Monthly Archive March 2015

Information Security Breach Report – 27 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Cisco Fixes DoS Vulnerabilities in IOS Software – http://www.securityweek.com/cisco-fixes-dos-vulnerabilities-ios-software

Maine.gov hit by cyber attack for third time in three days – http://www.wgme.com/news/features/top-stories/stories/mainegov-hit-cyber-attack-third-time-three-days-26552.shtml#.VRQNDfmsV8E

Hackers breach Fairbanks city website – https://www.adn.com/article/20150325/hackers-breach-fairbanks-city-website

Amedisys notifies nearly 7,000 individuals of potential breach – http://www.scmagazine.com/amedisys-notifies-nearly-7000-individuals-of-potential-breach/article/405456/

Cisco patches IOS to stop automation exploitation – http://www.theregister.co.uk/2015/03/26/automatic_attacks_cisco_patches_ios_vulns/

One in every three popular website ‘dangerous’: Study – http://cio.economictimes.indiatimes.com/news/digital-security/one-in-every-three-popular-website-dangerous-study/46697206

An SDN vulnerability forced OpenDaylight to focus on security – http://www.csoonline.com/article/2902902/vulnerabilities/an-sdn-vulnerability-forced-opendaylight-to-focus-on-security.html#tk.rss_all

Flaw in common hotel router threatens guests’ devices – http://www.csoonline.com/article/2902740/vulnerabilities/flaw-in-common-hotel-router-threatens-guests-devices.html#tk.rss_all

As GitHub is hit hard, experts disagree whether DDoS attacks are becoming more or less frequent – https://grahamcluley.com/2015/03/github-ddos-attack/

Hackers hijack school Twitter account, post photoshopped image of teacher in his underpants – http://www.hotforsecurity.com/blog/hackers-hijack-school-twitter-account-post-photoshopped-image-of-teacher-in-his-underpants-11628.html

Support Dell System Detect tool put PCs at risk – http://securityaffairs.co/wordpress/35380/security/dell-system-detect-tool-risk.html

Slack confirms hackers accessed its central user database in February, introduces two factor authentication – http://slackhq.com/post/114696167740/march-2015-security-incident-and-launch-of-2fa

State agency hacked; governor calls for study, changes – http://www.washingtontimes.com/news/2015/mar/26/state-agency-hacked-brown-calls-for-third-party-as/

Brunswick school officials, law enforcement investigate district computer hacking – http://portcitydaily.com/2015/03/27/brunswick-school-officials-law-enforcement-investigate-district-computer-hacking/

Bar Mitzvah attack exploits the Invariance Weakness in RC4 – http://securityaffairs.co/wordpress/35352/hacking/bar-mitzvah-attack-on-rc4.html and http://www.securityweek.com/new-attack-rc4-based-ssltls-leverages-13-year-old-vulnerability

Xtube porn website spreads malware, after being compromised by hackers – https://grahamcluley.com/2015/03/xtube-porn-website-spreads-malware-after-being-compromised-by-hackers/

DNV GL: Cyber Attacks on Ships, Offshore Structures Growing Threat – http://worldmaritimenews.com/archives/155807/dnv-gl-cyber-attacks-on-ships-offshore-structures-growing-threat/

Asian hackers using Android malware for sex extortion and blackmail – http://www.ibtimes.co.uk/asian-hackers-using-android-malware-sex-extortion-blackmail-1493509

WebSitePipeline notifying clients of breach – http://www.databreaches.net/websitepipeline-notifying-clients-of-breach/

 

Miscellaneous Infosec stories:

How a hack on Prince Phillip’s Prestel account led to UK computer law – http://www.theregister.co.uk/2015/03/26/prestel_hack_anniversary_prince_philip_computer_misuse/

Cyber crooks turn to low-tech trickery – http://m.news24.com/fin24/Tech/Featured/Cyber-crooks-turn-to-low-tech-trickery-20150325

The things end users do that drive security teams crazy – http://www.csoonline.com/article/2902186/security-awareness/the-things-end-users-do-that-drive-security-teams-crazy.html#tk.rss_all

Data breaches hurt more than e-retailers’ bottom lines – https://www.internetretailer.com/2015/03/27/data-breaches-hurt-more-e-retailers-bottom-lines

Fighting U.S. Card Data Fraud Overseas – http://www.databreachtoday.co.uk/fighting-us-card-data-fraud-overseas-a-8053

The state of open source security – http://www.csoonline.com/article/2902393/application-security/the-state-of-open-source-security.html#tk.rss_all

Zero day, Web browser vulnerabilities spike in 2014 – http://www.csoonline.com/article/2901895/vulnerabilities/zero-day-web-browser-vulnerabilities-spike-in-2014.html#tk.rss_all

 

Tools, Tips and How it’s done:

Too Many Adverts and Porn pop-ups in your Web Browser? Maybe your Router has been Hijacked – http://www.tripwire.com/state-of-security/security-data-protection/advert-router-hijack/

Vawtrak malware uses steganography to hide update files in favicons – http://securityaffairs.co/wordpress/35308/malware/vawtrak-steganography-favicon.html

Security best practices for users is your first line of defense – http://www.cio.com/article/2901690/security0/security-best-practices-for-users-is-your-first-line-of-defense.html

Evolving Security in the Face of Cyber Attacks – http://www.securityweek.com/evolving-security-face-cyber-attacks?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

True Threat Intelligence Finds What’s Related to You – http://www.solutionary.com/resource-center/blog/2015/03/threat-intelligence-part-4/

Reading the Secunia Vulnerability Review 2015 – http://securityaffairs.co/wordpress/35386/hacking/secunia-vulnerability-review-2015.html

9 security gadgets for mobile devices – http://www.csoonline.com/article/2902742/mobile-security/9-security-gadgets-for-mobile-devices.html#jump

Diagnosing networking issues in the Linux Kernel – https://code.mixpanel.com/2015/03/26/diagnosing-networking-issues-in-the-linux-kernel/

Mathematicians build code to take on toughest cyber attacks – https://news.wsu.edu/2015/03/26/mathematicians-build-code-to-take-on-toughest-cyber-attacks/#.VRW4wfmsV8E

Risk-Driven Security: The Approach to Keep Pace With Advanced Threats – http://www.securityweek.com/risk-driven-security-approach-keep-pace-advanced-threats

The CSO Security Career Survival Guide – http://www.csoonline.com/article/2902253/infosec-careers/the-cso-security-career-survival-guide.html#tk.rss_all

Survey: 75% of firms would take hours or longer to spot breach – http://www.csoonline.com/article/2902252/data-breach/survey-75-of-firms-would-take-hours-or-longer-to-spot-breach.html#tk.rss_all

Israeli boffins hack air gap, fire missiles on compromised kit – http://www.theregister.co.uk/2015/03/25/israeli_uni_boffins_fire_missiles_in_hot_new_air_gap_attack/

Ransomware holds schools hostage: ‘Now give us Bitcoin worth $129k, er, $124k, wait …’ – http://www.theregister.co.uk/2015/03/25/school_ransomware/

 

Miscellaneous Privacy stories:

Optus rapped for three privacy breaches – http://www.zdnet.com/article/optus-rapped-for-modem-vulnerabilities/

Mandatory data retention passes Australian parliament – http://www.zdnet.com/article/mandatory-data-retention-passes-australian-parliament/

 

Safeguarding Children and School E-Safety stories:

Why are people so mean to each other online? – http://www.bbc.co.uk/news/technology-31749753

Grooming bans could stop child sex abuse say councils – http://www.bbc.co.uk/news/education-32058575

Children spend six hours or more a day on screens – http://www.bbc.co.uk/news/technology-32067158

Hackers hijack school Twitter account, post photoshopped image of teacher in his underpants – http://www.hotforsecurity.com/blog/hackers-hijack-school-twitter-account-post-photoshopped-image-of-teacher-in-his-underpants-11628.html

Facebook acknowledged Australia’s first children’s e-safety, aims to launch Suicide prevention  Support tools – http://customstoday.com.pk/facebook-acknowledged-australias-first-childrens-e-safety-aims-to-launch-suicide-prevention-support-tools/

Feds Financing System to ‘Automatically Detect’ Cyberbullying – http://freebeacon.com/issues/feds-financing-system-to-automatically-detect-cyberbullying/

Manito man pleads guilty to child grooming – http://www.pekintimes.com/article/20150326/NEWS/150329316/1994/NEWS

Brunswick school officials, law enforcement investigate district computer hacking – http://portcitydaily.com/2015/03/27/brunswick-school-officials-law-enforcement-investigate-district-computer-hacking/

FKA Twigs hit back at racist cyber bullies – http://www.3news.co.nz/entertainment/fka-twigs-hit-back-at-racist-cyber-bullies-2015032709

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

cs

Lessons in War Series – The Role of Computer Forensics

resized+SRM+0115-75

Traditionally, computer forensic investigations are seen as reacting to historic incidents and understanding what went wrong retrospectively. But in the cyber world, forensic investigation is a critical weapon which allows us to look forward as well as back.

Cyberspace is a contested environment in which effective situational awareness is vital if we are to gain and maintain control of a particular environment (such as our corporate networks).  In this respect the cyber environment is like any traditional warfighting or security environment.

Cyber is, however, characterised by one significant difference; those senses that humans have evolved to make them so successful (and possibly dangerous) from an evolutionary point of view, don’t work in the cyber environment.  We can’t see, taste, feel or hear what is going on in the cyber environment unaided.  This sensory dislocation is one of the reasons why we often make (or see) so many of the silly mistakes and decisions which provide the basis for most of the successful attacks on our systems.

Cyber operations do have parallels with the kinetic battlespace; ranging from set piece offensive operations to covert, surveillance and persistent insurgency operations.  There are significant differences, however, not least with respect to Geographical Boundaries, Tempo and the way that we can apply force.  Whilst this post is not the place for a detailed analysis of these differences, an awareness of these areas can provide practical insights into how we operate more safely in the cyber environment.

Stripped to its basics, the purpose of the computer forensics (now a multi threaded discipline) is to gain information and understanding about a particular situation in a particular context.  This makes it a valuable proactive tool in delivering the situational awareness which can be so elusive.  Sun Tsu (506BC) advised “Know your enemy and know yourself”. I would argue that this principal is as relevant now as ever.  Forensic Tools and techniques can form the basis of proactive preparation and architecture hardening within a system often conducted as part of forensics readiness planning.

The environment can be designed, from the outset, to favour the defender. In the past, this might have been advantageous – now it is a fundamental requirement for system designers.  Elegantly designed architectures, based on a sound knowledge of the operational environment will make it harder for an attacker to gain the initiative.   Similarly, if accessing the system compels the attacker to leave footprints, it is not only a deterrent but also a helpful tool for later investigation.

In the eleventh chapter Sun Tzu states that a leader must be capable of comprehending “unfathomable plans”. At SRM we have many years’ experience in dealing with cyber criminals so can more readily see patterns in behaviour and predict future actions. We see all forensic investigations as part of the preventative process through which organisations gain visibility of their own, as well as their attacker’s capability.

Managing Director of SRM, Tom F is a regular contributor to the SRM blog.

Information Security Breach Report – 25 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

A Large Number of Hacking Vulnerable Routers Have Been Released to the Public – http://securityaffairs.co/wordpress/35248/hacking/hacking-vulnerable-routers.html

Adobe CVE-2011-2461 flaw is exploitable by 4 years although it was fixed – http://securityaffairs.co/wordpress/35234/hacking/adobe-cve-2011-2461.html

Study: One-third of top websites vulnerable or hacked – http://www.csoonline.com/article/2900449/browser-security/study-one-third-of-top-websites-vulnerable-or-hacked.html#tk.rss_all

Kreditech Investigates Insider Breach – http://krebsonsecurity.com/2015/03/kreditech-investigates-insider-breach/

Wind turbine blown away by control system vulnerability – http://www.theregister.co.uk/2015/03/24/wind_turbine_blown_away_by_csrf_vulnerability/

Cyber criminals target financial professionals involved in deal-making – http://www.thenational.scot/business/cyber-criminals-target-financial-professionals-involved-in-deal-making.1342

Adobe Flash fix FAIL exposes world’s most popular sites – http://www.theregister.co.uk/2015/03/24/borked_adobe_flash_files_expose_worlds_most_popular_sites/

Hilton member accounts info, trip dates open to plunder – http://www.theregister.co.uk/2015/03/24/hilton_worldwide_csrf_membership_vulns/

Smart TVs have become the new target for cyber criminals – http://www.pandasecurity.com/mediacenter/security/smart-tvs-have-become-the-new-target-for-cyber-criminals/

njRAT Infections on the Rise: Security Firms – http://www.securityweek.com/njrat-infections-rise-security-firms?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

DDoS Attackers Distracting Security Teams With Shorter Attacks: Corero Networks – http://www.securityweek.com/ddos-attackers-distracting-security-teams-shorter-attacks-corero-networks

Twitch accounts were compromised, passwords for all users reset – http://thenextweb.com/insider/2015/03/23/twitch-accounts-were-compromised-passwords-being-reset/

Researchers map Drupal attack that bypasses poorly tuned Web Application Firewalls – http://www.csoonline.com/article/2900897/application-security/researchers-map-drupal-attack-that-bypasses-poorly-tuned-web-application-firewalls.html#tk.rss_all

More Powerful Ransomware with Increased File-Infection Spotted – http://www.spamfighter.com/News-19528-More-Powerful-Ransomware-with-Increased-File-Infection-Spotted.htm

Google warns of unauthorized TLS certificates trusted by almost all OSes [Updated] – http://arstechnica.com/security/2015/03/google-warns-of-unauthorized-tls-certificates-trusted-by-almost-all-oses/

Third US Health Entity Suspected of being Compromised – http://vulnerabledisclosures.blogspot.co.uk/2015/03/third-us-health-entity-suspected-of.html

Ghost blogging platform affected by multiple vulnerabilities – http://securityaffairs.co/wordpress/35217/hacking/ghost-blogging-platform-flaws.html

Details of more than 1,900 pupils from Henry Park Primary School leaked – http://news.asiaone.com/news/singapore/details-more-1900-pupils-henry-park-primary-school-leaked

Fake “Incoming Fax Report” emails lead to crypto-ransomware – http://www.net-security.org/malware_news.php?id=2994&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

 

Miscellaneous Infosec stories:

Cyber threat largest risk facing UK businesses: Marsh – http://www.canadianunderwriter.ca/news/cyber-threat-largest-risk-facing-uk-businesses-marsh/1003535958/?&er=NA

APT & Cyber-Extortion: Who’s at Risk? – http://www.bankinfosecurity.com/interviews/apt-cyber-extortion-whos-at-risk-i-2609

Attackers Target Community Banks – http://www.bankinfosecurity.com/interviews/attackers-target-community-banks-i-2610

CEOs have false perception of the extent of their cyber risk insurance cover, new report finds – http://www.out-law.com/en/articles/2015/march/ceos-have-false-perception-of-the-extent-of-their-cyber-risk-insurance-cover-new-report-finds/

 

Tools, Tips and How it’s done:

Open source security tool indicates Android app vulnerability spike – http://searchsecurity.techtarget.com/news/2240242888/Open-source-security-tool-indicates-Android-app-vulnerability-spike

Mainframe Security — Part 3 — Where is all your sensitive data? – https://www.linkedin.com/pulse/mainframe-security-part-3-where-all-your-sensitive-data-schrager

How Kevin Mitnick hacked the audience at CeBIT 2015 – https://news.hitb.org/content/how-kevin-mitnick-hacked-audience-cebit-2015

5 Social Engineering Attacks to Watch Out For – http://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/

HOW TO PROTECT YOURSELF FROM SOCIAL ENGINEERS IN THE SOCIAL MEDIA – https://www.halock.com/blog/protect-social-engineers-social-media/

What horrors lurk in the future: Networks without sysadmins – http://www.theregister.co.uk/2015/03/24/the_final_horror_networks_without_sysadmins/

Maintaining digital certificate security – http://googleonlinesecurity.blogspot.co.uk/2015/03/maintaining-digital-certificate-security.html

The blackjack vulnerability – http://xn--mric-bpa.fr/blog/blackjack.html

Security for Meetings – http://www.forbes.com/sites/stratfor/2015/03/23/security-for-meetings/

BitWhisper: Stealing Data From Isolated Computers Using Heat Emissions and Built-in Thermal Sensors – http://www.securityweek.com/air-gapped-computers-can-communicate-through-heat-researchers

4 Lessons Learned After Winning A Car at Ford’s Hackathon – http://danielscocco.com/4-lessons-learned-after-winning-a-car-at-fords-hackathon/

What is the True Cost of a Data Breach to an Organization? – http://globenewswire.com/news-release/2015/03/24/718130/10126019/en/What-is-the-True-Cost-of-a-Data-Breach-to-an-Organization.html

The hidden tricks of powerful persuasion – http://www.bbc.com/future/story/20150324-the-hidden-tricks-of-persuasion

BitWhisper: The Heat is on the Air-Gap – http://cyber.bgu.ac.il/blog/bitwhisper-heat-air-gap

Top 10 things to do when responding to a cyber security incident – http://www.strategic-risk-global.com/top-10-things-to-do-when-responding-to-a-cyber-security-incident/1413251.article

Were Weak Passwords A Problem In Recent Data Breaches? Usernames May Be A Bigger One – http://www.hstoday.us/briefings/industry-news/single-article/were-weak-passwords-a-problem-in-recent-data-breaches-usernames-may-be-a-bigger-one/b5eadaef9002380da155315a978f9592.html

Why aren’t you vulnerability scanning more often? – http://www.csoonline.com/article/2901472/vulnerabilities/why-aren-t-you-vulnerability-scanning-more-often.html#tk.rss_all

 

Miscellaneous Privacy stories:

Metadata retention is no worse than STALKING: Turnbull – http://www.theregister.co.uk/2015/03/24/metadata_retention_is_no_worse_than_stalking_turnbull/

 

Safeguarding Children and School E-Safety stories:

Details of more than 1,900 pupils from Henry Park Primary School leaked – http://news.asiaone.com/news/singapore/details-more-1900-pupils-henry-park-primary-school-leaked

It’s Our Responsibility to Stand Up to Cyber Bullies [VIDEO] – http://tech.co/justine-ezarik-video-interview-sxsw-2015-03

Schools Weigh Access to Students’ Social-Media Passwords – http://www.edweek.org/ew/articles/2015/02/18/schools-weigh-access-to-students-social-media.html

75-year-old man jailed after grooming 13-year-old on the internet and having sex with her – http://www.liverpoolecho.co.uk/news/liverpool-news/75-year-old-st-helens-man-jailed-8902756

Teachers to be trained to tackle homophobia – https://news.tes.co.uk/b/news/2015/03/24/teachers-to-be-trained-to-tackle-homophobia.aspx

Children’s details lost and sent to wrong place by Derby City Council employees – http://www.derbytelegraph.co.uk/Children-s-details-lost-sent-wrong-place-Derby/story-26219043-detail/story.html

Four advantages of an identity behavior-based approach to cybersecurity – http://www.net-security.org/article.php?id=2243&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Doctrine or Dogma – will the Government hold its nerve?

Government hates a policy vacuum. So, while CESG, the UK government’s National Technical Authority for Information Assurance, has brought about changes to the management of Internet Security within government offices, many still rely on the legacy IS1 frameworks to manage their information risk.

No longer legally bound by the cumbersome process of IS 1/2, the new focus is on balance risk management, resilience and incident response. The old process was criticised for being un-wieldy, inevitably leaving system protection behind the curve. By putting the emphasis on guidelines and outcomes, rather than policy and dogma, the new system hopes to keep one step ahead of threats and attackers.

With this shift in focus, there is the potential for public sector risk management doctrine to become dramatically more dynamic. But, while this is ultimately a good thing because it will mean a more agile and responsive framework to operate within the increasingly dynamic risk environment, it will also be increasingly difficult for traditional risk managers (in all sectors) as the process becomes dependent on decision making under conditions of uncertainty as well as the tacit acceptance that mistakes can and will be made.

Protection of systems, particularly relating to the use of social media within the workplace, now relies on an individual practitioner’s capacity to respond effectively to a wide range of different events without recourse to a standardised process within which they can operate.  Significantly, individual practitioners must balance this new freedom with the need to ensure that risks can be managed across organisational and technical boundaries.

Where, in the past, considerable weight was given to process (sometimes 300 page documents were produced in support of IS 1 & 2), now the emphasis is on timely effect. Compliance has become about behaviour not policy.  For highly skilled practitioners this will not present a problem but for those with less experience and confidence, it can be a heavy burden of individual responsibility.

We now need to focus on doctrine rather than dogma.  (I see doctrine as the process by which we write down what we do so that we can do it better; where dogma is when we write things down for the sake of it)!  Policy is a reflection of management intent and in today’s world, our doctrine must be judged by its effect.

Regardless, there are many who feel uncomfortable taking responsibility for their own judgement without dogmatic policy to fall back on.  The question in the long term is whether the CESG will hold its nerve, producing proportional doctrine or whether it and the practitioner community will feel compelled to generate another generation of dogma.

Tom F

Managing Director of SRM, Tom F is a regular contributor to the SRM blog.

Information Security Breach Report – 23 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Decoder of secret information stolen, security agencies panic – http://timesofindia.indiatimes.com/city/surat/Decoder-of-secret-information-stolen-security-agencies-panic/articleshow/46661745.cms

PNP website trashed by hacker – http://technology.inquirer.net/41474/pnp-website-trashed-by-hacker

Swedish city demands £40,000 to repair teenage hacking spree – http://www.theregister.co.uk/2015/03/23/swedish_city_demands_40000_to_clean_up_teenage_hacking/

CREEPS rejoice: Small biz Cisco phones open to eavesdrop 0-day – http://www.theregister.co.uk/2015/03/23/creeps_rejoice_small_biz_phones_open_to_evaesdrop_0day/

Australian online voting system may have FREAK bug – http://www.theregister.co.uk/2015/03/22/ivote_hack/

Personal email ID of Southern Command chief under attack – http://www.punemirror.in/pune/cover-story/Personal-email-ID-of-Southern-Command-chief-under-attack/articleshow/46656392.cms

UAE is top-two victim of regional cyber attacks – http://www.arabianbusiness.com/uae-is-top-two-victim-of-regional-cyber-attacks-586181.html

Tasty Spam: SMS Sex Spammer Moves into the Cloud – http://securitywatch.pcmag.com/spam/333063-tasty-spam-sms-sex-spammer-moves-into-the-cloud

Blunder leads to leak of 500 patient email addresses – http://www.pendletoday.co.uk/news/health/local-health/blunder-leads-to-leak-of-500-patient-email-addresses-1-7151169

ISIS hackers call for homegrown ‘jihad’ against U.S. military, posts names and addresses of 100 service members – http://www.nydailynews.com/news/national/isis-hackers-call-jihad-u-s-military-article-1.2157749?cid=bitly

HACKING BIOS CHIPS ISN’T JUST THE NSA’S DOMAIN ANYMORE – http://www.wired.com/2015/03/researchers-uncover-way-hack-bios-undermine-secure-operating-systems/

Operation Woolen Goldfish, a hacking campaign in the wild – http://securityaffairs.co/wordpress/35128/cyber-crime/operation-woolen-goldfish.html

Cisco Discovers New “PoSeidon” Point of Sale Malware – http://www.securityweek.com/cisco-discovers-new-poseidon-point-sale-malware

Bank of America phishing attack hits customers – http://www.net-security.org/secworld.php?id=18113&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

 

Miscellaneous Infosec stories:

Is the UK gaining on the US in its spate of major cyber security breaches? – http://www.information-age.com/industry/uk-industry/123459208/uk-gaining-us-its-spate-major-cyber-security-breaches

Online ad revenue at risk in war on ‘click fraud’ – http://www.reuters.com/article/2015/03/23/us-advertising-cyberfraud-idUSKBN0MJ0Z820150323?feedType=RSS&feedName=businessNews

The Growth of Cyber Crime in Finance – http://themarketmogul.com/the-growth-of-cyber-crime-in-finance/

DOCUMENTS REVEAL CANADA’S SECRET HACKING TACTICS – https://firstlook.org/theintercept/2015/03/23/canada-cse-hacking-cyberwar-secret-arsenal/

Never assume your company is too small for a security breach – https://enterprisersproject.com/article/2015/3/never-assume-your-company-too-small-security-breach

Target Settlement: What About the Banks? – http://www.bankinfosecurity.co.uk/target-settlement-what-about-banks-a-8038

No More Cyber Attacks! Blackberry On Its Way To Make The Dream Come True – http://www.gurufocus.com/news/325526/no-more-cyber-attacks-blackberry-on-its-way-to-make-the-dream-come-true

Pentagon wraps up new acquisition rules to protect weapons from cyberattacks – http://www.businessinsider.com/r-pentagon-wraps-up-new-acquisition-rules-to-protect-weapons-from-cyberattacks–2015-3?IR=T

Pakistan VS USA Cyber Crime Laws – http://www.slideshare.net/HassnainJamil/pakistan-vs-cyber-crime-laws

Nairobi rejects Beijing plea to extradite cyber suspects – http://mobile.nation.co.ke/news/Nairobi-rejects-Beijing-plea-to-extradite-cyber-suspects/-/1950946/2661906/-/format/xhtml/-/148la71z/-/index.html

4 Reasons Data Breaches are on the Rise – https://www.metascan-online.com/blog/4-reasons-data-breaches-are-rise

 

Tools, Tips and How it’s done:

Ten things you always wanted to know about IP Voice – http://www.theregister.co.uk/2015/03/23/ten_things_you_always_wanted_to_know_about_ip_voice/

Here’s a brief history of the long and short of hacking – http://cio.economictimes.indiatimes.com/news/digital-security/heres-a-brief-history-of-the-long-and-short-of-hacking/46659506

Boffins twist light to carry 2.05 bits in one photon – http://www.theregister.co.uk/2015/03/23/one_photon_two_bits_in_surprising_photonic_twist/

Bridging the Cyber-Security Skills Gap Using the Right Technology – http://www.informationsecuritybuzz.com/bridging-the-cyber-security-skills-gap-using-the-right-technology/

Want to hide your metadata? You probably can’t – http://www.theregister.co.uk/2015/03/23/want_to_protect_yourself_in_a_snoops_paradise_you_probably_cant/

Cybersecurity: Tackling the insider threat – http://www.businessspectator.com.au/article/2015/3/23/technology/cybersecurity-tackling-insider-threat

ASIC issues major cyber guide – http://www.insurancebusinessonline.com.au/news/asic-issues-major-cyber-guide-198382.aspx

CONNECTED CARS: Which are risks for automated vehicles? – http://securityaffairs.co/wordpress/35204/hacking/connected-cars-risks.html

PC security upgrades a welcome antidote to breaches – http://www.seattletimes.com/business/technology/pc-security-upgrades-a-welcome-antidote-to-breaches/

IoT will connect 1.1 billion devices in 2015: Gartner – http://cio.economictimes.indiatimes.com/news/internet-of-things/iot-will-connect-1-1-billion-devices-in-2015-gartner/46644971

Firms stand to lose billions through fraud: bank chief – http://www.lawgazette.co.uk/law/firms-stand-to-lose-billions-through-fraud-bank-chief/5047789.fullarticle

Social Engineering 101 Frame and Posture – https://saverocity.com/travel/social-engineering-101-frame-and-posture/

Frankenimage – Reconstructing images with pieces from an image database – http://gimlids.github.io/frankenimage/

 

Miscellaneous Privacy stories:

Defence ministry sounds red alert on web spying – http://timesofindia.indiatimes.com/india/Defence-ministry-sounds-red-alert-on-web-spying/articleshow/46657148.cms

Federal government privacy breaches soar to record high – http://ottawacitizen.com/news/politics/federal-government-privacy-breaches-soar-to-record-high

Listen – Kevin Mitnick – CeBIT Radio – Defending Privacy – https://www.mitnicksecurity.com/S=0/site/news_item/listen-cebit-worlds-most-famous-hacker-kevin-mitnick-defending-privacy

Despite Wave Of Data Breaches, Official Says Patient Privacy Isn’t Dead – http://www.databreaches.net/despite-wave-of-data-breaches-official-says-patient-privacy-isnt-dead/

 

Safeguarding Children and School E-Safety stories:

Cyber bullies playing truant with teens in wonder years – http://www.thehindu.com/news/cities/Delhi/cyber-bullies-playing-truant-with-teens-in-wonder-years/article7019821.ece?ref=tpnews

Cyber Snoops Watching Your Kids – http://pjmedia.com/tatler/2015/03/21/cyber-snoops-watching-your-kids/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM Blog

SRM Blog