Information Security Breach Report – 21 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at


Breaches, Incidents and Alerts:

Polish election commission website hacked –


Experian Breach Tied to NY-NJ ID Theft Ring –

Hacking drives Olmsted Falls’ website offline –

Drupal Fixes Session Hijacking, DoS Vulnerabilities –

Security Advisory – High severity – WP-Statistics WordPress Plugin –

Greek Hackers Breach Legal Database –

Cybercriminals Use Macros to Deliver Rovnix Malware –

Multiple Vulnerabilities Found in Hikvision DVR Devices –

Staples breach update: Cyberinsurance may cover retailer’s costs –

Malware’s new target: your password manager’s password –

Developers Fix XSS Vulnerability in jQuery Validation Plugin Script –

Nasty Security Bug Fixed in Android Lollipop 5.0 –

CAPTCHA rapture as ‘thousands’ affected by seven year-old bug –

Core Security Releases Security Advisories on Advantech Product Vulnerabilities –

The latest Windows Phone 8.1 has been hacked –


Miscellaneous Infosec stories:

Six Great DIY Projects for Hacking Computers and Networks –

Data Breach Developments in California (Part 1) –

Cyber-security ‘critical’ to market –

U.S. Electrical, Financial Networks Mapped for Future Cyber Attacks –

Law Reform Commission publishes Issues Paper on Cyber-Crime –

Notes from a cyber underground –

Social engineering: Hacking the person instead of the computer –

Hackers blamed for unusual tweets from Jeremy Clarkson, Columbian FARC rebels –

Hackers use radio signals to steal private information from PCs – even when the computers are NOT connected to the web –

Enter The Digital Risk Officer –

The dos and don’ts of sharing sensitive business data –

How the threat landscape is shaping the network security business –

8 cybercrime trends that will shape IT –

The top infosec issues of 2014 –

Most IT pros prefer open source to proprietary software –

How to reduce your risk of a cyber security breach –

Tools  to hack WiFi –

Song lyric to strong password in six steps –

NSA Chief: Damaging Cyber-Attack Coming –

Security is a People Problem, Training is the Solution –

The Dridex Threat: How to Block the Latest Malware Aimed at Banks –

Download alert: Nearly ALL top 100 Android, iOS paid apps hacked –


The Secret Life of Passwords –

Killing Passwords: Don’t Get A-Twitter Over ‘Digits’ –

A mode for password hashing –

[Note: Not Infosec, but interesting] CERN IT boss: What we do is not really that special –

You think the CLOUD’s insecure? It’s BETTER than UK.GOV’s DATA CENTRES –

What should America turn to for web advice? That’s right: GOV.UK – says ex-Obama IT guru –

Cybersecurity Experts Warn of Medical Device Vulnerabilities –

The Rise Of The Resilient Mobile Botnet –

So you want to introduce a BYOD plan. Where do you start? –

Keen to get CRITICAL PAYMENT systems up QUICKLY after HACK? –

Auditors: State Department has history of poor cybersecurity –


Miscellaneous Privacy stories

Techdirt Podcast Episode 2: Privacy And User Control, With Brad Burnham –

California Can’t Ask Sex Offenders to Report Their Internet User Names –

Uber hires former IBM Chief Privacy Officer to carry out internal review –

Doxxing defense: Remove your personal info from data brokers –

The FBI’s Dangerous Misrepresentation of Encryption Law –

‘Someone Had Taken Over My Life’: An Identity Theft Victim’s Story –

Court Upholds $1.4 Million Privacy Verdict –


If you would like this report sent to your inbox each morning, email me at


You can see all previous issues of this blog at

My Linkedin Profile is

Posted 3 years ago on · Permalink