Breach Report

PCI Breach Trend Report June 2015

In the last twelve months, Security Risk Management (SRM) ltd has been contacted by over 65 companies legally required to seek assistance in securing data breaches. The largest number of cases (38%) came from specialist online retailers and clothing retailers (27%).

The majority of businesses affected with a breach were at the small end of the business scale. Where figures have been released, the average number of cards affected per breach was 850 on average.

The most common attack method was through Remote File Inclusion (RFI), a method of running malicious code on a victim’s system, providing the intruder with unrestricted access and enabling them to steal sensitive information and execute malicious actions.

Trend Report Businesses Affected

 

Information Security Breach Report – 02 June 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Angler Exploit Kit Loads Up CryptoWall 3.0, Flash Flaw – http://www.infosecurity-magazine.com/news/angler-exploit-kit-loads-up/

Blue Coat Fixes Several Flaws in SSL Visibility Appliance – http://www.securityweek.com/blue-coat-fixes-several-flaws-ssl-visibility-appliance?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Over 1,000 Vietnamese websites hacked by Chinese during weekend: report – http://www.thanhniennews.com/tech/over-1000-vietnamese-websites-hacked-by-chinese-during-weekend-report-45148.html

DYRE Banking Malware Upsurges; Europe and North America Most Affected – http://blog.trendmicro.com/trendlabs-security-intelligence/old-banking-malware-resurfaces-europe-north-america-most-affected/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29

Now Twitter and Snapchat get stung by the iPhone text crash – http://www.hotforsecurity.com/blog/now-twitter-and-snapchat-get-stung-by-the-iphone-text-crash-11888.html

Grabit Espionage Campaign Steals Thousands of Files From SMBs – http://www.eweek.com/security/grabit-espionage-campaign-steals-thousands-of-files-from-smbs.html

eBay bug turns phishing email links into malware-stuffed booby prizes – http://www.theregister.co.uk/2015/05/23/beware_forms_that_arent_ebay_hit_by_serious_security_problem/

Sally Beauty: Cybercriminals Planted Malware on PoS Systems for 6 Weeks – http://www.securityweek.com/sally-beauty-cybercriminals-planted-malware-pos-systems-6-weeks?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

More than 60 undisclosed vulnerabilities affect 22 SOHO routers – http://seclists.org/fulldisclosure/2015/May/129

 

Miscellaneous Infosec stories:

Tackling the human problem of security – http://www.itnews.com.au/Feature/404650,tackling-the-human-problem-of-security.aspx?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+

Business Risks Associated With Data Breaches – http://www.addrenal.com/groups/business-risks-associated-with-data-breaches/

Retail sector falling short in customer data protection – http://www.itproportal.com/2015/05/30/retail-sector-falling-short-customer-data-protection/

On Reflection: Don’t bring cyber crime in through the back door – http://www.windpowermonthly.com/article/1349274/reflection-dont-bring-cyber-crime-back-door

Number of Botnet-Powered DDoS Attacks Dropped in Q1: Kaspersky – http://www.securityweek.com/number-botnet-powered-ddos-attacks-dropped-q1-kaspersky?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

How a hack on Prince Philip’s Prestel account led to UK computer law – http://www.theregister.co.uk/2015/03/26/prestel_hack_anniversary_prince_philip_computer_misuse/

UAE firms targeted by cyber spying – http://gulfnews.com/business/sectors/technology/uae-firms-targeted-by-cyber-spying-1.1527377

CESG launch new Certified Cyber Security Consultancy scheme for government and industry – http://www.gchq.gov.uk/press_and_media/press_releases/Pages/CESG-launch-new-Certified-Cyber-Consultancy-scheme.aspx

Surfing porn, downloading apps: Employees ignore obvious cyber risks at work – http://www.firstpost.com/business/surfing-porn-downloading-apps-employees-ignore-obvious-cyber-risks-work-2274786.html

Protecting banks from the coming data breach liability storm – http://www.easier.com/130347-protecting-banks-from-the-coming-data-breach-liability-storm.html

 

Tools, Tips and How it’s done:

The cyber security expert Michael Fratello has made a detailed analysis of the locker ransomware that implements a unique delivery mechanism – http://securityaffairs.co/wordpress/37325/malware/locker-ransomware-analysis.html

Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems – http://www.rand.org/pubs/research_reports/RR620.html

10 Rules for Writing Safety Critical Code – http://spinroot.com/p10/

Malvertising Assaults Result in Attack Toolkit Magnitude and Ransomware says Zscaler – http://securitynewswire.com/latestsecuritynews/mobile_article.php?title=Malvertising_Assaults_Result_in_Attack_Toolkit_Magnitude_and_Ransomware_says_Zscaler

Technical analysis of Hola vulnerabilities enabling cyber attacks – http://blog.vectranetworks.com/blog/technical-analysis-of-hola

The vulnerable Border Gateway protocol, a quick-fix solution from 1989, still directs most internet traffic – http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/

5 things you need to do to maintain your professional online hygiene – https://www.linkedin.com/pulse/5-things-you-need-do-maintain-your-professional-online-yotam-gutman

Shady Ad Network Using “Camo Sites” – https://www.bluecoat.com/security-blog/2015-05-30/shady-ad-network-using-camo-sites

The Importance of Operational Security and User Education – http://securityaffairs.co/wordpress/37368/security/operational-securit-user-education.html

What enterprise should do when helpless employees lose hope in fighting cyber attacks – http://www.networksasia.net/article/what-enterprise-should-do-when-helpless-employees-lose-hope-fighting-cyber-attacks

 

Miscellaneous Privacy stories:

Why you shouldn’t worry about privacy and security on your phone – https://nakedsecurity.sophos.com/2015/06/02/why-you-shouldnt-worry-about-privacy-and-security-on-your-phone/

Lower Merion School District explains the 56,000 Webcamgate shots – http://www.forbes.com/sites/kashmirhill/2010/04/22/lower-merion-school-district-explains-the-56000-webcamgate-shots/

Haunted by a stranger who stole my life online – http://www.dailymail.co.uk/femail/article-3105080/Haunted-stranger-stole-life-online-imposter-used-executive-s-photos-create-fantasy-life-duped-falling-fake-woman.html

Jennifer Newman: What employers look for when checking your Facebook, LinkedIn – http://www.cbc.ca/news/canada/british-columbia/jennifer-newman-what-employers-look-for-when-checking-your-facebook-linkedin-1.3094131

Unmasking hidden Tor service users is too easy, say infosec bods – http://www.theregister.co.uk/2015/05/30/researchers_claim_tracking_hidden_tor_services_is_easy/

Data breach liability: confidentiality vs. privacy – http://www.databreaches.net/data-breach-liability-confidentiality-vs-privacy/

 

Safeguarding Children and School E-Safety stories:

Filmed on Skype… the chilling exchange between reporter posing as a child and Islamic State fighter from London – http://www.dailymail.co.uk/news/article-3094448/Filmed-Skype-chilling-exchange-reporter-posing-child-Islamic-State-fighter-London-told-pick-going-picking-wife.html

Internet celebrities speak out against cyber bullying – http://www.3news.co.nz/nznews/internet-celebrities-speak-out-against-cyber-bullying-2015053115#axzz3bvBj1eI1

Students make lecturers life a ‘misery’ – http://m.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11458573

Whose privacy matters most? – http://www.csoonline.com/article/2928700/privacy/whose-privacy-matters-most.html#tk.rss_all

 

If you would like this report sent direct to your inbox, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 28 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Banks’ Cyber Risks Compounded by ‘Commjacking’ of Wi-Fi Networks – http://www.americanbanker.com/news/bank-technology/banks-cyber-risks-compounded-by-commjacking-of-wi-fi-networks-1074518-1.html

Hospital Data Breach Affects Thousands of Patients – https://www.send2press.com/newswire/hospital-data-breach-affects-thousands-of-patients-2015-0526-02.shtml

There’s a Moose loose aboot this hoose: Linux worm hijacks Twitter feeds for spam slinging – http://www.theregister.co.uk/2015/05/26/routerbashing_worm_yanks_tens_of_thousands_of_twitter_accounts/

Researchers Exploit Patched Windows Group Policy Bug – https://threatpost.com/researchers-exploit-patched-windows-group-policy-bug/113000

POS Malware Nitlove Seen Spreading Through Spam Campaign – https://threatpost.com/pos-malware-nitlove-seen-spreading-through-spam-campaign/113009

Anon Coders take control of Kentucky GOP’s site; says expect more – http://www.databreaches.net/anon-coders-take-control-of-kentucky-gops-site-says-expect-more/

Florida releases personal data on 13,000 people, issues ‘fraud’ alert – http://www.miamiherald.com/news/politics-government/state-politics/article22395198.html

Thousands of UK Government PCs Exposed – http://www.infosecurity-magazine.com/news/thousands-uk-government-pcs-exposed/

Update on Sterne Agee Group laptop breach – http://www.databreaches.net/update-on-sterne-agee-group-laptop-breach/

Synology Fixes XSS, Command Injection Vulnerabilities in NAS Software – http://www.securityweek.com/synology-fixes-xss-command-injection-vulnerabilities-nas-software?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Attackers Use Exploit Kit to Hijack Routers: Researcher – http://www.securityweek.com/attackers-use-exploit-kit-hijack-routers-researcher

Recent Breaches a Boon to Extortionists – http://krebsonsecurity.com/2015/05/recent-breaches-a-boon-to-extortionists/

Beacon Health System notifies patients after phishing attack – http://www.databreaches.net/beacon-health-system-notifies-patients-after-phishing-attack/

Scam alert: New Facebook scam wants to steal your login and your money – http://bgr.com/2015/05/26/facebook-recovery-message-scam-phishing-warning/

Large-scale attack uses browsers to hijack routers – http://www.computerworld.com/article/2925580/cybercrime-hacking/large-scale-attack-uses-browsers-to-hijack-routers.html#tk.rss_security0

Cybercriminals Use SVG Files to Distribute Ransomware – http://www.securityweek.com/cybercriminals-use-svg-files-distribute-ransomware?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Emerson Patches SQL Injection Vulnerability in ICS Product – http://www.securityweek.com/emerson-patches-sql-injection-vulnerability-ics-product?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

MTN SOUTH AFRICA SHUTS DOWN EBILLING PORTAL OVER SECURITY BREACH – http://techcabal.com/2015/05/26/mtn-south-africa-shuts-down-ebilling-portal-over-security-breach/

Password reset sites expose crackable PeopleSoft creds – http://www.theregister.co.uk/2015/05/28/password_reset_sites_expose_crackable_peoplesoft_creds/

Unauthorized Access Vulnerability Fixed in Symfony – http://www.securityweek.com/unauthorized-access-vulnerability-fixed-symfony

LogJam flaw leaves 1,006 cloud applications vulnerable to attack – http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5109/logjam-flaw-leaves-1006-cloud-applications-vulnerable-to-attack

 

Miscellaneous Infosec stories:

Hacker’s List leaks its secrets, revealing true identities of those wanting to hack – http://www.hotforsecurity.com/blog/hackers-list-leaks-its-secrets-revealing-true-identities-of-those-wanting-to-hack-11847.html

INFOGRAPHIC: 8 Vulnerable Software Apps Exposing Your Computer to Cyber Attacks – http://www.adweek.com/socialtimes/infographic-8-vulnerable-software-apps-exposing-your-computer-to-cyber-attacks/620757

One More Reason for Companies to Report Data Breaches – http://justsecurity.org/23227/reason-companies-report-data-breaches/

Five Takeaways from the First Cyber Insurance Case – http://www.jdsupra.com/legalnews/five-takeaways-from-the-first-cyber-88215/

Number of identity theft victims ‘rises by a third’ – http://www.bbc.co.uk/news/uk-32890979

CISOs turn to security awareness solutions to change poor employee behaviors – http://www.csoonline.com/article/2926173/security-awareness/cisos-turn-to-security-awareness-solutions-to-change-poor-employee-behaviors.html

2014 marked by rise in spear-phishing, social engineering – Federal Times – http://www.hackbusters.com/news/stories/328746-2014-marked-by-rise-in-spear-phishing-social-engineering-federal-times

Why insider threats are succeeding – http://techspective.net/2015/05/26/why-insider-threats-are-succeeding/

How your old cell phone can leak your company’s confidential info – http://cio.economictimes.indiatimes.com/news/consumer-tech/how-your-old-cell-phone-can-leak-your-companys-confidential-info/47438372

WordPress malware: Don’t let too-good-to-be-true deals infest your site – http://www.zdnet.com/article/dont-let-too-good-to-be-true-deals-infest-your-site-with-malware/#ftag=RSSbaffb68

PCI Council Launches Group to Help Improve SME Compliance – http://www.infosecurity-magazine.com/news/pci-council-group-improve-sme/

Why The World’s Top Security Pros Are Furious About Exploit Export Rules – http://www.forbes.com/sites/thomasbrewster/2015/05/26/security-pro-fury-on-exploit-export-rules/

Who and why is attacking companies in the Nordic Countries? – http://securityaffairs.co/wordpress/37140/cyber-crime/apt-against-nordic-countries.html

Expert issues cyber-attack warning – http://www.financialstandard.com.au/news/view/50139844

Data Centre Consolidation – A Cyber Security perspective – http://dcseurope.info/news_full.php?id=37946

Threat Intelligence Sharing Valued, But Many Not Doing it: Survey – http://www.securityweek.com/threat-intelligence-sharing-valued-many-not-doing-it-survey?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Bad Bots’ Impact on Mobile Web Traffic Rose in 2014: Research – http://www.securityweek.com/bad-bots-impact-mobile-web-traffic-rose-2014-research?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

5 hackers who came over from the dark side – http://www.welivesecurity.com/2015/05/25/5-hackers-who-came-over-from-the-dark-side/

Threat Intelligence – http://www.solutionary.com/resource-center/blog/2015/05/threat-intelligence/

The cost of a data breach has jumped 23 percent in two years – http://www.pcworld.com/article/2927618/the-cost-of-a-data-breach-has-jumped-23-percent-in-two-years.html

Cyber-Attacks in 2015 Reveal Unknown Flaws in Flash, Windows – http://www.eweek.com/security/cyber-attacks-in-2015-reveal-unknown-flaws-in-flash-windows.html

Cyber attacks leave businesses wide open to lawsuits – https://www.siliconrepublic.com/enterprise/2015/05/28/cyber-attacks-leave-businesses-wide-open-to-lawsuits

 

Tools, Tips and How it’s done:

Windows Functions in Malware Analysis – Cheat Sheet – Part 1 – http://resources.infosecinstitute.com/windows-functions-in-malware-analysis-cheat-sheet-part-1/

How to monitor XSS attacks and other security threats on your website, in real-time – https://grahamcluley.com/2015/05/monitor-xss-attacks/

A primer on cyber security for online retailers – https://www.internetretailer.com/commentary/2015/05/26/primer-cyber-security-online-retailers

Is your “secret answer” hard to guess? – http://now.avg.com/is-your-secret-answer-hard-to-guess/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+avg-blogs+%28AVG+Blogs%29

The Samaritan and The Smartphone – 7 Tips to Secure and Help Your Cell Phone Get Home – http://www.solutionary.com/resource-center/blog/2015/05/the-samaritan-and-the-smartphone/

Profile Of A Cybercrime Petty Thief – http://www.darkreading.com/analytics/threat-intelligence/profile-of-a-cybercrime-petty-thief/d/d-id/1320559?_mc=RSS_DR_EDT

In Pictures: Seven best practices for cloud security – http://www.cio.com.au/slideshow/575891/pictures-seven-best-practices-cloud-security/

The Internet of Buggy Things – http://www.bankinfosecurity.com/blogs/internet-buggy-things-p-1862

Sniffing and tracking wearable tech and smartphones – http://www.net-security.org/secworld.php?id=18422

Tox, how to create your ransomware in 3 steps – http://securityaffairs.co/wordpress/37180/cyber-crime/tox-ransomware-builder.html

 

Miscellaneous Privacy stories:

Tracking Human Mobility using WiFi signals – http://sunelehmann.com/2015/05/26/tracking-human-mobility-using-wifi-signals/

Subway riders’ smartphones could carry tracking malware – http://techxplore.com/news/2015-05-subway-riders-smartphones-tracking-malware.html

A reminder that your Instagram photos aren’t really yours: Someone else can sell them for $90,000 – http://www.washingtonpost.com/blogs/style-blog/wp/2015/05/25/a-reminder-that-your-instagram-photos-arent-really-yours-someone-else-can-sell-them-for-90000/

Google’s Internet-connected toys patent sparks privacy concerns, visions of IoT Chucky – http://www.computerworld.com/article/2926333/data-privacy/googles-internet-connected-toys-patent-sparks-privacy-concerns-visions-of-iot-chucky.html#tk.rss_security0

iPhone users’ privacy at risk due to leaky Bluetooth technology – http://www.v3.co.uk/v3-uk/news/2409939/iphone-users-privacy-at-risk-due-to-leaky-bluetooth-technology

 

Safeguarding Children and School E-Safety stories:

Cyber bullying: Nip it in the bud – http://www.livemint.com/Leisure/lpQCFqjgETbXachoWRxysO/Cyber-bullying-Nip-it-in-the-bud.html

Google Play revamps its Android apps’ age ratings – http://www.bbc.co.uk/news/technology-32882136

Traditional Schoolyard Bullies Likely to Engage in Cyber-Bullying as Well – http://www.sydneycatholic.org/news/latest_news/2015/2015526_657.shtml

Why hackers want kids’ personal information – http://thehill.com/policy/cybersecurity/242865-why-hackers-want-kids-personal-information

Child sex abuse live streams loophole to be closed – http://www.bbc.co.uk/news/technology-32899033

Influence of Social Media on Teenagers – http://www.huffingtonpost.com/suren-ramasubbu/influence-of-social-media-on-teenagers_b_7427740.html

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 21 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

New Router Attack Displays Fake Warning Messages – http://blog.trendmicro.com/trendlabs-security-intelligence/new-router-attack-displays-fake-warning-messages/

Data breach involves Southwest Licking student info – http://www.newarkadvocate.com/story/news/local/pataskala/2015/05/20/southwest-licking-schools-data-breach/27655485/

Android stock browser vulnerable to URL spoofing – http://www.csoonline.com/article/2924996/vulnerabilities/android-stock-browser-vulnerable-to-url-spoofing.html#tk.rss_all

Cps Experiencing Data Breach After Sharing 4,000 Students Personal Information – http://www.styrk.com/posts/cps-experiencing-data-breach-after-sharing-4-000-students-personal-information

Tech experts urge cyber ‘vigilance’ after ATW website hacked Tuesday – http://fox11online.com/2015/05/20/tech-experts-urge-cyber-vigilance-after-atw-website-hacked-tuesday/

Fee website used by Weber School District hacked – http://www.standard.net/Education/2015/05/20/School-fee-website-hacked.html

Data Belonging To 1.1 Million CareFirst Customers Stolen In Cyber Attack – http://www.forbes.com/sites/katevinton/2015/05/20/data-belonging-to-1-1-million-carefirst-customers-stolen-in-cyber-attack/

Say hello to the latest cyber superbug – http://www.businessspectator.com.au/article/2015/5/21/technology/say-hello-latest-cyber-superbug

‘Venom’ Security Bug Allows Network Intrusion via the Cloud – http://thevarguy.com/network-security-and-data-protection-software-solutions/052015/venom-security-bug-allows-network-intrusion-

Crypto Ransomware Seeks Dominance as New Threats Emerge to Encrypt and Destroy Files – http://www.spywareremove.com/crypto-ransomware-dominance-threats-encrypt-destroy-files.html

Hard-coded credentials placing dental offices at risk – http://www.csoonline.com/article/2923887/vulnerabilities/hard-coded-credentials-placing-dental-offices-at-risk.html#tk.rss_all

 

Miscellaneous Infosec stories:

Apple Fixes Security Bugs With First Update for Watch OS – http://www.securityweek.com/apple-fixes-security-bugs-first-update-watch-os?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Cracking down on poor cyber hygiene – http://fcw.com/articles/2015/05/20/cracking-down-on-cyber.aspx

Phishing and Malware Cyberattacks are Directed at Law Firms (and Clients) – So it’s Time to Train Employees – http://abovethelaw.com/2015/05/phishing-and-malware-cyberattacks-are-directed-at-law-firms-and-clients-so-its-time-to-train-employees/

FTC looks ‘favorably’ on firms that report data breach – http://thehill.com/policy/technology/242703-ftc-looks-favorably-on-firms-that-report-data-breach

Cyber thieves targeting the Internet with more sophistication – http://wivb.com/investigative-story/cyber-thieves-targeting-the-internet-with-more-sophistication/

EFF Asks Court To Reconsider Ruling That Would Make Violating Work Computer Policies A Criminal Act – https://www.techdirt.com/articles/20150515/07365131013/eff-asks-court-to-reconsider-ruling-that-would-make-violating-work-computer-policies-criminal-act.shtml

E-paper display gives payment cards a changing security code – http://www.csoonline.com/article/2924958/data-protection/epaper-display-gives-payment-cards-a-changing-security-code.html#tk.rss_all

DDoS attacks increase and methods changed in Q1 2015, report says – http://www.scmagazine.com/q1-report-shows-uptick-in-low-bandwidth-ddos-attacks/article/415876/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SCMagazineNews+%28SC+Magazine+News%29

This 9-Year-Old CEO Knows more about Cyber Security Than You Do – http://tech.co/reuben-paul-9-year-old-ceo-cyber-security-2015-05

Google changes Chrome extension policy amid security concerns – http://searchsecurity.techtarget.com/news/4500246699/Google-changes-Chrome-extension-policy-amid-security-concerns

Cyber risk now seen as a top 10 global threat to businesses – http://www.supplymanagement.com/news/2015/cyber-risk-now-seen-as-a-top-10-global-threat-to-businesses

How much money do cyber crooks collect via crypto ransomware? – http://www.net-security.org/malware_news.php?id=3042

 

Tools, Tips and How it’s done:

5 Easy Ways to Avoid Getting Hacked at ATMs – http://time.com/3890898/atm-security/

Logjam vulnerability – what you need to know – http://blog.lumension.com/10143/logjam-vulnerability-faq/

All Roads Lead to the Need to Strengthen Your Security Operations Center? – http://www.csoonline.com/article/2925114/security0/all-roads-lead-to-the-need-to-strengthen-your-security-operations-center.html#tk.rss_all

Legally Blind and Deaf – How Computer Crime Laws Silence Helpful Hackers – https://hackerone.com/news/legally-blind-and-deaf

Hacker launches ransomware rescue kit – http://www.theregister.co.uk/2015/05/21/ransomware_rescue_kit/

What combination locks teach us about encryption weakness – http://www.csoonline.com/article/2922372/security-industry/what-combination-locks-teach-us-about-encryption-weakness.html#tk.rss_all

 

Miscellaneous Privacy stories:

Tribunal finds no breach of privacy law by employer using Facebook to investigate misconduct claims – http://www.smartcompany.com.au/legal/47015-tribunal-finds-no-breach-of-privacy-law-by-employer-using-facebook-to-investigate-misconduct-claims.html

Americans’ Attitudes About Privacy, Security and Surveillance – http://www.pewinternet.org/2015/05/20/americans-attitudes-about-privacy-security-and-surveillance/

 

Safeguarding Children and School E-Safety stories:

Online safety: If you want something done right, do it yourself – http://phys.org/news/2015-05-online-safety.html

Raising cyber kids in GenNBN – http://www.nbnco.com.au/blog/raising-cyber-kids-in-gennbn.html

Suspend, blacklist cyberbullies – http://www.odt.co.nz/news/schools-news/342761/suspend-blacklist-cyberbullies

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

Information Security Breach Report – 11 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Newfoundland patient data breach investigated – http://metronews.ca/news/canada/1363605/newfoundland-patient-data-breach-investigated/

Cafe de Coral reveals accidental data leak – http://www.thestandard.com.hk/breaking_news_detail.asp?id=60956&icid=a&d_str=

95% of SAP deployments ‘vulnerable to cyber attacks’ – http://www.itpro.co.uk/hacking/24577/95-of-sap-deployments-vulnerable-to-cyber-attacks

Visitors to top porn sites hit by malvertising attack – http://www.csoonline.com/article/2920677/malware-cybercrime/visitors-to-top-porn-sites-hit-by-malvertising-attack.html#tk.rss_all

Meru Cabs: Customer Data Exposed – http://www.inforisktoday.com/meru-cabs-customer-data-exposed-a-8210

Child abuse images deface Nazi Mauthausen camp website – http://www.bbc.co.uk/news/world-europe-32652394

Flawed Open Smart Grid Protocol is a risk for Smart Grid – http://securityaffairs.co/wordpress/36648/hacking/flaws-open-smart-grid-protocol.html

Million WordPress websites vulnerable to DOM-based XSS – http://securityaffairs.co/wordpress/36607/hacking/million-wordpress-dom-based-xss.html

Android cellular voice channel used as new covert channel to leak info, spread malware – http://www.computerworld.com/article/2919516/cybercrime-hacking/android-cellular-voice-channel-used-as-new-covert-channel-to-leak-info-spread-malware.html

Adobe to Patch Critical Vulnerabilities in Reader, Acrobat – http://www.securityweek.com/adobe-patch-critical-vulnerabilities-reader-acrobat?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

GPS used to locate a gang using gas pump skimmers – http://securityaffairs.co/wordpress/36683/cyber-crime/gas-pump-skimmers-gang.html

Serious MacKeeper vulnerability found – http://www.thesafemac.com/serious-mackeeper-vulnerability-found/

Cyber-Attack Attempted By Former Nuclear Regulatory Commission Employee – http://www.inquisitr.com/2076983/cyber-attack-attempted-by-former-nuclear-regulatory-commission-employee/

Snapchat security breach – http://isnapchathack.com/ap/

Cyber security firm ‘doctored up’ data breaches to extort companies, ex-employee claims – http://www.smh.com.au/it-pro/security-it/cyber-security-firm-doctored-up-data-breaches-to-extort-companies-exemployee-claims-20150511-ggyoss.html

Beware! ‘Breaking Bad’ Is Now A Ransom-Styled Malware Currently Infecting Australian Computers – http://www.inquisitr.com/2080361/beware-breaking-bad-is-now-a-ransom-styled-malware-currently-hitting-australian-computer-users/

 

Miscellaneous Infosec stories:

Here’s how many U.S. adults were hacked in 2014 – http://www.cbsnews.com/news/heres-how-many-u-s-adults-were-hacked-in-2014/

Mobile malware statistics highlight unknown state of mobile threats – http://searchsecurity.techtarget.com/news/4500245950/Mobile-malware-statistics-highlight-unknown-state-of-mobile-threats

Kiwi company posts job ad for Windows support scammers – http://www.theregister.co.uk/2015/05/07/kiwi_company_posts_job_ad_for_windows_support_scammers/

Where is the Android DDoS Armageddon? – http://www.securityweek.com/where-android-ddos-armageddon

Here’s What a Cyber Warfare Arsenal Might Look Like – http://www.scientificamerican.com/article/here-s-what-a-cyber-warfare-arsenal-might-look-like/

Is cyber-warfare really that scary? – http://www.bbc.co.uk/news/world-32534923

As Data Breaches Spread, Providers and Payers Must Prepare – http://www.healthleadersmedia.com/content/TEC-316074/As-Data-Breaches-Spread-Providers-and-Payers-Must-Prepare

Windows 10: No More Monthly Patches – http://www.inforisktoday.com/windows-10-no-more-monthly-patches-a-8202

Why don’t you rent your electronic wireless doorlock, asks man selling doorlocks – http://www.theregister.co.uk/2015/05/06/why_dont_you_rent_your_doorlock_asks_man_selling_doorlocks/

70 million Americans report stolen data – http://www.consumerreports.org/cro/news/2015/05/70-million-americans-report-stolen-data/index.htm

Too Many Healthcare Employees Have Excessive Patient Data Access – http://www.infosecurity-magazine.com/news/healthcare-employees-excessive/

Hack renting portal charges fee to penetrate any account – http://pulse.ng/tech/cyber-business-hack-renting-portal-charges-fee-to-penetrate-any-account-id3739160.html

The Effectiveness of Spear Phishing Not Lost on Cyber Terrorists – http://www.benzinga.com/pressreleases/15/05/p5494834/the-effectiveness-of-spear-phishing-not-lost-on-cyber-terrorists

 

Tools, Tips and How it’s done:

MAKING SMART LOCKS SMARTER (AKA. HACKING THE AUGUST SMART LOCK) – http://blog.maintenancewindow.ca/post/2015/03/29/Making-Smart-Locks-Smarter-%28aka.-Hacking-the-August-Smart-Lock%29

PoC Linux Rootkit Uses GPU to Evade Detection – http://www.securityweek.com/poc-linux-rootkit-uses-gpu-evade-detection?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Facebook Friends Mapper – How to crawl Hidden Friends – http://securityaffairs.co/wordpress/36675/hacking/facebook-friends-mapper.html

A digital skeleton key to access any website – http://docs.higg.so/2015/03/10/a-digital-skeleton-key-for-accessing-any-website-proposal/

Ad Injection at Scale: Assessing Deceptive Advertisement Modifications – https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43346.pdf

True Private Messaging: 7 Apps to Encrypt Your Chats – http://www.infosecdailynews.com/true-private-messaging-7-apps-to-encrypt-your-chats/

 

Miscellaneous Privacy stories:

Wearable tech portends vast effects on health and privacy – http://www.washingtonpost.com/sf/national/2015/05/09/the-revolution-will-be-digitized/?hpid=z1

 

Safeguarding Children and School E-Safety stories:

Schools: have your say about cyberbullying – http://www.saferinternet.org.uk/news/schools-have-your-say-about-cyberbullying

Mother Speaks Out About Cyber-Bullies – http://cbs12.com/news/top-stories/stories/vid_25671.shtml

How to change your privacy setting on Facebook – http://www.itproportal.com/2015/05/09/how-to-change-your-privacy-setting-facebook/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+itproportal%2Frss+%28Latest+ITProPortal+News%29

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM Blog