Information Security Breach Report – 04 December 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Hackers Hit ART Payroll; SAG-AFTRA Members Warned – http://deadline.com/2014/12/sag-aftra-hacking-payroll-company-american-residuals-and-talent-1201307882/

Elipse SCADA Patches Denial-of-Service Vulnerability – http://threatpost.com/elipse-scada-patches-denial-of-service-vulnerability/109692

Sony Pictures debunks Re/code’s article stating North Korea was behind cyber-attack – http://www.nydailynews.com/entertainment/movies/conflict-statement-north-korea-hacking-sony-pictures-article-1.2031989

Sony Pictures breach exposes Deloitte salary info, report reveals – http://www.scmagazine.com/sony-breach-extends-to-deloitte/article/386548/

77 Chinese held in cyber bust – http://mobile.nation.co.ke/news/77-Chinese-held-in-cyber-bust/-/1950946/2543786/-/format/xhtml/-/10jgx1t/-/index.html

Leadership Newspaper Website Hacked – http://www.nairaland.com/2027468/leadership-newspaper-website-hacked

Squashed bug opened EVERY PayPal account to hijacking – http://www.theregister.co.uk/2014/12/04/paypal_csrf_bug_bounty/

Hackers Using Fake ‘Order Confirmation’ Emails to Hijack Computers – http://www.foxbusiness.com/technology/2014/12/03/hackers-using-fake-order-confirmation-emails-to-hijack-computers/

Security Advisory – High Severity– WordPress Download Manager – http://blog.sucuri.net/2014/12/security-advisory-high-severity-wordpress-download-manager.html

DNSimple Suffers Downtime Due to 25 Gbps DDoS Attack – http://www.securityweek.com/dnsimple-suffers-downtime-due-25-gbps-ddos-attack and http://blog.dnsimple.com/2014/12/incident-report-ddos/

New “LusyPOS” Malware Uses Tor For C&C Communications – http://www.securityweek.com/new-lusypos-malware-uses-tor-cc-communications

IBM Fixes Remote Code Execution Vulnerability in Endpoint Manager – http://www.securityweek.com/ibm-fixes-remote-code-execution-vulnerability-endpoint-manager?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

 

Miscellaneous Infosec stories:

A Recap of the Hack.lu Infosec Conference – Day 3 – http://www.hackbusters.com/news/stories/181044-a-recap-of-the-hack-lu-infosec-conference-day-3

The Real Cost of Cyber Incidents, According To Insurers – http://www.darkreading.com/the-real-cost-of-cyber-incidents-according-to-insurers/d/d-id/1317851

Are you a robot? Introducing “No CAPTCHA reCAPTCHA” – http://googleonlinesecurity.blogspot.co.uk/2014/12/are-you-robot-introducing-no-captcha.html

Balancing Risk and Performance: Managing Firewalls Shouldn’t Push Risks to the Extreme – http://www.securityweek.com/balancing-risk-and-performance-managing-firewalls-shouldnt-push-risks-extreme-0

Why do cybercriminals thrive in China? – http://cio.economictimes.indiatimes.com/news/digital-security/why-do-cybercriminals-thrive-in-china/45359565

Computing goes to the cloud. So does crime! – http://cio.economictimes.indiatimes.com/news/cloud-computing/computing-goes-to-the-cloud-so-does-crime/45359554?utm_source=RSS&utm_medium=ETRSS

Phishing, Stuxnet & Samsung – http://www.bangkokpost.com/opinion/opinion/446900/phishing-stuxnet-samsung

 

Tools, Tips and How it’s done:

Industry-Backed Cyberdefense System Is Now Live (and Free) – http://www.americanbanker.com/news/bank-technology/industry-backed-cyberdefense-system-is-now-live-and-free-1071484-1.html

Expert: FIN4 phishing attacks show new operational sophistication – http://searchsecurity.techtarget.com/news/2240235989/Expert-FIN4-phishing-attacks-show-new-operational-sophistication

Attackers Take Advantage Of The Options You Give Them – Malware vs. Credentials – https://community.rapid7.com/community/userinsight/blog/2014/12/03/attackers-take-advantage-of-the-options-you-give-them

One Weird Trick to Stop Facebook Hoaxes – http://www.slate.com/articles/technology/technology/2014/12/facebook_copyright_notice_hoax_how_algorithms_could_stop_misinformation.html

Hacking PayPal Accounts with one click – http://yasserali.com/hacking-paypal-accounts-with-one-click/

Not sure what RFID is? Can’t hack? You can STILL be a card fraudster with this Android app – http://www.theregister.co.uk/2014/12/03/rfid_payment_card_hack_scam/

‘Wiper’ Malware: What You Need to Know – http://www.inforisktoday.com/interviews/wiper-malware-what-you-need-to-know-i-2526

Should you call on comms suppliers when you go for a BYOD setup? – http://www.theregister.co.uk/2014/12/03/byod_comms/

5 Risky Things You’re Doing on Your Work Computer – http://www.stltoday.com/business/credit/risky-things-you-re-doing-on-your-work-computer/article_6f61ec47-0e9d-5c04-8506-b72e088c0df9.html

What to do when starting a new security job – http://www.csoonline.com/article/2854618/infosec-careers/what-to-do-when-starting-a-new-security-job.html#tk.rss_all

 

Miscellaneous Privacy stories

Another California Cop ‘Shares’ A Suspect’s Intimate Photos With His Fellow Officers – https://www.techdirt.com/articles/20141130/15251229280/another-california-cop-shares-suspects-intimate-photos-with-his-fellow-officers.shtml

Adblock Plus can now prevent Facebook from telling senders you read their messages – http://venturebeat.com/2014/12/02/adblock-plus-can-now-prevent-facebook-from-telling-senders-you-read-their-message/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Jon Fisher is Sales and Account Management Consultant for SRM, Jon is a regular contributor to the SRM Blog.

Posted 2 years ago on · Permalink