Monthly Archive January 2015

Information Security Breach Report – 29 January 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

FBI Issues Wire Transfer Scam Alert – http://www.databreachtoday.co.uk/fbi-issues-wire-transfer-scam-alert-a-7846 and http://www.fastcompany.com/3041628/fast-feed/cyber-thieves-stole-215-million-from-businesses-by-using-hacked-email-addresses

Scouts take down database due to ‘security vulnerabilities’ – http://www.theregister.co.uk/2015/01/28/scouts_takedown/

FreeBSD Patches Kernel Security Vulnerabilities – http://www.securityweek.com/freebsd-patches-kernel-security-vulnerabilities

United website breach let fliers see each others’ private data – http://boingboing.net/2015/01/28/united-website-breach-let-flie.html

Malware Being Masked Under Social Media Messaging Targeting the Region – http://me.pcmag.com/news/741/news/malware-being-masked-under-social-media-messaging

Serious Vulnerability in Blackphone Exposed Messages, Location – http://www.securityweek.com/serious-vulnerability-blackphone-exposed-messages-location and http://www.techmeme.com/150128/p12#a150128p12

Privilege Escalation, DoS Vulnerabilities Fixed in VMware Products – http://www.securityweek.com/privilege-escalation-dos-vulnerabilities-fixed-vmware-solutions

Card Breach Hints at Lingering Concerns – http://www.bankinfosecurity.com/card-breach-hints-at-lingering-concerns-a-7850

Local banks react to data breach – http://www.tdtnews.com/news/article_beefe35a-a767-11e4-af4f-f3148a3f361a.html

ZeroAccess Botnet Restarts Click Fraud Activity – http://www.securityweek.com/zeroaccess-botnet-restarts-click-fraud-activity

Hackers of Taylor Swift’s Twitter Account Say They Will Leak ‘Nude Photos’ of the Singer – http://www.ibtimes.co.in/hackers-taylor-swifts-twitter-account-say-they-will-leak-nude-photos-singer-621788

 

Miscellaneous Infosec stories:

‘The malware threat to online games is growing’ – http://www.mcvuk.com/news/read/the-malware-threat-to-online-games-is-growing/0144412

A Brief History of Accurate Hacking Scenes in Movies, From ‘The Conversation’ to ‘Blackhat’ – http://www.slashfilm.com/best-hacking-movies/

Twenty-eight percent of security spending wasted on shelfware – http://www.csoonline.com/article/2876101/metrics-budgets/28-percent-of-security-spending-wasted-on-shelfware.html#tk.rss_all

Businesses warned about new espionage campaigns from of China – http://www.csoonline.com/article/2876358/disaster-recovery/businesses-warned-about-new-espionage-campaigns-from-of-china.html#tk.rss_all

Endpoint security trends for 2015: What can we expect? – http://www.csoonline.com/article/2872709/network-security/endpoint-security-trends-for-2015-what-can-we-expect.html#tk.rss_all

Accidental breach is top cyber threat concern – http://fcw.com/articles/2015/01/28/accidental-breach-is-a-concern.aspx

Breaches are a personal nightmare for corporate security pros – http://www.csoonline.com/article/2876550/data-breach/breaches-are-a-personal-nightmare-for-corporate-security-pros.html#tk.rss_all

Infosec teams unprepared for new EU data protection laws – http://www.anti-malware.co.uk/infosec-teams-unprepared-for-new-eu-data-protection-laws/

WARNING: Wi-Fi Blocking is Prohibited – http://www.fcc.gov/document/warning-wi-fi-blocking-prohibited

UVA Engineers Develop Drones That Fend Off Cyber Attacks – http://jewishbusinessnews.com/2015/01/28/uva-engineers-develop-drones-that-fend-off-cyber-attacks/

Cisco says GHOST is more Casper than Sleepy Hollow – http://www.theregister.co.uk/2015/01/29/cisco_ghost_is_more_casper_than_sleepy_hollow/

Suits and Spooks DC 2015: The Agenda. – http://www.securityweek.com/suits-and-spooks-dc-2015-agenda

 

Tools, Tips and How it’s done:

This Guy Found a Way to Block Robocalls When Phone Companies Wouldn’t – http://www.wired.com/2015/01/guy-found-way-block-robocalls-phone-companies-wouldnt

Thwarting a new breed of cyberattack – http://www.fiercecio.com/story/thwarting-new-breed-cyberattack/2015-01-27

social engineering attack surface – http://whatis.techtarget.com/definition/social-engineering-attack-surface

Frequency vs. size of cloud data breaches: Which is worse? – http://www.cloudcomputing-news.net/news/2015/jan/28/frequency-vs-size-data-breaches-which-worse/

7 ideas for security leaders – http://www.csoonline.com/article/2876310/security-leadership/7-ideas-for-security-leaders.html#tk.rss_all

Busting the Ghost Security Vulnerability Haunting Linux Systems – http://www.securityweek.com/busting-ghost-security-vulnerability-haunting-linux-systems

Password Discovery and Patching by Disassembling: Explained – http://resources.infosecinstitute.com/password-discovery-patching-disassembling-explained/

GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data – https://community.rapid7.com/community/nexpose/blog/2015/01/28/ghostbuster-how-to-scan-just-for-cve-2015-0235-and-keep-your-historical-site-data

A Gentle Primer on Reverse Engineering – https://emily.st/2015/01/27/reverse-engineering/

ArnoldC – Arnold Schwarzenegger based programming language – https://github.com/lhartikk/ArnoldC

social engineering penetration testing –  http://whatis.techtarget.com/definition/social-engineering-penetration-testing

OAT – Oracle Auditing Tools For Database Security – http://www.darknet.org.uk/2015/01/oat-oracle-auditing-tools-database-security/

 

Miscellaneous Privacy stories

Child watch: The apps that let parents ‘spy’ on their kids – http://www.bbc.co.uk/news/technology-30930512

BC’s Privacy Commissioner Reveals Details About Government Breaches – http://www.kelownanow.com/watercooler/news/news/Provincial/15/01/28/BC_s_Privacy_Commissioner_Reveals_Details_About_Government_Breaches

Data Privacy Day musings from the Infosec community – http://itsecurityguru.org/data-privacy-day-musings-infosec-community/#.VMnxZmisWSo

B.C. privacy breaches on the rise – http://vancouver.24hrs.ca/2015/01/28/bc-privacy-breaches-on-the-rise

Tor Isn’t A Child Porn Enthusiast’s Best Friend, No Matter What The DOJ Claims – https://www.techdirt.com/articles/20150128/08575829838/tor-isnt-child-porn-enthusiasts-best-friend-no-matter-what-doj-claims.shtml

Law enforcement using Range-R devices to see through walls – http://securityaffairs.co/wordpress/32675/laws-and-regulations/law-enforcement-using-range-r.html

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 27 January 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Great Firewall of China blasts DDoS attacks at random IP addresses – http://www.theregister.co.uk/2015/01/26/great_firewall_of_china_ddos_bug/

Java is the biggest vulnerability for US computers – http://www.csoonline.com/article/2875535/application-security/java-is-the-biggest-vulnerability-for-us-computers.html#tk.rss_all

PHP 5 Updates Fix Several Vulnerabilities – http://www.securityweek.com/php-5-updates-fix-several-vulnerabilities

OS X 10.10.2 Includes Fix for ‘Thunderstrike’ Hardware Exploit Affecting Macs – http://www.macrumors.com/2015/01/26/os-x-10-10-2-thunderstrike-exploit-fix/

Researchers Tie Qwerty Keylogger to Regin Malware Platform – http://www.securityweek.com/researchers-tie-qwerty-keylogger-regin-malware-platform and https://securelist.com/blog/research/68525/comparing-the-regin-module-50251-and-the-qwerty-keylogger/

Critical ‘Ghost’ Vulnerability Impacts Linux Systems – http://www.securityweek.com/critical-ghost-vulnerability-impacts-linux-systems

P0wning for the fjords: Malware turns drones into DEAD PARROT – http://www.theregister.co.uk/2015/01/27/malware_backdoor_makes_parrot_ar_drones_squawk/

AT&T short codes exposes users to phishing scams – http://securityaffairs.co/wordpress/32730/hacking/at_e_t-short-codes-phishing-scams.html

Metropolitan State U data breach uncovered following hacker’s blog post – http://www.educationdive.com/news/metropolitan-state-u-data-breach-uncovered-following-hackers-blog-post/357112/

Startup finds malware intrusions by keeping an eye on processor radio frequencies – http://www.csoonline.com/article/2876054/supply-chain-security/startup-finds-malware-intrusions-by-keeping-an-eye-on-processor-radio-frequencies.html#tk.rss_all

Marriott Customers’ Personal Details Exposed by Simple Web Flaw – http://www.tripwire.com/state-of-security/security-data-protection/marriott-web-services-flaw/

Super Bowl Fans Warned About Vulnerable NFL Mobile App – http://www.securityweek.com/super-bowl-fans-warned-about-vulnerable-nfl-mobile-app

Wi-Fi Direct Flaw Exposes Android Devices to DoS Attacks – http://www.securityweek.com/wi-fi-direct-flaw-exposes-android-devices-dos-attacks

Facebook Denies Hackers Caused Outage – http://www.bankinfosecurity.co.uk/facebook-denies-hackers-caused-outage-a-7841

Hacktivists step up web attack volumes – http://www.bbc.co.uk/news/technology-31000908

Lizard Squad threatens Malaysia Airlines with data dump: We DID TOO hack your site – http://www.theregister.co.uk/2015/01/26/lizard_squad_threaten_data_dump_after_attack_on_malaysia_airlines_site/

 

Miscellaneous Infosec stories:

Cyber Warfare Pushes Colleges to Teach Cybersecurity – http://www.voicesofliberty.com/article/cyber-warfare-pushes-colleges-to-teach-cybersecurity/

Data Breaches Drive Investments In Security Response, Data Protection – http://www.crn.com/news/security/300075493/data-breaches-drive-investments-in-security-response-data-protection.htm

NSA Releases Defensive Strategies for Fighting Malware Targeting Corporate Data – http://www.securityweek.com/nsa-releases-defensive-strategies-fighting-malware-targeting-corporate-data

Internet of Things Security Challenging Enterprise Networks: Survey – http://www.securityweek.com/internet-things-security-challenging-enterprise-networks-survey

Turns out Apple Pay can’t solve credit card fraud – http://cio.economictimes.indiatimes.com/news/enterprise-services-and-applications/turns-out-apple-pay-cant-solve-credit-card-fraud/46025520

Keylogger: Somebody STOP ME! Oh hang on, I just did – http://www.theregister.co.uk/2015/01/27/spyshelter_anti_keylogging_software/

Cyber crooks make it personal – http://www.lep.co.uk/news/business/business/cyber-crooks-make-it-personal-1-7073416

CEO’S MUST BECOME FLUENT IN LANGUAGE OF CYBER SECURITY – http://www.cbronline.com/news/tech/cio-agenda/the-boardroom/ceos-must-become-fluent-in-language-of-cyber-security-4497344

US scrambling to hire enough cyber security agents to protect itself – http://www.theage.com.au/it-pro/expertise/us-scrambling-to-hire-enough-cyber-security-agents-to-protect-itself-20150127-12zd5l.html

Australia on the Cyber Offensive – http://thediplomat.com/2015/01/australia-on-the-cyber-offensive/

The vulnerability of our electric utility system to cyber attacks – http://www.energypost.eu/vulnerability-electric-utility-system-cyber-attacks/

Link between NSA and Regin cyberespionage malware becomes clearer – http://www.csoonline.com/article/2876074/malware-cybercrime/link-between-nsa-and-regin-cyberespionage-malware-becomes-clearer.html#tk.rss_all

Tougher cyber-crime laws would unfairly criminalise people – http://jerseyeveningpost.com/news/2015/01/27/tougher-cyber-crime-laws-would-unfairly-criminalise-people/

ENISA draws the Cyber Threat Landscape 2014: 15 top cyber threats, cyber threat agents, cyber-attack methods and threat trends for emerging technology areas – http://www.enisa.europa.eu/media/press-releases/enisa-draws-the-cyber-threat-landscape-2014

NIST Publishes Guide to Mobile Apps Vetting – http://www.inforisktoday.com/nist-publishes-guide-to-mobile-apps-vetting-a-7839

DDoS Attacks Boom as Hackers Increase Size, Frequency – http://www.securityweek.com/ddos-attacks-boom-hackers-increase-size-frequency

 

Tools, Tips and How it’s done:

How To Fortify Your Company’s Security Defenses – http://www.forbes.com/sites/ibm/2015/01/26/how-to-fortify-your-companys-security-defenses/

The Perl Jam: Exploiting a 20 Year-old Vulnerability – https://www.youtube.com/watch?v=gweDBQ-9LuQ

Prep for cyber emergency beforehand – http://csbj.com/2015/01/26/prep-for-cyber-emergency-beforehand/

It’s Okay to Fail – Security is a Problem That Can’t be Solved – http://www.securityweek.com/its-okay-fail-security-problem-cant-be-solved

Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks – https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/bojinov

6 DNS services protect against malware and other unwanted content – http://www.csoonline.com/article/2876075/data-protection/6-dns-services-protect-against-malware-and-other-unwanted-content.html#tk.rss_all

Building A Cybersecurity Program: 3 Tips – http://www.darkreading.com/operations/building-a-cybersecurity-program-3-tips-/a/d-id/1318775

Top Five Hacker Tools Every CISO Should Understand – http://www.tripwire.com/state-of-security/security-data-protection/top-five-hacker-tools-every-ciso-should-understand/

Five More Hacker Tools Every CISO Should Understand – http://www.tripwire.com/state-of-security/security-data-protection/five-more-hacker-tools-every-ciso-should-understand/

DNS tips and tricks – http://www.csoonline.com/article/2875797/data-protection/dns-tips-and-tricks.html#tk.rss_all

APTs: Minimizing losses with early detection – http://www.net-security.org/article.php?id=2207&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

The NSA’s infosec tips won’t stop you from being hacked – http://www.itnews.com.au/BlogEntry/399706,the-nsas-infosec-tips-wont-stop-you-from-being-hacked.aspx

Lockitron Announces The $99 Bolt, A Deadbolt You Can Unlock With Your Phone – http://techcrunch.com/2015/01/27/lockitron-announces-the-99-bolt-a-deadbolt-you-can-unlock-with-your-phone/

Deconstructing an IRS Phishing scam – http://www.csoonline.com/article/2874403/security-awareness/deconstructing-an-irs-phishing-scam.html#tk.rss_all

Real time Drone object tracking using Python and OpenCV – http://blog.christianperone.com/?p=2768

How to Hack an ADT Alarm System – http://ipvm.com/report/hack-adt-alarm-system

 

Miscellaneous Privacy stories

DEA cameras tracking hundreds of millions of car journeys across the US – http://www.networkworld.com/article/2875934/dea-cameras-tracking-hundreds-of-millions-of-car-journeys-across-the-us.html

F.T.C. Says Internet-Connected Devices Pose Big Risks – http://bits.blogs.nytimes.com/2015/01/27/f-t-c-calls-for-strong-data-and-privacy-protection-with-connected-devices/?_r=0

UK Legislators Hoping To Rush Through New ‘Snooper’s Charter’ In The Wake Of The Charlie Hebdo Attacks – https://www.techdirt.com/articles/20150124/08503529800/uk-legislators-hoping-to-rush-through-new-snoopers-charter-wake-charlie-hebdo-attacks.shtml

Facebook goes ‘deep’ in getting to know you – http://www.csoonline.com/article/2872828/application-security/facebook-goes-deep-in-getting-to-know-you.html#tk.rss_all

Five myths (debunked) about security and privacy for Internet of Things – http://www.csoonline.com/article/2872360/privacy/five-myths-debunked-about-security-and-privacy-for-internet-of-things.html#tk.rss_all

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 26 January 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

DHS Intelligence Assessment: Malicious Cyber Actors Target US Universities and Colleges – https://publicintelligence.net/dhs-university-cyber-threats/

5800 Gas Station Tank Gauges vulnerable to cyber attacks – http://securityaffairs.co/wordpress/32630/security/5800-gas-station-tank-gauges-flawed.html

Isle of Wight site hack gives cities dose of cyber fear – http://hamptonroads.com/2015/01/isle-wight-site-hack-gives-cities-dose-cyber-fear

Hackers could infiltrate NSW traffic and sewage systems, Auditor-General Grant Hehir warns – http://www.canberratimes.com.au/it-pro/security-it/hackers-could-infiltrate-nsw-traffic-and-sewage-systems-auditorgeneral-grant-hehir-warns-20150125-12xkag.html

No major damage after official websites hacked, says ADA – http://timesofindia.indiatimes.com/city/agra/No-major-damage-after-official-websites-hacked-says-ADA/articleshow/46014317.cms

Oil and gas industry preparing for cyber attacks – http://www.630ched.com/2015/01/25/oil-and-gas-industry-preparing-for-cyber-attacks/

Russian Dating Site Topface Hacked for 20 Million User Names – http://www.businessweek.com/news/2015-01-25/hacker-steals-20-million-passwords-from-unidentified-dating-site

UK: Downing Street security breach as hoax call is put through to PM David Cameron – http://www.ibtimes.co.uk/uk-downing-street-security-breach-hoax-call-put-through-pm-david-cameron-1485085

Malaysia Airlines website ‘compromised’ by ‘cyber caliphate’ Lizard Squad hackers – http://www.abc.net.au/news/2015-01-26/malaysia-airlines-website-hacked-by-lizard-squad/6047032

Siemens Fixes Vulnerabilities in SCALANCE, SIMATIC Solutions – http://www.securityweek.com/siemens-fixes-vulnerabilities-scalance-simatic-solutions

 

Miscellaneous Infosec stories:

Auto Dealers Susceptible to Cyber Crime by Association – http://wardsauto.com/nada/auto-dealers-susceptible-cyber-crime-association

Efficient Alert Management Lacking in Many Organizations: Report – http://www.securityweek.com/efficient-alert-management-lacking-many-organizations-report

Patchapalooza: In 2015, software patches, software security flaws surge – http://searchsecurity.techtarget.com/news/2240238784/Patchapalooza-In-2015-software-patches-software-security-flaws-surge

‘Two-step’ solution locks out cyber thieves – http://www.sacbee.com/news/business/article8035884.html

Kaspersky exec: Criminals get smarter along with tech – http://www.dailyherald.com/article/20150124/business/150129523/

Target Data Breach Class Action Gets Approval – http://www.lawyersandsettlements.com/articles/data-breach/target-judge-paul-magnuson-home-depot-us-district-20410.html#.VMXqhf6sWSo

The claim process for Sony’s $15 million PSN breach lawsuit starts now – http://www.engadget.com/2015/01/24/psn-breach-payment-form/

Apple agrees to China’s security checks on iPhones – http://cio.economictimes.indiatimes.com/news/digital-security/apple-agrees-to-chinas-security-checks-on-iphones/46003416

Hackers expose cyber flaws – http://www.theaustralian.com.au/news/hackers-expose-cyber-flaws/story-e6frg6n6-1227196446934?nk=4c09a157f2bcfce6793d5d9785e004d4

Charities must face up to their cyber risk – http://newsandviews.zurich.co.uk/talking-point/charities-must-face-up-to-their-cyber-risk/

Bank of England says lenders must do more to shore up cyber defences – http://threatbrief.com/bank-england-says-lenders-must-shore-cyber-defences/

Privileged Users Top List of Insider Threat Concerns: Survey – http://www.securityweek.com/privileged-users-top-list-insider-threat-concerns-survey

 

Tools, Tips and How it’s done:

Flash 0-Day: Deciphering CVEs and Understanding Patches – https://isc.sans.edu/diary/Flash+0-Day%3A+Deciphering+CVEs+and+Understanding+Patches/19223

Remove Your Incident Analysis Bottleneck To Improve Your Time To Contain – https://community.rapid7.com/community/userinsight/blog/2015/01/23/remove-your-incident-analysis-bottleneck-to-improve-your-time-to-contain

Data Breaches Hit the Board Room: How to Address Claims Against Directors and Officers – http://www.hldataprotection.com/2015/01/articles/cybersecurity-data-breaches/data-breaches-hit-the-board-room/

The importance of email encryption software in the enterprise – http://searchsecurity.techtarget.com/feature/The-importance-of-email-encryption-software-in-the-enterprise

How businesses can neutralize cyber security threats in 2015 – http://www.bnn.ca/News/2015/1/24/How-businesses-can-neutralize-cyber-security-threats-in-2015.aspx

Expert discusses cyber attacks and their effect on security, defense – http://whnt.com/2015/01/25/expert-discusses-cyber-attacks-and-their-effect-on-security-defense/

Government offers tips on how to defend your network – http://www.itproportal.com/2015/01/25/government-offers-tips-defend-network/

Business Forum: Companies need a detailed data breach battle plan – http://www.startribune.com/business/289651661.html

How to get a copy of every Tweet you’ve ever posted – http://cio.economictimes.indiatimes.com/news/social-media/how-to-get-a-copy-of-every-tweet-youve-ever-posted/46016898

Internet Society Approach to Cyber Security Policy – http://www.internetsociety.org/news/internet-society-approach-cyber-security-policy

Researchers Detail Regin Attack Platform Modules – http://www.securityweek.com/researchers-detail-regin-attack-platform-modules

 

Miscellaneous Privacy stories

Researchers Examine Location Tracking in Mobile Apps: ShmooCon – http://www.securityweek.com/researchers-examine-location-tracking-mobile-apps-shmoocon

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 23 January 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Security Advisory – Vulnerabilities in Pagelines/Platform theme for WordPress – http://blog.sucuri.net/2015/01/security-advisory-vulnerabilities-in-pagelinesplatform-theme-for-wordpress.html

MnSCU campus warns of ‘likely’ data breach – http://www.bizjournals.com/twincities/morning_roundup/2015/01/mnscu-campus-warns-of-likely-data-breach.html

Schneider Electric SCADA Gateway contains Hard-Coded FTP Credentials – http://securityaffairs.co/wordpress/32570/security/schneider-electric-scada-flaws.html

Atlassian Fixes Critical Vulnerability in Several Products – http://www.securityweek.com/atlassian-fixes-critical-vulnerability-several-products

New CTB-Locker Variant Allows Victims to Recover 5 Files for Free – http://www.securityweek.com/new-ctb-locker-variant-allows-victims-recover-5-files-free

‘Scarab’ Hackers Focus Aim on Select Russian Targets in Attack Campaigns – http://www.securityweek.com/scarab-hackers-focus-aim-select-russian-targets-attack-campaigns

Email Scam Nets $214 Million in 14 Months: FBI – http://www.securityweek.com/email-scam-nets-214-million-14-months-fbi

Travelers Blames Web Designer In Bank Website Data Breach – http://www.law360.com/articles/614158/travelers-blames-web-designer-in-bank-website-data-breach

MS SQL Server Resolution Service enables reflected DDoS with 440x amplification – http://kurtaubuchon.blogspot.co.uk/2015/01/mc-sqlr-amplification-ms-sql-server.html

Data breach hits MPISD employees – http://www.dailytribune.net/news/data-breach-hits-mpisd-employees/article_051ec5d0-a1d2-11e4-b1c7-afde4a6d4ed1.html

Adobe Investigating Flash Player Zero-Day Found in Angler Exploit Kit – http://www.securityweek.com/adobe-investigating-flash-player-zero-day-found-angler-exploit-kit

 

Miscellaneous Infosec stories:

IT’s security metrics and reporting problem: A communication failure – http://www.csoonline.com/article/2873313/metrics-budgets/it-s-security-metrics-and-reporting-problem-a-communication-failure.html#tk.rss_all

Lack of security in small companies means big risk for the enterprise – http://www.csoonline.com/article/2872774/data-protection/lack-of-security-in-small-companies-means-big-risk-for-the-enterprise.html#tk.rss_all

Davos 2015: Banks call for free rein to fight cyber crime – http://www.ft.com/cms/s/0/d94e855c-a209-11e4-bbb8-00144feab7de.html#axzz3PczKJ7B2

CISOs must adopt ‘all hands on deck’ approach to defend against cyber attacks: Study – http://www.firstpost.com/business/cisos-must-adopt-hands-deck-approach-defend-cyber-attacks-study-2059713.html

GCHQ Used Compromised Hardware To Suck Data And Communications Out Of Exploit-Resistant iPhones – https://www.techdirt.com/articles/20150119/13515029750/gchq-used-compromised-hardware-to-suck-data-communications-out-exploit-resistant-iphones.shtml

Younger users prefer biometrics to passwords – http://www.computerweekly.com/news/2240238497/Younger-users-would-rather-have-biometrics-than-passwords

Report: Popularity of biometric authentication set to spike – http://searchsecurity.techtarget.com/news/2240238677/Report-Popularity-of-biometric-authentication-set-to-spike

The State of Security this Past Year is a Just a Glimpse of What’s to Come in 2015 – http://www.securityweek.com/state-security-past-year-just-glimpse-what%E2%80%99s-come-2015

The 7 biggest lies you’ve been told about hacking – http://theweek.com/articles/534055/7-biggest-lies-youve-been-told-about-hacking

Hack Group Spokesman Sentenced to 63 Months in Prison – http://www.businessweek.com/news/2015-01-22/hack-group-spokesman-sentenced-to-63-months-in-prison

As 0days get meaner, Google defenses increasingly outpace Microsoft – http://arstechnica.com/security/2015/01/as-0days-get-meaner-google-defenses-increasingly-outpace-microsoft/

A SPY IN THE MACHINE – http://www.theverge.com/2015/1/21/7861645/finfisher-spyware-let-bahrain-government-hack-political-activist

2014 in infosec: Spammers sneak small botnets under the wire, Java is dull – http://n0where.info/News/2014-in-infosec-spammers-sneak-small-botnets-under-the-wire-java-is-dull/

The supremely befuddling cyber attack that stumped an industry – http://fortune.com/2015/01/21/inception-cloudatlas-cyberattack/

Cyber Vulnerabilities Threaten National Security – http://www.defense.gov/news/newsarticle.aspx?id=128001

‘International cyber warfare is becoming more sophisticated’ – http://rt.com/op-edge/224823-cyber-war-obama-speech-leaks/

Retailers are facing up to severe threat posed by cyber security lapses, says top lawyer – http://www.computing.co.uk/ctg/news/2391433/retailers-are-facing-up-to-severe-threat-posed-by-cyber-security-lapses-says-top-lawyer

Security Budgets Going Up, Thanks To Mega-Breaches – http://www.darkreading.com/attacks-breaches/security-budgets-going-up-thanks-to-mega-breaches/d/d-id/1318714

Data breaches and hacking attacks rise as Irish firms wrestle with rules – http://www.independent.ie/business/technology/data-breaches-and-hacking-attacks-rise-as-irish-firms-wrestle-with-rules-30926469.html

 

Tools, Tips and How it’s done:

Knowing when there has been a data breach from your database – http://security.stackexchange.com/questions/79816/knowing-when-there-has-been-a-data-breach-from-your-database

Yes, 123456 is the most common password, but here’s why that’s misleading – http://arstechnica.com/security/2015/01/yes-123456-is-the-most-common-password-but-heres-why-thats-misleading/

How to Keep Client Data Safe From Online Attackers – http://www.financial-planning.com/news/technology/how-to-keep-client-data-safe-from-online-attackers-2691710-1.html

Social Engineering – A Constant Threat – https://mimswell.wordpress.com/2015/01/21/social-engineering-a-constant-threat/

 

Miscellaneous Privacy stories

Snowden doesn’t use iPhone for security reasons – http://securityaffairs.co/wordpress/32557/intelligence/snowden-doesnt-use-iphone.html

Privacy is Dead, Davos Hears – http://www.securityweek.com/privacy-dead-davos-hears

Illinois Says Rule-Breaking Students Must Give Teachers Their Facebook Passwords – http://motherboard.vice.com/read/illinois-says-students-have-to-give-up-facebook-passwords-or-face-prosecution

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


Information Security Breach Report – 20 January 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Hacker Says Attacks On ‘Insecure’ Progressive Insurance Dongle In 2 Million US Cars Could Spawn Road Carnage – http://www.forbes.com/sites/thomasbrewster/2015/01/15/researcher-says-progressive-insurance-dongle-totally-insecure/

Marylanders’ data exposed in scores of hacks – http://www.baltimoresun.com/news/maryland/bs-md-cyber-attacks-20150117-story.html#page=1

Firefox 35 stamps out critical bugs – http://www.theregister.co.uk/2015/01/19/firefox_35_stamps_out_critical_bugs/

Sony hackers hacked. Lizard Stresser database leaked online with credentials in plaintext – http://securityaffairs.co/wordpress/32417/cyber-crime/lizard-stresser-database-leaked.html

1800+ Minecraft usernames and passwords leak online – http://www.hotforsecurity.com/blog/1800-minecraft-usernames-and-passwords-leak-online-11209.html

Arbiter Systems Substation Clock Vulnerable to GPS Spoofing Attacks – http://www.securityweek.com/arbiter-systems-substation-clock-vulnerable-gps-spoofing-attacks

Researchers Use Siri to Steal Data From iPhones – http://www.securityweek.com/researchers-use-siri-steal-data-iphones

Google’s Project Zero reveals another Windows zero-day vulnerability – http://searchsecurity.techtarget.com/news/2240238448/Googles-Project-Zero-reveals-another-Windows-zero-day-vulnerability

GoDaddy CSRF Vulnerability Allows Domain Takeover – http://breakingbits.net/2015/01/18/taking-over-godaddy-accounts-using-csrf/

Australia fighter jet data theft ‘shows cyber-spy risk’ – http://www.bbc.co.uk/news/world-australia-30875442

Shoe retailer Office lost details of over one million customers in hack, but escapes fine – http://grahamcluley.com/2015/01/shoe-retailer-office-lost-details-one-million-customers-hack-escapes-fine/

Two flaws affect some version of the popular VLC media player – http://securityaffairs.co/wordpress/32464/hacking/2-flaws-vlc-media-player.html

 

Miscellaneous Infosec stories:

What developments will impact business data security in 2015? – http://www.techradar.com/news/world-of-tech/management/what-developments-will-impact-business-data-security-in-2015–1281054?src=rss&attr=all

Here’s What The US Has To Do To Prevent Massive Cyberattacks – http://www.businessinsider.com/what-we-have-to-do-to-stop-cyberattacks-2015-1?IR=T

For Every Action There Is a Cyber-Reaction – http://www.cytegic.com/Blog/?p=81

Electronic device surge could present new security threat – http://www.acumin.co.uk/main/news/view/electronic-device-surge-could-present-new-security-threat/4088

AT LAST: Australia gets its very own malware – http://www.theregister.co.uk/2015/01/19/new_carberp_trojan_hits_oz/

With cyber crime soaring, security gets serious – http://www.ocregister.com/articles/security-648389-cyber-mcclure.html

Anonymous supports FBI investigation of US CENTCOM hack – http://securityaffairs.co/wordpress/32403/cyber-crime/anonymous-fbi-us-centcom-hack.html

No One Really Knows How Secure Government Social Media Is – http://www.buzzfeed.com/evanmcsan/no-one-really-knows-how-secure-government-social-media-is#.jpmQ1mb95

Will 2015 be the year we say goodbye to passwords? – http://www.csoonline.com/article/2871491/identity-management/will-2015-be-the-year-we-say-goodbye-to-passwords.html#tk.rss_all

Cyber-security: organisations vulnerable to new swathe of attacks – http://eandt.theiet.org/magazine/2015/01/special-report-cyber-security.cfm

Why Encryption Matters: Political Insecurity vs InfoSec – https://whitehatcheryl.wordpress.com/2015/01/19/why-encryption-matters-political-insecurity-vs-infosec/

The daunting challenge of reporting on cyberwar – http://www.bbc.co.uk/news/technology-30813585

Are terrorists trying to spam you? – http://www.csoonline.com/article/2872313/cyber-attacks-espionage/are-terrorists-trying-to-spam-you.html#tk.rss_all

Android vulnerability highlights Google’s controversial patch policy – http://searchsecurity.techtarget.com/news/2240238450/Android-vulnerability-highlights-Googles-controversial-patch-policy

ENISA Warns of Internet Vulnerabilities – http://www.databreachtoday.co.uk/enisa-warns-internet-vulnerabilities-a-7814

 

Tools, Tips and How it’s done:

Cyber Attacks: Plan Your Communications Strategy Before They Hit – http://www.business2community.com/crisis-management/cyber-attacks-plan-communications-strategy-hit-01127983

Using SWOT Analysis to Create InfoSec Strategy – http://rafeeqrehman.com/2015/01/18/using-swot-analysis-to-create-infosec-strategy/

Social Engineering Infographic – http://www.jasonstrange.com/2015/01/social-engineering-infographic.html

Tyupkin ATM Malware Analysis – http://resources.infosecinstitute.com/tyupkin-atm-malware-analysis/

How Was Your Credit Card Stolen? – http://krebsonsecurity.com/2015/01/how-was-your-credit-card-stolen/

The Essential Cyber Risk Elements – http://www.livetradingnews.com/essential-cyber-risk-elements-92812.htm#.VL6EqkesWSo

New projects bring early computers back to life – http://www.bbc.co.uk/news/technology-30546592

 

Miscellaneous Privacy stories

Privacy breach inexcusable – Greens – http://www.stuff.co.nz/national/65177409/privacy-breach-inexcusable–greens

Healthcare breaches need a cure for human errors – http://www.csoonline.com/article/2871215/data-breach/healthcare-breaches-need-a-cure-for-human-errors.html#tk.rss_all

Bad news if you tried to access your Outlook email from China this weekend… – http://grahamcluley.com/2015/01/bad-news-tried-access-outlook-email-china-weekend/

Dating apps found ‘leaking’ location data – http://www.bbc.co.uk/news/technology-30880534

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM Blog

SRM Blog