Monthly Archive April 2015

Information Security Breach Report – 27 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Tesla’s website has been hacked – http://cio.economictimes.indiatimes.com/news/digital-security/teslas-website-has-been-hacked/47057428

White Lodging Services confirms second payment card breach – http://www.csoonline.com/article/2908853/data-breach/white-lodging-services-confirms-second-payment-card-breach.html#tk.rss_all

Punkey, a new POS Malware in the criminal ecosystem – http://securityaffairs.co/wordpress/36113/cyber-crime/punkey-pos-malware.html

Zero-Day Malvertising Attack Went Undetected For Two Months – http://www.darkreading.com/attacks-breaches/zero-day-malvertising-attack-went-undetected-for-two-months/d/d-id/1320092?_mc=RSS_DR_EDT

NetNanny Found Using Shared Private Key, Root CA – https://threatpost.com/netnanny-found-using-shared-private-key-root-ca/112354

Pushdo spamming botnet still active in the wild – http://securityaffairs.co/wordpress/36171/cyber-crime/pushdo-spamming-botnet.html

Cash register maker used same password – 166816 – non-stop since 1990 – http://www.theregister.co.uk/2015/04/23/166816_the_pos_pin_for_win_since_1990/

Phasebot, the fileless malware sold in the underground – http://securityaffairs.co/wordpress/36206/cyber-crime/phasebot-fileless-malware.html

Samsung Galaxy S5 could be open to fingerprint theft – http://www.welivesecurity.com/2015/04/23/samsung-galaxy-s5-open-fingerprint-theft/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

Costa Coffee Club members wake up and smell the data breach – http://www.theregister.co.uk/2015/04/23/costa_coffee_club_members_security_breach/

Hacked off: Tesco Clubcard and Costa Coffee cards breached in Cambridge area – http://www.cambridge-news.co.uk/Hacked-Tesco-Costa-Coffee-cards-breached/story-26392209-detail/story.html

Bypassing OS X Security Tools is Trivial, Researcher Says – https://threatpost.com/bypassing-os-x-security-tools-is-trivial-researcher-says/112410

Login Vulnerability Exposes SAP ASE Databases – http://www.securityweek.com/login-vulnerability-exposes-sap-ase-databases?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Magento Flaw Exploited in the Wild a few hours after disclosure – http://securityaffairs.co/wordpress/36252/hacking/magento-flaw-exploited-hackers.html

New Threats Range From ‘Dribbling Breached Data’ to IoT and Toys – http://www.eweek.com/security/new-threats-range-from-dribbling-breached-data-to-iot-and-toys.html

39,000 patients may have been victim in Seton data breach – http://kxan.com/2015/04/24/39000-affected-in-seton-phishing-attack-targeting-company-emails/

Hack breaches Taipei government computers – http://www.databreaches.net/hack-breaches-taipei-government-computers/

Phishing Leads to Healthcare Breach – http://www.infosecbuddy.com/news/phishing-leads-to-healthcare-breach/

No evidence that any data removed from system: Premera – http://www.databreaches.net/no-evidence-that-any-data-removed-from-system-premera/

Anonymous Claims Hack of Israeli Arms Importer, Fab-Defense; Leaks Massive Client Login Data – http://www.databreaches.net/anonymous-claims-hack-of-israeli-arms-importer-fab-defanse-leaks-massive-client-login-data/

Evil Wi-Fi kills iPhones, iPods in range – ‘No iOS Zone’ SSL bug revealed – http://www.theregister.co.uk/2015/04/22/apple_no_ios_zone_bug/

WordPress Releases Version 4.1.2, Calls It A “Critical Security Release” – http://marketingland.com/wordpress-releases-version-4-1-2-calls-it-a-critical-security-release-125965

 

Miscellaneous Infosec stories:

Hacking telesurgery robots, a concrete risk – http://securityaffairs.co/wordpress/36305/hacking/hacking-telesurgery-robots.html

Spy in the sandbox attack to spy on your online activity – http://securityaffairs.co/wordpress/36178/hacking/spy-in-the-sandbox-attack.html

Insider threats force balance between security and access – http://www.csoonline.com/article/2913740/data-breach/insider-threats-force-balance-between-security-and-access.html#tk.rss_all

Study: Firms not ready to respond to complex threats – http://www.csoonline.com/article/2913833/cyber-attacks-espionage/study-majority-of-firms-not-ready-to-respond-to-complex-threats.html#tk.rss_all

48,000 Windows XP PCs are still running at TEPCO … which are the risks? – http://securityaffairs.co/wordpress/36263/security/tepco-48000-pcs-running-xp.html

Insurers mull proposed cyber rules – http://www.businessinsurance.com/article/20150426/NEWS06/304269959

Low IT security spend in region leaves businesses open to cyber attacks – http://www.timesofoman.com/News/50815/Article-Low-IT-security-spend-in-region-leaves-businesses-open-to-cyber-attacks

Cyber-Attacks Getting Respect All Over The World – http://www.inquisitr.com/2044303/cyber-attacks-getting-respect-all-over-the-world/

Russian Hackers Read Obama’s Emails During White House Security Breach – http://gizmodo.com/russian-hackers-read-obamas-emails-during-white-house-s-1700271500

Congress to banks: Admit you’ve been hacked! – http://money.cnn.com/2014/11/18/technology/security/congress-bank-hack/

Should we fear hackers? – http://www.quotesinpics.com/kevin-mitnick/quote_khgzzd/

Banks Lose Up to $100K/Hour to Shorter, More Intense DDoS Attacks – http://www.americanbanker.com/news/bank-technology/banks-lose-up-to-100khour-to-shorter-more-intense-ddos-attacks-1073966-1.html

Massive TalkTalk data breach STILL causing customer scam tsunami – http://www.theregister.co.uk/2015/04/23/fresh_wave_of_scammers_target_talktalk_customers/

Fraud or Breach? Questions to Ask Before Calling in the Cavalry – http://www.techzone360.com/topics/techzone/articles/2015/04/22/402061-fraud-breach-questions-ask-before-calling-the-cavalry.htm

Ransomware crims drop Bitcoin faster than Google axes services – http://www.theregister.co.uk/2015/04/24/ransomware_bitcoin/

The international effort to confront international cybercrime – http://www.csoonline.com/article/2914234/malware-cybercrime/the-international-effort-to-confront-international-cybercrime.html#tk.rss_all

Encryption adoption slows, but users believe it frees them from breach reporting – http://www.cso.com.au/article/573196/encryption-adoption-slows-users-believe-it-frees-them-from-breach-reporting/

It’s official: David Brents are the weakest link in phishing attacks – http://www.theregister.co.uk/2015/04/22/proofpoint_phishing_study/

A Few Challenges in Calculating Total Cost of a Data Breach Using Insurance Claims Payment Data – http://www.ponemon.org/blog/a-few-challenges-in-calculating-total-cost-of-a-data-breach-using-insurance-claims-payment-data

Your city’s not smart if it’s vulnerable, says hacker – http://www.theregister.co.uk/2015/04/20/smart_city_vendors_blasted_for_dumb_security/

BYOD and cloud are top data breaches and malware risks, survey shows – http://www.csoonline.com/article/2906359/data-breach/byod-and-cloud-are-top-data-breaches-and-malware-risks-survey-shows.html#tk.rss_all

 

Tools, Tips and How it’s done:

Analyzing the Magento Vulnerability (Updated) – http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/

1,500 iOS apps have HTTPS-crippling bug. Is one of them on your device? – http://arstechnica.com/security/2015/04/20/1500-ios-apps-have-https-crippling-bug-is-one-of-them-on-your-device/

The hacker Stefan Esser shows the jailbreak for iOS 8.4 beta 1 – http://securityaffairs.co/wordpress/36154/hacking/ios-8-4-beta-1-jailbreak.html

How to hack Avaya phones with a simple text editor – http://securityaffairs.co/wordpress/36187/hacking/how-to-hack-avaya-phone.html

How to discover NSA Quantum Insert attacks on your systems – http://securityaffairs.co/wordpress/36224/hacking/nsa-quantum-insert-attacks.html

Former hacker talks phone password security – http://wishtv.com/2015/04/26/former-hacker-talks-about-cyber-security/

Your big data toolchain is a big security risk! – http://www.vitavonni.de/blog/201504/2015042601-big-data-toolchains-are-a-security-risk.html

Quantum Insert Attack – https://isc.sans.edu/diary/Quantum+Insert+Attack/19625

Smarter threats and the rising complexity of cybercrime – http://www.net-security.org/secworld.php?id=18285&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Millions of accounts are being compromised because developers don’t have a specialised user database – http://fourlightyears.blogspot.co.uk/2015/04/millions-of-accounts-are-being.html

How To Protect Your Business From Social Engineering – https://quostar.com/blog/how-to-protect-your-business-from-social-engineering/

This machine catches stingrays: Pwnie Express demos cellular threat detector – http://arstechnica.com/information-technology/2015/04/20/this-machine-catches-stingrays-pwnie-express-demos-cellular-threat-detector/

Inside the rickety, vulnerable systems that run just about every power plant – http://www.csoonline.com/article/2905402/data-protection/inside-the-rickety-vulnerable-systems-that-run-just-about-every-power-plant.html#tk.rss_all

 

Miscellaneous Privacy stories:

Hackers spy on Kansas family through unsecured baby monitor – http://www.welivesecurity.com/2015/04/22/hackers-spy-kansas-family-unsecured-baby-monitor/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

 

Safeguarding Children and School E-Safety stories:

We’re not getting to grips with online hate – http://www.heraldsun.com.au/news/opinion/were-not-getting-to-grips-with-online-hate/story-fni0fhh1-1227322032416

Rise in reports of abusive texts prompts headteacher to send letter to parents – http://www.lancashiretelegraph.co.uk/news/12909796.Rise_in_reports_of_abusive_texts_prompts_headteacher_to_send_letter_to_parents/

5 ways to tell an online predator may be grooming your child – http://www.thedenverchannel.com/money/science-and-tech/5-ways-to-tell-a-predator-is-grooming-your-child

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 21 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Operation Pawn Storm on Continued Marathon, Attacking Targets Now with Advance Infrastructure – http://securityaffairs.co/wordpress/36139/cyber-crime/op-pawn-storm-continues.html

Several Vulnerabilities Found in Enterprise Search Engine SearchBlox – http://www.securityweek.com/several-vulnerabilities-found-enterprise-search-engine-searchblox?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

WikiLeaks Dumps Data from Sony Hacking Scandal – http://www.securityweek.com/wikileaks-dumps-data-sony-hacking-scandal

HSBC Acknowledges Data Breach – http://www.esecurityplanet.com/network-security/hsbc-acknowledges-data-breach.html

Updates Fix Several Vulnerabilities in HP Network Automation – http://www.securityweek.com/updates-fix-several-vulnerabilities-hp-network-automation

Local families among victims of improper use of DCF information – http://www.actionnewsjax.com/news/news/local/local-families-among-victims-dcf-security-breach/nkync/

D-Link: sorry we’re SOHOpeless – http://www.theregister.co.uk/2015/04/21/dlink_sorry_were_sohopeless/

JavaScript CPU cache snooper tells crooks EVERYTHING you do online – http://www.theregister.co.uk/2015/04/21/cache_creeps_can_spy_on_web_histories_for_80_of_net_users/

Watch: Nasty JPEG pops corporate locks on Windows boxes – http://www.theregister.co.uk/2015/04/20/nasty_jpg_pops_corporate_locks/

Patch Tuesday, exploit Thursday: Windows HTTP.sys flaw under attack – http://searchsecurity.techtarget.com/news/4500244600/Patch-Tuesday-exploit-Thursday-Windows-HTTPsys-flaw-under-attack

Flaw in Schneider Electric Vamp Software Allows Arbitrary Code Execution – http://www.securityweek.com/flaw-schneider-electric-vamp-software-allows-arbitrary-code-execution?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Moxa Industrial Surveillance Products Affected by RCE Vulnerability – http://www.securityweek.com/moxa-industrial-surveillance-products-affected-rce-vulnerability?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Hotel Operator White Lodging Struck Again by PoS Attack – http://www.securityweek.com/hotel-operator-white-lodging-struck-again-pos-attack

Phishing catches victims ‘in minutes’ – http://www.bbc.co.uk/news/technology-32285433

 

Miscellaneous Infosec stories:

Zero-Day Vulnerabilities Rose in 2014: Symantec – http://www.securityweek.com/zero-day-vulnerabilities-rose-2014-symantec?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

The Rise of the Chief Security Officer: What It Means for Corporations and Customers – http://www.forbes.com/sites/frontline/2015/04/20/the-rise-of-the-chief-security-officer-what-it-means-for-corporations-and-customers/

Verizon Data Breach Study Finds Old Flaws Remain Dangerous – http://myinforms.com/en-gb/a/12433349-verizon-data-breach-study-finds-old-flaws-remain-dangerous/

Anonymous slams cyber threat-sharing bill – http://thehill.com/policy/cybersecurity/239406-anonymous-slams-cyber-threat-sharing-bill

IT’S WAR: Hacktivists throw in their lot with spies and the military – http://www.theregister.co.uk/2015/04/20/hacktivists_and_spies_feature_isis_anonymous/

Most Cyberattacks Are Phishing Related, Not Sophisticated Technical Attacks – https://www.techdirt.com/articles/20150414/05574230648/most-cyberattacks-are-phishing-related-not-sophisticated-technical-attacks.shtml

It’s boom times for hackers as cyber sleuths gather – http://www.usatoday.com/story/tech/2015/04/20/rsa-computer-security-conference/26086277/

Can security analytics be key in breach detection? – http://www.computerworld.co.nz/article/573009/can-security-analytics-key-breach-detection/

Study highlights increasing cyber crime threats to governments – http://enterpriseinnovation.net/article/study-highlights-increasing-cyber-crime-threats-governments-213576350

United boots cyber security expert from flight after he noted security flaws – http://kdvr.com/2015/04/20/united-boots-cyber-security-expert-from-flight-after-he-noted-security-flaws/

The positive side of security threats – http://blog.avira.com/positive-side-of-security-threats/

Employees have no qualms in selling corporate passwords – http://www.csoonline.com/article/2905682/data-breach/employees-have-no-qualms-in-selling-corporate-passwords.html#tk.rss_all

 

Tools, Tips and How it’s done:

What does PCI DSS Version 3.1 mean to you? – http://blog.srm-solutions.com/what-does-pci-dss-version-3-1-mean-to-you/

The 20,000 fake phone numbers – http://www.bbc.co.uk/news/blogs-magazine-monitor-32348371

9 things retailers need to know about data breaches – http://www.retailingtoday.com/article/9-things-retailers-need-know-about-data-breaches

Cybercriminals still rely on decades-old techniques – http://www.networksasia.net/article/cybercriminals-still-rely-decades-old-techniques.1429495431

How to create a powerful password: Your ultimate guide to beating the hackers – http://www.itproportal.com/2015/04/20/create-powerful-password-ultimate-guide-beating-hackers/

4 Ways Your Small Business Can Better Prevent Cyber Crime – http://www.entrepreneur.com/article/245102

Get Cyber Fit Without Breaking a Sweat – http://www.ukfast.co.uk/blog/2015/04/20/get-cyber-fit-without-breaking-a-sweat/

RFIDs, Encryption, and Stop Rules. – http://www.thegrumpyprogrammer.com/2015/04/rfids-encryption-and-stop-rules-oh-my.html

sptoolkit Rebirth – Simple Phishing Toolkit – http://www.darknet.org.uk/2015/04/sptoolkit-rebirth-simple-phishing-toolkit/

 

Miscellaneous Privacy stories:

That’s right: FBI agents can’t pretend to be ISP repairmen to search homes without a warrant – http://www.theregister.co.uk/2015/04/20/fbi_warrantless_searches/

Lawyer: Cops dropped robbery case rather than detail FBI’s StingRay phone snoop gizmo – http://www.theregister.co.uk/2015/04/21/st_louis_stingray/

Lost in the clouds: Your private data has been indexed by Google – http://www.csoonline.com/article/2906137/cloud-security/lost-in-the-clouds-your-private-data-has-been-indexed-by-google.html#tk.rss_all

 

Safeguarding Children and School E-Safety stories:

Arrest Made In Connection With Instagram Death Threats In San Dimas – http://losangeles.cbslocal.com/2015/04/20/arrest-made-in-connection-with-cyber-death-threats-made-against-girl-in-san-dimas/

Thousands of children receive lessons on online safety – http://www.itv.com/news/meridian/update/2015-04-13/thousands-of-children-receive-lessons-on-online-safety/

Protecting Children’s Rights in the Digital World: An Ever-Growing Challenge – Social Work Helper – http://www.socialworkhelper.com/2015/04/16/protecting-children-rights-in-the-digital-world-an-ever-growing-challenge/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

What does PCI DSS Version 3.1 mean to you?

logo pci

By Paul Brennecker, Principal QSA at Security Risk Management Ltd

On Wednesday 15th April 2015 the PCI SSC (Payment Card Industry Security Standard Council) published the PCI DSS Version 3.1 to upgrade payment card industry guidelines. While these changes will mean enhanced privacy for consumers and better safeguarding of data, they will also require most companies holding cardholder data or processing payments to review their payment procedures as soon as possible.

Superficially, PCI DSS v3.1 comes with only subtle adjustments to the existing requirements but the impact of these will have far-reaching implications.

Effective immediately, all versions of Secure Socket Layer (SSL) and early Transport Layer Security (TLS) are no longer considered to be strong cryptography. This impacts PCI DSS Requirements 2.2.3, 2.3 and 4.1. SSL and early TLS cannot be used as a security control after 30 June 2016.

Moreover, the PAN requirement has been reinforced with 3.1. The new guidelines prioritise ‘PAN truncation’ which refers to a security measure based on removing all but the first 6 and last 4 digits, thereby helping to protect payment card data. PAN truncation is a mechanism used by POS (point of sale) terminals and in many countries is already a mandatory cyber security measure.

Previously the hashed and the truncated version of the PAN were not considered to be cardholder data, but 3.1 makes it clear that to protect cardholder data, the two must never come together, because hackers are able to find the missing digits by using the first six and the last four digits and generate hashes until a match is found.

Another important change is the prohibition against sending PANs via ‘end-user messaging technologies’. This means that sending SMS which show the PAN of a card is explicitly no longer accepted unless it is encrypted. In this way, cardholder data is not only prohibited from traversing the Internet via email or instant messaging but from now on all messages sent over GSM, CDMA and TDMA networks are also part of the PCI Compliance requirements.

Lastly, and perhaps the most significant change, is in the hardening of attitude to Secure Socket Layers (SSL). On 25th March 2015 PCI SSC released a PCI SSC FAQ with additional information on how SSL poses a risk to payment card data and how it impacts point-of-sale devices and web servers. PCI DSS 3.1 clarifies this stance. It is therefore now vital to switch to the TLS protocol and abandon the SSL one as soon as possible.

The revisions included in 3.1 reflect the changes in the threat landscape and an increase in the number of attacks registered during 2014 and the PCI Council initiative therefore needs to be taken seriously. Most of the companies that hold cardholder data and process payments through debit or credit cards will be required to review their processes and technologies in the near future.

North East Cyber Security Cluster

uk csf

By Mustafa El-Jarrah, Information Security Support Consultant at Security Risk Management Ltd

The North East Cyber Security Cluster was launched on the 12th February 2015 at the Digital Skills Academy at Newcastle College. SRM are the sponsor of the campaign, hosting and managing the cluster with a main aim of bringing together cyber security companies within the region to promote growth and raise awareness.

One of the first clusters to be established in the UK was the Malvern cluster in September 2011. As it became prominent, it faced high demand from cyber security companies wanting to join from across the UK. As a result, the UK Cyber Security Forum was established in April 2014 in response to the high demand. This was the catalyst to form other regional Clusters throughout the UK.

The collection of Clusters enables individuals and organisation to meet to discuss various Cyber Security issues. The North East Cluster is now actively seeking new members. One of the many advantages of the cluster is that it presents an opportunity for smaller cyber security organisations to join forces and compete for larger contracts on offer from bigger corporations.

Membership of the cluster is free of charge. For more information, contact us…

Information Security Breach Report – 13 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Lufthansa customers were targeted by a cyber attack – http://securityaffairs.co/wordpress/35894/cyber-crime/lufthansa-website-hacked.html

Apple Patches Critical Backdoor Flaw in OS X 10.10.3 – http://www.eweek.com/security/apple-patches-critical-backdoor-flaw-in-os-x-10.10.3.html

AT&T To Pay $25 Million to Resolve FCC Data Breach Claims – http://www.adlawaccess.com/2015/04/articles/att-to-pay-25-million-to-resolve-fcc-data-breach-claims/

ɘƨɿɘvɘЯ algo attack cracks Belkin router WPS PINs: researcher – http://www.theregister.co.uk/2015/04/12/belkin_wps_pins_easily_cracked_researcher/

18 out of 20 top boxlines vulnerable to ‘click-jacking’ cyber attacks – http://splash247.com/18-out-of-20-top-boxlines-vulnerable-to-click-jacking-cyber-attacks/

China Accused Of Decade Of Cyber Attacks On Governments And Corporates In Asia – http://techcrunch.com/2015/04/12/fireeye-apt-30-southeast-asia-india-report/

Hobart Airport website taken offline after cyber-attack – http://www.globaltimes.cn/content/916518.shtml

Hackers attack Belgian press group, second cyber siege since French station Tv5Monde – http://www.firstpost.com/world/hackers-attack-belgian-press-group-second-cyber-seige-since-french-station-tv5monde-2193865.html

IBM uncovers fraud scheme by well funded Eastern European gang of cyber criminals – http://customstoday.com.pk/ibm-uncovers-fraud-scheme-by-well-funded-eastern-european-gang-of-cyber-criminals-2/

AlienSpy RAT exploited to deliver the popular Citadel Trojan – http://securityaffairs.co/wordpress/35802/cyber-crime/alienspy-rat-citadel-trojan.html

Security Advisory: Persistent XSS in WP-Super-Cache – https://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html

Many big companies are still vulnerable to the biggest computer bug ever discovered, report says – http://cio.economictimes.indiatimes.com/news/digital-security/many-big-companies-are-still-vulnerable-to-the-biggest-computer-bug-ever-discovered-report-says/46845677

FireEye claims discovery of 10-year hack campaign by China – http://www.zdnet.com/article/fireeye-claims-discovery-of-10-year-hack-campaign-by-china/

Walters McCann Fanska notifies clients of network security breach – http://www.databreaches.net/walters-mccann-fanska-notifies-clients-of-network-security-breach/

 

Miscellaneous Infosec stories:

In a flash, I became a victim of cyber thieves – http://www.asianewsnet.net/In-a-flash-I-became-a-victim-of-cyber-thieves-74004.html

Emergence of various gadgets gives rise to wider cyber crimes – http://www.thesundaily.my/news/1381512

Insurance payout ‘threat’ a push for better cyber-safety – http://www.timesofisrael.com/insurance-payout-threat-a-push-for-better-cyber-safety/

Your smartphone app may be… malware trap – http://www.bangaloremirror.com/News/India/Your-smartphone-app-may-be-malware-trapp/articleshow/46899269.cms

Thousands could launch Sony-style cyber attack, says ex-hacker – http://www.cnet.com/news/thousands-could-launch-sony-style-cyber-attack-says-ex-hacker/

“Great Canon” The most powerful Cyber-Weapon is getting used by China Government – http://www.hackersnewsbulletin.com/2015/04/great-canon-powerful-cyber-weapon-getting-used-china-government.html

Most Cyber Security Breaches Due to Known Issues, Says tech Firm’s Report – http://www.newindianexpress.com/cities/bengaluru/Most-Cyber-Security-Breaches-Due-to-Known-Issues-Says-tech-Firms-Report/2015/04/13/article2761708.ece

 

Tools, Tips and How it’s done:

How Identity Data Security Helps Financial Services Fight Cyber Crime – http://www.business2community.com/tech-gadgets/identity-data-security-helps-financial-services-fight-cyber-crime-01200490

Cyber Incident/Data Breach Response: Your emergency Checklist – http://www.jdsupra.com/legalnews/cyber-incidentdata-breach-response-you-04551/

Lessons in War Series – The Role of Computer Forensics – http://blog.srm-solutions.com/lessons-in-war-series-the-role-of-computer-forensics/

Backtrack 5 Social Engineering Toolkit Fake Facebook Arp Dns Sing – http://smovies.me/download/backtrack-5-social-engineering-toolkit-fake-facebo

Dealing With a Data Breach: What to Do if Your Server Is Compromised – http://www.socialmediatoday.com/technology-data/2015-04-12/dealing-data-breach-what-do-if-your-server-compromised

The critical 48 hours: how to mitigate the damage from a cyber-attack – http://www.itproportal.com/2015/04/12/critical-48-hours-how-to-mitigate-damage-cyber-attack/

The oldest trick in the ASCII book – http://www.infosecdailynews.com/the-oldest-trick-in-the-ascii-book/

Here’s a tip for some Crime Stoppers in Canada: you’ve been hacked – http://www.databreaches.net/heres-a-tip-for-some-crime-stoppers-in-canada-youve-been-hacked/

 

Miscellaneous Privacy stories:

The government hides surveillance programs just because people would freak out – http://www.theguardian.com/commentisfree/2015/apr/11/the-government-will-hide-its-surveillance-programs-but-they-wont-eliminate-them

As encryption spreads, U.S. grapples with clash between privacy, security – http://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.html

Meet the privacy activists who spy on the surveillance industry – http://fusion.net/story/112390/unveiling-secrets-of-the-international-surveillance-trade-one-fake-company-at-a-time/

Facebook claims ‘a bug’ made it track nonusers – http://thehill.com/policy/technology/238399-facebook-claims-a-bug-made-it-track-people-not-on-facebook

“I feel violated:” Fraudulent Green Dot accounts set up using stolen identities – http://fox6now.com/2015/04/12/i-feel-violated-fraudulent-green-dot-accounts-set-up-using-stolen-identities/

Process servers can find you on Facebook – http://edition.cnn.com/2015/04/12/opinions/cevallos-facebook-process-serving/

Snowden keeps saying that US is still catching our emails – http://securityaffairs.co/wordpress/35799/digital-id/snowden-interview.html

 

Safeguarding Children and School E-Safety stories:

Five steps for an effective school e-safety policy – http://blog.srm-solutions.com/five-steps-for-an-effective-school-e-safety-policy/

Limerick kids to take the fight to online bullies at major summit – http://www.limerickleader.ie/news/business/business-news/limerick-kids-to-take-the-fight-to-online-bullies-at-major-summit-1-6683746

Why community intelligence modelling is vital when dealing with the ‘digital native’ – http://blog.srm-solutions.com/why-community-intelligence-modelling-is-vital-when-dealing-with-the-digital-native/

Full Frame Panel: Cyberbullying 101 – http://www.cctv-america.com/2015/04/11/full-frame-panel-cyberbullying-101

Higgins proposes cyber bullying legislation after falling victim – http://connachttribune.ie/higgins-proposes-cyber-bullying-legislation-after-falling-victim-063/

Florida Teen Charged With Felony For Changing Teacher’s Desktop Wallpaper – http://www.inquisitr.com/2003490/florida-teen-charged-with-felony-for-changing-teachers-desktop-wallpaper/

Why Online Abuse Is Not Our Destiny – https://www.techdirt.com/articles/20150407/16041830577/why-online-abuse-is-not-our-destiny.shtml

Every Teacher’s Must Have Guide to Facebook – http://www.edudemic.com/every-teachers-must-have-guide-to-facebook/

TeaMp0isoN reveals schools’ vulnerabilities – http://www.databreaches.net/teamp0ison-reveals-schools-vulnerabilities/

Police Chief Unable To Simply Do Nothing Over Reported Teen Sexting, Brings Child Porn Charges Against Four Minors – https://www.techdirt.com/articles/20150331/14510830506/police-chief-unable-to-simply-do-nothing-over-reported-teen-sexting-brings-child-porn-charges-against-four-minors.shtml

“Lessons will Be learned”: Safeguarding in schools – http://www.computerweekly.com/blogs/itworks/2015/04/lessons-will-be-learned-safegu.html

Education Sector Struggles With Botnets: BitSight – http://www.securityweek.com/education-sector-struggles-botnets-bitsight

 

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM Blog

SRM Blog