Monthly Archive February 2015
Information Security Breach Report – 23 February 2015
A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.
Breaches, Incidents and Alerts:
BIND Security Update Fixes Server Crash Flaw – http://www.securityweek.com/bind-security-update-fixes-server-crash-flaw
Gogo Inflight Internet is Intentionally Issuing Fake SSL Certificates – http://www.symantec.com/connect/blogs/gogo-inflight-internet-intentionally-issuing-fake-ssl-certificates
CAVIRTEX Finally Stops Operating Due to Recent Security Breach – http://securitygladiators.com/2015/02/20/cavirtex-shut-down-finally/
Seals With Clubs suffers security breach, shuts down Bitcoin-based online poker room – http://aarontodd.casinocitytimes.com/article/seals-with-clubs-suffers-security-breach-shuts-down-bitcoin-based-online-poker-room-64060
White House network almost back after breach – http://thehill.com/policy/cybersecurity/233376-white-house-network-almost-back-after-breach
Data breach at Lone Star Circle of Care affects 8,700 – http://www.statesman.com/news/news/data-breach-at-lone-star-circle-of-care-affects-87/nkFyY/
Police warn against ‘Microsoft’ scammers – http://cyprus-mail.com/2015/02/20/police-warn-against-microsoft-scammers/
Privacy Breach at Motor Vehicle Registration – http://www.vocm.com/newsarticle.asp?mn=2&id=52823&latest=1
Android malware fakes phone shutdown to steal data – http://www.csoonline.com/article/2886979/malware-vulnerabilities/android-malware-fakes-phone-shutdown-to-steal-data.html#tk.rss_all
Virus posing as ‘The Interview’ movie link hits cyberspace – http://cio.economictimes.indiatimes.com/news/digital-security/virus-posing-as-the-interview-movie-link-hits-cyberspace/46313347
“TNT” gang has released a new hardware TDoS tool in the criminal underground – http://securityaffairs.co/wordpress/33867/cyber-crime/tnt-gang-released-tdos-tool.html
Miscellaneous Infosec stories:
Surprise! America Already Has a Manhattan Project for Developing Cyber Attacks – http://www.wired.com/2015/02/americas-cyber-espionage-project-isnt-defense-waging-war/
Turkey Seeks National Plan for Cyber Threats – http://www.defensenews.com/story/defense/policy-budget/cyber/2015/02/21/turkey-cyber-tubitak-cybersecurity-ssm-software/23636627/
Bahrain cracks down on rampant cyber crime cases – http://www.shanghaidaily.com/article/article_xinhua.aspx?id=269388
Revelation of Secret Spyware Could Hamper US Espionage Efforts – http://www.voanews.com/content/revelation-of-secret-spyware-could-hamper-us-espionage-efforts/2653015.html
Corporate espionage: Well-oiled leak machine at mantralayas – http://timesofindia.indiatimes.com/india/Corporate-espionage-Well-oiled-leak-machine-at-mantralayas/articleshow/46328566.cms
JPMorgan Goes to War – http://www.bloomberg.com/news/articles/2015-02-19/jpmorgan-hires-cyberwarriors-to-repel-data-thieves-foreign-powers
Could a North Korean spy be ripping you off online? Impoverished dictatorship uses hackers to steal £1billion a year from the west – http://www.dailymail.co.uk/news/article-2875763/Could-North-Korean-SPY-ripping-online-Impoverished-dictatorship-uses-hackers-steal-1billion-year-west.html
Cyber Threat in Globalized World – http://www.hazar.org/blogdetail/blog/cyber_threat_in_globalized_world_1115.aspx
Regaining Consumer Trust Post-Breach Starts at the Point of Sale – http://www.paymentssource.com/news/interchange/regaining-consumer-trust-post-breach-starts-at-the-point-of-sale-3020599-1.html
State Department official: The department deals with thousands of cyber attacks every day – http://newsmaine.net/22503-state-department-official-department-deals-thousands-cyber-attacks-every-day
Computer Security in the Real World – http://research.microsoft.com/en-us/um/people/blampson/69-SecurityRealIEEE/69-SecurityRealIEEE.htm
HSBC Whistleblower: Thief or Hero? Debatable … Preventable Data Breach? Absolutely – http://www.sys-con.com/node/3303009
Phone fraud becoming more prevelant – http://www.kare11.com/story/news/local/2015/02/20/phone-fraud-becoming-more-prevelant/23779187/
Knowing the Basics of SMB Cyber Security – https://smallbusinesssolutions.blogs.xerox.com/2015/02/19/knowing-the-basics-of-smb-cyber-security/#.VOrSAvmsV8E
Artificial Intelligence May Save Us From New Breed of Cyber Threats – http://www.cio.com/article/2886748/security0/artificial-intelligence-may-save-us-from-new-breed-of-cyber-threats.html
Windows SSL Interception Gone Wild – https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339
SEC on the prowl for cyber security cases: official – http://www.reuters.com/article/2015/02/20/us-sec-cyber-idUSKBN0LO28H20150220
Does China Really Know How to Wage Cyber War? – http://thediplomat.com/2015/02/does-china-really-know-how-to-wage-cyber-war/
Don’t wait until you’re attacked to take cybersecurity seriously – http://www.net-security.org/secworld.php?id=17978&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
What will happen to the Lizard Squad hackers? – http://www.theguardian.com/technology/2015/feb/20/lizard-squad-hackers-lulzsec-anonymous-what-will-happen
Cyber-security: US government cannot keep hackers out of national networks – http://www.independent.co.uk/news/world/americas/cybersecurity-us-government-cannot-keep-hackers-out-of-national-networks-10060206.html
Who Cares Who’s Behind A Data Breach? – http://www.darkreading.com/attacks-breaches/who-cares-whos-behind-a-data-breach/a/d-id/1319162
PUBLIC SECTOR FACES RISE IN CYBER-ATTACKS – http://www.cbronline.com/news/security/public-sector-faces-rise-in-cyber-attacks-4517223
Hidden costs of Sony’s data breach will add up for years, experts say – http://siliconangle.com/blog/2015/02/20/hidden-costs-of-sonys-data-breach-will-add-up-for-years-experts-say/?angle=silicon
Information technology leaders feel ill-equipped to handle escalating cyber threats – http://phys.org/news/2015-02-technology-leaders-ill-equipped-escalating-cyber.html
Research Centre Tackles Cybercrime – http://www.inforisktoday.com/research-centre-tackles-cybercrime-a-7935
Tools, Tips and How it’s done:
PowerSpy – How to spy on mobile users by monitoring the power supply – http://securityaffairs.co/wordpress/33934/hacking/powerspy-spy-on-mobile.html
Patching Haste Makes Waste – http://www.infosecdailynews.com/patching-haste-makes-waste/
How to test your PC for the new “Superfish” security vulnerability – http://cio.economictimes.indiatimes.com/news/digital-security/how-to-test-your-pc-for-the-new-superfish-security-vulnerability/46329529
SecureTV Interviews The Legend BlackHAT Hacker Kevin D. Mitnick – http://www.tonavids.com/video_yIkAtGjGO_g_SecureTV-Interviews-The-Legend-BlackHAT-Hacker-Kevin-D.-Mitnick.html
Ethical Hacking Course – Part 1 – http://www.dailymotion.com/video/x2hrvhz_ethical-hacking-course-part-1-kali-linux-introduction-installation_school
Ethical Hacking Course – The rest – http://www.dailymotion.com/gb/relevance/universal/search/Ethical+Hacking+Course/1
Say What? Required contents of notice in data breach notifications – http://www.welivesecurity.com/2015/02/21/required-contents-of-notice-data-breach-notification/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+(ESET+Blog%3A+We+Live+Security)
The real cost of a data breach – http://www.retaildive.com/news/the-real-cost-of-a-data-breach/363587/
Cyber Criminals Use Patience, Persistence and Patsies to Fleece Banks for Hundreds of Millions – http://www.virtual-strategy.com/2015/02/21/cyber-criminals-use-patience-persistence-and-patsies-fleece-banks-hundreds-millions#axzz3SVwRfUR0
Data Breach Risks from Spear Phishing – http://privacylawadvisor.com/data-breach-risks-from-spear-phishing/
Hacking the Human OS: A Report on Social Engineering – http://www.itsecurityalerts.com/hacking-the-human-os-a-report-on-social-engineering/
Be your own Big Brother: Covert home spy gadgetry – http://www.theregister.co.uk/2015/02/21/be_your_own_big_brother_people/
Top 3 Takeaways from the “Escalate your Efficiency: How to Save Time on Penetration Testing” Webcast – https://community.rapid7.com/community/metasploit/blog/2015/02/20/top-3-takeaways-from-the-escalate-your-efficiency-how-to-save-time-on-penetration-testing-webcast
Google Webfonts, The Spy Inside? – http://fontfeed.com/archives/google-webfonts-the-spy-inside/
Top 10 DNS attacks likely to infiltrate your network – http://www.csoonline.com/article/2887220/data-protection/top-10-dns-attacks-likely-to-infiltrate-your-network.html#tk.rss_all
NIST Shows Crystal Pattern Mapping Can Recover Obliterated Serial Numbers in Metals – http://www.nist.gov/public_affairs/tech-beat/tb20150218.cfm#ebsd
Experimenting with Honeypots Using The Modern Honey Network – https://zeltser.com/modern-honey-network-experiments/
Is Your Small Business Prepared for a Data Breach Event? New ‘White Paper’ Explores Small Businesses ID Theft and Data Breach Trends – http://www.prweb.com/releases/2015/02/prweb12528343.htm
How Syrian Hackers Nearly Hijacked Wix by Way of Google Apps – http://recode.net/2015/02/20/how-syrian-hackers-nearly-hijacked-wix-by-way-of-google-apps/
How cybercriminals hack our brains – http://www.net-security.org/secworld.php?id=17977
Patching Haste Makes Waste – http://blog.lumension.com/9831/patching-haste-makes-waste/
Understanding the Hacker Mindset – http://www.bankinfosecurity.com/interviews/understanding-hacker-mindset-i-2589
Forced Perspective: Your Cyberdefense Tactics Appear Bigger Than They Are – http://www.securityweek.com/forced-perspective-your-cyberdefense-tactics-appear-bigger-they-are
Tracing an Injected iframe – http://ranger-cha.blogspot.co.uk/2015/02/tracing-injected-iframe.html
Miscellaneous Privacy stories
Cyber crime and a mistaken search upend the lives of innocent Kalispell couple – http://www.dailyinterlake.com/members/cyber-crime-and-a-mistaken-search-upend-the-lives-of/article_181876ac-ba20-11e4-88ff-abd63141c727.html
800,000 people get bad tax info in latest Healthcare.gov snafu – http://www.engadget.com/2015/02/20/healthcare-gov-tax-snafu/?ncid=rss_truncated
If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com
You can see all previous issues of this blog at http://blog.srm-solutions.com/
or www.jonfisherthoughts.co.uk
My Linkedin Profile is uk.linkedin.com/in/jonfisher99/
Retailer Breaches – Summary Report
Retailer breach stories:
Level 2 Retailer data breach – Barclaycard – www.barclaycard.co.uk/business/files/Level2_retailer_data_breach.pdf
Shoe retailer Office warned on data breach – http://www.bbc.co.uk/news/technology-30896805 and http://www.computerweekly.com/news/2240238420/Information-Commissioners-Office-issues-warning-to-Office-shoe-retailer-over-data-breach
Target data breach: Why UK business needs to pay attention – http://www.computerweekly.com/feature/Target-data-breach-Why-UK-business-needs-to-pay-attention
Online retailer Play.com admits data breach – http://www.information-age.com/technology/security/1611878/online-retailer-playcom-admits-data-breach
Retailer Michaels Stores confirms payment card data breach – http://uk.reuters.com/article/2014/04/17/us-michaelsstores-cybercrime-idUSBREA3G27N20140417
Retail Security Breaches 2014: Home Depot, Target Should Have Stronger Countermeasures, Experts Say – http://www.ibtimes.com/retail-security-breaches-2014-home-depot-target-should-have-stronger-countermeasures-1683362
Which Big Retailer Hasn’t Reported a Major Breach — Yet? – http://www.bloomberg.com/news/articles/2014-10-21/which-big-retailer-hasn-t-reported-a-major-breach-yet-
The Year Of The Retailer Data Breach – http://www.darkreading.com/attacks-breaches/the-year-of-the-retailer-data-breach/d/d-id/1317462
Home Depot says 56 MILLION payment cards have been affected by biggest retail security breach in history – http://www.dailymail.co.uk/news/article-2761490/Home-Depot-says-malware-affected-56M-payment-cards.html
Retailer Bebe Confirms Payment Card Data Breach – http://techcrunch.com/2014/12/05/retailer-bebe-confirms-payment-card-data-breach/
Staples Becomes The Latest Retailer Affected By A Payment Card Data Breach – http://techcrunch.com/2014/10/21/staples-becomes-the-latest-retailer-affected-by-a-payment-card-data-breach/
Kmart becomes latest retailer to suffer security breach – http://fortune.com/2014/10/10/kmart-becomes-latest-retailer-to-suffer-security-breach/
Banks take on retailers over who foots cyber attacks bill – http://www.ft.com/cms/s/0/23f1339c-6778-11e4-8970-00144feabdc0.html#axzz3SSs0seud
Data Breach Survey: Consumers hold retailers responsible, second only to criminals – http://www.brunswickgroup.com/about-us/news/data-breach-survey/
Moonpig investigating potential security breach – http://www.essentialretail.com/news/ecommerce/article/54ac11bb8b255-moonpig-investigating-potential-security-breach
Chick-fil-A May Be the Latest Retail Data Breach Victim – http://www.eweek.com/security/chick-fil-a-may-be-the-latest-retail-data-breach-victim.html
4 Reasons Why You Should Shop at Stores That Got Hacked – http://time.com/money/3524447/data-breach-target-home-depot-holiday-shopping/
3 High Profile Retail Data Breaches Changing Consumer Behaviour– Unless Executives Act – https://zonefox.com/news/high-profile-retail-data-breaches-changing-consumer-behaviour-unless-executives-act/
Dairy Queen says data breached at stores – http://www.cnbc.com/id/102077305#.
Grocery stores in multiple states hit by data breach – http://www.computerworld.com/article/2491234/cybercrime-hacking/grocery-stores-in-multiple-states-hit-by-data-breach.html
2013 Data Breaches: All You Need to Know – http://resources.infosecinstitute.com/2013-data-breaches-need-know/
Retailers’ data breaches could get ‘ugly’ – http://www.detroitnews.com/story/business/personal-finance/2014/12/07/retailers-data-breach/20067897/
The Real Cost of a Retail Data Breach – http://data-protection.safenet-inc.com/2014/07/the-real-cost-of-a-retail-data-breach/#sthash.S4yW6HvS.dpbs
Continuous Breach: A New State of Mind, Especially for Retailers – https://www.damballa.com/continuous-breach/
Can Companies Restore Consumer Confidence After a Data Breach? – http://www.triplepundit.com/2014/07/can-companies-restore-consumer-confidence-data-breach/
Another Potential Retail Mega Breach At Sandwich Chain Jimmy Johns – http://www.tripwire.com/state-of-security/latest-security-news/another-potential-retail-mega-breach-at-sandwich-chain-jimmy-johns/
Court Rules in Favor of Breached Retailer – http://www.databreaches.net/court-rules-in-favor-of-breached-retailer/
Supervalu hit by hackers, data breach affects 180 stores – http://www.techtimes.com/articles/13145/20140815/supervalu-hit-by-hackers-data-breach-affects-180-stores.htm
2014 – An Explosion of Data Breaches and PoS RAM Scrapers – http://blog.trendmicro.com/trendlabs-security-intelligence/2014-an-explosion-of-data-breaches-and-pos-ram-scrapers/
How companies can rebuild trust after a security breach – http://www.techpageone.co.uk/en/technology/security-it/companies-can-rebuild-trust-security-breach/#.VOmrFvmsV8E
Why retailers bear the brunt of security breaches – http://www.networkworld.com/article/2458993/security0/why-retailers-bear-the-brunt-of-security-breaches.html
Poll: Nearly half of cardholders likely to avoid stores hit by data breaches – http://www.creditcards.com/credit-card-news/shopping-after-breach.php
Retail Breaches Bolster Interest In NIST Cyber Security Advice – http://www.informationweek.com/government/cybersecurity/retail-breaches-bolster-interest-in-nist-cyber-security-advice/d/d-id/1252740
Retail’s Reality: Shopping Behavior After Security Breaches – http://www.interactionsmarketing.com/retailperceptions/2014/06/retails-reality-shopping-behavior-after-security-breaches/
Backoff and BlackPOS Malware Breach Retailers Point of Sale Systems – http://www.yassl.com/yaSSL/Blog/Entries/2014/9/11_Backoff_and_BlackPOS_Malware_Breach_Retailers_Point_of_Sale_Systems.html
Retailers Are Finding That Data Vulnerability Can Undo Years of Brand Equity – http://www.adweek.com/news/advertising-branding/retailers-are-finding-data-vulnerability-can-undo-years-brand-equity-156459
10 lessons learned from major retailers’ cyber breaches – http://www.propertycasualty360.com/2014/09/23/10-lessons-learned-from-major-retailers-cyber-brea
POSSIBLE DATA BREACH AT ACME STORES IN PA, NJ, DEL. – http://6abc.com/shopping/possible-data-breach-at-acme-stores-in-pa-nj-del/329670/
Credit Card Breaches Happen: What You Can Do to Protect Yourself – http://www.zonealarm.com/blog/2014/11/credit-card-breaches-happen-what-you-can-do-to-protect-yourself/
WHY IS THE COST OF A DATA BREACH SO HIGH? – http://www.delegosoftware.com/why-is-the-cost-of-a-data-breach-so-high/
What Retailers Need to Do to Prevent the Next Breach – http://www.csc.com/cybersecurity/insights/107105-what_retailers_need_to_do_to_prevent_the_next_breach
Sheplers Western Wear Alerts Customers Concerning Data Breach Affecting Retail Stores – http://www.databreaches.net/sheplers-western-wear-alerts-customers-concerning-data-breach-affecting-retail-stores/
The data breach payment fight heats up – http://thehill.com/policy/cybersecurity/228161-the-fight-over-paying-for-data-breaches-heats-up
Strengthening security after a breach of a retailer’s customer data – http://www.pwc.com/us/en/advisory-services/case-studies/technology/assets/strengthening-security.pdf
Data breach alert: Small retailers are especially vulnerable –
Lax security and complacency are common – http://www.consumerreports.org/cro/news/2014/05/data-breach-alert-small-retailers-are-especially-vulnerable/index.htm
Chronology of Data Breaches | Privacy Rights Clearinghouse – https://www.privacyrights.org/data-breach-asc
Why is PCI DSS Compliance Important? – http://www.theukcardsassociation.org.uk/security/PCIDSS_compliance.asp
PCI DSS: is the cure worse than the disease? – http://www.techworld.com/news/security/pci-dss-is-cure-worse-than-disease-3426435/
If I’m not compliant, what may happen to me and my business? – http://www.theukcardsassociation.org.uk/security/Non_compliance_PCIDSS.asp
The real cost of a data breach – http://www.retaildive.com/news/the-real-cost-of-a-data-breach/363587/
Regaining Consumer Trust Post-Breach Starts at the Point of Sale – http://www.paymentssource.com/news/interchange/regaining-consumer-trust-post-breach-starts-at-the-point-of-sale-3020599-1.html
Information Security Breach Report – 19 February 2015
A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.
Breaches, Incidents and Alerts:
Meet Babar, a New Malware Almost Certainly Created by France – http://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france
Tens of thousands of home routers at risk with duplicate SSH keys – http://www.csoonline.com/article/2886236/network-security/tens-of-thousands-of-home-routers-at-risk-with-duplicate-ssh-keys.html#tk.rss_all
Cyber Espionage group attacking thousands of victims globally – http://www.itnewsafrica.com/2015/02/cyber-espionage-group-attacking-thousands-of-victims-globally/
Lenovo sold laptop with pre-installed Superfish malware – http://securityaffairs.co/wordpress/33800/malware/lenovo-laptop-pre-installed-superfish.html
Got a Netgear wireless router? You’ve got a security problem – http://www.hotforsecurity.com/blog/got-a-netgear-wireless-router-youve-got-a-security-problem-11429.html
Morgan Stanley breach probe shifts to hacker from fired employee: WSJ – http://www.reuters.com/article/2015/02/19/us-morgan-stanley-cybercrime-idUSKBN0LN07920150219?feedType=RSS&feedName=businessNews
Bitcoin exchange shuts down after suspected password breach – http://grahamcluley.com/2015/02/bitcoin-exchange-shuts-down/
Update On Morgan Stanley Breach Probe – http://www.bidnessetc.com/35121-update-on-morgan-stanley-ms-breach-probe/
Babar the Elephant: Another malware plague with a cute name – http://www.theregister.co.uk/2015/02/19/babar_french_cyberespionage/
25 billion Cyberattacks hit systems in Japan during 2014 – http://securityaffairs.co/wordpress/33776/hacking/25-billion-cyberattacks-hit-japan.html
Cisco – New Malware-Laced Spam Campaign Hits Corporate Users – http://www.spamfighter.com/News-19462-Cisco-New-Malware-Laced-Spam-Campaign-Hits-Corporate-Users.htm
UMaine Data Breach Exposes Information on Hundreds of Students – http://news.mpbn.net/post/umaine-data-breach-exposes-information-hundreds-students
RedTube porn website spreads malware, via iFrame invisible to the naked eye – http://grahamcluley.com/2015/02/redtube-malware/
Scammers using obituary notices to acquire new victims – http://www.csoonline.com/article/2885141/malware-cybercrime/scammers-using-obituary-notices-to-acquire-new-victims.html#tk.rss_all
Malicious Emails Can Cause Android Email App to Crash: Researcher – http://www.securityweek.com/malicious-emails-can-cause-gmail-app-crash-researcher
Vawtrak Banking Trojan Uses Windows PowerShell, Macros in Infection Routines – http://www.securityweek.com/vawtrak-banking-trojan-uses-windows-powershell-macros-infection-routines
Miscellaneous Infosec stories:
Swedish man pleads guilty to peddling Blackshades malware – http://www.csoonline.com/article/2886356/cyber-attacks-espionage/swedish-man-pleads-guilty-to-peddling-blackshades-malware.html#tk.rss_all
Banking Malware Redefined – http://www.securityweek.com/banking-malware-redefined?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
iBank: RBS, NatWest first UK banks to allow Apple Touch ID logins – http://www.theregister.co.uk/2015/02/19/natwest_mobile_banking_touch_id/
Vawtrack malware peddlers turn to malicious macros – http://www.net-security.org/malware_news.php?id=2967&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
Software Advice: More than half of SMBs don’t have data breach plan – http://www.tweaktown.com/news/43626/software-advice-more-half-smbs-data-breach-plan/index.html
End Users Causing Bulk Of Infosec Headaches – http://www.darkreading.com/end-users-causing-bulk-of-infosec-headaches/d/d-id/1319143
The Average Face of a Hacker is Revealed by the Team at Secure Thoughts – http://www.virtual-strategy.com/2015/02/18/average-face-hacker-revealed-team-secure-thoughts#axzz3SCy59PFn
Hurd: Cyber security most pressing issues in U.S. – http://www.ksat.com/content/pns/ksat/news/2015/02/18/hurd–cyber-security-most-pressing-issues-in-u-s-.html
Lawsuit: Anthem Was Warned Of Cyber Threat To Health Care Providers – http://losangeles.cbslocal.com/2015/02/18/lawsuit-anthem-was-warned-of-cyber-threat-to-health-care-providers/
Kaspersky says his warnings about cyber threats have come true – http://latino.foxnews.com/latino/lifestyle/2015/02/18/kaspersky-says-his-warnings-about-cyber-threats-have-come-true/
An Internet of Things that do what they’re told – http://radar.oreilly.com/2015/02/an-internet-of-things-that-do-what-theyre-told.html
Social engineering the new norm for hackers, nation-states – http://www.scmagazineuk.com/social-engineering-the-new-norm-for-hackers-nation-states/article/399016/
Cars Are Delivering Tons Of Driving Data To Manufacturers With Minimal Security And Even Less Transparency – https://www.techdirt.com/articles/20150211/10134429988/cars-are-delivering-tons-driving-data-to-manufacturers-with-minimal-security-even-less-transparency.shtml
Carbanak Cybersecurity Threat Is Overhyped, Banking Groups Say – http://www.americanbanker.com/news/bank-technology/carbanak-cybersecurity-threat-is-overhyped-banking-groups-say-1072809-1.html
Security In The Year 2020 – http://www.tripwire.com/state-of-security/security-awareness/security-in-the-year-2020/
Hey, does anyone know if Dilbert has upset Kim Jong Un recently? – http://grahamcluley.com/2015/02/hey-does-anyone-know-if-dilbert-has-upset-kim-jong-un-recently/
Visual hacking exposed – http://www.net-security.org/secworld.php?id=17971&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29
Boards Not Regularly Briefed on Cyber-Security: Survey – http://www.securityweek.com/many-boards-directors-not-regularly-briefed-cyber-security-survey
Upgraded version of encryptors spreading with help of social engineering – http://techchannelmea.com/security/upgraded-version-encryptors-spreading-help-social-engineering
Secure Domains: The DNS Security Debate – http://www.inforisktoday.co.uk/secure-domains-dns-security-debate-a-7927
Kaspersky says his warnings about cyber threats have come true – http://latino.foxnews.com/latino/lifestyle/2015/02/18/kaspersky-says-his-warnings-about-cyber-threats-have-come-true/
Banking Malware Redefined – http://www.securityweek.com/banking-malware-redefined
Tools, Tips and How it’s done:
3 P’s to practice safe cyber security habits – http://www.ksat.com/content/pns/ksat/news/2015/02/18/3-p-sto-practice-safe-cyber-security-habits.html
Intel Security: social engineering hacking the human OS – http://www.itwire.com/business-it-news/security/67042-intel-security-social-engineering-hacking-the-human-os
Protect Yourself From Cyber Attacks – http://www.benzinga.com/general/topics/15/02/5243949/protect-yourself-from-cyber-attacks
Time for an Updated Cyber Risk Approach; BPI Data Breach – http://www.dataprivacymonitor.com/privacy/time-for-an-updated-cyber-risk-approach-bpi-data-breach/
Five Cyber Attacks that Made CISOs Rethink Security – http://www.itbusinessedge.com/slideshows/five-cyber-attacks-that-made-cisos-rethink-security.html
5 Ways Companies Can Avoid a Data Breach in 2015 – http://datashieldcorp.com/2015/02/18/5-ways-companies-can-avoid-data-breach-2015/
Three Keys to a Successful Cybersecurity Defense Program – http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/three-keys-to-a-successful-cybersecurity-defense-program/
The Web Application Stack – A Growing Threat Vector – http://www.infosecdailynews.com/the-web-application-stack-a-growing-threat-vector/
Protecting Your Personal Information and Identity After a Breach – http://www.solutionary.com/resource-center/blog/2015/02/protecting-personal-information/
THE GREAT SIM HEIST – HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE – https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
Android malware hijacks power button, empties wallet while you sleep – http://www.theregister.co.uk/2015/02/19/android_malware_hijacks_power_button_to_steal_while_you_sleep/
Expert Advice: How to Up Your Cyber Security – http://www.entrepreneur.com/article/241520
Anti-Virus: Applied Incorrectly? – http://www.inforisktoday.com/blogs/anti-virus-applied-incorrectly-p-1812
Preparing for a Data Security Breach – http://complianceriskforum.com/preparing-for-a-data-security-breach/
Miscellaneous Privacy stories
It’s not just Samsung TVs — lots of other gadgets are spying on you – http://fusion.net/story/49352/all-the-smart-gadgets-are-spying-on-you/
Yet Another Report Showing ‘Anonymous’ Data Not At All Anonymous – https://www.techdirt.com/articles/20150209/06111829955/yet-another-report-showing-anonymous-data-not-all-anonymous.shtml
UK Police Forces Have Secret Facial Recognition Database Of 18 Million People, Many Innocent – https://www.techdirt.com/articles/20150203/09153529893/uk-police-forces-have-secret-facial-recognition-database-18-million-people-many-innocent.shtml
If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com
You can see all previous issues of this blog at http://blog.srm-solutions.com/
or www.jonfisherthoughts.co.uk
My Linkedin Profile is uk.linkedin.com/in/jonfisher99/
Information Security Breach Report – 17 February 2015
A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.
Breaches, Incidents and Alerts:
16 million mobile devices hit by malware in 2014: Alcatel-Lucent – http://www.zdnet.com/article/16-million-mobile-devices-hit-by-malware-in-2014-alcatel-lucent/
Lincolnshire scammers using police logo in mobile con – http://www.eastlindseytarget.co.uk/Scammers-using-police-logo-mobile/story-26014332-detail/story.html
While Obama talks cyber security, his hotel’s computer system fails – http://uk.reuters.com/article/2015/02/15/uk-usa-cybersecurity-obama-hotel-idUKKBN0LJ00120150215
Over 100 banks in 30 countries hit by sophisticated cyber-attack – http://www.jamaicaobserver.com/news/Over-100-banks-in-30-countries-hit-by-sophisticated-cyber-attack
Crooks steal money from Standard Chartered Accounts by hacking ATMs – http://securityaffairs.co/wordpress/33511/cyber-crime/standard-chartered-accounts-hacked.html
Security breach affects SSC employees – http://www.news-star.com/article/20150213/NEWS/150219854
Personal weather stations can expose your Wi-Fi network – http://www.csoonline.com/article/2883910/privacy/personal-weather-stations-can-expose-your-wifi-network.html#tk.rss_all
Lack of CSPRNG Threatens WordPress Sites – http://threatpost.com/lack-of-csprng-threatens-wordpress-sites/111016
Discovered 40000 vulnerable MongoDB databases on the Internet – http://securityaffairs.co/wordpress/33487/hacking/40000-vulnerable-mongodbonline.html
Google Play, Browser Flaws Expose Android Devices to Remote Code Execution – http://www.securityweek.com/google-play-browser-flaws-expose-android-devices-remote-code-execution
Newsweek Twitter hack is a sign of the times – http://www.csoonline.com/article/2882977/social-networking-security/newsweek-twitter-hack-is-a-sign-of-the-times.html#tk.rss_all
15-year-old bug allows malicious code execution in all versions of Windows – http://arstechnica.com/security/2015/02/15-year-old-bug-allows-malicious-code-execution-in-all-versions-of-windows/
Miscellaneous Infosec stories:
Cybersecurity goes way beyond passwords – http://www.sfchronicle.com/opinion/article/Cybersecurity-goes-way-beyond-passwords-6081491.php
Security Concerns After Zero-Day Attacks in Adobe Flash – http://tech.co/security-concerns-zero-day-attacks-in-adobe-flash-2015-02
Beware of Phishing mails; you could be the next hack victim – http://www.indiatvnews.com/business/world/beware-of-phishing-mails-you-could-be-the-next-hack-victim-1207.html
Cyber security will shape the Internet of Things – http://www.itproportal.com/2015/02/14/cyber-security-will-shape-internet-things/
Employees vulnerable to cyber crime – http://www.scotsman.com/business/management/employees-vulnerable-to-cyber-crime-1-3690568
FIA claims arrest of two of FBI’s 10 most-wanted cyber criminals – http://tribune.com.pk/story/838615/fia-claims-arrest-of-two-of-fbis-10-most-wanted-cyber-criminals/
SRM launch the North East Cyber Security Business Cluster – http://www.srm-solutions.com/news/srm-launch-the-north-east-cyber-security-business-cluster/
When is a password leak not a password leak? –
https://blog.agilebits.com/2015/02/13/when-is-a-password-leak-not-a-password-leak/
Google cuts Microsoft and pals some slack in zero-day vuln crusade – an extra 14 days tops – http://www.theregister.co.uk/2015/02/14/google_vulnerability_disclosure_tweaks/
Banks, Gov’t Struggle to Contain Growing Cyber Threat – http://www.americanbanker.com/news/law-regulation/banks-govt-struggle-to-contain-growing-cyber-threat-1072744-1.html
Phishing for clickers – http://www.csoonline.com/article/2883744/security-leadership/phishing-for-clickers.html#tk.rss_all
Twitter sends employees fake spam to see if they’ll fall for it – http://globalnews.ca/news/1828773/twitter-sends-employees-fake-spam-to-see-if-theyll-fall-for-it/
‘Zero days’ last up to six months for some malware – http://www.csoonline.com/article/2883248/data-protection/zero-days-last-up-to-six-months-for-some-malware.html#tk.rss_all
HP Promises Half a Million Dollars in Prizes for Pwn2Own 2015 – http://www.securityweek.com/hp-promises-half-million-dollars-prizes-pwn2own-2015
Google’s Vint Cerf warns of ‘digital Dark Age’ – http://www.bbc.co.uk/news/science-environment-31450389
Breach Level Index Finds Data Breaches Increased 49 Percent – http://hospitalitytechnology.edgl.com/news/Breach-Level-Index-Finds-Data-Breaches-Increased-49-Percent98209
Ukrainian government to counter cyber-attacks – http://www.scmagazineuk.com/ukrainian-government-to-counter-cyber-attacks/article/397970/
Millions Of Users Unaware That Facebook Is On The Internet — Or Think It *Is* The Internet – https://www.techdirt.com/articles/20150211/01355929982/millions-users-unaware-that-facebook-is-internet-think-it-is-internet.shtml
HOST HIT IN CYBER ATTACK RIPS GOVERNMENT INACTION – http://www.nltimes.nl/2015/02/11/host-hit-cyber-attack-rips-government-inaction/
Report: Chinese groups behind most state-sponsored attacks in 2014 – http://www.csoonline.com/article/2882753/cyber-attacks-espionage/report-chinese-groups-behind-most-state-sponsored-attacks-in-2014.html#tk.rss_all
Tools, Tips and How it’s done:
HTML5 Security Cheat Sheet – https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet
Now, I can see wifi signals. – https://imgur.com/gallery/jdNA6
Cyber Attacks Through Power and Cooling Systems – http://www.alphaguardian.net/cyber-attacks-power-cooling-systems/
How secret Swiss banking works – http://www.businessinsider.co.id/hsbc-and-ubs-swiss-bank-account-and-tax-evasion-scandals-explainer-2015-2/#.VORiDPmsV8F
Hacker Hour: The Hackers Guide To Social Engineering – https://www.protectmybank.com/hacker-hour-hackers-guide-social-engineering/
UK Computer Emergency Response Team (CERT) Introduction to Social Engineering – https://publicintelligence.net/uk-cert-social-engineering/
Phishing attacks increasingly target financial data – http://www.net-security.org/secworld.php?id=17949
The limits of prevention-centric security programs – http://www.net-security.org/secworld.php?id=17950
Preparing for a Data Breach – What to Know About Breach Notification – http://www.lexisnexis.com/legalnewsroom/corporate/b/business/archive/2015/02/13/preparing-for-a-data-breach-what-to-know-about-breach-notification.aspx
Phishing: Learning from Recent Breaches – http://www.databreachtoday.com/interviews/phishing-learning-from-recent-breaches-i-2577
How to Defend Your Business Against Social Engineering Scams – http://blog.lifars.com/2015/02/13/how-to-defend-your-business-against-social-engineering-scam/
‘CIO of Year’ on Defending Against Hackers – http://www.databreachtoday.com/interviews/cio-year-on-defending-against-hackers-i-2578
PoS Malware Kits Rose in Underground in 2014: Report – http://www.securityweek.com/pos-malware-kits-rose-underground-2014-report?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
How To Protect Yourself From Dating App Cyber Threats – http://www.techweekeurope.co.uk/mobility/mobile-apps/protect-dating-app-cyber-threats-161856
Complexity is the Enemy of Security – http://www.securityweek.com/complexity-enemy-security?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
CTO Corner: Creation of CTIIC Demonstrates Heightened Importance of Cyber Security – https://blog.bit9.com/2015/02/11/cto-corner-creation-of-ctiic-demonstrates-heightened-importance-of-cyber-security/
Five sneaky ways companies are changing employees’ security behavior – http://www.csoonline.com/article/2881940/security-awareness/five-sneaky-ways-companies-are-changing-employees-security-behavior.html#tk.rss_all
Connected Home Security Systems Easy to Hack: HP – http://www.securityweek.com/connected-home-security-systems-easy-hack-hp
How to remotely install malicious apps on Android devices – http://securityaffairs.co/wordpress/33456/hacking/remotely-hack-android.html
Miscellaneous Privacy stories
Legal compliance challenges of Big Data: Seeing the forest for the trees – http://www.csoonline.com/article/2883796/big-data-security/legal-compliance-challenges-of-big-data-seeing-the-forest-for-the-trees.html
Tim Cook: Cyber privacy is a ‘life and death’ issue – http://www.telegraph.co.uk/finance/11412625/Tim-Cook-Cyber-privacy-is-a-life-and-death-issue.html
US lawmakers introduce two bills to protect email privacy – http://www.csoonline.com/article/2884134/privacy/us-lawmakers-introduce-two-bills-to-protect-email-privacy.html#tk.rss_all
Jeb Bush’s email dump puts constituents’ personal data online – http://www.csoonline.com/article/2882818/access-control/jeb-bushs-email-dump-puts-constituents-personal-data-online.html#tk.rss_all
If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com
You can see all previous issues of this blog at http://blog.srm-solutions.com/
or www.jonfisherthoughts.co.uk
My Linkedin Profile is