Monthly Archive January 2015

Information Security Breach Report – 15 January 2015

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Apache Fixes DoS Flaw in Qpid Messaging System – http://www.securityweek.com/apache-fixes-dos-flaw-qpid-messaging-system

5 Colleges With Data Breaches Larger Than Sony’s in 2014 – http://www.huffingtonpost.com/kyle-mccarthy/five-colleges-with-data-b_b_6474800.html

KL-Remote toolkit allows criminals to easily hack online banking accounts – http://securityaffairs.co/wordpress/32237/cyber-crime/kl-remote-hack-online-banking.html

Meet KeySweeper, the $10 USB charger that steals MS keyboard strokes – http://arstechnica.com/security/2015/01/meet-keysweeper-the-10-usb-charger-that-steals-ms-keyboard-strokes/

Notepad++ Site Hacked in Response to “Je suis Charlie” Edition – http://www.securityweek.com/notepad-site-hacked-response-%E2%80%9Cje-suis-charlie%E2%80%9D-edition

Employees Not Following Policy is the Biggest Threat to Endpoint Security, IT Pros Say – http://www.securityweek.com/employees-not-following-policy-biggest-threat-endpoint-security-it-pros-say

Malvertising Campaign Abuses Google AdSense – http://www.securityweek.com/malvertising-campaign-abuses-google-adsense

19,000 Cyber Attacks in Last Week: France Cyber Defense Chief – http://www.ndtv.com/article/world/19-000-cyber-attacks-in-last-week-france-cyber-defense-chief-649250

Criminals use #JeSuisCharlie slogan to spread DarkComet malware – http://www.ibtimes.co.uk/criminals-use-jesuischarlie-slogan-spread-darkcomet-malware-1483553

Data breach confirmed by airport parking services – http://www.bizjournals.com/charlotte/news/2015/01/15/data-breach-confirmed-by-airportparking-services.html

Fake BBC site disappears after bogus story on Charlie Hebdo – http://www.pcworld.com/article/2868712/fake-bbc-site-disappears-after-bogus-story-on-charlie-hebdo.html

AMD plugs firmware holes that allowed command injection – http://www.theregister.co.uk/2015/01/14/amd_plugs_chip_firmware_holes/

Cyberattack Results In Physical Damage To German Steel Mill’s Blast Furnance – https://www.techdirt.com/articles/20150109/09291629651/cyberattack-results-physical-damage-to-german-steel-mills-blast-furnance.shtml

vBSEO’s Vulnerability Leads to Remote Code Execution – http://blog.sucuri.net/2015/01/vbseos-vulnerability-leads-to-remote-code-execution.html

Siemens Fixes Security Flaws in SIMATIC WinCC Apps for iOS – http://www.securityweek.com/siemens-fixes-security-flaws-simatic-wincc-apps-ios

Unpatched Security Flaws Impact Corel Software Products – http://www.securityweek.com/core-security-discloses-security-vulnerabilities-corel-software-products

United, American airlines account fraud highlights hacker focus on travel industry – http://www.csoonline.com/article/2868001/data-breach/united-american-airlines-account-fraud-highlights-hacker-focus-on-travel-industry.html#tk.rss_all

930 Million Android Devices at Risk? – http://www.databreachtoday.co.uk/930-million-android-devices-at-risk-a-7784

 

Miscellaneous Infosec stories:

Mobile malware up 77 percent in 2014 – http://www.csoonline.com/article/2870128/data-protection/mobile-malware-up-75-in-2014.html#tk.rss_all

Cyber Warfare and Cyber Weapons, a Real and Growing Threat – http://resources.infosecinstitute.com/cyber-warfare-cyber-weapons-real-growing-threat/

Terms of Service – https://www.f-secure.com/weblog/archives/00002749.html

Activist pulls off clever Wi-Fi honeypot to protest surveillance state – http://arstechnica.com/security/2015/01/activist-pulls-off-clever-wi-fi-honeypot-to-protest-surveillance-state/

Experts speak out about proposed changes to hacking law – http://www.csoonline.com/article/2868331/security-industry/experts-speak-out-about-proposed-changes-to-hacking-law.html#tk.rss_all

Definitions matter. For crying out loud, securobods, BE SPECIFIC – ENISA – http://www.theregister.co.uk/2015/01/15/if_you_want_your_infrastructure_to_be_secure_sort_out_your_language_says_enisa/

Top EU court: Ryanair data barrel must be left unscraped – http://www.theregister.co.uk/2015/01/15/the_bottom_of_ryanair_data_barrel_must_be_left_unscrapped/

NSA’s ‘Apology’ For Backdooring Crypto Standard Really A ‘Sorry We Got Caught’ Kind Of Apology – https://www.techdirt.com/articles/20150114/17544229703/nsas-apology-backdooring-crypto-standard-really-sorry-we-got-caught-kind-apology.shtml

Cameron to Ask Obama to Help Weaken Crypto – http://www.inforisktoday.co.uk/cameron-to-ask-obama-to-help-weaken-crypto-a-7800

ATM: Attacking Multichannel Fraud – http://www.bankinfosecurity.com/interviews/atm-attacking-multichannel-fraud-i-2551

KnowBe4 Says New CryptoWall 3.0 Ransomware Makes Paying Ransom “Easier” – http://www.virtual-strategy.com/2015/01/15/knowbe4-says-new-cryptowall-30-ransomware-makes-paying-ransom-easier#axzz3OxlWNc4e

Apple wants your fingerprints in the cloud – http://www.theregister.co.uk/2015/01/16/apple_touchid_cloud_fingerprint/

Secret US cybersecurity report: encryption vital to protect private data – http://www.theguardian.com/us-news/2015/jan/15/-sp-secret-us-cybersecurity-report-encryption-protect-data-cameron-paris-attacks

Sony chief exec claims insurance will cover breach and attack costs – http://itsecurityguru.org/top-ten-stories/sony-chief-exec-claims-insurance-will-cover-breach-attack-costs/

Password security issues show case for privileged identity management – http://searchsecurity.techtarget.com/video/Password-security-issues-show-case-for-privileged-identity-management

Shodan exposes IoT vulnerabilities – http://www.csoonline.com/article/2867407/network-security/shodan-exposes-iot-vulnerabilities.html#tk.rss_all

PHaaS – The Business Value of Phishing as a Service – http://www.social-engineer.com/phaas-business-value-phishing-service/

 

Tools, Tips and How it’s done:

Strategy: Planning and Recovering From a Data Breach – http://www.securityweek.com/strategy-planning-and-recovering-data-breach

Remote Overlay Toolkit Makes Online Banking Fraud Easy – http://www.securityweek.com/remote-overlay-toolkit-makes-online-banking-fraud-easy

SIEM Use Cases for PCI DSS 3.0 – Part 2 – http://resources.infosecinstitute.com/siem-use-cases-pci-dss-3-0-part-2/

The Security of Data Deletion – https://www.schneier.com/blog/archives/2015/01/the_security_of_10.html

A Glimpse at the Latest Sandbox Evasion Techniques – http://www.securityweek.com/glimpse-latest-sandbox-evasion-techniques

How can I make my PC completely secure? – http://www.theguardian.com/technology/askjack/2015/jan/15/how-can-i-make-my-pc-completely-secure

Top 7 Social Media Security Practices – http://www.solutionary.com/resource-center/blog/2015/01/top-7-social-media-security-practices/

Endpoint security fundamentals: Comparing antimalware protection products – http://searchsecurity.techtarget.com/feature/Endpoint-security-fundamentals-Comparing-antimalware-protection-products

Criminals Are After Your LinkedIn Account – Here is How to Protect it – http://www.tripwire.com/state-of-security/security-data-protection/criminals-are-after-your-linkedin-account-here-is-how-to-protect-it/

Securing the Network Time Protocol – http://queue.acm.org/detail.cfm?id=2717320

 

Miscellaneous Privacy stories

Remember That Undeletable Super Cookie Verizon Claimed Wouldn’t Be Abused? Yeah, Well, Funny Story… – https://www.techdirt.com/articles/20150115/07074929705/remember-that-undeletable-super-cookie-verizon-claimed-wouldnt-be-abused-yeah-well-funny-story.shtml

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 11 January 2015

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Aviator Web Browser Criticized by Google Security Experts – http://www.securityweek.com/aviator-web-browser-criticized-google-security-experts

Serious Vulnerability Found in vBulletin SEO Plugin – http://www.securityweek.com/serious-vulnerability-found-vbulletin-seo-plugin

Audi’s Cruise Control “>=” Bug – https://ma.ttias.be/audi-greater-than-equal-cruise-control-bug/

Critical Vulnerability Fixed in Schneider Electric Wonderware Product – http://www.securityweek.com/critical-vulnerability-fixed-schneider-electric-wonderware-product

Boomerang Rentals issues statement following alleged Security Breach – http://n4g.com/news/1652711/boomerang-rentals-issues-statement-following-alleged-security-breach

Your private Instagrams weren’t as private as you thought they were – http://qz.com/323307/instagram-privacy/

Hackers running Linux Operation Windigo are changing tactics targeting porn sites – http://securityaffairs.co/wordpress/32100/cyber-crime/operation-windigo-targets-porn-sites.html

Hackers Anonymous ‘disable extremist website’ – http://www.bbc.co.uk/newsbeat/30785773

Ukraine Today website under cyber attack – http://uatoday.tv/news/ukraine-today-website-under-cyber-attack-402285.html

Apple Patches Brute Force Password-Cracking Security Hole in iCloud – http://www.intego.com/mac-security-blog/apple-patches-brute-force-password-cracking-security-hole-in-icloud/

ASUS Routers Plagued by Command Execution Vulnerability – http://www.securityweek.com/asus-routers-plagued-command-execution-vulnerability

Library Flaw Could Crash HART-Based ICS Field Devices – http://www.securityweek.com/library-flaw-could-crash-hart-based-ics-field-devices

Lizard Stresser Runs on Hacked Home Routers – http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/

Financial malware poses as ICS/SCADA Software – http://securityaffairs.co/wordpress/32036/cyber-crime/financial-malware-icsscada.html

 

Miscellaneous Infosec stories:

Four cyber security risks not to be taken for granted in 2015 – http://www.bankingtech.com/272282/four-cyber-security-risks-not-to-be-taken-for-granted-in-2015/

Researchers slam Telegram app’s “visual fingerprint” security – https://gigaom.com/2015/01/12/researchers-slam-telegram-apps-visual-fingerprint-security/

The Web as Equalizer in Cyber Terrorism – http://www.securitybistro.com/?p=9099

A CISO’s Nightmare: Digital Social Engineering – http://www.securityweek.com/cisos-nightmare-digital-social-engineering

You Don’t Say? In The Face Of Massive Security Breaches, Execs Are Concerned – http://www.forbes.com/sites/benkepes/2015/01/09/you-dont-say-in-the-face-of-massive-security-breaches-execs-are-concerned/

The Debate on Defining Cybersecurity – http://www.inforisktoday.com/blogs/debate-on-defining-cybersecurity-p-1798

‘Shadow cloud’ services a growing threat to enterprises – http://searchcloudsecurity.techtarget.com/news/2240237855/Shadow-cloud-services-a-growing-threat-to-enterprises

Dissection of North Korean Web Browser Shows Country May Run Off Single IP Address – http://www.securityweek.com/dissection-north-korean-web-browser-shows-country-may-run-single-ip-address

Seeking a Risk Intelligence Model for Long-Term Cyber Resiliency? Look to Healthcare. – http://www.securityweek.com/seeking-risk-intelligence-model-long-term-cyber-resiliency-look-healthcare

APT threat actors behind quarter of data breaches  – http://www.scmagazineuk.com/apt-threat-actors-behind-quarter-of-data-breaches/article/391748/

Will fake profiles be the death of LinkedIn? – http://www.itbusiness.ca/blog/will-fake-profiles-be-the-death-of-linkedin/53022

Offline devices can still leak out info to hackers – http://www.mumbaimirror.com/others/sci-tech/Offline-devices-can-still-leak-out-info-to-hackers/articleshow/45826592.cms

Data Breach: What’s Trending for 2015? – http://www.transfirst.com/blog/data-breach-whats-trending-for-2015

“Data Rotting” concept receives CIDR 2015 Wildest Idea award – https://www.monetdb.org/blog/data-rotting-concept-receives-cidr-2015-wildest-idea-award

 

Tools, Tips and How it’s done:

THE WILD, WILD INTERNET: TYPES OF CYBER CRIMES – https://hide.me/en/blog/2015/01/wild-wild-internet-types-cyber-crimes/

Educate Your Staff to Spot Dropbox Phishing Campaigns – http://www.infosecurity-magazine.com/opinions/spotting-dropbox-phishing-campaigns/

Protecting Your Identity In The Cyber World – http://www.1011now.com/home/headlines/Protecting-Your-Identity-In-The-Cyber-World–288245311.html

KeySweeper – Arduino-based passive wireless keyboard sniffer – http://www.feedspot.com/#favorites/f_favorites

Chick-fil-A Breach: Avoiding 5 Common Security Mistakes – http://www.hackbusters.com/news/stories/216059-chick-fil-a-breach-avoiding-5-common-security-mistakes

Hacking with Andrew and Brad: tip.golang.org – https://www.youtube.com/watch?v=1rZ-JorHJEY

How to attack Adobe PDF Embedded EXE Social Engineering (NOJS) using SET Tool [on hold] – http://stackoverflow.com/questions/27863326/how-to-attack-adobe-pdf-embedded-exe-social-engineering-nojs-using-set-tool

 

Miscellaneous Privacy stories

10 Incredibly Simple Things You Can Do To Protect Your Privacy – http://www.forbes.com/pictures/fgdi45eidlj/password-protect-your-devices/

Can The Privacy Revolution Prevail? – http://www.forbes.com/sites/cherylsnappconner/2015/01/09/can-the-privacy-revolution-prevail/

Privacy watchdog reports 300 breaches in 2014 – http://www.thespec.com/news-story/5252875-privacy-watchdog-reports-300-breaches-in-2014/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

Information Security Breach Report – 09 January 2015

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Microsoft says Friday’s outage caused by software bug not cyber attack – http://www.techworm.net/2015/01/microsoft-says-fridays-outage-caused-software-bug-not-cyber-attack.html

U.K. Power Grid is Under Attack From Hackers Every Minute, Says Parliament – http://www.bloomberg.com/news/2015-01-09/power-grid-under-cyber-attack-every-minute-sees-u-k-up-defenses.html

Linux DDoS Trojan embeds RootKit component – http://securityaffairs.co/wordpress/31965/cyber-crime/linux-ddos-trojan-rootkit.html

ASUS router-popping exploit on the loose – http://www.theregister.co.uk/2015/01/09/asus_router_popping_exploit_on_the_loose/

Serious Vulnerability in VBSEO – http://blog.sucuri.net/2015/01/serious-vulnerability-on-vbseo.html

Android Manifest File Attacks Can Make Devices Inoperable – http://www.securityweek.com/android-manifest-file-attacks-can-make-devices-inoperable

Bitcoin Miner Distributed With Cracked Version of Andromeda Bot – http://www.securityweek.com/bitcoin-miner-distributed-cracked-version-andromeda-bot

CosmicDuke Variant Installs MiniDuke on Infected Systems: F-Secure – http://www.securityweek.com/cosmicduke-variant-installs-miniduke-infected-systems-f-secure

‘Self-XSS’ flaw in found Microsoft Dynamics CRM – http://www.zdnet.com/article/self-xss-flaw-in-microsoft-dynamics-crm-discovered/

GameZone, Huffington Post hit by malvertising attack – http://www.csoonline.com/article/2866713/application-security/gamezone-huffington-post-hit-by-malvertising-attack.html#tk.rss_all

Hackers try to Blackmail Swiss Bank After Stealing Data: Report – http://www.securityweek.com/hackers-try-blackmail-swiss-bank-after-stealing-data-report

The worst and biggest data breaches of 2014 – http://mashable.com/2015/01/08/data-breaches-2014/

32 Data Breaches Larger Than Sony’s in the Past Year – http://www.huffingtonpost.com/kyle-mccarthy/32-data-breaches-larger-t_b_6427010.html

 

Miscellaneous Infosec stories:

Countdown to Zero Day: launching Stuxnet on Iran – http://www.afr.com/p/technology/countdown_to_zero_day_launching_QxPeeYoePYz24NDV667NDM

Internet of Things demands security by design – http://www.csoonline.com/article/2866446/mobile-security/internet-of-things-demands-security-by-design.html#tk.rss_all

A close look at the growing trend of cyber crimes in India – http://cio.economictimes.indiatimes.com/news/digital-security/a-close-look-at-the-growing-trend-of-cyber-crimes-in-india/45818853

Snowden: US has put too much emphasis on cyber-offence, needs defence – http://arstechnica.com/tech-policy/2015/01/snowden-us-has-put-too-much-emphasis-on-cyber-offense-needs-defense/

If 2014 Was the Year of Stolen Consumer Data, Are Corporate Secrets Next? – http://www.entrepreneur.com/article/241586

If 2014 Was The Year Of The Data Breach, Brace For More – http://www.forbes.com/sites/danielfisher/2015/01/02/if-2014-was-the-year-of-the-data-breach-brace-for-more/

Microsoft Halts Advanced Notification of Patch Tuesday Updates to Public – http://www.securityweek.com/microsoft-no-longer-making-patch-tuesday-advanced-notification-available-general-public

Preventing a ‘cyber Pearl Harbor’ – http://www.washingtontimes.com/news/2015/jan/8/michael-mccaul-preventing-a-cyber-pearl-harbor/

MasterCard says Nike plotted to steal its cyber-security talent – http://www.oregonlive.com/playbooks-profits/index.ssf/2015/01/mastercard_says_nike_plotted_t.html

Big Banks’ Position on Credit Card Security Difficult To “Pin” Down – http://www.forbes.com/sites/paularosenblum/2015/01/08/big-banks-position-on-credit-card-security-difficult-to-pin-down/

Post-POODLE, OpenSSL shakes off some fleas – http://www.theregister.co.uk/2015/01/09/dead_openssl_bugs_more_fleas_than_poodles/

Brazen Attempts by Hotels to Block Wi-Fi – http://www.nytimes.com/2015/01/04/opinion/sunday/brazen-attempts-by-hotels-to-block-wi-fi.html

Integrated Threat Defense: On the Big Screen and the Computer Screen – http://www.securityweek.com/integrated-threat-defense-big-screen-and-computer-screen

Ransomware Tops List of Social Media Security Threats – http://www.itbusinessedge.com/blogs/data-security/ransomware-tops-list-of-social-media-security-threats.html

The Hacker’s Manifesto turns 29 years-old – http://www.csoonline.com/article/2866582/security-industry/the-hackers-manifesto-turns-29-years-old.html#tk.rss_all

2014 in Numbers – My Life Behind the Command Line – http://blog.freecodecamp.com/2015/01/2014-in-numbers-my-life-behind-the-command-line.html

Hacked emails reveal China’s elaborate and absurd internet propaganda machine – http://qz.com/311832/hacked-emails-reveal-chinas-elaborate-and-absurd-internet-propaganda-machine/

IoT: Hottest technology to watch out for in 2015 – http://cio.economictimes.indiatimes.com/news/internet/iot-hottest-technology-to-watch-out-for-in-2015/45807702?utm_source=RSS&utm_medium=ETRSS

Goodguy Hacker Selling Bad Guy hacks – http://www.finextra.com/blogs/fullblog.aspx?blogid=10375

Paris Attacks: The Cyber Investigation – http://www.bankinfosecurity.co.uk/paris-attacks-cyber-investigation-a-7764

 

Tools, Tips and How it’s done:

The mysterious origins of 21 tech terms – http://cio.economictimes.indiatimes.com/news/corporate-news/the-mysterious-origins-of-21-tech-terms/45817584

How My Mom Got Hacked – http://www.nytimes.com/2015/01/04/opinion/sunday/how-my-mom-got-hacked.html?_r=0

4 CISO Wish List Items for 2015 – http://www.cio.com/article/2866065/security0/4-ciso-wish-list-items-for-2015.html

Don’t Look Back in Anger: Make Security a Priority in 2015 – http://www.countertack.com/blog/dont-look-back-in-anger-make-security-a-priority-in-2015

Researchers use light rays to connect to the internet – http://www.bbc.co.uk/news/uk-scotland-30711694

Me, Myself, I: How To Combat Identity Theft – http://www.forbes.com/sites/teradata/2015/01/08/me-myself-i/

 

Miscellaneous Privacy stories

Videos From Wearable Cameras Contain Natural Biometric Markers That Can Eliminate Anonymity – https://www.techdirt.com/articles/20141216/09004629450/videos-wearable-cameras-contain-natural-biometric-markers-that-can-eliminate-anonymity.shtml

 

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 08 January 2015

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Sucuri firm discovered Backdoors relying on the Pastebin Service – http://securityaffairs.co/wordpress/31932/cyber-crime/backdoors-relying-on-pastebin-service.html and http://blog.sucuri.net/2015/01/website-backdoors-leverage-the-pastebin-service.html

FBI Defends Sony Hack Attribution – http://www.databreachtoday.com/fbi-defends-sony-hack-attribution-a-7762

Insider Theft affects a tenth of Morgan Stanley Wealth Management Clients – http://securityaffairs.co/wordpress/31915/digital-id/morgan-stanley-insider-theft.html

SocialPath privacy tool steals data, researchers warn – http://www.computerweekly.com/news/2240237678/SocialPath-mobile-privacy-tool-steals-data-researchers-warn

Microsoft reports variant of banking malware that targets German speakers – http://www.csoonline.com/article/2865286/malware-cybercrime/microsoft-reports-variant-of-banking-malware-that-targets-german-speakers.html

Websites Compromised with CloudFrond Injection – http://blog.sucuri.net/2015/01/websites-compromised-with-cloudfrond-injection.html

Credit cards among data possibly accessed in AMResorts breach – http://www.scmagazine.com/credit-cards-among-data-possibly-accessed-in-amresorts-breach/article/391472/

Pro-Russian Hackers Claim Attack on Merkel’s Website – http://www.securityweek.com/pro-russian-hackers-claim-attack-merkels-website

CryptoWall 2.0 Ransomware Capable of Executing 64-Bit Code: Cisco – http://www.securityweek.com/cryptowall-20-ransomware-capable-executing-64-bit-code-cisco

Dridex Banking Malware Abuses Microsoft Office Macros to Infect Users – http://www.eweek.com/security/dridex-banking-malware-abuses-microsoft-office-macros-to-infect-users.html

Android 5.0 Lollipop’s Memory Leak: To Be Fixed In A Future Release – http://www.androidheadlines.com/2015/01/android-5-0-lollipops-memory-leak-fixed-future-release.html

Sussex Police website data breach under investigation – http://police.governmentcomputing.com/news/sussex-police-website-data-breach-under-investigation-4483962

Zappos to pay Pa., 8 other states $106K for 2012 data breach – http://triblive.com/business/headlines/7517009-74/zappos-company-states#axzz3OF22da72

Hacking an ATM with a Samsung Galaxy 4 Smartphone – http://securityaffairs.co/wordpress/31923/cyber-crime/hacking-atm-galaxy-4-smartphone.html and http://www.theregister.co.uk/2015/01/07/atm_jackpotted_with_samsung_s4/

 

Miscellaneous Infosec stories:

What Will 2015 Mean for IT Security? – http://www.solutionary.com/resource-center/blog/2015/01/what-will-2015-mean-for-it-security/

Regulations need to evolve fast for tackling cyber crime – http://cio.economictimes.indiatimes.com/news/digital-security/regulations-need-to-evolve-fast-for-tackling-cyber-crime/45810198?utm_source=RSS&utm_medium=ETRSS

Security expert: Regin is scary and companies should be on alert – http://www.tweaktown.com/articles/6896/security-expert-regin-scary-companies-alert/index.html

Defining a Cyber Attack: My Latest Op-Ed in SIGNAL – http://sites.tufts.edu/fletcherdean/defining-a-cyber-attack-my-latest-op-ed-in-signal/

Device democracy: Saving the future of the Internet of Things [pdf] – http://public.dhe.ibm.com/common/ssi/ecm/gb/en/gbe03620usen/GBE03620USEN.PDF

The Cost of Getting My Stolen Computer Back – http://thebillfold.com/2015/01/the-cost-of-getting-my-stolen-computer-back/

Survey Shows Cyberthreat Worries – http://www.inforisktoday.com/blogs/survey-shows-cyberthreat-worries-p-1795

Bankers: Retailers Are Wrong About EMV – http://www.bankinfosecurity.com/blogs/bankers-retailers-are-wrong-about-emv-p-1796

As cyber attacks swell, a move toward improved industry collaboration – http://fortune.com/2015/01/07/cybersecurity-collaboration/

The world’s first CISO explains why technology alone has never beaten cyber crime – http://www.information-age.com/it-management/strategy-and-innovation/123458809/worlds-first-ciso-explains-why-technology-alone-has-never-beaten-cyber-crime

Cyber Criminals Could Be A Threat To The Computer In Your Car – http://www.raccars.co.uk/news/article/3101/cyber-criminals-could-be-a-threat-to-the-computer-in-your-car

What Would a Cyber Attack on the UK be Like? – http://web202.ssvc.com/news/articles/army/3584

PCI 3.0 Compliance Standard Arrives With Start of New Year – http://www.securityweek.com/pci-30-compliance-standard-arrives-start-new-year?

Security in 2015: 10 predictions your business should be aware of – http://www.techradar.com/news/internet/security-in-2015-10-predictions-your-business-should-be-aware-of-1279523

Morgan Stanley Data Leak Not the First Headache for Pastebin – http://blogs.wsj.com/moneybeat/2015/01/07/morgan-stanley-data-leak-not-the-first-headache-for-pastebin/

The Year Ahead in Cyber: Endgame Perspectives on 2015 – https://www.endgame.com/blog/the-year-ahead-in-cyber-endgame-perspectives-on-2015.html

Your Next Password Is Unhackable, Unforgettable, and Not Even a Password at All – http://nybw.businessweek.com/articles/2015-01-07/your-next-password-is-unhackable-unforgettable-and-not-even-a-password-at-all#r=rss

 

Tools, Tips and How it’s done:

Hardening VoIP systems: Challenges and solutions – http://www.telecomstechnews.com/news/2015/jan/06/hardening-voip-systems-challenges-and-solutions/

Reusable Software? Just Don’t Write Generic Code – http://josdejong.com/blog/2015/01/06/code-reuse/

Transforming Cyber Defense Planning Model into Actions – http://www.securityweek.com/transforming-cyber-defense-planning-model-actions

Segmenting your traffic? You are probably doing it wrong. – https://www.chrisstucchio.com/blog/2015/ab_testing_segments_and_goals.html

The Sony hack attribution generator! – http://grahamcluley.com/2015/01/sony-hack-attribution-generator/

Attack of the Access Clones – How Organizations Can Strike Back – http://www.securityweek.com/attack-access-clones-how-organizations-can-strike-back

The Sony Breach Demonstrates The Importance Of Moving Beyond Perimeter Defence – https://community.rapid7.com/community/infosec/blog/2015/01/07/the-sony-breach-demonstrates-the-importance-of-moving-beyond-perimeter-defense

The Connections Between MiniDuke, CosmicDuke and OnionDuke – https://www.f-secure.com/weblog/archives/00002780.html

Bypassing OpenSSL Certificate Pinning in iOS Apps – http://chargen.matasano.com/chargen/2015/1/6/bypassing-openssl-certificate-pinning-in-ios-apps.html

It’s Time to Treat Your Cyber Strategy Like a Business – http://www.darkreading.com/operations/its-time-to-treat-your-cyber-strategy-like-a-business/a/d-id/1318480

Understanding the Swinging Pendulum That is Data Breach Law – http://www.claimsjournal.com/news/national/2015/01/07/259895.htm

The New Reality: Inevitability of Data Breaches and How to Mitigate Risk – http://insights.wired.com/profiles/blogs/the-new-reality-inevitability-of-data-breaches-and-how-to#axzz3OEymmX3S

6 Social Engineering Tricks That Can be Avoided if You’re Careful – http://www.cio.com/article/2866103/security0/6-social-engineering-tricks-that-can-be-avoided-if-youre-careful.html#tk.rss_security0

Responding proactively to cyber threats – http://www.cbinsight.com/responding-proactively-to-cyber-threats.html

A hacker reveals how your fingerprint could be easier to hack than a traditional password – http://cio.economictimes.indiatimes.com/news/digital-security/a-hacker-reveals-how-your-fingerprint-could-be-easier-to-hack-than-a-traditional-password/45803407

Social Engineering: How Dangerous is Your Lunch Break? – http://www.tripwire.com/state-of-security/security-awareness/social-engineering-how-dangerous-is-your-lunch-break/

 

Miscellaneous Privacy stories

CES 2015: Warning over data grabbed by smart gadgets – http://www.bbc.co.uk/news/technology-30705361

 

 

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 07 January 2015

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Hacking group publishes Xbox One SDK, threatens to leak unreleased game builds – https://nakedsecurity.sophos.com/2015/01/06/hacking-group-publishes-xbox-one-sdk-threatens-to-leak-unreleased-game-builds/

USPS breach wider than first reported – http://fcw.com/articles/2015/01/06/usps-breach.aspx

Firmware flaws could allow a malicious reflash, US CERT warns – http://www.csoonline.com/article/2865218/vulnerabilities/firmware-flaws-could-allow-a-malicious-reflash-us-cert-warns.html and http://www.securityweek.com/researchers-find-several-uefi-vulnerabilities

UK National Property Register Site Exposed 28 Million Records: Researcher – http://www.securityweek.com/uk-national-property-register-site-exposed-28-million-records-researcher

Vulnerability in Moonpig API Exposed Customer Data: Researcher – http://www.securityweek.com/vulnerability-moonpig-api-exposed-customer-data-researcher

Thieves Jackpot ATMs With ‘Black Box’ Attack – http://krebsonsecurity.com/2015/01/thieves-jackpot-atms-with-black-box-attack/

Chick-fil-A Offers Info on Investigation of Possible Data Breach – http://hospitalitytechnology.edgl.com/news/Chick-fil-A-Offers-Info-on-Investigation-of-Possible-Data-Breach97515

Malvertising Attack Served Using AOL Ad Network – http://www.securityweek.com/malvertising-attack-served-using-aol-ad-network-cyphort

GoGo in-flight WiFi creates man-in-the-middle diddle – http://www.theregister.co.uk/2015/01/06/gogo_ssl/

Morgan Stanley Fires Employee For Client Data Leak – http://www.nasdaq.com/article/morgan-stanley-fires-employee-for-client-data-leak-20150105-01330

Doh! WikiLeaks’ PDF viewer springs XSS vuln – http://www.theregister.co.uk/2014/12/23/wikileaks_pdf_viewer_vuln/

 

Miscellaneous Infosec stories:

Dev put AWS keys on Github. Then BAD THINGS happened – http://www.theregister.co.uk/2015/01/06/dev_blunder_shows_github_crawling_with_keyslurping_bots/

IoT: Do Risks Outweigh Benefits? – http://www.databreachtoday.co.uk/iot-do-risks-outweigh-benefits-a-7754

Companies Are Freaked Out About Cybersecurity And Plan To Spend A Lot More On It This Year – http://uk.businessinsider.com/piper-jaffray-survey-shows-companies-spending-more-on-cyber-security-2015-1?r=US

The fog of cyber warfare: Hacked if you do, hacked if you don’t – http://www.infoworld.com/article/2865340/cringely/fog-of-cyber-warfare-hacked-if-you-do-hacked-if-you-dont.html

The Case Against Hack-Back – http://www.bankinfosecurity.co.uk/case-against-hack-back-a-7759

Denmark Plans to Invest $75 Million towards Empowering its Cyber Control – http://securityaffairs.co/wordpress/31871/cyber-warfare-2/denmark-75-million-cyber-control.html

Chief Data Officer: Insights Meet Intuition – http://www.forbes.com/sites/danielnewman/2015/01/06/chief-data-officer-insights-meet-intuition/

The Top Five Cyber Policy Developments of 2014: The IANA Transition – http://blogs.cfr.org/cyber/2015/01/06/the-top-five-cyber-policy-developments-of-2014-the-iana-transition/

Breach and the state of Indian cyber crime – http://www.firstpost.com/business/breach-state-indian-cyber-crime-2031873.html

2015 to see increased IoT risks, wider security skills gap – http://www.zdnet.com/article/2015-to-see-increased-iot-risks-wider-security-skills-gap/

8 smart devices at risk – http://www.csoonline.com/article/2865523/mobile-security/8-smart-devices-at-risk-of-attack.html#tk.rss_all

What CISOs, InfoSec Pros Have on Their 2015 Wish Lists – http://www.securityweek.com/what-cisos-infosec-pros-have-their-2015-wish-lists

Why Major Retailers Want Chip and PIN – http://www.bankinfosecurity.co.uk/interviews/major-retailers-want-chip-pin-i-2544

8 ways the CIO job will change in 2015 – http://cio.economictimes.indiatimes.com/news/corporate-news/8-ways-the-cio-job-will-change-in-2015/45771584

IBM: Retail Cyber Attacks, Victims Drop in 2014 – http://www.wwd.com/retail-news/trends-analysis/ibm-retail-cyber-attacks-victims-drop-in-2014-8089482

 

Tools, Tips and How it’s done:

3 Opportunities to Learn from the Sony Breach – https://www.venafi.com/blog/post/3-opportunities-to-learn-from-the-sony-breach

Addressing Health Data Sharing Risks – http://www.databreachtoday.com/interviews/addressing-health-data-sharing-risks-i-2543

Who’s Attacking Whom? Realtime Attack Trackers – http://krebsonsecurity.com/2015/01/whos-attacking-whom-realtime-attack-trackers/

The Merchant Financial Cyber Partnership Issues Cybersecurity Recommendations – http://www.mondaq.com/unitedstates/x/364718/Data+Protection+Privacy/The+Merchant+Financial+Cyber+Partnership+Issues+Cybersecurity+Recommendations

Breach Prevention: 5 Lessons Learned – http://www.databreachtoday.com/breach-prevention-5-lessons-learned-a-7757

10 tips for detecting malicious & compromised users – https://community.rapid7.com/community/infosec/blog/2014/06/05/new-guide-10-tips-for-detecting-malicious-compromised-users

Endpoint security fundamentals: Procuring antimalware protection – http://searchsecurity.techtarget.com/feature/Endpoint-security-fundamentals-Procuring-antimalware-protection

The 2015 Social Engineering Survival Guide – http://www.csoonline.com/article/2864598/security-awareness/the-2015-social-engineering-survival-guide.html

5 Tips On How To Prepare For A Data Breach – http://www.wallstreetandtech.com/security/5-tips-on-how-to-prepare-for-a-data-breach/a/d-id/1318297

Research: Standard Response in Data Breach May Not Be Best – http://campustechnology.com/articles/2015/01/05/research-standard-response-in-data-breach-may-not-be-best.aspx?admgarea=news

In Security, Prioritization should be a Priority – http://www.securityweek.com/security-prioritization-should-be-priority

New Security Guidelines For Online Payments in the EU – http://www.securityweek.com/new-security-guidelines-online-payments-eu

 

Miscellaneous Privacy stories

Ex-Microsoft Bug Bounty dev forced to decrypt laptop for Paris airport official – http://www.theregister.co.uk/2015/01/06/former_ms_bug_bounty_program_developer_forced_into_paris_laptop_decryption/

Court Asked Why There’s No Expectation Of Privacy In Cell Location Data, But An Expectation Of Privacy In The Cellphone Itself – https://www.techdirt.com/articles/20150105/11504629598/defense-asks-circuit-court-why-theres-no-expectation-privacy-cell-location-data-expectation-privacy-cellphone-itself.shtml

Don’t bother posting this privacy notice to your Facebook account. It’s a hoax – http://grahamcluley.com/2015/01/facebook-privacy-notice-hoax/

HTTPS can be set as your super-cookie – http://www.theregister.co.uk/2015/01/06/https_can_be_set_as_your_supercookie/

 

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM Blog

SRM Blog