Monthly Archive November 2014

Information Security Breach Report – 21 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Polish election commission website hacked – http://phys.org/news/2014-11-election-commission-website-hacked.html

LARGE-SCALE SECURITY BREACH AT BANKS IN USVI AND BVI – http://viconsortium.com/featured/large-scale-security-breach-banks-usvi-bvi/

Experian Breach Tied to NY-NJ ID Theft Ring – http://krebsonsecurity.com/2014/05/experian-breach-tied-to-ny-nj-id-theft-ring/

Hacking drives Olmsted Falls’ website offline – http://www.wksu.org/news/story/41072

Drupal Fixes Session Hijacking, DoS Vulnerabilities – http://www.securityweek.com/drupal-fixes-session-hijacking-dos-vulnerabilities

Security Advisory – High severity – WP-Statistics WordPress Plugin – http://blog.sucuri.net/2014/11/security-advisory-high-severity-wp-statistics-wordpress-plugin.html

Greek Hackers Breach Legal Database – http://greece.greekreporter.com/2014/11/20/greek-hackers-breach-legal-database/

Cybercriminals Use Macros to Deliver Rovnix Malware – http://www.securityweek.com/cybercriminals-use-macros-deliver-rovnix-malware

Multiple Vulnerabilities Found in Hikvision DVR Devices – http://www.securityweek.com/multiple-vulnerabilities-found-hikvision-dvr-devices

Staples breach update: Cyberinsurance may cover retailer’s costs – http://searchsecurity.techtarget.com/news/2240235092/Staples-breach-update-Cyberinsurance-may-cover-retailers-costs

Malware’s new target: your password manager’s password – http://arstechnica.com/security/2014/11/citadel-attackers-aim-to-steal-victims-master-passwords/

Developers Fix XSS Vulnerability in jQuery Validation Plugin Script – http://www.securityweek.com/developers-fix-xss-vulnerability-jquery-validation-plugin-script

Nasty Security Bug Fixed in Android Lollipop 5.0 – http://threatpost.com/nasty-security-bug-fixed-in-android-lollipop-5-0/109476

CAPTCHA rapture as ‘thousands’ affected by seven year-old bug – http://www.theregister.co.uk/2014/11/20/captcha_rapture_as_thousands_affected_by_seven_yearold_bug/

Core Security Releases Security Advisories on Advantech Product Vulnerabilities – http://www.securityweek.com/core-security-releases-security-advisories-advantech-product-vulnerabilities

The latest Windows Phone 8.1 has been hacked – http://securityaffairs.co/wordpress/30294/hacking/latest-windows-phone-8-1-hacked.html

 

Miscellaneous Infosec stories:

Six Great DIY Projects for Hacking Computers and Networks – http://lifehacker.com/six-great-diy-projects-for-hacking-computers-and-networ-1649618886

Data Breach Developments in California (Part 1) – http://www.natlawreview.com/article/data-breach-developments-california-part-1

Cyber-security ‘critical’ to market – https://uk.news.yahoo.com/cyber-security-critical-market-000126311.html#FV8SWsJ

U.S. Electrical, Financial Networks Mapped for Future Cyber Attacks – http://freebeacon.com/national-security/u-s-electrical-financial-networks-mapped-for-future-cyber-attacks/

Law Reform Commission publishes Issues Paper on Cyber-Crime – https://www.lawsociety.ie/News/News/Stories/Law-Reform-Comission-publishes-Issues-Paper-on-Cyber-Crime/#.VG7-TousWSo

Notes from a cyber underground – http://fcw.com/articles/2014/11/20/notes-from-a-cyber-underground.aspx

Social engineering: Hacking the person instead of the computer – http://www.ohio.edu/oit/news/social-engineering.cfm

Hackers blamed for unusual tweets from Jeremy Clarkson, Columbian FARC rebels – https://nakedsecurity.sophos.com/2014/11/20/hackers-blamed-for-unusual-tweets-from-jeremy-clarkson-columbian-farc-rebels/

Hackers use radio signals to steal private information from PCs – even when the computers are NOT connected to the web – http://www.dailymail.co.uk/sciencetech/article-2842778/Hackers-use-radio-signals-steal-private-information-PCs-computers-NOT-connected-web.html

Enter The Digital Risk Officer – http://www.darkreading.com/operations/enter-the-digital-risk-officer/a/d-id/1317622

The dos and don’ts of sharing sensitive business data – http://resources.infosecinstitute.com/dos-donts-sharing-sensitive-business-data/

How the threat landscape is shaping the network security business – http://irishinfosecnews.wordpress.com/2014/11/20/how-the-threat-landscape-is-shaping-the-network-security-business/

8 cybercrime trends that will shape IT – http://www.net-security.org/secworld.php?id=17665

The top infosec issues of 2014 – http://www.csoonline.com/article/2847726/data-protection/the-top-infosec-issues-of-2014.html

Most IT pros prefer open source to proprietary software – http://www.net-security.org/secworld.php?id=17664

How to reduce your risk of a cyber security breach – http://www.bizjournals.com/bizjournals/how-to/technology/2014/11/how-to-reduce-your-risk-of-a-cyber-security-breach.html

Tools  to hack WiFi – http://infosecaffairs.blogspot.in/2014/11/tools-to-hack-wifi.html

Song lyric to strong password in six steps – http://www.bbc.co.uk/newsbeat/30130494

NSA Chief: Damaging Cyber-Attack Coming – http://www.bankinfosecurity.com/nsa-chief-damaging-cyber-attack-coming-a-7589

Security is a People Problem, Training is the Solution – http://www.securityweek.com/security-people-problem-training-solution

The Dridex Threat: How to Block the Latest Malware Aimed at Banks – http://www.americanbanker.com/news/bank-technology/the-dridex-threat-how-to-block-the-latest-malware-aimed-at-banks-1071291-1.html

Download alert: Nearly ALL top 100 Android, iOS paid apps hacked – http://www.theregister.co.uk/2014/11/20/doctored_mobile_apps_threat_on_the_rise_report/

HOW SPLITTING A COMPUTER INTO MULTIPLE REALITIES CAN PROTECT YOU FROM HACKERS – http://www.wired.com/2014/11/protection-from-hackers/

The Secret Life of Passwords – http://www.nytimes.com/2014/11/19/magazine/the-secret-life-of-passwords.html?_r=0

Killing Passwords: Don’t Get A-Twitter Over ‘Digits’ – http://www.darkreading.com/operations/identity-and-access-management/killing-passwords-dont-get-a-twitter-over-digits/a/d-id/1317595

A mode for password hashing – http://bramcohen.com/2014/11/18/a-mode-for-password-hashing

[Note: Not Infosec, but interesting] CERN IT boss: What we do is not really that special – http://www.theregister.co.uk/2014/11/20/cern_it_chief_on_clouds/

You think the CLOUD’s insecure? It’s BETTER than UK.GOV’s DATA CENTRES – http://www.theregister.co.uk/2014/11/20/cloud_more_secure_than_government_datacentres_says_maude/

What should America turn to for web advice? That’s right: GOV.UK – says ex-Obama IT guru – http://www.theregister.co.uk/2014/11/20/jennifer_pahlka_on_tech_and_government/

Cybersecurity Experts Warn of Medical Device Vulnerabilities – http://www.ihealthbeat.org/articles/2014/11/19/cybersecurity-experts-warn-of-medical-devices-vulnerabilities

The Rise Of The Resilient Mobile Botnet – http://www.darkreading.com/cloud/the-rise-of-the-resilient-mobile-botnet/d/d-id/1317593

So you want to introduce a BYOD plan. Where do you start? – http://www.theregister.co.uk/2014/11/18/byod_management/

Keen to get CRITICAL PAYMENT systems up QUICKLY after HACK? – http://www.theregister.co.uk/2014/11/18/critical_payment_system_crashes/

Auditors: State Department has history of poor cybersecurity – http://www.politico.com/story/2014/11/state-department-cybersecurity-hacking-112951.html

 

Miscellaneous Privacy stories

Techdirt Podcast Episode 2: Privacy And User Control, With Brad Burnham – https://www.techdirt.com/blog/podcast/articles/20141119/17065329197/techdirt-podcast-episode-2-privacy-user-control-with-brad-burnham.shtml

California Can’t Ask Sex Offenders to Report Their Internet User Names – http://njbw.businessweek.com/articles/2014-11-19/california-cant-ask-sex-offenders-to-report-their-internet-usernames#r=rss

Uber hires former IBM Chief Privacy Officer to carry out internal review – http://thenextweb.com/insider/2014/11/20/uber-hires-former-ibm-chief-privacy-officer-carry-depth-internal-review/

Doxxing defense: Remove your personal info from data brokers – http://www.computerworld.com/article/2849263/doxxing-defense-remove-your-personal-info-from-data-brokers.html#tk.cwfb

The FBI’s Dangerous Misrepresentation of Encryption Law – http://www.psmag.com/navigation/politics-and-law/fbis-dangerous-misrepresentation-encryption-law-94876/

‘Someone Had Taken Over My Life’: An Identity Theft Victim’s Story – http://www.forbes.com/sites/laurashin/2014/11/18/someone-had-taken-over-my-life-an-identity-theft-victims-story/

Court Upholds $1.4 Million Privacy Verdict – http://www.inforisktoday.com/court-upholds-14-million-privacy-verdict-a-7567

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


Information Security Breach Report – 20 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Citadel Variant Targets Password Managers – http://threatpost.com/citadel-variant-targets-password-managers/109493

Breached webcam and baby monitor site flagged by watchdogs – http://www.bbc.co.uk/news/technology-30121159

Fake antivirus scams: It’s a $120m business – and alleged ringleaders have just been frozen – http://www.theregister.co.uk/2014/11/19/ftc_hits_backers_of_120_meeellion_tech_support_scam/

NotCompatible botnet infects Android mobiles, infiltrates corporate networks – http://www.scmagazineuk.com/notcompatible-botnet-infects-android-mobiles-infiltrates-corporate-networks/article/384113/

Malaysians accused of hacking US news website – http://phys.org/news/2014-11-malaysians-accused-hacking-news-website.html

Core Security Releases Security Advisories on Advantech Product Vulnerabilities – http://www.securityweek.com/core-security-releases-security-advisories-advantech-product-vulnerabilities

RSS Reveals Malware Injections – http://blog.sucuri.net/2014/11/rss-reveals-malware-injections.html

Hackers seized database from City of Detroit, demanded $800k in bitcoin – http://rt.com/usa/206663-detroit-bitcoin-ransom-database/

The current status of Vita hacking on firmwares 3.30 and 3.35 – http://wololo.net/2014/11/16/the-current-status-of-vita-hacking-on-firmwares-3-30-and-3-35/

Lame phone dodgers fleece finance’s foolish and fat fingered – http://www.theregister.co.uk/2014/11/19/lamer_scammers_mimick_phone_numbers_to_fleece_the_fat_fingered/

 

Miscellaneous Infosec stories:

Cyber Threat Investigators Identify “Signature” of Most Dangerous Cyber Attacks – http://www.cyberark.com/blog/cyber-threat-investigators-identify-signature-dangerous-cyber-attacks/

QuickView Released – First Nine Months Of 2014 – http://www.databreaches.net/data-breach-quickview-released-first-nine-months-of-2014/

New System Detects and Alerts to Automobile Cyber Attacks – http://www.battelle.org/media/press-releases/new-system-detects-and-alerts-to-automobile-cyber-attacks

$3B fed cybersecurity plan stalls – http://www.politico.com/story/2014/11/federal-cybersecurity-plan-stalls-113044.html

USPS Defends Breach Notification Delay – http://www.inforisktoday.co.uk/usps-defends-breach-notification-delay-a-7581

Today’s Top 5 Malware Threats – http://www.esecurityplanet.com/malware/todays-top-5-malware-threats.html

UserInsight Detects Network Zone Access Violations – https://community.rapid7.com/community/userinsight/blog/2014/11/19/userinsight-detects-network-zone-access-violations

Maximizing SSH Security Service in the Cloud – http://resources.infosecinstitute.com/maximizing-ssh-security-service-cloud/

Cyber attack hallmarks identified in cross-industry report – http://www.computerweekly.com/news/2240234996/Cyber-attack-hallmarks-identified-in-cross-industry-report

Social Engineering Newsletter – http://www.pioneerbankandtrust.com/wp-content/uploads/2014/11/OUCH-201411_en.pdf

Hackers to probe cyber crime defences at British banks – http://uk.reuters.com/article/2014/11/19/uk-cybersecurity-banks-britain-idUKKCN0J31KU20141119

Booz Allen Releases Annual Financial Services Cyber Trends for 2015 – http://www.businesswire.com/news/home/20141119005039/en/Booz-Allen-Releases-Annual-Financial-Services-Cyber#.VG2z3_msWSo

Hacking Into Traffic Lights With a Plain Old Laptop Is Scary Simple – http://gizmodo.com/hacking-into-traffic-lights-with-a-plain-old-laptop-is-1624102517

London police chief warns banks of impending cyber attack in the UK and US – http://www.v3.co.uk/v3-uk/news/2382280/london-police-chief-warns-banks-of-impending-cyber-attack

Attackers trading malware for privilege – http://www.csoonline.com/article/2849329/data-protection/attackers-trading-malware-for-privilege.html

Apple Fixes Jailbreak Vulnerabilities With Release of iOS 8.1.1 – http://www.securityweek.com/apple-fixes-jailbreak-vulnerabilities-release-ios-811

Collection of tools to detect viruses – http://infosecaffairs.blogspot.in/2014/11/collection-of-tools-to-detect-viruses.html

Chantal Bernier: Data breach response is ‘not the time to improvise’ – http://business.financialpost.com/2014/11/19/chantel-bernier-data-breach-reponse-is-not-the-time-to-improvise/

Staples to Speed Store Closings As Brick-And-Mortar Sales Shrink –

Office-Supply Retailer Warns of Financial Hit From Data Breach – http://online.wsj.com/articles/staples-sales-fall-as-store-closures-accelerate-1416396496

STAPLES CONFIRMS MALWARE CAUSED POS BREACH – http://www.pymnts.com/news/2014/staples-confirms-malware-caused-pos-breach/#.VG21W_msWSo

Cyber attacks to fall in 2015, but will be more sophisticated – http://cio.economictimes.indiatimes.com/news/digital-security/cyber-attacks-to-fall-in-2015-but-will-be-more-sophisticated/45203361

China Takes The Great Firewall Up A Notch By Blocking An Entire Content Delivery Network – https://www.techdirt.com/articles/20141118/07265229179/china-takes-great-firewall-up-notch-blocking-entire-content-delivery-network.shtml

A primer on Brazilian hacking: from cards to banking and beyond – http://www.linhadefensiva.com/2014/11/a-primer-on-brazilian-hacking-from-cards-to-banking-and-beyond/

Leagues continue to share data breach costs with media – http://www.cuna.org/Stay-Informed/News-Now/CU-System/Leagues-continue-to-share-data-breach-costs-with-media/

Cyber security awareness still in its infancy, says Sans Institute – http://www.computerweekly.com/news/2240234932/Cyber-security-awareness-still-in-its-infancy-says-SANS-Institute

Let’s Play NSA! The Hackers Open-Sourcing Top Secret Spy Tools – http://motherboard.vice.com/read/michael-ossmann-and-the-nsa-playset

 

Miscellaneous Privacy stories

Uber investigating executive privacy breach – http://www.stuff.co.nz/technology/digital-living/63369304/uber-investigating-executive-privacy-breach.html

Amnesty releases anti-spying program for activists – http://www.bbc.co.uk/news/technology-30115679

Pew Privacy Study Finds Huge Concern About Control Of Personal Data Online – http://techcrunch.com/2014/11/12/pew-study-finds-huge-concern-about-personal-data-privacy-online/

PrivacyGrade: Grading The Privacy Of Smartphone Apps – http://privacygrade.org/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 19 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Device Robbers Demand Encryption Keys – http://www.databreachtoday.com/device-robbers-demand-encryption-keys-a-7573

SMS pwnage on MEELLIONS of flawed SIM cards, popular 4G modems – http://www.theregister.co.uk/2014/11/19/sms_pwnage_on_meellions_of_flawed_sim_cards_popular_4g_modems/

The Evolution Store updates its breach notification – http://www.databreaches.net/the-evolution-store-updates-its-breach-notification/

Flashpack Exploit Kit Uses Ad Networks to Deliver Cryptowall, Dofoil Malware – http://www.securityweek.com/flashpack-exploit-kit-uses-ad-networks-deliver-cryptowall-dofoil-malware

Microsoft Releases Emergency Security Update – http://krebsonsecurity.com/2014/11/microsoft-releases-emergency-security-update/

Microsoft Fixes Critical Kerberos Flaw Under Attack With Out-of-Band Patch – http://www.securityweek.com/microsoft-fixes-critical-kerberos-flaw-under-attack-out-band-patch

Hackers attacked the U.S. energy grid 79 times this year – http://www.12newsnow.com/story/27413819/hackers-attacked-the-us-energy-grid-79-times-this-year

 

Miscellaneous Infosec stories:

PCI Council looks for ways to stem data breaches after bad year – http://www.csoonline.com/article/2849233/data-breach/pci-council-looks-for-ways-to-stem-data-breaches-after-bad-year.html

Under fire, Uber argues back that rider data is “confidential” – http://www.washingtonpost.com/blogs/the-switch/wp/2014/11/18/under-fire-uber-argues-back-that-rider-data-is-confidential/

Next year’s DDOS attacks to come from Vietnam, India and Indonesia – http://www.csoonline.com/article/2849230/business-continuity/next-years-ddos-attacks-to-come-from-vietnam-india-and-indonesia.html

12 security problems that EMV and tokenization won’t solve – http://www.csoonline.com/article/2849257/data-protection/12-security-problems-that-emv-and-tokenization-wont-solve.html

How the Internet Finally Reshaped the Credit Card Business – http://www.americanbanker.com/news/consumer-finance/how-the-internet-finally-reshaped-the-credit-card-business-1071296-1.html

The Dridex Threat: How to Block the Latest Malware Aimed at Banks – http://www.americanbanker.com/news/technology/the-dridex-threat-how-to-block-the-latest-malware-aimed-at-banks-1071291-1.html

Largest Ever NATO Cyber Defense Exercise Begins – http://www.rttnews.com/2418847/largest-ever-nato-cyber-defense-exercise-begins.aspx?type=msgn

Top German spy says Berlin under cyber attack from other states – http://www.reuters.com/article/2014/11/18/us-germany-cybersecurity-idUSKCN0J226U20141118

Police chief warns on strong likelihood of City cyber terror attack – http://www.ft.com/cms/s/0/2504334e-6e51-11e4-bffb-00144feabdc0.html#axzz3JUly9Hrg

How to Profit from Cyber Pain – http://www.foxbusiness.com/technology/2014/11/18/main-growing-pain-point-all-face-cyber-hacks/

Credit cards are passé; cyber criminals set their sights higher – http://www.thehindubusinessline.com/features/smartbuy/tech-news/credit-cards-are-pass-cyber-criminals-set-their-sights-higher/article6612006.ece

Critical factors in preventing data breaches – http://www.net-security.org/secworld.php?id=17653

Cyber security awareness still in its infancy, says Sans Institute – http://www.computerweekly.com/news/2240234932/Cyber-security-awareness-still-in-its-infancy-says-SANS-Institute

State Dept. Breach Heightens Concerns Over Resilience Of Government Networks – http://www.darkreading.com/attacks-breaches/state-dept-breach-heightens-concerns-over-resilience-of-government-networks/d/d-id/1317575

Cyber-Criminal Training Services for Sale in Brazilian Underground – http://www.securityweek.com/cyber-criminal-training-services-sale-brazilian-underground-trend-micro

U.S. Top Malware-Hosting Country: IBM X-Force – http://www.securityweek.com/us-top-malware-hosting-country-ibm-x-force

Breach-detection systems growing more popular despite high costs – http://searchsecurity.techtarget.com/news/2240234967/Breach-detection-systems-growing-more-popular-despite-high-costs

Not so fast my friend – Using Inverted Timing Attacks to Bypass Dynamic Analysis – http://labs.lastline.com/not-so-fast-my-friend-using-inverted-timing-attacks-to-bypass-dynamic-analysis

Top U.S. Government Data Breaches – http://www.inforisktoday.com/top-us-government-data-breaches-a-7571

UK Police: More than 1,000 likely hacking victims – http://seattletimes.com/html/nationworld/2019064610_apeubritainphonehacking.html

Hackers Demonstrate How Easy it is to Carjack a Vehicle Remotely – http://helpthesheeple.com/2013/07/25/hackers-demonstrate-how-easy-it-is-to-carjack-a-vehicle-remotely/

Researchers Adapt Old Techniques to Bypass Microsoft EMET 5.1 Protections – http://www.securityweek.com/researchers-adapt-old-techniques-bypass-microsoft-emet-51-protections

ONLY 27% OF UK FIRMS DETECT BREACH IN MINUTES – http://www.cbronline.com/news/security/only-27-of-uk-firms-detect-breach-in-minutes-4443265

New Research Shows One Third of Retail Breaches Originated from Third-Party Vulnerabilities – http://www.darkreading.com/attacks-breaches/new-research-shows-one-third-of-retail-breaches-originated-from-third-party-vulnerabilities—–/d/d-id/1317565

Understanding Disk Encryption on Android and Ios – http://resources.infosecinstitute.com/understanding-disk-encryption-android-ios/

Retail sector still at risk, but breach survivors grow stronger: BitSight – http://www.zdnet.com/retail-sector-still-at-risk-but-breach-survivors-grow-stronger-bitsight-7000035887/

No One is Immune to Breaches as 183 Million Accounts Compromised in Q3 2014 – http://www.safenet-inc.com/news/2014/q3-data-breaches-compromise-183-million-customer-accounts/

Deconstructing the Cyber Kill Chain – http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542

More Than 90 Percent of U.S. Households Have Three or More Devices Pinging the Internet – http://recode.net/2014/11/18/more-than-90-percent-of-u-s-households-have-three-or-more-devices-pinging-the-internet/

Breach Aftermath: Messaging Matters – http://www.databreachtoday.co.uk/interviews/breach-aftermath-messaging-matters-i-2507

 

Miscellaneous Privacy stories

Auto Alliance issues privacy principles around internet-connected vehicles – http://www.biometricupdate.com/201411/auto-alliance-issues-privacy-principles-around-internet-connected-vehicles

Judge threatens detective with contempt for declining to reveal cellphone tracking methods – http://www.baltimoresun.com/news/maryland/baltimore-city/bs-md-ci-stingray-officer-contempt-20141117-story.html

Etisalat’s BlackBerry patch designed for surveillance – http://www.itp.net/561962-etisalats-blackberry-patch-designed-for-surveillance

Whatsapp Just Switched on End-to-End Encryption for Hundreds of Millions of Users – http://www.wired.com/2014/11/whatsapp-encrypted-messaging/

 

 

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


Information Security Breach Report – 18 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Líofa: Apology over Irish language website security – http://www.bbc.co.uk/news/uk-northern-ireland-30089750

Brigham and Women’s reports patient privacy breach – http://www.whdh.com/story/27409021/brigham-and-womens-reports-patient-privacy-breach

Turkish Hackers Say They Deleted $670 Billion In Electricity Bills – http://www.mintpressnews.com/turkish-hackers-say-they-deleted-670-billion-in-electricity-bills/198955/

Link Found in Staples, Michaels Breaches – http://krebsonsecurity.com/2014/11/link-found-in-staples-michaels-breaches/

Attack reveals 81 percent of Tor users but admins call for calm – http://www.theregister.co.uk/2014/11/17/deanonymization_techniques_for_tor_and_bitcoin/

eBay and an email scam – http://www.bbc.co.uk/news/technology-30079063

Experts alert Windows 2003 OS users against cyber attacks – http://businesstoday.intoday.in/story/microsoft-end-of-life-windows-2003-os-users-experts-caution/1/212448.html

 

Miscellaneous Infosec stories:

China just blocked thousands of websites – https://zh.greatfire.org/blog/2014/nov/china-just-blocked-thousands-websites

Feds May Dangle Carrot for Banks to Adopt Cybersecurity Framework – http://www.americanbanker.com/news/community-banking/feds-may-dangle-carrot-for-banks-to-adopt-cybersecurity-framework-1071254-1.html

Mega Data Breaches: Are They Here to Stay? – https://www.mapr.com/blog/mega-data-breaches-are-they-here-stay#.VGsVIPmsWSo

The Year Of The Retailer Data Breach – http://www.darkreading.com/the-year-of-the-retailer-data-breach/d/d-id/1317462

Large Number of Tor Hidden Sites Seized by the FBI in Operation Onymous were Clone or Scam Sites – https://www.nikcub.com/posts/onymous-part1/

Why you need a data breach response plan and how to make one – http://windowsitpro.com/blog/why-you-need-data-breach-response-plan-and-how-make-one-0

IAB Urges Designers to Make Encryption the Default – Threatpost – https://threatpost.com/iab-urges-designers-to-make-encryption-the-default/109404

The Current State of Smart Locks – http://schuylertowne.com/blog/smart-locks

Security analysis of BTsync – http://2014.hackitoergosum.org/bittorrentsync-security-privacy-analysis-hackito-session-results/

THE SAD STATE OF SERVER-SIDE TLS SESSION RESUMPTION IMPLEMENTATIONS – https://timtaubert.de/blog/2014/11/the-sad-state-of-server-side-tls-session-resumption-implementations/

Hack anyones computer by using malicious PDF – http://infosecaffairs.blogspot.co.uk/2014/11/hack-anyones-computer-by-using-malicious-PDF.html

Security Operations: What is Your Signal-to-Noise Ratio? – http://www.securityweek.com/security-operations-what-your-signal-noise-ratio

14 antivirus apps found to have security problems – http://infosecblog.antonaylward.com/2014/08/04/14-antivirus-apps-found-to-have-security-problems/

How 18 inmates at California’s notorious San Quentin prison learn to code – http://arstechnica.com/tech-policy/2014/11/how-18-inmates-at-californias-notorious-san-quentin-prison-learn-to-code/

Alleged Creators of WireLurker Malware Arrested in China – http://www.securityweek.com/alleged-creators-wirelurker-malware-arrested-china

IRS: 2 Audits, 2 Conclusions on Risk Management – http://www.inforisktoday.com/irs-2-audits-2-conclusions-on-risk-management-a-7564

Card Hacker Gets Nearly 10 Years – http://www.databreachtoday.com/card-hacker-gets-nearly-10-years-a-7563

Fix your security, don’t cover up breaches: Privacy commissioner – http://www.zdnet.com/fix-your-security-dont-cover-up-breaches-privacy-commissioner-7000035846/

UK firms consider hiring ex-hackers to solve skills shortage – http://www.computerweekly.com/news/2240234799/UK-firms-consider-hiring-ex-hackers-to-solve-skills-shortage

Is cyber insurance your last line of defense? – http://betanews.com/2014/11/17/is-cyber-insurance-your-last-line-of-defense/

 

Miscellaneous Privacy stories

Swedish ISP protects customers from surveillance with free VPN – https://gigaom.com/2014/11/17/swedish-isp-protects-customers-from-surveillance-with-free-vpn/

SRM Blog

SRM Blog