20/2017
Buyers Beware of Tampered Gift Cards — Krebs on Security

With the holiday season in full swing, be on the lookout for tampered Gift Cards, if giving them out this year.

“I just identified five fraudulent gift cards on display at my local Wal-Mart,” Gatrell said. “They each had their stickers covering their codes peeled back and replaced. I can only guess that the thieves call the service number to monitor the balances, and try to consume them before the victims can. I’m just glad I thought to check!”

Prepaid gift cards make popular presents and no-brainer stocking stuffers, but before you purchase one be on the lookout for signs that someone may have tampered with it. A perennial scam that picks up around the holidays involves thieves who pull back and then replace the decals that obscure the ca...

The researchers determined that 19 sites had been compromised – one was a popular startup with more than 45 million ac...
12/13/2017
Researchers' tool uncovered website breaches which none of the sites disclosed

The researchers determined that 19 sites had been compromised – one was a popular startup with more than 45 million active users. Despite the researchers reaching out to the websites about the breaches, not even one disclosed the breach to their customers.

UCSD researchers' Tripwire tool uncovered website breaches which none of the sites disclosed to customers; the study is another harsh reminder about the dangers of password reuse.

MoneyTaker has stolen from banks in New York, California, Utah and Moscow, primarily targeting smaller institutions with...
12/12/2017
Hackers Linked to Russians Target Banks From Moscow to Utah

MoneyTaker has stolen from banks in New York, California, Utah and Moscow, primarily targeting smaller institutions with limited cyber defenses. The average haul from U.S. banks was about $500,000, and it stole over $3 million from three Russian lenders.

A previously unknown ring of Russian-speaking hackers has stolen as much as $10 million from U.S. and Russian banks in the last 18 months, according to a Moscow-based cyber-security firm that runs…

Several cryptocurrency exchanges were among the week’s top trending cybercrime targets due to a variety of different c...
12/11/2017
Weekly Cyber Risk Roundup: Bitcoin Attacks Dominate Headlines, New Phishing Warnings

Several cryptocurrency exchanges were among the week’s top trending cybercrime targets due to a variety of different currency thefts, data breaches, and warnings from researchers.

Several cryptocurrency exchanges were among the week’s top trending cybercrime targets due to a variety of different currency thefts, data breaches, and warnings from researchers. The most impactfu…

A team of researchers has found issues with the validation of TLS certificates for mobile banking and other security-foc...
12/08/2017
MITM Vulnerabilities Found in Mobile Banking Apps - Security Boulevard

A team of researchers has found issues with the validation of TLS certificates for mobile banking and other security-focused applications that could allow man-in-the-middle (MITM) attackers to decrypt their traffic.

Issues with TLS certificates validation in mobile banking and other security-focused applications could allow traffic decryption.

The massive surge in Bitcoin prices in recent months suddenly has made online cryptocurrency exchanges and services popu...
12/06/2017
Bitcoin Sites Become Hot Targets for DDoS Attacks

The massive surge in Bitcoin prices in recent months suddenly has made online cryptocurrency exchanges and services popular targets for distributed denial-of-service (DDoS) attacks.

The Bitcoin industry is now one of the top 10 most-targeted industries for DDoS campaigns. Price manipulation could be one goal, Imperva says.

Get caught up on the latest cybercrime news, including Uber's breach and a handful of arrests and sentences related to p...
12/04/2017
Weekly Cyber Risk Roundup: Uber’s Breach Woes, Major Cybercriminals Prosecuted

Get caught up on the latest cybercrime news, including Uber's breach and a handful of arrests and sentences related to previous breaches and fraudulent activity.

Uber was the week’s top trending cybercrime target due to the announcement of a year-old breach that affects 57 million customers and drivers. In addition, the company admitted to paying the hacker…

Information on the server, potentially impacting tens of thousands of customers, included customer names, addresses, dat...
12/02/2017
National Credit Federation leaked US citizen data through unsecured AWS bucket | ZDNet

Information on the server, potentially impacting tens of thousands of customers, included customer names, addresses, dates of birth, driver's license and Social Security card scans, credit blueprints containing detailed financial histories, and full credit card and bank account numbers.

Tens of thousands of customers of the credit repair service are believed to be affected.

Unfortunately, too many organizations use identifiers as authenticators and massive breaches like Equifax tell us this w...
12/01/2017
Analyst Perspective: 2018 Cybersecurity Forecast | SecurityWeek.Com

Unfortunately, too many organizations use identifiers as authenticators and massive breaches like Equifax tell us this will be an even bigger problem in 2018.

Adam Meyer, Chief Security Strategist at SurfWatch Labs, provides his cybersecurity forecast for 2018.

Fraud is not disappearing, it’s just shifting, said Monica Eaton-Cardone, the co-founder and COO of Chargebacks911, on...
11/29/2017
Fraud Landscape Shifts as EMV Adoption Becomes More Widespread

Fraud is not disappearing, it’s just shifting, said Monica Eaton-Cardone, the co-founder and COO of Chargebacks911, on SurfWatch Labs recent Cyber Chat podcast.

It’s been just over two years since the liability shift around EMV pushed retailers and financial institutions towards adopting chip-enabled cards and terminals, and the fraud landscape for cybercr…

Uber disclosed that hackers had stolen 57 million driver and rider accounts and that thecompany had kept the data breach...
11/27/2017
Uber Hid 2016 Breach, Paying Hackers to Delete Stolen Data

Uber disclosed that hackers had stolen 57 million driver and rider accounts and that the
company had kept the data breach secret for more than a year after paying a $100,000 ransom.

The company said hackers had stolen 57 million accounts and that the breach was kept secret. In the aftermath, it fired its top security executive.

Payment card breaches were back in the news again this week as Forever 21 announced that it is investigating a point-of-...
11/20/2017
Weekly Cyber Risk Roundup: More Payment Card Breaches and Dark Web Arrests

Payment card breaches were back in the news again this week as Forever 21 announced that it is investigating a point-of-sale breach (POS) at some of its stores, and several other organizations issued breach announcements related to stolen payment card data.

Payment card breaches were back in the news again this week as Forever 21 announced that it is investigating a point-of-sale breach (POS) at some of its stores, and several other organizations issu…

The vulnerabilities are severe, with two of the bugs scoring 9.9 and 10 on the CVSS scale.  Products affected include Or...
11/18/2017
Oracle Issues Emergency Patches for 'JoltandBleed' Vulnerabilities

The vulnerabilities are severe, with two of the bugs scoring 9.9 and 10 on the CVSS scale. Products affected include Oracle PeopleSoft Campus Solutions, Human Capital Management, Financial Management, and Supply Chain Management, as well other product using the Tuxedo 2 application server.

Oracle pushed out an emergency update for vulnerabilities dubbed 'JoltandBleed' affecting five of its products that rely on its proprietary Jolt protocol.

From May 2015 through July 3 of this year, Wheeler worked with Cazes and others to use AlphaBay to traffic in personal a...
11/16/2017
Feds charge man they say worked for 'darknet' marketplace

From May 2015 through July 3 of this year, Wheeler worked with Cazes and others to use AlphaBay to traffic in personal access information and use these usernames, passwords, email addresses, telephone numbers and bank account numbers without authorization to obtain money, goods and services, the court filing says.

An Illinois man who federal prosecutors say worked as a spokesman for a "darknet" marketplace for illicit internet commerce has been charged in Atlanta. Authorities have said AlphaBay was the…

While the details of the hack are classified, Hickey admitted that his team of industry experts and academics pulled it ...
11/14/2017
Homeland Security team remotely hacked a Boeing 757

While the details of the hack are classified, Hickey admitted that his team of industry experts and academics pulled it off by accessing the 757’s “radio frequency communications.”

A Department of Homeland Security official admitted that a team of experts remotely hacked a Boeing 757 parked at an airport.

The hack of a large cache of sensitive documents from the offshore law firm Appleby, which was first reported several we...
11/13/2017
Weekly Cyber Risk Roundup: Bad Rabbit’s Parallel Attack, Paradise Papers Fallout

The hack of a large cache of sensitive documents from the offshore law firm Appleby, which was first reported several weeks ago, has already begun to have potentially wide-reaching ramifications.

October’s Bad Rabbit ransomware attacks were back in the news this week due to a report that a series of phishing attacks occurred at the same time as the Bad Rabbit outbreak, and the parallel atta…

This release is the first in what WikiLeaks founder Julian Assange says is a new series, Vault 8, that will release the ...
11/10/2017
WikiLeaks Starts Releasing Source Code For Alleged CIA Spying Tools

This release is the first in what WikiLeaks founder Julian Assange says is a new series, Vault 8, that will release the code from the CIA hacking tools revealed as part of Vault 7.

The secret-spilling organization launches a new series where it will release the source code of alleged CIA tools from the Vault 7 series.

For the second time in as many years, hackers have compromised Verticalscope.com, a Canadian company that manages hundre...
11/08/2017
2nd Breach at Verticalscope Impacts Millions — Krebs on Security

For the second time in as many years, hackers have compromised Verticalscope.com, a Canadian company that manages hundreds of popular Web discussion forums totaling more than 45 million user accounts.

For the second time in as many years, hackers have compromised Verticalscope.com, a Canadian company that manages hundreds of popular Web discussion forums totaling more than 45 million user…

NIC Asia Bank, based in Kathmandu, said attackers initiated $4.4 million in fraudulent money transfers from its accounts...
11/07/2017
Report: Attackers Hacked Nepalese Bank's SWIFT Server

NIC Asia Bank, based in Kathmandu, said attackers initiated $4.4 million in fraudulent money transfers from its accounts to accounts in six other countries, including the United States, the United Kingdom, Japan and Singapore.

Fraudulent SWIFT money-moving attacks continue, as one of Nepal's largest private-sector commercial banks, NIC Asia Bank, says attackers tried to steal $4.4 million

The hackers who disrupted the U.S. presidential election last year had ambitions that stretched across the globe, target...
11/03/2017
Russia hackers pursued Putin foes, not just US Democrats

The hackers who disrupted the U.S. presidential election last year had ambitions that stretched across the globe, targeting the emails of Ukrainian officers, Russian opposition figures, U.S. defense contractors and thousands of others of interest to the Kremlin.

WASHINGTON (AP) — It wasn't just Hillary Clinton's emails they went after. The hackers who disrupted the U.S. presidential election last year had ambitions that stre

Gift cards are one of the most frequently listed items on dark web marketplaces, and SurfWatch Labs expects the number o...
11/01/2017
‘Tis the Season: Gift Card Fraud Rampant on the Dark Web

Gift cards are one of the most frequently listed items on dark web marketplaces, and SurfWatch Labs expects the number of compromised gift cards for sale to rise in the coming months as millions of cards are loaded with active balances across the country.

The holiday shopping season is right around the corner, and gift cards are expected to remain as the most requested holiday gift for the tenth year in a row. It should come as no surprise then that…

By spoofing a Google corporate email address, he was able to gain access to the back-end of the system, and to thousands...
10/31/2017
Flaw in Google's bug database exposed sensitive security vulnerabilities

By spoofing a Google corporate email address, he was able to gain access to the back-end of the system, and to thousands of bug reports -- some of them marked as "priority zero," the most severe and dangerous vulnerabilities.

The bug allowed the researcher to see the most sensitive vulnerabilities in Google's services.

The offshore law firm Appleby said that client data was stolen last year, and the International Consortium of Investigat...
10/30/2017
Weekly Cyber Risk Roundup: Bad Rabbit Halted, Law Firm Breach Raises Questions

The offshore law firm Appleby said that client data was stolen last year, and the International Consortium of Investigative Journalists (ICIJ), which obtained the hacked data, has contacted the firm over allegations of wrongdoing and says it plans on publishing a series of stories related to the breach.

The week’s top trending event was the outbreak of Bad Rabbit ransomware, which quickly spread across Russia and Eastern Europe before most of the infrastructure behind the attack was taken offline …

Address

45610 Woodland Rd, Ste 350
Sterling, VA
20166

Alerts

Be the first to know and let us send you an email when SurfWatch Labs posts news and promotions. Your email address will not be used for any other purpose, and you can unsubscribe at any time.

Contact The Business

Send a message to SurfWatch Labs:

Videos

Nearby computer & electronics services


Other Computer Companies in Sterling

Show All