Information Security Breach Report – 21 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Polish election commission website hacked – http://phys.org/news/2014-11-election-commission-website-hacked.html

LARGE-SCALE SECURITY BREACH AT BANKS IN USVI AND BVI – http://viconsortium.com/featured/large-scale-security-breach-banks-usvi-bvi/

Experian Breach Tied to NY-NJ ID Theft Ring – http://krebsonsecurity.com/2014/05/experian-breach-tied-to-ny-nj-id-theft-ring/

Hacking drives Olmsted Falls’ website offline – http://www.wksu.org/news/story/41072

Drupal Fixes Session Hijacking, DoS Vulnerabilities – http://www.securityweek.com/drupal-fixes-session-hijacking-dos-vulnerabilities

Security Advisory – High severity – WP-Statistics WordPress Plugin – http://blog.sucuri.net/2014/11/security-advisory-high-severity-wp-statistics-wordpress-plugin.html

Greek Hackers Breach Legal Database – http://greece.greekreporter.com/2014/11/20/greek-hackers-breach-legal-database/

Cybercriminals Use Macros to Deliver Rovnix Malware – http://www.securityweek.com/cybercriminals-use-macros-deliver-rovnix-malware

Multiple Vulnerabilities Found in Hikvision DVR Devices – http://www.securityweek.com/multiple-vulnerabilities-found-hikvision-dvr-devices

Staples breach update: Cyberinsurance may cover retailer’s costs – http://searchsecurity.techtarget.com/news/2240235092/Staples-breach-update-Cyberinsurance-may-cover-retailers-costs

Malware’s new target: your password manager’s password – http://arstechnica.com/security/2014/11/citadel-attackers-aim-to-steal-victims-master-passwords/

Developers Fix XSS Vulnerability in jQuery Validation Plugin Script – http://www.securityweek.com/developers-fix-xss-vulnerability-jquery-validation-plugin-script

Nasty Security Bug Fixed in Android Lollipop 5.0 – http://threatpost.com/nasty-security-bug-fixed-in-android-lollipop-5-0/109476

CAPTCHA rapture as ‘thousands’ affected by seven year-old bug – http://www.theregister.co.uk/2014/11/20/captcha_rapture_as_thousands_affected_by_seven_yearold_bug/

Core Security Releases Security Advisories on Advantech Product Vulnerabilities – http://www.securityweek.com/core-security-releases-security-advisories-advantech-product-vulnerabilities

The latest Windows Phone 8.1 has been hacked – http://securityaffairs.co/wordpress/30294/hacking/latest-windows-phone-8-1-hacked.html

 

Miscellaneous Infosec stories:

Six Great DIY Projects for Hacking Computers and Networks – http://lifehacker.com/six-great-diy-projects-for-hacking-computers-and-networ-1649618886

Data Breach Developments in California (Part 1) – http://www.natlawreview.com/article/data-breach-developments-california-part-1

Cyber-security ‘critical’ to market – https://uk.news.yahoo.com/cyber-security-critical-market-000126311.html#FV8SWsJ

U.S. Electrical, Financial Networks Mapped for Future Cyber Attacks – http://freebeacon.com/national-security/u-s-electrical-financial-networks-mapped-for-future-cyber-attacks/

Law Reform Commission publishes Issues Paper on Cyber-Crime – https://www.lawsociety.ie/News/News/Stories/Law-Reform-Comission-publishes-Issues-Paper-on-Cyber-Crime/#.VG7-TousWSo

Notes from a cyber underground – http://fcw.com/articles/2014/11/20/notes-from-a-cyber-underground.aspx

Social engineering: Hacking the person instead of the computer – http://www.ohio.edu/oit/news/social-engineering.cfm

Hackers blamed for unusual tweets from Jeremy Clarkson, Columbian FARC rebels – https://nakedsecurity.sophos.com/2014/11/20/hackers-blamed-for-unusual-tweets-from-jeremy-clarkson-columbian-farc-rebels/

Hackers use radio signals to steal private information from PCs – even when the computers are NOT connected to the web – http://www.dailymail.co.uk/sciencetech/article-2842778/Hackers-use-radio-signals-steal-private-information-PCs-computers-NOT-connected-web.html

Enter The Digital Risk Officer – http://www.darkreading.com/operations/enter-the-digital-risk-officer/a/d-id/1317622

The dos and don’ts of sharing sensitive business data – http://resources.infosecinstitute.com/dos-donts-sharing-sensitive-business-data/

How the threat landscape is shaping the network security business – http://irishinfosecnews.wordpress.com/2014/11/20/how-the-threat-landscape-is-shaping-the-network-security-business/

8 cybercrime trends that will shape IT – http://www.net-security.org/secworld.php?id=17665

The top infosec issues of 2014 – http://www.csoonline.com/article/2847726/data-protection/the-top-infosec-issues-of-2014.html

Most IT pros prefer open source to proprietary software – http://www.net-security.org/secworld.php?id=17664

How to reduce your risk of a cyber security breach – http://www.bizjournals.com/bizjournals/how-to/technology/2014/11/how-to-reduce-your-risk-of-a-cyber-security-breach.html

Tools  to hack WiFi – http://infosecaffairs.blogspot.in/2014/11/tools-to-hack-wifi.html

Song lyric to strong password in six steps – http://www.bbc.co.uk/newsbeat/30130494

NSA Chief: Damaging Cyber-Attack Coming – http://www.bankinfosecurity.com/nsa-chief-damaging-cyber-attack-coming-a-7589

Security is a People Problem, Training is the Solution – http://www.securityweek.com/security-people-problem-training-solution

The Dridex Threat: How to Block the Latest Malware Aimed at Banks – http://www.americanbanker.com/news/bank-technology/the-dridex-threat-how-to-block-the-latest-malware-aimed-at-banks-1071291-1.html

Download alert: Nearly ALL top 100 Android, iOS paid apps hacked – http://www.theregister.co.uk/2014/11/20/doctored_mobile_apps_threat_on_the_rise_report/

HOW SPLITTING A COMPUTER INTO MULTIPLE REALITIES CAN PROTECT YOU FROM HACKERS – http://www.wired.com/2014/11/protection-from-hackers/

The Secret Life of Passwords – http://www.nytimes.com/2014/11/19/magazine/the-secret-life-of-passwords.html?_r=0

Killing Passwords: Don’t Get A-Twitter Over ‘Digits’ – http://www.darkreading.com/operations/identity-and-access-management/killing-passwords-dont-get-a-twitter-over-digits/a/d-id/1317595

A mode for password hashing – http://bramcohen.com/2014/11/18/a-mode-for-password-hashing

[Note: Not Infosec, but interesting] CERN IT boss: What we do is not really that special – http://www.theregister.co.uk/2014/11/20/cern_it_chief_on_clouds/

You think the CLOUD’s insecure? It’s BETTER than UK.GOV’s DATA CENTRES – http://www.theregister.co.uk/2014/11/20/cloud_more_secure_than_government_datacentres_says_maude/

What should America turn to for web advice? That’s right: GOV.UK – says ex-Obama IT guru – http://www.theregister.co.uk/2014/11/20/jennifer_pahlka_on_tech_and_government/

Cybersecurity Experts Warn of Medical Device Vulnerabilities – http://www.ihealthbeat.org/articles/2014/11/19/cybersecurity-experts-warn-of-medical-devices-vulnerabilities

The Rise Of The Resilient Mobile Botnet – http://www.darkreading.com/cloud/the-rise-of-the-resilient-mobile-botnet/d/d-id/1317593

So you want to introduce a BYOD plan. Where do you start? – http://www.theregister.co.uk/2014/11/18/byod_management/

Keen to get CRITICAL PAYMENT systems up QUICKLY after HACK? – http://www.theregister.co.uk/2014/11/18/critical_payment_system_crashes/

Auditors: State Department has history of poor cybersecurity – http://www.politico.com/story/2014/11/state-department-cybersecurity-hacking-112951.html

 

Miscellaneous Privacy stories

Techdirt Podcast Episode 2: Privacy And User Control, With Brad Burnham – https://www.techdirt.com/blog/podcast/articles/20141119/17065329197/techdirt-podcast-episode-2-privacy-user-control-with-brad-burnham.shtml

California Can’t Ask Sex Offenders to Report Their Internet User Names – http://njbw.businessweek.com/articles/2014-11-19/california-cant-ask-sex-offenders-to-report-their-internet-usernames#r=rss

Uber hires former IBM Chief Privacy Officer to carry out internal review – http://thenextweb.com/insider/2014/11/20/uber-hires-former-ibm-chief-privacy-officer-carry-depth-internal-review/

Doxxing defense: Remove your personal info from data brokers – http://www.computerworld.com/article/2849263/doxxing-defense-remove-your-personal-info-from-data-brokers.html#tk.cwfb

The FBI’s Dangerous Misrepresentation of Encryption Law – http://www.psmag.com/navigation/politics-and-law/fbis-dangerous-misrepresentation-encryption-law-94876/

‘Someone Had Taken Over My Life’: An Identity Theft Victim’s Story – http://www.forbes.com/sites/laurashin/2014/11/18/someone-had-taken-over-my-life-an-identity-theft-victims-story/

Court Upholds $1.4 Million Privacy Verdict – http://www.inforisktoday.com/court-upholds-14-million-privacy-verdict-a-7567

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


Jon Fisher is Sales and Account Management Consultant for SRM, Jon is a regular contributor to the SRM Blog.

Posted 2 years ago on · Permalink