Monthly Archive February 2015

Information Security Breach Report – 23 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

Breaches, Incidents and Alerts:

BIND Security Update Fixes Server Crash Flaw – http://www.securityweek.com/bind-security-update-fixes-server-crash-flaw

Gogo Inflight Internet is Intentionally Issuing Fake SSL Certificates – http://www.symantec.com/connect/blogs/gogo-inflight-internet-intentionally-issuing-fake-ssl-certificates

CAVIRTEX Finally Stops Operating Due to Recent Security Breach – http://securitygladiators.com/2015/02/20/cavirtex-shut-down-finally/

Seals With Clubs suffers security breach, shuts down Bitcoin-based online poker room – http://aarontodd.casinocitytimes.com/article/seals-with-clubs-suffers-security-breach-shuts-down-bitcoin-based-online-poker-room-64060

White House network almost back after breach – http://thehill.com/policy/cybersecurity/233376-white-house-network-almost-back-after-breach

Data breach at Lone Star Circle of Care affects 8,700 – http://www.statesman.com/news/news/data-breach-at-lone-star-circle-of-care-affects-87/nkFyY/

Police warn against ‘Microsoft’ scammers – http://cyprus-mail.com/2015/02/20/police-warn-against-microsoft-scammers/

Privacy Breach at Motor Vehicle Registration – http://www.vocm.com/newsarticle.asp?mn=2&id=52823&latest=1

Android malware fakes phone shutdown to steal data – http://www.csoonline.com/article/2886979/malware-vulnerabilities/android-malware-fakes-phone-shutdown-to-steal-data.html#tk.rss_all

Virus posing as ‘The Interview’ movie link hits cyberspace – http://cio.economictimes.indiatimes.com/news/digital-security/virus-posing-as-the-interview-movie-link-hits-cyberspace/46313347

“TNT” gang has released a new hardware TDoS tool in the criminal underground – http://securityaffairs.co/wordpress/33867/cyber-crime/tnt-gang-released-tdos-tool.html

 

Miscellaneous Infosec stories:

Surprise! America Already Has a Manhattan Project for Developing Cyber Attacks – http://www.wired.com/2015/02/americas-cyber-espionage-project-isnt-defense-waging-war/

Turkey Seeks National Plan for Cyber Threats – http://www.defensenews.com/story/defense/policy-budget/cyber/2015/02/21/turkey-cyber-tubitak-cybersecurity-ssm-software/23636627/

Bahrain cracks down on rampant cyber crime cases – http://www.shanghaidaily.com/article/article_xinhua.aspx?id=269388

Revelation of Secret Spyware Could Hamper US Espionage Efforts – http://www.voanews.com/content/revelation-of-secret-spyware-could-hamper-us-espionage-efforts/2653015.html

Corporate espionage: Well-oiled leak machine at mantralayas – http://timesofindia.indiatimes.com/india/Corporate-espionage-Well-oiled-leak-machine-at-mantralayas/articleshow/46328566.cms

JPMorgan Goes to War – http://www.bloomberg.com/news/articles/2015-02-19/jpmorgan-hires-cyberwarriors-to-repel-data-thieves-foreign-powers

Could a North Korean spy be ripping you off online? Impoverished dictatorship uses hackers to steal £1billion a year from the west – http://www.dailymail.co.uk/news/article-2875763/Could-North-Korean-SPY-ripping-online-Impoverished-dictatorship-uses-hackers-steal-1billion-year-west.html

Cyber Threat in Globalized World – http://www.hazar.org/blogdetail/blog/cyber_threat_in_globalized_world_1115.aspx

Regaining Consumer Trust Post-Breach Starts at the Point of Sale – http://www.paymentssource.com/news/interchange/regaining-consumer-trust-post-breach-starts-at-the-point-of-sale-3020599-1.html

State Department official: The department deals with thousands of cyber attacks every day – http://newsmaine.net/22503-state-department-official-department-deals-thousands-cyber-attacks-every-day

Computer Security in the Real World – http://research.microsoft.com/en-us/um/people/blampson/69-SecurityRealIEEE/69-SecurityRealIEEE.htm

HSBC Whistleblower: Thief or Hero? Debatable … Preventable Data Breach? Absolutely – http://www.sys-con.com/node/3303009

Phone fraud becoming more prevelant – http://www.kare11.com/story/news/local/2015/02/20/phone-fraud-becoming-more-prevelant/23779187/

Knowing the Basics of SMB Cyber Security – https://smallbusinesssolutions.blogs.xerox.com/2015/02/19/knowing-the-basics-of-smb-cyber-security/#.VOrSAvmsV8E

Artificial Intelligence May Save Us From New Breed of Cyber Threats – http://www.cio.com/article/2886748/security0/artificial-intelligence-may-save-us-from-new-breed-of-cyber-threats.html

Windows SSL Interception Gone Wild – https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339

SEC on the prowl for cyber security cases: official – http://www.reuters.com/article/2015/02/20/us-sec-cyber-idUSKBN0LO28H20150220

Does China Really Know How to Wage Cyber War? – http://thediplomat.com/2015/02/does-china-really-know-how-to-wage-cyber-war/

Don’t wait until you’re attacked to take cybersecurity seriously – http://www.net-security.org/secworld.php?id=17978&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

What will happen to the Lizard Squad hackers? – http://www.theguardian.com/technology/2015/feb/20/lizard-squad-hackers-lulzsec-anonymous-what-will-happen

Cyber-security: US government cannot keep hackers out of national networks – http://www.independent.co.uk/news/world/americas/cybersecurity-us-government-cannot-keep-hackers-out-of-national-networks-10060206.html

Who Cares Who’s Behind A Data Breach? – http://www.darkreading.com/attacks-breaches/who-cares-whos-behind-a-data-breach/a/d-id/1319162

PUBLIC SECTOR FACES RISE IN CYBER-ATTACKS – http://www.cbronline.com/news/security/public-sector-faces-rise-in-cyber-attacks-4517223

Hidden costs of Sony’s data breach will add up for years, experts say – http://siliconangle.com/blog/2015/02/20/hidden-costs-of-sonys-data-breach-will-add-up-for-years-experts-say/?angle=silicon

Information technology leaders feel ill-equipped to handle escalating cyber threats – http://phys.org/news/2015-02-technology-leaders-ill-equipped-escalating-cyber.html

Research Centre Tackles Cybercrime – http://www.inforisktoday.com/research-centre-tackles-cybercrime-a-7935

 

Tools, Tips and How it’s done:

PowerSpy – How to spy on mobile users by monitoring the power supply – http://securityaffairs.co/wordpress/33934/hacking/powerspy-spy-on-mobile.html

Patching Haste Makes Waste – http://www.infosecdailynews.com/patching-haste-makes-waste/

How to test your PC for the new “Superfish” security vulnerability – http://cio.economictimes.indiatimes.com/news/digital-security/how-to-test-your-pc-for-the-new-superfish-security-vulnerability/46329529

SecureTV Interviews The Legend BlackHAT Hacker Kevin D. Mitnick – http://www.tonavids.com/video_yIkAtGjGO_g_SecureTV-Interviews-The-Legend-BlackHAT-Hacker-Kevin-D.-Mitnick.html

Ethical Hacking Course – Part 1 – http://www.dailymotion.com/video/x2hrvhz_ethical-hacking-course-part-1-kali-linux-introduction-installation_school

Ethical Hacking Course – The rest – http://www.dailymotion.com/gb/relevance/universal/search/Ethical+Hacking+Course/1

Say What? Required contents of notice in data breach notifications – http://www.welivesecurity.com/2015/02/21/required-contents-of-notice-data-breach-notification/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+(ESET+Blog%3A+We+Live+Security)

The real cost of a data breach – http://www.retaildive.com/news/the-real-cost-of-a-data-breach/363587/

Cyber Criminals Use Patience, Persistence and Patsies to Fleece Banks for Hundreds of Millions – http://www.virtual-strategy.com/2015/02/21/cyber-criminals-use-patience-persistence-and-patsies-fleece-banks-hundreds-millions#axzz3SVwRfUR0

Data Breach Risks from Spear Phishing – http://privacylawadvisor.com/data-breach-risks-from-spear-phishing/

Hacking the Human OS: A Report on Social Engineering – http://www.itsecurityalerts.com/hacking-the-human-os-a-report-on-social-engineering/

Be your own Big Brother: Covert home spy gadgetry – http://www.theregister.co.uk/2015/02/21/be_your_own_big_brother_people/

Top 3 Takeaways from the “Escalate your Efficiency: How to Save Time on Penetration Testing” Webcast – https://community.rapid7.com/community/metasploit/blog/2015/02/20/top-3-takeaways-from-the-escalate-your-efficiency-how-to-save-time-on-penetration-testing-webcast

Google Webfonts, The Spy Inside? – http://fontfeed.com/archives/google-webfonts-the-spy-inside/

Top 10 DNS attacks likely to infiltrate your network – http://www.csoonline.com/article/2887220/data-protection/top-10-dns-attacks-likely-to-infiltrate-your-network.html#tk.rss_all

NIST Shows Crystal Pattern Mapping Can Recover Obliterated Serial Numbers in Metals – http://www.nist.gov/public_affairs/tech-beat/tb20150218.cfm#ebsd

Experimenting with Honeypots Using The Modern Honey Network – https://zeltser.com/modern-honey-network-experiments/

Is Your Small Business Prepared for a Data Breach Event? New ‘White Paper’ Explores Small Businesses ID Theft and Data Breach Trends – http://www.prweb.com/releases/2015/02/prweb12528343.htm

How Syrian Hackers Nearly Hijacked Wix by Way of Google Apps – http://recode.net/2015/02/20/how-syrian-hackers-nearly-hijacked-wix-by-way-of-google-apps/

How cybercriminals hack our brains – http://www.net-security.org/secworld.php?id=17977

Patching Haste Makes Waste – http://blog.lumension.com/9831/patching-haste-makes-waste/

Understanding the Hacker Mindset – http://www.bankinfosecurity.com/interviews/understanding-hacker-mindset-i-2589

Forced Perspective: Your Cyberdefense Tactics Appear Bigger Than They Are – http://www.securityweek.com/forced-perspective-your-cyberdefense-tactics-appear-bigger-they-are

Tracing an Injected iframe – http://ranger-cha.blogspot.co.uk/2015/02/tracing-injected-iframe.html

 

Miscellaneous Privacy stories

Cyber crime and a mistaken search upend the lives of innocent Kalispell couple – http://www.dailyinterlake.com/members/cyber-crime-and-a-mistaken-search-upend-the-lives-of/article_181876ac-ba20-11e4-88ff-abd63141c727.html

800,000 people get bad tax info in latest Healthcare.gov snafu – http://www.engadget.com/2015/02/20/healthcare-gov-tax-snafu/?ncid=rss_truncated

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


 

Retailer Breaches – Summary Report

Retailer breach stories:

Level 2 Retailer data breach – Barclaycard – www.barclaycard.co.uk/business/files/Level2_retailer_data_breach.pdf

Shoe retailer Office warned on data breach – http://www.bbc.co.uk/news/technology-30896805 and http://www.computerweekly.com/news/2240238420/Information-Commissioners-Office-issues-warning-to-Office-shoe-retailer-over-data-breach

Target data breach: Why UK business needs to pay attention – http://www.computerweekly.com/feature/Target-data-breach-Why-UK-business-needs-to-pay-attention

Online retailer Play.com admits data breach – http://www.information-age.com/technology/security/1611878/online-retailer-playcom-admits-data-breach

Retailer Michaels Stores confirms payment card data breach – http://uk.reuters.com/article/2014/04/17/us-michaelsstores-cybercrime-idUSBREA3G27N20140417

Retail Security Breaches 2014: Home Depot, Target Should Have Stronger Countermeasures, Experts Say – http://www.ibtimes.com/retail-security-breaches-2014-home-depot-target-should-have-stronger-countermeasures-1683362

Which Big Retailer Hasn’t Reported a Major Breach — Yet? – http://www.bloomberg.com/news/articles/2014-10-21/which-big-retailer-hasn-t-reported-a-major-breach-yet-

The Year Of The Retailer Data Breach – http://www.darkreading.com/attacks-breaches/the-year-of-the-retailer-data-breach/d/d-id/1317462

Home Depot says 56 MILLION payment cards have been affected by biggest retail security breach in history – http://www.dailymail.co.uk/news/article-2761490/Home-Depot-says-malware-affected-56M-payment-cards.html

Retailer Bebe Confirms Payment Card Data Breach – http://techcrunch.com/2014/12/05/retailer-bebe-confirms-payment-card-data-breach/

Staples Becomes The Latest Retailer Affected By A Payment Card Data Breach – http://techcrunch.com/2014/10/21/staples-becomes-the-latest-retailer-affected-by-a-payment-card-data-breach/

Kmart becomes latest retailer to suffer security breach – http://fortune.com/2014/10/10/kmart-becomes-latest-retailer-to-suffer-security-breach/

Banks take on retailers over who foots cyber attacks bill – http://www.ft.com/cms/s/0/23f1339c-6778-11e4-8970-00144feabdc0.html#axzz3SSs0seud

Data Breach Survey: Consumers hold retailers responsible, second only to criminals – http://www.brunswickgroup.com/about-us/news/data-breach-survey/

Moonpig investigating potential security breach – http://www.essentialretail.com/news/ecommerce/article/54ac11bb8b255-moonpig-investigating-potential-security-breach

Chick-fil-A May Be the Latest Retail Data Breach Victim – http://www.eweek.com/security/chick-fil-a-may-be-the-latest-retail-data-breach-victim.html

4 Reasons Why You Should Shop at Stores That Got Hacked – http://time.com/money/3524447/data-breach-target-home-depot-holiday-shopping/

3 High Profile Retail Data Breaches Changing Consumer Behaviour– Unless Executives Act – https://zonefox.com/news/high-profile-retail-data-breaches-changing-consumer-behaviour-unless-executives-act/

Dairy Queen says data breached at stores – http://www.cnbc.com/id/102077305#.

Grocery stores in multiple states hit by data breach – http://www.computerworld.com/article/2491234/cybercrime-hacking/grocery-stores-in-multiple-states-hit-by-data-breach.html

2013 Data Breaches: All You Need to Know – http://resources.infosecinstitute.com/2013-data-breaches-need-know/

Retailers’ data breaches could get ‘ugly’ – http://www.detroitnews.com/story/business/personal-finance/2014/12/07/retailers-data-breach/20067897/

The Real Cost of a Retail Data Breach – http://data-protection.safenet-inc.com/2014/07/the-real-cost-of-a-retail-data-breach/#sthash.S4yW6HvS.dpbs

Continuous Breach: A New State of Mind, Especially for Retailers – https://www.damballa.com/continuous-breach/

Can Companies Restore Consumer Confidence After a Data Breach? – http://www.triplepundit.com/2014/07/can-companies-restore-consumer-confidence-data-breach/

Another Potential Retail Mega Breach At Sandwich Chain Jimmy Johns – http://www.tripwire.com/state-of-security/latest-security-news/another-potential-retail-mega-breach-at-sandwich-chain-jimmy-johns/

Court Rules in Favor of Breached Retailer – http://www.databreaches.net/court-rules-in-favor-of-breached-retailer/

Supervalu hit by hackers, data breach affects 180 stores – http://www.techtimes.com/articles/13145/20140815/supervalu-hit-by-hackers-data-breach-affects-180-stores.htm

2014 – An Explosion of Data Breaches and PoS RAM Scrapers – http://blog.trendmicro.com/trendlabs-security-intelligence/2014-an-explosion-of-data-breaches-and-pos-ram-scrapers/

How companies can rebuild trust after a security breach – http://www.techpageone.co.uk/en/technology/security-it/companies-can-rebuild-trust-security-breach/#.VOmrFvmsV8E

Why retailers bear the brunt of security breaches – http://www.networkworld.com/article/2458993/security0/why-retailers-bear-the-brunt-of-security-breaches.html

Poll: Nearly half of cardholders likely to avoid stores hit by data breaches – http://www.creditcards.com/credit-card-news/shopping-after-breach.php

Retail Breaches Bolster Interest In NIST Cyber Security Advice – http://www.informationweek.com/government/cybersecurity/retail-breaches-bolster-interest-in-nist-cyber-security-advice/d/d-id/1252740

Retail’s Reality: Shopping Behavior After Security Breaches – http://www.interactionsmarketing.com/retailperceptions/2014/06/retails-reality-shopping-behavior-after-security-breaches/

Backoff and BlackPOS Malware Breach Retailers Point of Sale Systems – http://www.yassl.com/yaSSL/Blog/Entries/2014/9/11_Backoff_and_BlackPOS_Malware_Breach_Retailers_Point_of_Sale_Systems.html

Retailers Are Finding That Data Vulnerability Can Undo Years of Brand Equity – http://www.adweek.com/news/advertising-branding/retailers-are-finding-data-vulnerability-can-undo-years-brand-equity-156459

10 lessons learned from major retailers’ cyber breaches – http://www.propertycasualty360.com/2014/09/23/10-lessons-learned-from-major-retailers-cyber-brea

POSSIBLE DATA BREACH AT ACME STORES IN PA, NJ, DEL. – http://6abc.com/shopping/possible-data-breach-at-acme-stores-in-pa-nj-del/329670/

Credit Card Breaches Happen: What You Can Do to Protect Yourself – http://www.zonealarm.com/blog/2014/11/credit-card-breaches-happen-what-you-can-do-to-protect-yourself/

WHY IS THE COST OF A DATA BREACH SO HIGH? – http://www.delegosoftware.com/why-is-the-cost-of-a-data-breach-so-high/

What Retailers Need to Do to Prevent the Next Breach – http://www.csc.com/cybersecurity/insights/107105-what_retailers_need_to_do_to_prevent_the_next_breach

Sheplers Western Wear Alerts Customers Concerning Data Breach Affecting Retail Stores – http://www.databreaches.net/sheplers-western-wear-alerts-customers-concerning-data-breach-affecting-retail-stores/

The data breach payment fight heats up – http://thehill.com/policy/cybersecurity/228161-the-fight-over-paying-for-data-breaches-heats-up

Strengthening security after a breach of a retailer’s customer data – http://www.pwc.com/us/en/advisory-services/case-studies/technology/assets/strengthening-security.pdf

Data breach alert: Small retailers are especially vulnerable –

Lax security and complacency are common – http://www.consumerreports.org/cro/news/2014/05/data-breach-alert-small-retailers-are-especially-vulnerable/index.htm

Chronology of Data Breaches | Privacy Rights Clearinghouse – https://www.privacyrights.org/data-breach-asc

Why is PCI DSS Compliance Important? – http://www.theukcardsassociation.org.uk/security/PCIDSS_compliance.asp

PCI DSS: is the cure worse than the disease? – http://www.techworld.com/news/security/pci-dss-is-cure-worse-than-disease-3426435/

If I’m not compliant, what may happen to me and my business? – http://www.theukcardsassociation.org.uk/security/Non_compliance_PCIDSS.asp

The real cost of a data breach – http://www.retaildive.com/news/the-real-cost-of-a-data-breach/363587/

Regaining Consumer Trust Post-Breach Starts at the Point of Sale – http://www.paymentssource.com/news/interchange/regaining-consumer-trust-post-breach-starts-at-the-point-of-sale-3020599-1.html

Information Security Breach Report – 19 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Meet Babar, a New Malware Almost Certainly Created by France – http://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france

Tens of thousands of home routers at risk with duplicate SSH keys – http://www.csoonline.com/article/2886236/network-security/tens-of-thousands-of-home-routers-at-risk-with-duplicate-ssh-keys.html#tk.rss_all

Cyber Espionage group attacking thousands of victims globally – http://www.itnewsafrica.com/2015/02/cyber-espionage-group-attacking-thousands-of-victims-globally/

Lenovo sold laptop with pre-installed Superfish malware – http://securityaffairs.co/wordpress/33800/malware/lenovo-laptop-pre-installed-superfish.html

Got a Netgear wireless router? You’ve got a security problem – http://www.hotforsecurity.com/blog/got-a-netgear-wireless-router-youve-got-a-security-problem-11429.html

Morgan Stanley breach probe shifts to hacker from fired employee: WSJ – http://www.reuters.com/article/2015/02/19/us-morgan-stanley-cybercrime-idUSKBN0LN07920150219?feedType=RSS&feedName=businessNews

Bitcoin exchange shuts down after suspected password breach – http://grahamcluley.com/2015/02/bitcoin-exchange-shuts-down/

Update On Morgan Stanley Breach Probe – http://www.bidnessetc.com/35121-update-on-morgan-stanley-ms-breach-probe/

Babar the Elephant: Another malware plague with a cute name – http://www.theregister.co.uk/2015/02/19/babar_french_cyberespionage/

25 billion Cyberattacks hit systems in Japan during 2014 – http://securityaffairs.co/wordpress/33776/hacking/25-billion-cyberattacks-hit-japan.html

Cisco – New Malware-Laced Spam Campaign Hits Corporate Users – http://www.spamfighter.com/News-19462-Cisco-New-Malware-Laced-Spam-Campaign-Hits-Corporate-Users.htm

UMaine Data Breach Exposes Information on Hundreds of Students – http://news.mpbn.net/post/umaine-data-breach-exposes-information-hundreds-students

RedTube porn website spreads malware, via iFrame invisible to the naked eye – http://grahamcluley.com/2015/02/redtube-malware/

Scammers using obituary notices to acquire new victims – http://www.csoonline.com/article/2885141/malware-cybercrime/scammers-using-obituary-notices-to-acquire-new-victims.html#tk.rss_all

Malicious Emails Can Cause Android Email App to Crash: Researcher – http://www.securityweek.com/malicious-emails-can-cause-gmail-app-crash-researcher

Vawtrak Banking Trojan Uses Windows PowerShell, Macros in Infection Routines – http://www.securityweek.com/vawtrak-banking-trojan-uses-windows-powershell-macros-infection-routines

 

Miscellaneous Infosec stories:

Swedish man pleads guilty to peddling Blackshades malware – http://www.csoonline.com/article/2886356/cyber-attacks-espionage/swedish-man-pleads-guilty-to-peddling-blackshades-malware.html#tk.rss_all

Banking Malware Redefined – http://www.securityweek.com/banking-malware-redefined?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

iBank: RBS, NatWest first UK banks to allow Apple Touch ID logins – http://www.theregister.co.uk/2015/02/19/natwest_mobile_banking_touch_id/

Vawtrack malware peddlers turn to malicious macros – http://www.net-security.org/malware_news.php?id=2967&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Software Advice: More than half of SMBs don’t have data breach plan – http://www.tweaktown.com/news/43626/software-advice-more-half-smbs-data-breach-plan/index.html

End Users Causing Bulk Of Infosec Headaches – http://www.darkreading.com/end-users-causing-bulk-of-infosec-headaches/d/d-id/1319143

The Average Face of a Hacker is Revealed by the Team at Secure Thoughts – http://www.virtual-strategy.com/2015/02/18/average-face-hacker-revealed-team-secure-thoughts#axzz3SCy59PFn

Hurd: Cyber security most pressing issues in U.S. – http://www.ksat.com/content/pns/ksat/news/2015/02/18/hurd–cyber-security-most-pressing-issues-in-u-s-.html

Lawsuit: Anthem Was Warned Of Cyber Threat To Health Care Providers – http://losangeles.cbslocal.com/2015/02/18/lawsuit-anthem-was-warned-of-cyber-threat-to-health-care-providers/

Kaspersky says his warnings about cyber threats have come true – http://latino.foxnews.com/latino/lifestyle/2015/02/18/kaspersky-says-his-warnings-about-cyber-threats-have-come-true/

An Internet of Things that do what they’re told – http://radar.oreilly.com/2015/02/an-internet-of-things-that-do-what-theyre-told.html

Social engineering the new norm for hackers, nation-states – http://www.scmagazineuk.com/social-engineering-the-new-norm-for-hackers-nation-states/article/399016/

Cars Are Delivering Tons Of Driving Data To Manufacturers With Minimal Security And Even Less Transparency – https://www.techdirt.com/articles/20150211/10134429988/cars-are-delivering-tons-driving-data-to-manufacturers-with-minimal-security-even-less-transparency.shtml

Carbanak Cybersecurity Threat Is Overhyped, Banking Groups Say – http://www.americanbanker.com/news/bank-technology/carbanak-cybersecurity-threat-is-overhyped-banking-groups-say-1072809-1.html

Security In The Year 2020 – http://www.tripwire.com/state-of-security/security-awareness/security-in-the-year-2020/

Hey, does anyone know if Dilbert has upset Kim Jong Un recently? – http://grahamcluley.com/2015/02/hey-does-anyone-know-if-dilbert-has-upset-kim-jong-un-recently/

Visual hacking exposed – http://www.net-security.org/secworld.php?id=17971&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Boards Not Regularly Briefed on Cyber-Security: Survey – http://www.securityweek.com/many-boards-directors-not-regularly-briefed-cyber-security-survey

Upgraded version of encryptors spreading with help of social engineering – http://techchannelmea.com/security/upgraded-version-encryptors-spreading-help-social-engineering

Secure Domains: The DNS Security Debate – http://www.inforisktoday.co.uk/secure-domains-dns-security-debate-a-7927

Kaspersky says his warnings about cyber threats have come true – http://latino.foxnews.com/latino/lifestyle/2015/02/18/kaspersky-says-his-warnings-about-cyber-threats-have-come-true/

Banking Malware Redefined – http://www.securityweek.com/banking-malware-redefined

 

Tools, Tips and How it’s done:

3 P’s to practice safe cyber security habits – http://www.ksat.com/content/pns/ksat/news/2015/02/18/3-p-sto-practice-safe-cyber-security-habits.html

Intel Security: social engineering hacking the human OS – http://www.itwire.com/business-it-news/security/67042-intel-security-social-engineering-hacking-the-human-os

Protect Yourself From Cyber Attacks – http://www.benzinga.com/general/topics/15/02/5243949/protect-yourself-from-cyber-attacks

Time for an Updated Cyber Risk Approach; BPI Data Breach – http://www.dataprivacymonitor.com/privacy/time-for-an-updated-cyber-risk-approach-bpi-data-breach/

Five Cyber Attacks that Made CISOs Rethink Security – http://www.itbusinessedge.com/slideshows/five-cyber-attacks-that-made-cisos-rethink-security.html

5 Ways Companies Can Avoid a Data Breach in 2015 – http://datashieldcorp.com/2015/02/18/5-ways-companies-can-avoid-data-breach-2015/

Three Keys to a Successful Cybersecurity Defense Program – http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/three-keys-to-a-successful-cybersecurity-defense-program/

The Web Application Stack – A Growing Threat Vector – http://www.infosecdailynews.com/the-web-application-stack-a-growing-threat-vector/

Protecting Your Personal Information and Identity After a Breach – http://www.solutionary.com/resource-center/blog/2015/02/protecting-personal-information/

THE GREAT SIM HEIST – HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE – https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

Android malware hijacks power button, empties wallet while you sleep – http://www.theregister.co.uk/2015/02/19/android_malware_hijacks_power_button_to_steal_while_you_sleep/

Expert Advice: How to Up Your Cyber Security – http://www.entrepreneur.com/article/241520

Anti-Virus: Applied Incorrectly? – http://www.inforisktoday.com/blogs/anti-virus-applied-incorrectly-p-1812

Preparing for a Data Security Breach – http://complianceriskforum.com/preparing-for-a-data-security-breach/

 

Miscellaneous Privacy stories

It’s not just Samsung TVs — lots of other gadgets are spying on you – http://fusion.net/story/49352/all-the-smart-gadgets-are-spying-on-you/

Yet Another Report Showing ‘Anonymous’ Data Not At All Anonymous – https://www.techdirt.com/articles/20150209/06111829955/yet-another-report-showing-anonymous-data-not-all-anonymous.shtml

UK Police Forces Have Secret Facial Recognition Database Of 18 Million People, Many Innocent – https://www.techdirt.com/articles/20150203/09153529893/uk-police-forces-have-secret-facial-recognition-database-18-million-people-many-innocent.shtml

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 17 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

Breaches, Incidents and Alerts:

16 million mobile devices hit by malware in 2014: Alcatel-Lucent – http://www.zdnet.com/article/16-million-mobile-devices-hit-by-malware-in-2014-alcatel-lucent/

Lincolnshire scammers using police logo in mobile con – http://www.eastlindseytarget.co.uk/Scammers-using-police-logo-mobile/story-26014332-detail/story.html

While Obama talks cyber security, his hotel’s computer system fails – http://uk.reuters.com/article/2015/02/15/uk-usa-cybersecurity-obama-hotel-idUKKBN0LJ00120150215

Over 100 banks in 30 countries hit by sophisticated cyber-attack – http://www.jamaicaobserver.com/news/Over-100-banks-in-30-countries-hit-by-sophisticated-cyber-attack

Crooks steal money from Standard Chartered Accounts by hacking ATMs – http://securityaffairs.co/wordpress/33511/cyber-crime/standard-chartered-accounts-hacked.html

Security breach affects SSC employees – http://www.news-star.com/article/20150213/NEWS/150219854

Personal weather stations can expose your Wi-Fi network – http://www.csoonline.com/article/2883910/privacy/personal-weather-stations-can-expose-your-wifi-network.html#tk.rss_all

Lack of CSPRNG Threatens WordPress Sites – http://threatpost.com/lack-of-csprng-threatens-wordpress-sites/111016

Discovered 40000 vulnerable MongoDB databases on the Internet – http://securityaffairs.co/wordpress/33487/hacking/40000-vulnerable-mongodbonline.html

Google Play, Browser Flaws Expose Android Devices to Remote Code Execution – http://www.securityweek.com/google-play-browser-flaws-expose-android-devices-remote-code-execution

Newsweek Twitter hack is a sign of the times – http://www.csoonline.com/article/2882977/social-networking-security/newsweek-twitter-hack-is-a-sign-of-the-times.html#tk.rss_all

15-year-old bug allows malicious code execution in all versions of Windows – http://arstechnica.com/security/2015/02/15-year-old-bug-allows-malicious-code-execution-in-all-versions-of-windows/

 

Miscellaneous Infosec stories:

Cybersecurity goes way beyond passwords – http://www.sfchronicle.com/opinion/article/Cybersecurity-goes-way-beyond-passwords-6081491.php

Security Concerns After Zero-Day Attacks in Adobe Flash – http://tech.co/security-concerns-zero-day-attacks-in-adobe-flash-2015-02

Beware of Phishing mails; you could be the next hack victim – http://www.indiatvnews.com/business/world/beware-of-phishing-mails-you-could-be-the-next-hack-victim-1207.html

Cyber security will shape the Internet of Things – http://www.itproportal.com/2015/02/14/cyber-security-will-shape-internet-things/

Employees vulnerable to cyber crime – http://www.scotsman.com/business/management/employees-vulnerable-to-cyber-crime-1-3690568

FIA claims arrest of two of FBI’s 10 most-wanted cyber criminals – http://tribune.com.pk/story/838615/fia-claims-arrest-of-two-of-fbis-10-most-wanted-cyber-criminals/

SRM launch the North East Cyber Security Business Cluster – http://www.srm-solutions.com/news/srm-launch-the-north-east-cyber-security-business-cluster/

When is a password leak not a password leak? –

https://blog.agilebits.com/2015/02/13/when-is-a-password-leak-not-a-password-leak/

Google cuts Microsoft and pals some slack in zero-day vuln crusade – an extra 14 days tops – http://www.theregister.co.uk/2015/02/14/google_vulnerability_disclosure_tweaks/

Banks, Gov’t Struggle to Contain Growing Cyber Threat – http://www.americanbanker.com/news/law-regulation/banks-govt-struggle-to-contain-growing-cyber-threat-1072744-1.html

Phishing for clickers – http://www.csoonline.com/article/2883744/security-leadership/phishing-for-clickers.html#tk.rss_all

Twitter sends employees fake spam to see if they’ll fall for it – http://globalnews.ca/news/1828773/twitter-sends-employees-fake-spam-to-see-if-theyll-fall-for-it/

‘Zero days’ last up to six months for some malware – http://www.csoonline.com/article/2883248/data-protection/zero-days-last-up-to-six-months-for-some-malware.html#tk.rss_all

HP Promises Half a Million Dollars in Prizes for Pwn2Own 2015 – http://www.securityweek.com/hp-promises-half-million-dollars-prizes-pwn2own-2015

Google’s Vint Cerf warns of ‘digital Dark Age’ – http://www.bbc.co.uk/news/science-environment-31450389

Breach Level Index Finds Data Breaches Increased 49 Percent – http://hospitalitytechnology.edgl.com/news/Breach-Level-Index-Finds-Data-Breaches-Increased-49-Percent98209

Ukrainian government to counter cyber-attacks – http://www.scmagazineuk.com/ukrainian-government-to-counter-cyber-attacks/article/397970/

Millions Of Users Unaware That Facebook Is On The Internet — Or Think It *Is* The Internet – https://www.techdirt.com/articles/20150211/01355929982/millions-users-unaware-that-facebook-is-internet-think-it-is-internet.shtml

HOST HIT IN CYBER ATTACK RIPS GOVERNMENT INACTION – http://www.nltimes.nl/2015/02/11/host-hit-cyber-attack-rips-government-inaction/

Report: Chinese groups behind most state-sponsored attacks in 2014 – http://www.csoonline.com/article/2882753/cyber-attacks-espionage/report-chinese-groups-behind-most-state-sponsored-attacks-in-2014.html#tk.rss_all

Tools, Tips and How it’s done:

HTML5 Security Cheat Sheet – https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

Now, I can see wifi signals. – https://imgur.com/gallery/jdNA6

Cyber Attacks Through Power and Cooling Systems – http://www.alphaguardian.net/cyber-attacks-power-cooling-systems/

How secret Swiss banking works – http://www.businessinsider.co.id/hsbc-and-ubs-swiss-bank-account-and-tax-evasion-scandals-explainer-2015-2/#.VORiDPmsV8F

Hacker Hour: The Hackers Guide To Social Engineering – https://www.protectmybank.com/hacker-hour-hackers-guide-social-engineering/

UK Computer Emergency Response Team (CERT) Introduction to Social Engineering – https://publicintelligence.net/uk-cert-social-engineering/

Phishing attacks increasingly target financial data – http://www.net-security.org/secworld.php?id=17949

The limits of prevention-centric security programs – http://www.net-security.org/secworld.php?id=17950

Preparing for a Data Breach – What to Know About Breach Notification – http://www.lexisnexis.com/legalnewsroom/corporate/b/business/archive/2015/02/13/preparing-for-a-data-breach-what-to-know-about-breach-notification.aspx

Phishing: Learning from Recent Breaches – http://www.databreachtoday.com/interviews/phishing-learning-from-recent-breaches-i-2577

How to Defend Your Business Against Social Engineering Scams – http://blog.lifars.com/2015/02/13/how-to-defend-your-business-against-social-engineering-scam/

‘CIO of Year’ on Defending Against Hackers – http://www.databreachtoday.com/interviews/cio-year-on-defending-against-hackers-i-2578

PoS Malware Kits Rose in Underground in 2014: Report – http://www.securityweek.com/pos-malware-kits-rose-underground-2014-report?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

How To Protect Yourself From Dating App Cyber Threats – http://www.techweekeurope.co.uk/mobility/mobile-apps/protect-dating-app-cyber-threats-161856

Complexity is the Enemy of Security – http://www.securityweek.com/complexity-enemy-security?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

CTO Corner: Creation of CTIIC Demonstrates Heightened Importance of Cyber Security – https://blog.bit9.com/2015/02/11/cto-corner-creation-of-ctiic-demonstrates-heightened-importance-of-cyber-security/

Five sneaky ways companies are changing employees’ security behavior – http://www.csoonline.com/article/2881940/security-awareness/five-sneaky-ways-companies-are-changing-employees-security-behavior.html#tk.rss_all

Connected Home Security Systems Easy to Hack: HP – http://www.securityweek.com/connected-home-security-systems-easy-hack-hp

How to remotely install malicious apps on Android devices – http://securityaffairs.co/wordpress/33456/hacking/remotely-hack-android.html

Miscellaneous Privacy stories

Legal compliance challenges of Big Data: Seeing the forest for the trees – http://www.csoonline.com/article/2883796/big-data-security/legal-compliance-challenges-of-big-data-seeing-the-forest-for-the-trees.html

Tim Cook: Cyber privacy is a ‘life and death’ issue – http://www.telegraph.co.uk/finance/11412625/Tim-Cook-Cyber-privacy-is-a-life-and-death-issue.html

US lawmakers introduce two bills to protect email privacy – http://www.csoonline.com/article/2884134/privacy/us-lawmakers-introduce-two-bills-to-protect-email-privacy.html#tk.rss_all

Jeb Bush’s email dump puts constituents’ personal data online – http://www.csoonline.com/article/2882818/access-control/jeb-bushs-email-dump-puts-constituents-personal-data-online.html#tk.rss_all

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is

Information Security Breach Report – 18 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

New detail emerges on Boston Baskin Cancer Foundation breach – http://www.databreaches.net/new-detail-emerges-on-boston-baskin-cancer-foundation-breach/

Scammers target State of Franklin Healthcare employees in payroll breach – http://www.johnsoncitypress.com/article/124335/scammers-target-state-of-franklin-healthcare-employees-in-payroll-breach

16-year-old claims to be behind USyd data breach – http://honisoit.com/2015/02/16-year-old-claims-to-be-behind-usyd-data-breach/

16 Million Mobile Devices Infected With Malware in 2014: Alcatel-Lucent – http://www.securityweek.com/16-million-mobile-devices-infected-malware-2014-alcatel-lucent

Israeli gov & boffins targeted by pr0ntastic malware from Gaza – http://www.theregister.co.uk/2015/02/16/israel_egypt_targeted_by_gaza_apt_style_hackers/

Haskell Confirms Security Breach in Debian Builds – http://www.hackbusters.com/news/stories/258093-haskell-confirms-security-breach-in-debian-builds

Information disclosure flaw exposes Netgear wireless routers to attacks – http://www.csoonline.com/article/2883760/mobile-security/information-disclosure-flaw-exposes-netgear-wireless-routers-to-attacks.html#tk.rss_all

LOVELY HORSE: GCHQ Program Monitored Hacker/InfoSec Community on Social Media – http://leaksource.info/2015/02/16/lovely-horse-gchq-program-monitored-hacker-infosec-community-on-social-media/

Russian report says 100 groups hit by $1bn cyber attack – http://www.ft.com/cms/s/0/3bca441c-b535-11e4-8362-00144feab7de.html#axzz3S5R7au5o

Scammers pushing fake AdwCleaner in active scareware campaign – http://www.net-security.org/secworld.php?id=17952&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

 

Miscellaneous Infosec stories:

Hacking Goes Mainstream – http://www.inforisktoday.com/blogs/hacking-goes-mainstream-p-1811

Payment Security Initiatives Unveiled – http://www.databreachtoday.co.uk/payment-security-initiatives-unveiled-a-7913

Regulator Hints at New Cyber Guidance – http://www.bankinfosecurity.com/regulator-hints-at-new-cyber-guidance-a-7910

New Studies Proving Non Immediate Reaction of Antivirus Tools to Threats – http://securityaffairs.co/wordpress/33588/malware/non-immediate-reaction-antivirus.html

MasterCard, Visa to Introduce New Cybersecurity Enhancements – http://www.securityweek.com/mastercard-visa-introduce-new-cybersecurity-enhancements

What Makes Hacker News Fame? – http://goodattheinternet.com/2015/02/13/getting-to-the-hacker-news-front-page/

Swinney: Scotland’s cyber security strategy ‘will not involve monitoring the internet’ – https://www.holyrood.com/articles/feature/swinney-scotlands-cyber-security-strategy-will-not-involve-monitoring-internet

8 areas where CSOs and CIOs will converge in 2015 – http://www.csoonline.com/article/2884205/security-leadership/8-areas-where-csos-and-cios-will-converge-in-2015.html#tk.rss_all

Small Business Cyberattacks continuing to pose a threat – http://blanchardinfosec.blogspot.co.uk/2015/02/wk-10-small-business-cyberattacks.html

Li-Fi-like System Would Bring 100-Gbps Speeds Straight to Your Computer – http://spectrum.ieee.org/tech-talk/semiconductors/optoelectronics/fiber-to-the-living-room

ARE YOU LIVING IN A COMPUTER SIMULATION? – http://simulation-argument.com/simulation.html

Are you ready for EU laws on cyber security and data protection? – http://community.f-secure.com/t5/BSB-Blog/Are-you-ready-for-EU-laws-on/ba-p/66449

The UK Cyber Security Strategy – Update – http://blog.srm-solutions.com/the-uk-cyber-security-strategy-update/

 

Tools, Tips and How it’s done:

Security Think Tank: Use the Sony breach to plan for the worst – http://www.computerweekly.com/opinion/Security-Think-Tank-Become-business-leader-by-using-the-Sony-breach-to-plan-for-the-worst

Don’t let a breach trash your company’s reputation: look at Data Loss Prevention – http://www.techradar.com/news/world-of-tech/management/how-data-loss-prevention-can-avert-financial-and-reputational-ruin-1284528

Fingerprinting is an increasingly common yet rarely discussed technique of identifying individual Web users – http://www.networkworld.com/article/2884026/security0/browser-fingerprints-and-why-they-are-so-hard-to-erase.html

Risk reduction key to tackling cyber crime, says Stroz Friedberg – http://www.computerweekly.com/news/2240240425/Risk-reduction-key-to-tackling-cyber-crime-says-Stroz-Friedberg

Tor design proposals: how we make changes to our protocol – https://blog.torproject.org/blog/tor-design-proposals-how-we-make-changes-our-protocol

 

Miscellaneous Privacy stories

Euro ministers trade data for data protection – yes, your passenger records – http://www.theregister.co.uk/2015/02/13/mep_trade_data_for_data_protection_govts_pnr_pressure_takes_its_toll/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

 

SRM Blog

SRM Blog