Monthly Archive May 2015

Smart TV vulnerability

The simple television is a thing of the past. The Smart TVs of today have much more in common with devices like smart phones and tablets than with the old boxes that used to sit in the corner of everyone’s homes. Nowadays televisions are connected, enabling viewers to tune in to anything and everything that is available via the Internet. But as well as multiple benefits, connected TVs also present some security risks.

Most of us take cyber security extremely seriously within our work environments. In business there is a legal framework to ensure that individuals’ personal details are kept secure. Many people are cautious about giving information out over the telephone or via unsecured payment methods and only the very reckless does not have some sort of security system operating on their personal computers.

While, at present, connected TVs do not offer quite the range of possibilities presented by smartphones and a television still does not fulfil all the functions of a personal computer, over the next few years they are likely to get increasingly close to this level of functionality. It is not impossible to imagine televisions being used for online shopping or banking virtual platforms.

This type of online activity is already the hunting ground for cyber criminals so the move to using a larger screen is only going to add a new area of vulnerability. Recent research by the European Union Agency for Network and Information Security (ENISA) identified Cyber Attacks as the principle threat to Smart Homes.

The recent controversy surrounding Samsung being accused of listening to the conversations and collecting data on users’ viewing habits of their customers through Smart TV microphones. LG was also accused of collecting information on its customers’ viewing habits through their Smart TVs. Both companies deny these accusations, but the sophistication of the technology contained within these TV systems does make such suspicions seem possible. Smart TVs have the potential to open householders up to a level of vulnerability which needs to be addressed.

Information Security Breach Report – 28 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Banks’ Cyber Risks Compounded by ‘Commjacking’ of Wi-Fi Networks – http://www.americanbanker.com/news/bank-technology/banks-cyber-risks-compounded-by-commjacking-of-wi-fi-networks-1074518-1.html

Hospital Data Breach Affects Thousands of Patients – https://www.send2press.com/newswire/hospital-data-breach-affects-thousands-of-patients-2015-0526-02.shtml

There’s a Moose loose aboot this hoose: Linux worm hijacks Twitter feeds for spam slinging – http://www.theregister.co.uk/2015/05/26/routerbashing_worm_yanks_tens_of_thousands_of_twitter_accounts/

Researchers Exploit Patched Windows Group Policy Bug – https://threatpost.com/researchers-exploit-patched-windows-group-policy-bug/113000

POS Malware Nitlove Seen Spreading Through Spam Campaign – https://threatpost.com/pos-malware-nitlove-seen-spreading-through-spam-campaign/113009

Anon Coders take control of Kentucky GOP’s site; says expect more – http://www.databreaches.net/anon-coders-take-control-of-kentucky-gops-site-says-expect-more/

Florida releases personal data on 13,000 people, issues ‘fraud’ alert – http://www.miamiherald.com/news/politics-government/state-politics/article22395198.html

Thousands of UK Government PCs Exposed – http://www.infosecurity-magazine.com/news/thousands-uk-government-pcs-exposed/

Update on Sterne Agee Group laptop breach – http://www.databreaches.net/update-on-sterne-agee-group-laptop-breach/

Synology Fixes XSS, Command Injection Vulnerabilities in NAS Software – http://www.securityweek.com/synology-fixes-xss-command-injection-vulnerabilities-nas-software?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Attackers Use Exploit Kit to Hijack Routers: Researcher – http://www.securityweek.com/attackers-use-exploit-kit-hijack-routers-researcher

Recent Breaches a Boon to Extortionists – http://krebsonsecurity.com/2015/05/recent-breaches-a-boon-to-extortionists/

Beacon Health System notifies patients after phishing attack – http://www.databreaches.net/beacon-health-system-notifies-patients-after-phishing-attack/

Scam alert: New Facebook scam wants to steal your login and your money – http://bgr.com/2015/05/26/facebook-recovery-message-scam-phishing-warning/

Large-scale attack uses browsers to hijack routers – http://www.computerworld.com/article/2925580/cybercrime-hacking/large-scale-attack-uses-browsers-to-hijack-routers.html#tk.rss_security0

Cybercriminals Use SVG Files to Distribute Ransomware – http://www.securityweek.com/cybercriminals-use-svg-files-distribute-ransomware?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Emerson Patches SQL Injection Vulnerability in ICS Product – http://www.securityweek.com/emerson-patches-sql-injection-vulnerability-ics-product?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

MTN SOUTH AFRICA SHUTS DOWN EBILLING PORTAL OVER SECURITY BREACH – http://techcabal.com/2015/05/26/mtn-south-africa-shuts-down-ebilling-portal-over-security-breach/

Password reset sites expose crackable PeopleSoft creds – http://www.theregister.co.uk/2015/05/28/password_reset_sites_expose_crackable_peoplesoft_creds/

Unauthorized Access Vulnerability Fixed in Symfony – http://www.securityweek.com/unauthorized-access-vulnerability-fixed-symfony

LogJam flaw leaves 1,006 cloud applications vulnerable to attack – http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5109/logjam-flaw-leaves-1006-cloud-applications-vulnerable-to-attack

 

Miscellaneous Infosec stories:

Hacker’s List leaks its secrets, revealing true identities of those wanting to hack – http://www.hotforsecurity.com/blog/hackers-list-leaks-its-secrets-revealing-true-identities-of-those-wanting-to-hack-11847.html

INFOGRAPHIC: 8 Vulnerable Software Apps Exposing Your Computer to Cyber Attacks – http://www.adweek.com/socialtimes/infographic-8-vulnerable-software-apps-exposing-your-computer-to-cyber-attacks/620757

One More Reason for Companies to Report Data Breaches – http://justsecurity.org/23227/reason-companies-report-data-breaches/

Five Takeaways from the First Cyber Insurance Case – http://www.jdsupra.com/legalnews/five-takeaways-from-the-first-cyber-88215/

Number of identity theft victims ‘rises by a third’ – http://www.bbc.co.uk/news/uk-32890979

CISOs turn to security awareness solutions to change poor employee behaviors – http://www.csoonline.com/article/2926173/security-awareness/cisos-turn-to-security-awareness-solutions-to-change-poor-employee-behaviors.html

2014 marked by rise in spear-phishing, social engineering – Federal Times – http://www.hackbusters.com/news/stories/328746-2014-marked-by-rise-in-spear-phishing-social-engineering-federal-times

Why insider threats are succeeding – http://techspective.net/2015/05/26/why-insider-threats-are-succeeding/

How your old cell phone can leak your company’s confidential info – http://cio.economictimes.indiatimes.com/news/consumer-tech/how-your-old-cell-phone-can-leak-your-companys-confidential-info/47438372

WordPress malware: Don’t let too-good-to-be-true deals infest your site – http://www.zdnet.com/article/dont-let-too-good-to-be-true-deals-infest-your-site-with-malware/#ftag=RSSbaffb68

PCI Council Launches Group to Help Improve SME Compliance – http://www.infosecurity-magazine.com/news/pci-council-group-improve-sme/

Why The World’s Top Security Pros Are Furious About Exploit Export Rules – http://www.forbes.com/sites/thomasbrewster/2015/05/26/security-pro-fury-on-exploit-export-rules/

Who and why is attacking companies in the Nordic Countries? – http://securityaffairs.co/wordpress/37140/cyber-crime/apt-against-nordic-countries.html

Expert issues cyber-attack warning – http://www.financialstandard.com.au/news/view/50139844

Data Centre Consolidation – A Cyber Security perspective – http://dcseurope.info/news_full.php?id=37946

Threat Intelligence Sharing Valued, But Many Not Doing it: Survey – http://www.securityweek.com/threat-intelligence-sharing-valued-many-not-doing-it-survey?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Bad Bots’ Impact on Mobile Web Traffic Rose in 2014: Research – http://www.securityweek.com/bad-bots-impact-mobile-web-traffic-rose-2014-research?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

5 hackers who came over from the dark side – http://www.welivesecurity.com/2015/05/25/5-hackers-who-came-over-from-the-dark-side/

Threat Intelligence – http://www.solutionary.com/resource-center/blog/2015/05/threat-intelligence/

The cost of a data breach has jumped 23 percent in two years – http://www.pcworld.com/article/2927618/the-cost-of-a-data-breach-has-jumped-23-percent-in-two-years.html

Cyber-Attacks in 2015 Reveal Unknown Flaws in Flash, Windows – http://www.eweek.com/security/cyber-attacks-in-2015-reveal-unknown-flaws-in-flash-windows.html

Cyber attacks leave businesses wide open to lawsuits – https://www.siliconrepublic.com/enterprise/2015/05/28/cyber-attacks-leave-businesses-wide-open-to-lawsuits

 

Tools, Tips and How it’s done:

Windows Functions in Malware Analysis – Cheat Sheet – Part 1 – http://resources.infosecinstitute.com/windows-functions-in-malware-analysis-cheat-sheet-part-1/

How to monitor XSS attacks and other security threats on your website, in real-time – https://grahamcluley.com/2015/05/monitor-xss-attacks/

A primer on cyber security for online retailers – https://www.internetretailer.com/commentary/2015/05/26/primer-cyber-security-online-retailers

Is your “secret answer” hard to guess? – http://now.avg.com/is-your-secret-answer-hard-to-guess/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+avg-blogs+%28AVG+Blogs%29

The Samaritan and The Smartphone – 7 Tips to Secure and Help Your Cell Phone Get Home – http://www.solutionary.com/resource-center/blog/2015/05/the-samaritan-and-the-smartphone/

Profile Of A Cybercrime Petty Thief – http://www.darkreading.com/analytics/threat-intelligence/profile-of-a-cybercrime-petty-thief/d/d-id/1320559?_mc=RSS_DR_EDT

In Pictures: Seven best practices for cloud security – http://www.cio.com.au/slideshow/575891/pictures-seven-best-practices-cloud-security/

The Internet of Buggy Things – http://www.bankinfosecurity.com/blogs/internet-buggy-things-p-1862

Sniffing and tracking wearable tech and smartphones – http://www.net-security.org/secworld.php?id=18422

Tox, how to create your ransomware in 3 steps – http://securityaffairs.co/wordpress/37180/cyber-crime/tox-ransomware-builder.html

 

Miscellaneous Privacy stories:

Tracking Human Mobility using WiFi signals – http://sunelehmann.com/2015/05/26/tracking-human-mobility-using-wifi-signals/

Subway riders’ smartphones could carry tracking malware – http://techxplore.com/news/2015-05-subway-riders-smartphones-tracking-malware.html

A reminder that your Instagram photos aren’t really yours: Someone else can sell them for $90,000 – http://www.washingtonpost.com/blogs/style-blog/wp/2015/05/25/a-reminder-that-your-instagram-photos-arent-really-yours-someone-else-can-sell-them-for-90000/

Google’s Internet-connected toys patent sparks privacy concerns, visions of IoT Chucky – http://www.computerworld.com/article/2926333/data-privacy/googles-internet-connected-toys-patent-sparks-privacy-concerns-visions-of-iot-chucky.html#tk.rss_security0

iPhone users’ privacy at risk due to leaky Bluetooth technology – http://www.v3.co.uk/v3-uk/news/2409939/iphone-users-privacy-at-risk-due-to-leaky-bluetooth-technology

 

Safeguarding Children and School E-Safety stories:

Cyber bullying: Nip it in the bud – http://www.livemint.com/Leisure/lpQCFqjgETbXachoWRxysO/Cyber-bullying-Nip-it-in-the-bud.html

Google Play revamps its Android apps’ age ratings – http://www.bbc.co.uk/news/technology-32882136

Traditional Schoolyard Bullies Likely to Engage in Cyber-Bullying as Well – http://www.sydneycatholic.org/news/latest_news/2015/2015526_657.shtml

Why hackers want kids’ personal information – http://thehill.com/policy/cybersecurity/242865-why-hackers-want-kids-personal-information

Child sex abuse live streams loophole to be closed – http://www.bbc.co.uk/news/technology-32899033

Influence of Social Media on Teenagers – http://www.huffingtonpost.com/suren-ramasubbu/influence-of-social-media-on-teenagers_b_7427740.html

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 21 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

New Router Attack Displays Fake Warning Messages – http://blog.trendmicro.com/trendlabs-security-intelligence/new-router-attack-displays-fake-warning-messages/

Data breach involves Southwest Licking student info – http://www.newarkadvocate.com/story/news/local/pataskala/2015/05/20/southwest-licking-schools-data-breach/27655485/

Android stock browser vulnerable to URL spoofing – http://www.csoonline.com/article/2924996/vulnerabilities/android-stock-browser-vulnerable-to-url-spoofing.html#tk.rss_all

Cps Experiencing Data Breach After Sharing 4,000 Students Personal Information – http://www.styrk.com/posts/cps-experiencing-data-breach-after-sharing-4-000-students-personal-information

Tech experts urge cyber ‘vigilance’ after ATW website hacked Tuesday – http://fox11online.com/2015/05/20/tech-experts-urge-cyber-vigilance-after-atw-website-hacked-tuesday/

Fee website used by Weber School District hacked – http://www.standard.net/Education/2015/05/20/School-fee-website-hacked.html

Data Belonging To 1.1 Million CareFirst Customers Stolen In Cyber Attack – http://www.forbes.com/sites/katevinton/2015/05/20/data-belonging-to-1-1-million-carefirst-customers-stolen-in-cyber-attack/

Say hello to the latest cyber superbug – http://www.businessspectator.com.au/article/2015/5/21/technology/say-hello-latest-cyber-superbug

‘Venom’ Security Bug Allows Network Intrusion via the Cloud – http://thevarguy.com/network-security-and-data-protection-software-solutions/052015/venom-security-bug-allows-network-intrusion-

Crypto Ransomware Seeks Dominance as New Threats Emerge to Encrypt and Destroy Files – http://www.spywareremove.com/crypto-ransomware-dominance-threats-encrypt-destroy-files.html

Hard-coded credentials placing dental offices at risk – http://www.csoonline.com/article/2923887/vulnerabilities/hard-coded-credentials-placing-dental-offices-at-risk.html#tk.rss_all

 

Miscellaneous Infosec stories:

Apple Fixes Security Bugs With First Update for Watch OS – http://www.securityweek.com/apple-fixes-security-bugs-first-update-watch-os?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Cracking down on poor cyber hygiene – http://fcw.com/articles/2015/05/20/cracking-down-on-cyber.aspx

Phishing and Malware Cyberattacks are Directed at Law Firms (and Clients) – So it’s Time to Train Employees – http://abovethelaw.com/2015/05/phishing-and-malware-cyberattacks-are-directed-at-law-firms-and-clients-so-its-time-to-train-employees/

FTC looks ‘favorably’ on firms that report data breach – http://thehill.com/policy/technology/242703-ftc-looks-favorably-on-firms-that-report-data-breach

Cyber thieves targeting the Internet with more sophistication – http://wivb.com/investigative-story/cyber-thieves-targeting-the-internet-with-more-sophistication/

EFF Asks Court To Reconsider Ruling That Would Make Violating Work Computer Policies A Criminal Act – https://www.techdirt.com/articles/20150515/07365131013/eff-asks-court-to-reconsider-ruling-that-would-make-violating-work-computer-policies-criminal-act.shtml

E-paper display gives payment cards a changing security code – http://www.csoonline.com/article/2924958/data-protection/epaper-display-gives-payment-cards-a-changing-security-code.html#tk.rss_all

DDoS attacks increase and methods changed in Q1 2015, report says – http://www.scmagazine.com/q1-report-shows-uptick-in-low-bandwidth-ddos-attacks/article/415876/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SCMagazineNews+%28SC+Magazine+News%29

This 9-Year-Old CEO Knows more about Cyber Security Than You Do – http://tech.co/reuben-paul-9-year-old-ceo-cyber-security-2015-05

Google changes Chrome extension policy amid security concerns – http://searchsecurity.techtarget.com/news/4500246699/Google-changes-Chrome-extension-policy-amid-security-concerns

Cyber risk now seen as a top 10 global threat to businesses – http://www.supplymanagement.com/news/2015/cyber-risk-now-seen-as-a-top-10-global-threat-to-businesses

How much money do cyber crooks collect via crypto ransomware? – http://www.net-security.org/malware_news.php?id=3042

 

Tools, Tips and How it’s done:

5 Easy Ways to Avoid Getting Hacked at ATMs – http://time.com/3890898/atm-security/

Logjam vulnerability – what you need to know – http://blog.lumension.com/10143/logjam-vulnerability-faq/

All Roads Lead to the Need to Strengthen Your Security Operations Center? – http://www.csoonline.com/article/2925114/security0/all-roads-lead-to-the-need-to-strengthen-your-security-operations-center.html#tk.rss_all

Legally Blind and Deaf – How Computer Crime Laws Silence Helpful Hackers – https://hackerone.com/news/legally-blind-and-deaf

Hacker launches ransomware rescue kit – http://www.theregister.co.uk/2015/05/21/ransomware_rescue_kit/

What combination locks teach us about encryption weakness – http://www.csoonline.com/article/2922372/security-industry/what-combination-locks-teach-us-about-encryption-weakness.html#tk.rss_all

 

Miscellaneous Privacy stories:

Tribunal finds no breach of privacy law by employer using Facebook to investigate misconduct claims – http://www.smartcompany.com.au/legal/47015-tribunal-finds-no-breach-of-privacy-law-by-employer-using-facebook-to-investigate-misconduct-claims.html

Americans’ Attitudes About Privacy, Security and Surveillance – http://www.pewinternet.org/2015/05/20/americans-attitudes-about-privacy-security-and-surveillance/

 

Safeguarding Children and School E-Safety stories:

Online safety: If you want something done right, do it yourself – http://phys.org/news/2015-05-online-safety.html

Raising cyber kids in GenNBN – http://www.nbnco.com.au/blog/raising-cyber-kids-in-gennbn.html

Suspend, blacklist cyberbullies – http://www.odt.co.nz/news/schools-news/342761/suspend-blacklist-cyberbullies

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

Snapchat data scandal

by Michelle Ali

This blog first appeared within the VE-SO Portal in March, as one of the regular updates for school E-Safety Officers. It now appears here for general information.

The impact of the Snapchat update

It’s fair to say that the recent major update of Snapchat (27/01/15) caused a huge uproar among Snapchat users. Most people’s biggest problem is that they can no longer see their contacts “best friends” i.e. their most frequently contacted. People don’t like this because it was always good gossip to see who had been messaging who.

However, another serious issue surfaced recently with users reporting that the app is burning through too much background data.

In the screenshot at the bottom of the article, you can see Snapchat having used over 40MB in the foreground (while the app was open) and a little more than 250MB in the background. In a span of a week, the app burned through a quarter of a gigabyte.

Snapchat introduced a discover page linked to news feeds from various sources such as CNN, National Geographic, and People. Users complained about the app quickly draining battery life, causing crashes, and sucking up background data.

Fortunately, users can prevent Snapchat from running in the background. Go to Data Usage under your phone’s settings menu and look for Snapchat. If it’s giving problems, it is likely to be at the top of the list of apps. Tap it and select the Restrict Background data option.

Snapchat can’t be held responsible for the things people do using its service, but the company should jump on this issue quickly if it doesn’t want customers taking up pitchforks over the potential charges on their cell phone bills. With any luck, it’s already on it.

Information Security Breach Report – 11 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Newfoundland patient data breach investigated – http://metronews.ca/news/canada/1363605/newfoundland-patient-data-breach-investigated/

Cafe de Coral reveals accidental data leak – http://www.thestandard.com.hk/breaking_news_detail.asp?id=60956&icid=a&d_str=

95% of SAP deployments ‘vulnerable to cyber attacks’ – http://www.itpro.co.uk/hacking/24577/95-of-sap-deployments-vulnerable-to-cyber-attacks

Visitors to top porn sites hit by malvertising attack – http://www.csoonline.com/article/2920677/malware-cybercrime/visitors-to-top-porn-sites-hit-by-malvertising-attack.html#tk.rss_all

Meru Cabs: Customer Data Exposed – http://www.inforisktoday.com/meru-cabs-customer-data-exposed-a-8210

Child abuse images deface Nazi Mauthausen camp website – http://www.bbc.co.uk/news/world-europe-32652394

Flawed Open Smart Grid Protocol is a risk for Smart Grid – http://securityaffairs.co/wordpress/36648/hacking/flaws-open-smart-grid-protocol.html

Million WordPress websites vulnerable to DOM-based XSS – http://securityaffairs.co/wordpress/36607/hacking/million-wordpress-dom-based-xss.html

Android cellular voice channel used as new covert channel to leak info, spread malware – http://www.computerworld.com/article/2919516/cybercrime-hacking/android-cellular-voice-channel-used-as-new-covert-channel-to-leak-info-spread-malware.html

Adobe to Patch Critical Vulnerabilities in Reader, Acrobat – http://www.securityweek.com/adobe-patch-critical-vulnerabilities-reader-acrobat?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

GPS used to locate a gang using gas pump skimmers – http://securityaffairs.co/wordpress/36683/cyber-crime/gas-pump-skimmers-gang.html

Serious MacKeeper vulnerability found – http://www.thesafemac.com/serious-mackeeper-vulnerability-found/

Cyber-Attack Attempted By Former Nuclear Regulatory Commission Employee – http://www.inquisitr.com/2076983/cyber-attack-attempted-by-former-nuclear-regulatory-commission-employee/

Snapchat security breach – http://isnapchathack.com/ap/

Cyber security firm ‘doctored up’ data breaches to extort companies, ex-employee claims – http://www.smh.com.au/it-pro/security-it/cyber-security-firm-doctored-up-data-breaches-to-extort-companies-exemployee-claims-20150511-ggyoss.html

Beware! ‘Breaking Bad’ Is Now A Ransom-Styled Malware Currently Infecting Australian Computers – http://www.inquisitr.com/2080361/beware-breaking-bad-is-now-a-ransom-styled-malware-currently-hitting-australian-computer-users/

 

Miscellaneous Infosec stories:

Here’s how many U.S. adults were hacked in 2014 – http://www.cbsnews.com/news/heres-how-many-u-s-adults-were-hacked-in-2014/

Mobile malware statistics highlight unknown state of mobile threats – http://searchsecurity.techtarget.com/news/4500245950/Mobile-malware-statistics-highlight-unknown-state-of-mobile-threats

Kiwi company posts job ad for Windows support scammers – http://www.theregister.co.uk/2015/05/07/kiwi_company_posts_job_ad_for_windows_support_scammers/

Where is the Android DDoS Armageddon? – http://www.securityweek.com/where-android-ddos-armageddon

Here’s What a Cyber Warfare Arsenal Might Look Like – http://www.scientificamerican.com/article/here-s-what-a-cyber-warfare-arsenal-might-look-like/

Is cyber-warfare really that scary? – http://www.bbc.co.uk/news/world-32534923

As Data Breaches Spread, Providers and Payers Must Prepare – http://www.healthleadersmedia.com/content/TEC-316074/As-Data-Breaches-Spread-Providers-and-Payers-Must-Prepare

Windows 10: No More Monthly Patches – http://www.inforisktoday.com/windows-10-no-more-monthly-patches-a-8202

Why don’t you rent your electronic wireless doorlock, asks man selling doorlocks – http://www.theregister.co.uk/2015/05/06/why_dont_you_rent_your_doorlock_asks_man_selling_doorlocks/

70 million Americans report stolen data – http://www.consumerreports.org/cro/news/2015/05/70-million-americans-report-stolen-data/index.htm

Too Many Healthcare Employees Have Excessive Patient Data Access – http://www.infosecurity-magazine.com/news/healthcare-employees-excessive/

Hack renting portal charges fee to penetrate any account – http://pulse.ng/tech/cyber-business-hack-renting-portal-charges-fee-to-penetrate-any-account-id3739160.html

The Effectiveness of Spear Phishing Not Lost on Cyber Terrorists – http://www.benzinga.com/pressreleases/15/05/p5494834/the-effectiveness-of-spear-phishing-not-lost-on-cyber-terrorists

 

Tools, Tips and How it’s done:

MAKING SMART LOCKS SMARTER (AKA. HACKING THE AUGUST SMART LOCK) – http://blog.maintenancewindow.ca/post/2015/03/29/Making-Smart-Locks-Smarter-%28aka.-Hacking-the-August-Smart-Lock%29

PoC Linux Rootkit Uses GPU to Evade Detection – http://www.securityweek.com/poc-linux-rootkit-uses-gpu-evade-detection?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Facebook Friends Mapper – How to crawl Hidden Friends – http://securityaffairs.co/wordpress/36675/hacking/facebook-friends-mapper.html

A digital skeleton key to access any website – http://docs.higg.so/2015/03/10/a-digital-skeleton-key-for-accessing-any-website-proposal/

Ad Injection at Scale: Assessing Deceptive Advertisement Modifications – https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43346.pdf

True Private Messaging: 7 Apps to Encrypt Your Chats – http://www.infosecdailynews.com/true-private-messaging-7-apps-to-encrypt-your-chats/

 

Miscellaneous Privacy stories:

Wearable tech portends vast effects on health and privacy – http://www.washingtonpost.com/sf/national/2015/05/09/the-revolution-will-be-digitized/?hpid=z1

 

Safeguarding Children and School E-Safety stories:

Schools: have your say about cyberbullying – http://www.saferinternet.org.uk/news/schools-have-your-say-about-cyberbullying

Mother Speaks Out About Cyber-Bullies – http://cbs12.com/news/top-stories/stories/vid_25671.shtml

How to change your privacy setting on Facebook – http://www.itproportal.com/2015/05/09/how-to-change-your-privacy-setting-facebook/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+itproportal%2Frss+%28Latest+ITProPortal+News%29

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM Blog

SRM Blog