Monthly Archive November 2014

Information Security Breach Report – 28 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Uber on your Android phone steals your data – http://cio.economictimes.indiatimes.com/news/digital-security/uber-on-your-android-phone-steals-your-data/45303910

Shutterfly web properties suffer data breach – http://www.csoonline.com/article/2852901/data-breach/shutterfly-web-properties-suffer-data-breach.html#tk.rss_all

Firms lose £2m in social engineering trick – http://www.lawgazette.co.uk/practice/firms-lose-2m-in-social-engineering-trick/5045403.article

New PoS Malware Hits E-kiosks and Ticket Vending Machines – http://www.securityweek.com/new-pos-malware-hits-e-kiosks-and-ticket-vending-machines

Syrian Electronic Army hacks websites via Gigya’s login service – https://gigaom.com/2014/11/27/syrian-electronic-army-hacks-websites-via-gigyas-login-service/

A Tale of Two Powerpoint Vulnerabilities – https://www.f-secure.com/weblog/archives/00002756.html

Hackers target parliament website? – http://www.thenews.pl/1/9/Artykul/188615,Hackers-target-parliament-website

PoS malware d4re|dev1| is also targeting Mass Transit Systems – http://securityaffairs.co/wordpress/30570/cyber-crime/pos-malware-dareldevil.html

 

Miscellaneous Infosec stories:

Retailers data breaches could get ‘ugly’ during holiday season – http://www.mercurynews.com/business/ci_27025645/retailers-data-breaches-could-get-ugly-during-holiday

Edward Snowden: best … security … educator … EVER! – http://www.theregister.co.uk/2014/11/28/the_snowden_effect_not_just_diplomatic_drama/

TOP TEN THINGS ABOUT UK CYBER SECURITY – http://www.cbronline.com/news/security/top-ten-things-about-uk-cyber-security-4453431

Data breach incidents by quarter – https://ico.org.uk/enforcement/trends

Penalties for losing sensitive data – http://www.professionalsecurity.co.uk/news/interviews/penalties-losing-sensitive-data/

Analysis of leaked logs from Syria’s censoring national firewall – http://boingboing.net/2014/11/27/analysis-of-leaked-logs-from-s.html

Biometrics in smartphones need more control – ex-GCHQ boss – http://www.bbc.co.uk/news/uk-politics-30211238

A WHOPPING 8 million Windows Server 2003 systems still out there – http://www.channelregister.co.uk/2014/11/27/windows_server_2003_tech_data_gartner/

Giovanni Buttarelli named new data protection watchdog – http://www.europarl.europa.eu/news/en/news-room/content/20141127IPR81016/html/Giovanni-Buttarelli-named-new-data-protection-watchdog

For cyber safety, UK turns to Israeli tech – http://www.timesofisrael.com/for-cyber-safety-uk-turns-to-israeli-tech/

Italy: Garante introduces ‘progressive’ mandatory breach notification – http://www.dataguidance.com/dataguidance_privacy_this_week.asp?id=3023

Client: “We used to have pentests, but they kept giving us bad reports, so we stopped them…” – http://securityreactions.tumblr.com/post/103565292717/client-we-used-to-have-pentests-but-they-kept

Global outage of AWS CloudFront CDN on Nov 26 2014 – http://www.turbobytes.com/blog/cloudfront-cdn-global-outage/

CYBER-THANKSGIVING: WHAT INFOSEC PROFESSIONALS ARE THANKFUL FOR – http://www.tripwire.com/state-of-security/off-topic/cyber-thanksgiving-what-infosec-professionals-are-thankful-for/

This Artist’s Images Integrate Code From Malware Like Stuxnet and Flame – http://www.wired.com/2014/11/malware-art/#slide-id-1662013

“My, what an ENORMOUS malware infection you have!” [PODCAST] – https://nakedsecurity.sophos.com/2014/11/27/sscc-175-my-what-an-enormous-malware-infection-you-have-podcast/

Cyber security among six UK industries competing for skills, says IET – http://www.computerweekly.com/news/2240235477/Cyber-security-among-six-UK-industries-competing-for-skills-says-IET

So, who *did* write the Regin malware? – http://grahamcluley.com/2014/11/write-regin-malware/

If necessary will shut mobile, Facebook to prevent question leak during exams – http://bdnews24.com/bangladesh/2014/11/27/if-necessary-will-shut-mobile-facebook-to-prevent-question-leak-during-exams-nahid

 

Tools, Tips and How it’s done:

300,000 WordPress hacking attempts and 5 observations – http://simonfredsted.com/1260

101 Bad Android Apps – https://www.f-secure.com/weblog/archives/00002757.html

Cyber shopping: 12 tips from police to foil cyber scammers – http://www.thestar.com/news/world/2014/11/27/cyber_shopping_12_tips_from_police_to_foil_cyber_scammers.html

 

Miscellaneous Privacy stories

Bitcoin Not That Anonymous Afterall – http://www.darknet.org.uk/2014/11/bitcoin-not-anonymous-afterall/

Home Office: Fancy flogging us some SECRET SPY GEAR? – http://www.theregister.co.uk/2014/11/27/home_office_tender_top_secret_surveillance_gear/

Stop selling spyware to despotic regimes, beg MEPs – http://www.theregister.co.uk/2014/11/27/stop_selling_spyware_to_despotic_regimes_beg_meps_weve_enough_trouble_here/

 

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


Information Security Breach Report – 27 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Experimental Malware Bypasses Top APT Detection Solutions: Report – http://www.securityweek.com/experimental-malware-bypasses-top-apt-detection-solutions-report

Home Security Systems Subject to Breaches – http://abcnews.go.com/GMA/video/home-security-systems-subject-breaches-27190627

DoS Vulnerability Found in MatrikonOPC Server for DNP3 – http://www.securityweek.com/dos-vulnerability-found-matrikonopc-server-dnp3

Sony Pictures’ computers are still locked as hackers demand equality – http://www.engadget.com/2014/11/26/sony-pictures-computers-are-still-locked-as-hackers-demand-equa/

 

Miscellaneous Infosec stories:

Hacker dodges FOUR HUNDRED YEARS in cooler for SCANNING sites – http://www.theregister.co.uk/2014/11/27/hacker_dodges_half_a_millennium_in_cooler_for_scanning_sites/

Tony Abbott announces cyber security review – http://www.theage.com.au/it-pro/security-it/tony-abbott-announces-cyber-security-review-20141127-11v27k.html

IoT World Forum Review: Interop, Data & Security – http://www.infosecprofessional.com/2014/11/iot-world-forum-review-interop-data.html

Look out: That data protection watchdog can bite – http://www.theregister.co.uk/2014/11/26/data_protection/

Cybercriminals could rake in profits 20 times more than cost of attacks: Kaspersky Lab – http://cio.economictimes.indiatimes.com/news/digital-security/cybercriminals-could-rake-in-profits-20-times-more-than-cost-of-attacks-kaspersky-lab/45291968

ENISA Issues Guidelines on Cryptographic Solutions – http://www.securityweek.com/enisa-issues-guidelines-cryptographic-solutions?utm_source=feedburner

Top 3 Takeaways from the “PCI DSS 3.0: Are You Ready for January?” Webcast – https://community.rapid7.com/community/infosec/blog/2014/11/26/top-3-takeaways-from-the-pci-dss-30-are-you-ready-for-january-webcast

Everything happens for a reason in security – https://community.rapid7.com/people/kevinbeaver/blog/2014/11/26/everything-happens-for-a-reason-in-security

3 staggering retail data breach statistics –

http://www.csoonline.com/article/2852383/data-breach/3-staggering-retail-data-breach-statistics.html

Top reasons for CSOs to give thanks – http://www.csoonline.com/article/2851425/data-protection/top-reasons-for-csos-to-give-thanks.html

San Francisco DA pushes for chip payment cards in tech’s backyard – http://www.csoonline.com/article/2852692/data-protection/san-francisco-da-pushes-for-chip-payment-cards-in-techs-backyard.html

Hack the halls: Watch out for Cyber Monday scamathon – http://www.csoonline.com/article/2852011/malware-cybercrime/hack-the-halls-watch-out-for-cyber-monday-scamathon.html

TechUK publishes guidelines for UK cyber security exports – http://www.computerweekly.com/news/2240235381/TechUK-publishes-guidelines-for-UK-cyber-security-exports

London Police Retool for Cybercrime – http://www.inforisktoday.co.uk/london-police-retool-for-cybercrime-a-7613

Developers of Android RAT DroidJack Traced to India – http://www.securityweek.com/developers-android-rat-droidjack-traced-india

AV Firms Defend Regin Alert Timing – http://www.bankinfosecurity.com/av-firms-defend-regin-alert-timing-a-7614

Examining 1 billion transactions for fraud – http://www.net-security.org/secworld.php?id=17676

Costs of a cyber data breach – http://pgitl.com/costs-cyber-data-breach/

Visa sees Visa Europe option now costing more than $10 billion – http://www.reuters.com/article/2014/11/22/us-visa-europe-option-idUSKCN0J600G20141122?feedType=RSS&feedName=businessNews

SSDP DDoS attacks driving up average DDoS sizes – http://searchsecurity.techtarget.com/news/2240235194/SSDP-DDoS-attacks-driving-up-average-DDoS-sizes

FTC Continues Tech-Support Scam Busts – http://www.bankinfosecurity.com/ftc-continues-tech-support-scam-busts-a-7600

CIA crypto-king offers new ‘clock’ clue to crack Kryptos code – http://www.theregister.co.uk/2014/11/21/cia_crypto_king_offers_new_clock_clue_to_crack_kryptos_code/

 

Tools, Tips and How it’s done:

Don’t Get Skunked in a Data Breach – http://www.business2community.com/tech-gadgets/dont-get-skunked-data-breach-01080234

How to be an InfoSec Geek – http://www.slideshare.net/j0b1n/how-to-be-an-infosec-geek

Simple yet Effective Methods to Solve Java Security Issues – http://resources.infosecinstitute.com/simple-yet-effective-methods-solve-java-security-issues/

Preparing for an information audit – http://www.net-security.org/article.php?id=2173

Skimmer Innovation: ‘Wiretapping’ ATMs – http://krebsonsecurity.com/2014/11/skimmer-innovation-wiretapping-atms/

The Anatomy of a Credit Card Breach: Whiteboard Wednesday [VIDEO] – https://community.rapid7.com/community/infosec/blog/2014/11/26/the-anatomy-of-a-credit-card-breach-whiteboard-wednesday-video

Embracing the Adversary Mindset – http://www.databreachtoday.co.uk/interviews/embracing-adversary-mindset-i-2514

Brute-force Attacks: Crossing the Online-Offline Password Chasm – http://www.securityweek.com/brute-force-attacks-crossing-online-offline-password-chasm

Protecting against Social Engineering – http://www.mytechlogy.com/IT-blogs/5668/protecting-against-social-engineering/#.VHbwdDGsWSo

How to use an authenticator app to improve your online security – http://www.zdnet.com/how-to-use-an-authenticator-app-to-improve-your-online-security-7000036049/

How can flash heap spray attacks be detected? – http://searchsecurity.techtarget.com/answer/How-can-flash-heap-spray-attacks-be-detected

3 Questions to Ask Vendors When Securing POS – http://www.databreachtoday.com/blogs/3-questions-to-ask-vendors-when-securing-pos-p-1774

 

Miscellaneous Privacy stories

‘Curiosity’ of Island Health employees led to privacy breach, probe reveals – http://www.vancouversun.com/health/Curiosity+Island+Health+employees+privacy+breach+probe/10417256/story.html

Case Suggests How Government May Get Around Phone Encryption – http://blogs.wsj.com/digits/2014/11/25/case-suggests-how-government-may-get-around-phone-encryption/

Privacy Groups Call for NIST to Keep Development of Crypto Standards Independent of NSA Influence – http://www.securityweek.com/privacy-groups-call-nist-keep-development-crypto-standards-independent-nsa-influence

Internet companies should not be monitoring terrorists or anyone else – http://techfruit.com/2014/11/26/internet-companies-not-monitoring-terrorists-anyone-else/

Internet data plan back on political agenda – http://www.bbc.co.uk/news/uk-politics-30166477

Encryption everywhere: Debating the risks and rewards – http://searchsecurity.techtarget.com/news/2240235173/Encryption-everywhere-Debating-the-risks-and-rewards

How One Guy Is Using the Law to Wreak Havoc Over Police Body Cams – http://origin-www.businessweek.com/articles/2014-11-20/how-one-guy-can-wreak-havoc-on-plans-for-police-body-cameras#r=rss

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 26 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Privacy bods Detekt FinFisher dressed as bookmark manager – http://www.theregister.co.uk/2014/11/26/privacy_bods_detekt_finisher_dressed_as_bookmark_manager/

Home Depot spent $43 million on data breach in just one quarter – http://www.pcworld.com/article/2852472/home-depot-spent-43-million-on-data-breach-in-just-one-quarter.html

Home Depot facing at least 44 civil suits in data breach – http://www.marketwatch.com/story/home-depot-facing-at-least-44-civil-suits-in-data-breach-2014-11-25-71031725?mod=MW_video_latest_news

Sony Pictures Computers Down for a Second Day After Network Breach – http://bits.blogs.nytimes.com/2014/11/25/sony-pictures-computers-down-for-a-second-day-after-network-breach/?_r=0

Sony Pictures data breach may have been an inside job: Report – http://mashable.com/2014/11/25/sony-pictures-hack-inside/ and http://www.csoonline.com/article/2851649/physical-security/hackers-suggest-they-had-physical-access-during-attack-on-sony-pictures.html

Beth Israel Agrees To Pay $100K To Settle 2012 Data Breach Case – http://www.ihealthbeat.org/articles/2014/11/25/beth-israel-agrees-to-pay-100k-to-settle-2012-data-breach-case

APT3 Group Using Windows OLE Vulnerability: FireEye – http://www.securityweek.com/apt3-group-using-windows-ole-vulnerability-fireeye

Revealed: How cyber criminals use Defra website to find farmers who have received EU handouts to raid their bank account – http://www.thisismoney.co.uk/money/saving/article-2847227/How-farmers-target-cyber-criminals-looking-raid-bank-accounts-fresh-EU-funds.html

Adobe Pushes Critical Flash Patch – http://krebsonsecurity.com/2014/11/adobe-pushes-critical-flash-patch/ and https://www.f-secure.com/weblog/archives/00002768.html

Craigslist Back Online Following DNS Hijack – http://threatpost.com/craigslist-back-online-following-dns-hijack/109559

U.S. Postal Service Breach: A Timeline – http://www.bankinfosecurity.co.uk/us-postal-service-breach-timeline-a-7606

Breach Reported After Vendor Dispute – http://www.databreachtoday.com/breach-reported-after-vendor-dispute-a-7605

Credit Union investigator fined €5k over data breach – http://www.herald.ie/news/courts/credit-union-investigator-fined-5k-over-data-breach-30771948.html

Data Breach Scottish Health Board Warned: Put Your House In Order – http://www.misco.co.uk/blog/news/02481/data-breach-scottish-health-board-warned-put-your-house-in-order

Axa Wealth apologises for advised clients data breach – http://www.ftadviser.com/2014/11/21/investments/wraps-and-platforms/axa-wealth-apologises-for-advised-clients-data-breach-8aof5ux5ly3RlmAL4luY3O/article.html

Brazilian bank users threatened by 2 malicious apps deployed on the Google Play – http://securityaffairs.co/wordpress/30390/cyber-crime/brazil-banks-2-malicious-apps.html

Siemens Fixes Critical Vulnerabilities in WinCC SCADA Products – http://www.securityweek.com/siemens-fixes-critical-vulnerabilities-wincc-scada-products

 

Miscellaneous Infosec stories:

Compromised Credentials Have a High ROI for Attackers – https://community.rapid7.com/community/userinsight/blog/2014/11/25/compromised-credentials-have-a-high-roi-for-attackers

The tipping point for biometric security – http://www.abc.net.au/technology/articles/2014/11/26/4136367.htm

Employers on high-alert of temp workers being targeted by scams – http://www.tweaktown.com/news/41429/employers-on-high-alert-of-temp-workers-being-targeted-by-scams/index.html

Essential reading: the irreconcilable tension between cybersecurity and national security – http://boingboing.net/2014/11/25/essential-reading-the-irrecon.html

Discover Financial sues Visa over anti-competitive card practices – http://www.reuters.com/article/2014/11/26/us-discover-finl-visa-lawsuit-idUSKCN0JA08H20141126

BREACH DETECTION VERSUS CHANGE DETECTION – http://www.tripwire.com/state-of-security/incident-detection/breach-detection-versus-change-detection/

Most CEOs clueless about cyberattacks – and their response to incidents proves it – http://www.zdnet.com/most-ceos-clueless-about-cyberattacks-and-their-response-to-incidents-proves-it-7000025396/#%21

Google turns on shiny new .google top-level domain – but WHY? – http://www.theregister.co.uk/2014/11/26/google_turns_on_google_internet_extension/

Infosec Isn’t A Gated Community – https://www.linkedin.com/pulse/article/20141125210306-6382932-infosec-isn-t-a-gated-community

The branded bug: Meet the people who name vulnerabilities – http://www.zdnet.com/the-branded-bug-meet-the-people-who-name-vulnerabilities-7000036140/

Why Competitors Should Collaborate More on Cyber Security Issues – http://www.entrepreneur.com/article/239550

Jack Into this Supercut of the Best Hacking of the ’90s – http://www.popularmechanics.com/technology/gadgets/tech-news/jack-into-this-supercut-of-the-best-hacking-of-the-90s-17461851

Automakers trying to drive away car computer hackers – http://www.sfchronicle.com/business/article/Automakers-trying-to-drive-away-car-computer-5917451.php

NSA SOURCE CODE LEAK: Information slurp tools to appear online – http://www.theregister.co.uk/2014/11/25/nsa_source_code_release/

[Note: Interesting paper from 2003] Self-Healing Networks – http://queue.acm.org/detail.cfm?id=864027

Vectra Networks’ Post Breach Report Reveals Attacker Habits – http://thevarguy.com/network-security-and-data-protection-software-solutions/112514/vectra-networks-post-breach-report

The Scary Truth About Credit Cards The Banks Don’t Want You To Know –  http://www.techweekeurope.co.uk/e-enterprise/financial-market/scary-truth-credit-cards-banks-dont-want-know-156362

How the World’s First Computer Was Rescued From the Scrap Heap – http://www.wired.com/2014/11/eniac-unearthed/

Regin Espionage Malware: 8 Key Issues – http://www.databreachtoday.co.uk/regin-espionage-malware-8-key-issues-a-7609

Groaning under talent squeeze, CIOs resort to outsourcing – http://cio.economictimes.indiatimes.com/news/corporate-news/groaning-under-talent-squeeze-cios-resort-to-outsourcing/45269317?utm_source=RSS&utm_medium=ETRSS

EGYPTIAN CYBER HACKERS TARGET ISIS, MUSLIM BROTHERHOOD – http://www.breitbart.com/Big-Peace/2014/11/24/Egyptian-Cyber-Hackers-Target-ISIS-Muslim-Brotherhood

In wake of Uber privacy scandal, Lyft announces data restrictions – http://arstechnica.com/business/2014/11/in-wake-of-uber-privacy-scandal-lyft-announces-data-restrictions/

Ransom malware attacks underscore limitations of anti-virus software – http://www.csoonline.com/article/2850978/malware-cybercrime/ransom-malware-attacks-underscore-limitations-of-antivirus-software.html

 

Tools, Tips and How it’s done:

Let’s Encrypt initiative to provide free encryption certificates – http://www.techrepublic.com/article/lets-encrypt-initiative-to-provide-free-encryption-certificates/

Guest diary: Detecting Suspicious Devices On-The-Fly – https://isc.sans.edu/diary/Guest+diary%3A+Detecting+Suspicious+Devices+On-The-Fly/18993

Sophos Techknow – Dealing with Ransomware [PODCAST] – https://nakedsecurity.sophos.com/2014/11/25/sophos-techknow-dealing-with-ransomware/

10 Ways Security Gurus Give Thanks – http://www.darkreading.com/10-ways-security-gurus-give-thanks/d/d-id/1317745

Android Application hacking with Insecure Bank Part 1 – http://resources.infosecinstitute.com/android-application-hacking-insecure-bank-part-1/

Speeding Up Breach Detection – http://www.databreachtoday.com/speeding-up-breach-detection-a-7604

[Note: Download] A STUDY OF INSIDER THREAT PERSONAS – http://www.isdecisions.com/insider-threat-persona-study/

Zen and the Art of Cloud Database Security (Part 1) – http://www.securityweek.com/zen-and-art-cloud-database-security-part-1

Hacker Lexicon: What Is End-to-End Encryption? – http://www.wired.com/2014/11/hacker-lexicon-end-to-end-encryption/

Balancing Risk and Performance: Managing Firewalls Shouldn’t Push Risks to the Extreme – http://www.securityweek.com/balancing-risk-and-performance-managing-firewalls-shouldnt-push-risks-extreme

Weekly Metasploit Wrapup: Exploiting Mobile Security Software – https://community.rapid7.com/community/metasploit/blog/2014/11/21/weekly-metasploit-wrapup

 

Miscellaneous Privacy stories

Lee Rigby murder: Should online surveillance be wider? – http://www.bbc.co.uk/news/uk-30203203

Hey, here’s some face-tracking tech from Samsung you probably won’t find creepy at all – http://www.theregister.co.uk/2014/11/26/like_samsungs_eyepowered_mouse_here_have_the_source_code/

Snowden doc leak lists submarine’d cables tapped by spooks – http://www.theregister.co.uk/2014/11/26/snowden_doc_leak_lists_all_the_compromised_cables/

Journalist phone records given to UK police in data breach – http://news.yahoo.com/journalist-phone-records-given-uk-police-data-breach-234810693.html

Seattle schools waited days to tell parents of huge student info leak – http://www.komonews.com/news/local/Seattle-schools-waited-days-to-tell-parents-of-huge-student-info-leak-283842361.html

Massive government privacy breach of famous Canadians shows urgent need for far stronger protections to safeguard Canadians’ data – https://openmedia.ca/news/massive-government-privacy-breach-famous-canadians-shows-urgent-need-far-stronger-protections-safegu

Man Pleads Guilty for Selling “StealthGenie” Spyware App and Ordered to Pay $500,000 Fine – http://www.justice.gov/opa/pr/man-pleads-guilty-selling-stealthgenie-spyware-app-and-ordered-pay-500000-fine

DailyDirt: Just Because You’re Paranoid, Doesn’t Mean They’re Not Watching You… – https://www.techdirt.com/articles/20100809/03583510559/dailydirt-just-because-youre-paranoid-doesnt-mean-theyre-not-watching-you.shtml

The Cyber Security Syndrome – http://opencanada.org/features/the-cyber-security-syndrome/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


Information Security Breach Report – 25 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Hackers shut down Sony Pictures’ computers and are blackmailing the studio – http://www.theverge.com/2014/11/24/7277451/sony-pictures-paralyzed-by-massive-security-compromise

Updated: Hackers replace Sony’s backup app on Google Play – https://gigaom.com/2014/11/24/hackers-replace-sonys-backup-app-on-google-play/

‘Regin’ Attack Platform Targeted GSM Networks – http://www.securityweek.com/regin-attack-platform-targeted-gsm-networks

Cyber Hacker Lewys Martin Wanted £1m in Bitcoin for 28,000 Halifax Customers’ Bank Details – http://www.ibtimes.co.uk/cyber-hacker-lewys-martin-wanted-1m-bitcoin-28000-halifax-customers-bank-details-1476302

Hackers claim attack on Cleveland’s websites – http://www.usatoday.com/story/news/nation/2014/11/24/cleveland-websites-hacked/19479657/

28 Charged, $2M Potentially Stolen in Minn. ID Theft Ring – http://kstp.com/article/stories/s3603595.shtml

Warning over ‘fake’ offshore bank – http://www.bbc.co.uk/news/world-europe-jersey-30178169

Using a password manager on Android? It may be wide open to sniffing attacks – http://arstechnica.com/security/2014/11/using-a-password-manager-on-android-it-may-be-wide-open-to-sniffing-attacks/

Fraud Service Uses Charity Websites to Validate Stolen Credit Card Data – http://www.securityweek.com/fraud-service-uses-charity-websites-validate-stolen-credit-card-data

 

Miscellaneous Infosec stories:

[Note: Regin] SECRET MALWARE IN EUROPEAN UNION ATTACK LINKED TO U.S. AND BRITISH INTELLIGENCE – https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/ and http://www.securityweek.com/cyberspying-tool-could-have-us-british-origins

New ‘Internet Security Council’ struggling to get off the ground – http://www.theregister.co.uk/2014/11/25/netmundial_initiative_struggling/

A year after Target data breach, aftershocks finally end – http://www.twincities.com/shopping/ci_27004429/year-after-target-data-breach-aftershocks-finally-end

Intel and McAfee plan to kill PC passwords with new biometric authentication – http://www.pcworld.com/article/2851892/intel-to-tame-passwords-with-biometric-authentication.html

The Cybersecurity Myths That Small Companies Still Believe – http://www.businessweek.com/articles/2014-11-24/the-cyber-security-myths-that-small-companies-still-believe

Video: ‘Clairvoyant’ freaks out Belgians with ‘mind reading techniques’ in viral web-security ad – http://www.tntmagazine.com/news/weird/video-clairvoyant-freaks-out-belgians-with-mind-reading-techniques-in-viral-web-security-ad

Hackers Shut Down City of Cleveland’s Website After Shooting Death of Tamir Rice – http://www.clevescene.com/scene-and-heard/archives/2014/11/24/hackers-shut-down-city-of-clevelands-website-after-shooting-death-of-tamir-rice

Webcam hackers arrested in Europe-wide raids – http://cio.economictimes.indiatimes.com/news/digital-security/webcam-hackers-arrested-in-europe-wide-raids/45261297?utm_source=RSS&utm_medium=ETRSS

Owner of site streaming webcam feeds ‘seeks new job’ – http://www.bbc.co.uk/news/technology-30176359

Experts Predict Retailers Will Face Holiday Hacking Surge – http://blogs.wsj.com/cio/2014/11/21/experts-predict-retailers-will-face-holiday-hacking-surge/

5 ways to escape password hell – http://www.csoonline.com/article/2851320/data-protection/5-ways-to-escape-password-hell.html

Cybersecurity lapses leave government agencies vulnerable to hackers – http://www.washingtontimes.com/news/2014/nov/23/cybersecurity-lapses-leave-us-government-agencies-/

How to restore customer’s trust in data security – http://www.information-age.com/technology/security/123458665/how-restore-customers-trust-data-security

China Voice: Cyber security should avoid becoming Achilles’ heel – http://www.shanghaidaily.com/article/article_xinhua.aspx?id=254362

Can Facebook’s Microphone Feature Get Hijacked? Probably YES! – http://www.huffingtonpost.com/rebecca-abrahams/can-facebooks-microphone_b_5417395.html

 

Tools, Tips and How it’s done :

Kevin Mitnick shows how easy it is to hack a phone – http://www.cnet.com/news/kevin-mitnick-shows-how-easy-it-is-to-hack-a-phone/

Cisco IOS Penetration Testing with Metasploit – https://community.rapid7.com/community/metasploit/blog/2010/12/17/cisco-ios-penetration-testing-with-metasploit

Scammers used fake product listings to steal from Walmart – http://www.net-security.org/secworld.php?id=17684

Google’s “Santa” Tracks Naughty and Nice Binaries on Mac OS X – http://www.securityweek.com/googles-santa-tracks-naughty-and-nice-binaries-mac-os-x

How hackers are exploiting vulnerable DVRs to conduct illegal activities – http://securityaffairs.co/wordpress/30451/cyber-crime/how-hackers-exploit-dvrs.html

LinEnum – Linux Enumeration & Privilege Escalation Tool – http://www.darknet.org.uk/2014/11/linenum-linux-enumeration-privilege-escalation-tool/

Protect Your Cards from Multiple Kinds of Skimmers – http://www.huffingtonpost.com/robert-siciliano/protect-your-cards-from-m_b_5487637.html

Researchers Warn Google Glass Users Could Steal Passwords From Afar – http://sanfrancisco.cbslocal.com/2014/06/24/how-google-glass-can-sneakily-steal-your-passwords-from-afar-wearable-tech/

Social Engineering Always Wins: An Epic Hack, Revisited – http://www.wired.com/2014/01/my-epic-hack-revisited/

How To Stop People Hacking Your Webcam – http://www.lifehacker.com.au/2014/11/how-to-stop-people-hacking-your-webcam/

How to create seamless mobile security for employees – http://www.csoonline.com/article/2851319/mobile-security/how-to-create-seamless-mobile-security-for-employees.html#tk.rss_all

How to use Tor to cloak your web browsing from prying eyes – http://howto.techworld.com/security/3290036/how-to-use-tor-to-cloak-your-web-browsing-from-prying-eyes/

Cloud Security By The Numbers – http://www.darkreading.com/cloud/cloud-security-by-the-numbers/d/d-id/1317665?image_number=2

When Every Minute Counts (Part 2) – http://www.darkreading.com/partner-perspectives/intel/when-every-minute-counts-(part-2)/a/d-id/1317660

Penetration Testing Methodology for Web Applications – http://resources.infosecinstitute.com/penetration-testing-methodology-web-applications/

Website Malware Removal: Phishing – http://blog.sucuri.net/2014/11/website-malware-removal-phishing.html

 

Miscellaneous Privacy stories

Who’s been writing in my apps? Googlilocks builds new apps-tracker – http://www.theregister.co.uk/2014/11/25/google_employs_security_wizard_for_apps_drops_intel_panels/

Postal Service almost never denies mail-surveillance requests – http://www.washingtonpost.com/blogs/federal-eye/wp/2014/11/20/postal-service-almost-never-denies-mail-surveillance-requests/

Security bill: The challenge of identifying internet users – http://www.bbc.co.uk/news/technology-30175097

Senator demands answers about DOJ mobile phone surveillance planes – http://www.computerworld.com/article/2848608/senator-demands-answers-about-doj-mobile-phone-surveillance-planes.htm

Internet of Things – Top 10 privacy and data protection concerns – http://www.jdsupra.com/legalnews/internet-of-things-top-10-privacy-and-33695/

Researcher Releases Facebook Profile Data – http://bits.blogs.nytimes.com/2010/07/28/100-million-facebook-ids-compiled-online/?_r=0

Facebook Tries To Silence Blogger To Cover Up User Data Scandal [Updated] – http://readwrite.com/2012/10/26/facebook-asked-blogger-who-purchased-user-data-to-keep-quiet

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


Information Security Breach Report – 24 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Clandestine Fox attack op uses social engineering to woo new victims – http://www.scmagazine.com/clandestine-fox-attack-op-uses-social-engineering-to-woo-new-victims/article/355318/

Insecure healthcare.gov allowed hacker to access 70,000 records in 4 minutes – http://www.computerworld.com/article/2475809/cybercrime-hacking/insecure-healthcare-gov-allowed-hacker-to-access-70-000-records-in-4-minutes.html

Now cyber criminals use E-cigarettes to spread malware – http://www.techworm.net/2014/11/e-cigarettes-spread-malware.html

Vodafone Germany suffers server breach – http://www.itnews.com.au/News/356956,vodafone-germany-suffers-server-breach.aspx

Attackers Hijack Craigslist Domain Name – http://www.securityweek.com/attackers-hijack-craigslist-domain-name

Backdoored CMS Plugins Used to Hijack Web Servers – http://www.securityweek.com/backdoored-cms-plugins-used-hijack-web-servers

Windows RCE Vulnerability Exploited in the Wild – http://www.securityweek.com/windows-rce-vulnerability-exploited-wild

Ecuadorean President Correa claims attacks on his private computers and accounts – http://securityaffairs.co/wordpress/30463/hacking/ecuador-president-correa-accuses-us.html

Hackers claim responsibility for cyberattack on city of Ottawa website – http://www.ctvnews.ca/canada/hackers-claim-responsibility-for-cyberattack-on-city-of-ottawa-website-1.2114999

Domain names in China hacked by overseas IPs – http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20141123000022&cid=1103

Security breach forces local banks to issue new cards for many customers – http://virginislandsdailynews.com/news/security-breach-forces-local-banks-to-issue-new-cards-for-many-customers-1.1791862

Foreign gangs top list of Target data breach suspects – http://www.startribune.com/local/283597021.html

DoubleDirect MitM Attacks are targeting users worldwide – http://securityaffairs.co/wordpress/30417/cyber-crime/doubledirect-mitm-attacks.html

Tacoma hospital suffers security breach, $100K stolen – http://www.kirotv.com/news/news/tacoma-hospital-suffers-security-breach-100k-stole/njDFF/

Beth Israel fined $100,000 for patient data breach – http://www.bostonglobe.com/business/2014/11/21/beth-israel-fined-for-patient-data-breach/W8LT4a0gN6NMT93KtEDq7H/story.html

Security breach reveals personal data on Prince George’s school employees – http://www.washingtonpost.com/local/education/security-breach-reveals-personal-data-on-prince-georges-school-employees/2014/11/21/fdd3de9c-71e2-11e4-ad12-3734c461eab6_story.html

FTC Continues Tech-Support Scam Busts – http://www.bankinfosecurity.com/ftc-continues-tech-support-scam-busts-a-7600

 

Miscellaneous Infosec stories:

How To Tell If Your Password Was Stolen By The Hackers Who Took Down Sony – http://www.businessinsider.com/how-to-tell-if-your-password-was-stolen-by-lulzsec-2011-6?IR=T

Before Getting Rid of Your Old Printer, Say ‘Goodbye’ to Lingering Data – http://www.huffingtonpost.com/robert-siciliano/before-getting-rid-of-you_b_5674562.html

Soon, access mobile banking without internet – http://cio.economictimes.indiatimes.com/news/mobility/soon-access-mobile-banking-without-internet/45257557?utm_source=RSS&utm_medium=ETRSS

(Note: Reflected File Download] New Web vulnerability enables powerful social engineering attacks – http://www.cso.com.au/article/557675/new-web-vulnerability-enables-powerful-social-engineering-attacks/

Why Social Engineering Should Be Your Biggest Security Concern – http://www.lifehacker.com.au/2014/09/why-social-engineering-should-be-your-biggest-security-concern/

[Note: Regin] Computer spying malware uncovered with ‘stealth’ features – Symantec – http://in.reuters.com/article/2014/11/23/symantec-malware-regin-idINKCN0J70S720141123

Traces of Regin malware may date back to 2006 – http://www.computerworld.com/article/2851513/traces-of-regin-malware-may-date-back-to-2006.html

The Regin Espionage Toolkit – https://www.f-secure.com/weblog/archives/00002766.html

Sony quietly POODLE-proofs Playstations – http://www.theregister.co.uk/2014/11/24/sony_playstation_update_spells_death_knell_for_poodle/

One in six smartphone users victim of cyber attack: Study – http://zeenews.india.com/news/net-news/one-in-six-smartphone-users-victim-of-cyber-attack-study_1503905.html

How to Prevent Heart Hackers From Turning Off Pacemakers – http://blogs.discovermagazine.com/80beats/2009/11/11/how-to-prevent-heart-hackers-from-turning-off-pacemakers/

Social engineering: How it’s used to gain cyber information – http://www.scmagazine.com/social-engineering-how-its-used-to-gain-cyber-information/article/358339/

eBay hack could result in social engineering schemes – http://www.pcworld.com/article/2157511/threat-from-ebay-hack-has-nothing-to-do-with-your-password.html

Salted Hash: Live from DEF CON – Social Engineering – http://www.csoonline.com/article/2463460/social-engineering/salted-hash-live-from-def-con-social-engineering.html

Sony Denies PSN Was Hacked – http://www.gamespot.com/articles/sony-denies-psn-was-hacked/1100-6423774/

Crypto protocols held back by legacy, says ENISA – http://www.theregister.co.uk/2014/11/24/crypto_protocols_held_back_by_legacy_says_enisa/

Organized crime increasingly behind cyber attacks – http://www.consumeraffairs.com/news/organized-crime-increasingly-behind-cyber-attacks-112414.html

Here’s What Chinese Hackers Can Actually Do To The US Power Grid – http://www.businessinsider.com/what-hackers-can-do-to-our-power-grid-2014-11?IR=T

Internal and External Forces Shaping Cybersecurity in Financial Services – http://www.securityweek.com/internal-and-external-forces-shaping-cybersecurity-financial-services

Retailers beefing up security against data breaches – http://www.detroitnews.com/story/business/retail/2014/11/23/retailers-focus-protecting-customers-data-breaches/19466287/

The White House breach and the evolving attack surface – http://www.gsnmagazine.com/node/43029?c=cyber_security

SandWorm thrived thanks to botched MSFT patch says HP – http://www.theregister.co.uk/2014/11/23/sandworm_thrived_thanks_to_botched_msft_patch_says_hp/

NIST revealing next steps to bolster cyber security – http://www.businessinsurance.com/article/20141123/NEWS07/311239980?tags=%7C299%7C303%7C335

UK police: up to 5 terror plots foiled this year – http://www.star-telegram.com/2014/11/23/6311641/uk-police-up-to-5-terror-plots.html?rh=1

Everything your users ever need to know about BYOD – http://www.theregister.co.uk/2014/11/23/byod_checklist/

Cyber attacks, more or less? – http://securityandconflict.umwblogs.org/2014/11/22/cyber-attacks-more-or-less/

The Secret Life of Passwords – http://www.nytimes.com/2014/11/19/magazine/the-secret-life-of-passwords.html?_r=0

“That’s not a hack…” – 60 Sec Security [VIDEO] – https://nakedsecurity.sophos.com/2014/11/22/thats-not-a-hack-60-sec-security-video/

Saving the Critical Infrastructure – http://www.business2community.com/tech-gadgets/saving-critical-infrastructure-01075883

Cyber Ghosts: Digital Espionage and the New Cold War – http://www.havokjournal.com/nation/cyber-ghosts-digital-espionage-new-cold-war/

David Ruben — Social Engineering, Brainwashing and Hypnosis, Part 2 – https://gyggrey.wordpress.com/2014/11/22/david-ruben-social-engineering-brainwashing-and-hypnosis-part-2/

Fears grow of Iran cyber attack – http://thehill.com/policy/cybersecurity/225045-fears-grow-of-iran-cyber-attack

A Rare Peek Into The Massive Scale of AWS – http://www.enterprisetech.com/2014/11/14/rare-peek-massive-scale-aws/

Intel boss’ warning on cyber attacks no joke, say experts – http://www.foxnews.com/world/2014/11/23/intel-boss-warning-on-cyber-attacks-no-joke-say-experts/?cmpid=NL_fntop

Hackers Target Medical Records as Electronic Data Becomes Less Lucrative – http://www.ibtimes.co.uk/hackers-target-medical-records-electronic-data-becomes-less-lucrative-1476043

EXECUTIVE CYBER INTELLIGENCE REPORT: NOVEMBER 21, 2014 – http://www.tripwire.com/state-of-security/government/executive-cyber-intelligence-report-november-21-2014/

Who is out there waiting to spy on you or steal your data? – http://www.theregister.co.uk/2014/11/21/cyber_security/

Critical XSS Flaw Affects WordPress 3.9.2 And Earlier – http://www.darknet.org.uk/2014/11/critical-xss-flaw-affects-wordpress-3-9-2-earlier/

EXCLUSIVE: eHarmony Members’ Personal Information Accessed In Security Breach – http://globaldatinginsights.com/21112014-exclusive-eharmony-members-personal-information-accessed-security-breach/

 

Miscellaneous Privacy stories

Do we want privacy or free stuff? Both – http://www.startribune.com/lifestyle/283542141.html

Security expert: Online privacy possible but not plausible – http://www.krdo.com/news/security-expert-online-privacy-possible-but-not-plausible/29516642

What you really agree to when you click ‘accept’ – http://money.cnn.com/2014/05/19/technology/security/privacy-policy/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


SRM Blog

SRM Blog