Monthly Archive February 2015

Information Security Breach Report – 23 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

Breaches, Incidents and Alerts:

BIND Security Update Fixes Server Crash Flaw –

Gogo Inflight Internet is Intentionally Issuing Fake SSL Certificates –

CAVIRTEX Finally Stops Operating Due to Recent Security Breach –

Seals With Clubs suffers security breach, shuts down Bitcoin-based online poker room –

White House network almost back after breach –

Data breach at Lone Star Circle of Care affects 8,700 –

Police warn against ‘Microsoft’ scammers –

Privacy Breach at Motor Vehicle Registration –

Android malware fakes phone shutdown to steal data –

Virus posing as ‘The Interview’ movie link hits cyberspace –

“TNT” gang has released a new hardware TDoS tool in the criminal underground –


Miscellaneous Infosec stories:

Surprise! America Already Has a Manhattan Project for Developing Cyber Attacks –

Turkey Seeks National Plan for Cyber Threats –

Bahrain cracks down on rampant cyber crime cases –

Revelation of Secret Spyware Could Hamper US Espionage Efforts –

Corporate espionage: Well-oiled leak machine at mantralayas –

JPMorgan Goes to War –

Could a North Korean spy be ripping you off online? Impoverished dictatorship uses hackers to steal £1billion a year from the west –

Cyber Threat in Globalized World –

Regaining Consumer Trust Post-Breach Starts at the Point of Sale –

State Department official: The department deals with thousands of cyber attacks every day –

Computer Security in the Real World –

HSBC Whistleblower: Thief or Hero? Debatable … Preventable Data Breach? Absolutely –

Phone fraud becoming more prevelant –

Knowing the Basics of SMB Cyber Security –

Artificial Intelligence May Save Us From New Breed of Cyber Threats –

Windows SSL Interception Gone Wild –

SEC on the prowl for cyber security cases: official –

Does China Really Know How to Wage Cyber War? –

Don’t wait until you’re attacked to take cybersecurity seriously –

What will happen to the Lizard Squad hackers? –

Cyber-security: US government cannot keep hackers out of national networks –

Who Cares Who’s Behind A Data Breach? –


Hidden costs of Sony’s data breach will add up for years, experts say –

Information technology leaders feel ill-equipped to handle escalating cyber threats –

Research Centre Tackles Cybercrime –


Tools, Tips and How it’s done:

PowerSpy – How to spy on mobile users by monitoring the power supply –

Patching Haste Makes Waste –

How to test your PC for the new “Superfish” security vulnerability –

SecureTV Interviews The Legend BlackHAT Hacker Kevin D. Mitnick –

Ethical Hacking Course – Part 1 –

Ethical Hacking Course – The rest –

Say What? Required contents of notice in data breach notifications –

The real cost of a data breach –

Cyber Criminals Use Patience, Persistence and Patsies to Fleece Banks for Hundreds of Millions –

Data Breach Risks from Spear Phishing –

Hacking the Human OS: A Report on Social Engineering –

Be your own Big Brother: Covert home spy gadgetry –

Top 3 Takeaways from the “Escalate your Efficiency: How to Save Time on Penetration Testing” Webcast –

Google Webfonts, The Spy Inside? –

Top 10 DNS attacks likely to infiltrate your network –

NIST Shows Crystal Pattern Mapping Can Recover Obliterated Serial Numbers in Metals –

Experimenting with Honeypots Using The Modern Honey Network –

Is Your Small Business Prepared for a Data Breach Event? New ‘White Paper’ Explores Small Businesses ID Theft and Data Breach Trends –

How Syrian Hackers Nearly Hijacked Wix by Way of Google Apps –

How cybercriminals hack our brains –

Patching Haste Makes Waste –

Understanding the Hacker Mindset –

Forced Perspective: Your Cyberdefense Tactics Appear Bigger Than They Are –

Tracing an Injected iframe –


Miscellaneous Privacy stories

Cyber crime and a mistaken search upend the lives of innocent Kalispell couple –

800,000 people get bad tax info in latest snafu –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is


Retailer Breaches – Summary Report

Retailer breach stories:

Level 2 Retailer data breach – Barclaycard –

Shoe retailer Office warned on data breach – and

Target data breach: Why UK business needs to pay attention –

Online retailer admits data breach –

Retailer Michaels Stores confirms payment card data breach –

Retail Security Breaches 2014: Home Depot, Target Should Have Stronger Countermeasures, Experts Say –

Which Big Retailer Hasn’t Reported a Major Breach — Yet? –

The Year Of The Retailer Data Breach –

Home Depot says 56 MILLION payment cards have been affected by biggest retail security breach in history –

Retailer Bebe Confirms Payment Card Data Breach –

Staples Becomes The Latest Retailer Affected By A Payment Card Data Breach –

Kmart becomes latest retailer to suffer security breach –

Banks take on retailers over who foots cyber attacks bill –

Data Breach Survey: Consumers hold retailers responsible, second only to criminals –

Moonpig investigating potential security breach –

Chick-fil-A May Be the Latest Retail Data Breach Victim –

4 Reasons Why You Should Shop at Stores That Got Hacked –

3 High Profile Retail Data Breaches Changing Consumer Behaviour– Unless Executives Act –

Dairy Queen says data breached at stores –

Grocery stores in multiple states hit by data breach –

2013 Data Breaches: All You Need to Know –

Retailers’ data breaches could get ‘ugly’ –

The Real Cost of a Retail Data Breach –

Continuous Breach: A New State of Mind, Especially for Retailers –

Can Companies Restore Consumer Confidence After a Data Breach? –

Another Potential Retail Mega Breach At Sandwich Chain Jimmy Johns –

Court Rules in Favor of Breached Retailer –

Supervalu hit by hackers, data breach affects 180 stores –

2014 – An Explosion of Data Breaches and PoS RAM Scrapers –

How companies can rebuild trust after a security breach –

Why retailers bear the brunt of security breaches –

Poll: Nearly half of cardholders likely to avoid stores hit by data breaches –

Retail Breaches Bolster Interest In NIST Cyber Security Advice –

Retail’s Reality: Shopping Behavior After Security Breaches –

Backoff and BlackPOS Malware Breach Retailers Point of Sale Systems –

Retailers Are Finding That Data Vulnerability Can Undo Years of Brand Equity –

10 lessons learned from major retailers’ cyber breaches –


Credit Card Breaches Happen: What You Can Do to Protect Yourself –


What Retailers Need to Do to Prevent the Next Breach –

Sheplers Western Wear Alerts Customers Concerning Data Breach Affecting Retail Stores –

The data breach payment fight heats up –

Strengthening security after a breach of a retailer’s customer data –

Data breach alert: Small retailers are especially vulnerable –

Lax security and complacency are common –

Chronology of Data Breaches | Privacy Rights Clearinghouse –

Why is PCI DSS Compliance Important? –

PCI DSS: is the cure worse than the disease? –

If I’m not compliant, what may happen to me and my business? –

The real cost of a data breach –

Regaining Consumer Trust Post-Breach Starts at the Point of Sale –

Information Security Breach Report – 19 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Meet Babar, a New Malware Almost Certainly Created by France –

Tens of thousands of home routers at risk with duplicate SSH keys –

Cyber Espionage group attacking thousands of victims globally –

Lenovo sold laptop with pre-installed Superfish malware –

Got a Netgear wireless router? You’ve got a security problem –

Morgan Stanley breach probe shifts to hacker from fired employee: WSJ –

Bitcoin exchange shuts down after suspected password breach –

Update On Morgan Stanley Breach Probe –

Babar the Elephant: Another malware plague with a cute name –

25 billion Cyberattacks hit systems in Japan during 2014 –

Cisco – New Malware-Laced Spam Campaign Hits Corporate Users –

UMaine Data Breach Exposes Information on Hundreds of Students –

RedTube porn website spreads malware, via iFrame invisible to the naked eye –

Scammers using obituary notices to acquire new victims –

Malicious Emails Can Cause Android Email App to Crash: Researcher –

Vawtrak Banking Trojan Uses Windows PowerShell, Macros in Infection Routines –


Miscellaneous Infosec stories:

Swedish man pleads guilty to peddling Blackshades malware –

Banking Malware Redefined –

iBank: RBS, NatWest first UK banks to allow Apple Touch ID logins –

Vawtrack malware peddlers turn to malicious macros –

Software Advice: More than half of SMBs don’t have data breach plan –

End Users Causing Bulk Of Infosec Headaches –

The Average Face of a Hacker is Revealed by the Team at Secure Thoughts –

Hurd: Cyber security most pressing issues in U.S. ––cyber-security-most-pressing-issues-in-u-s-.html

Lawsuit: Anthem Was Warned Of Cyber Threat To Health Care Providers –

Kaspersky says his warnings about cyber threats have come true –

An Internet of Things that do what they’re told –

Social engineering the new norm for hackers, nation-states –

Cars Are Delivering Tons Of Driving Data To Manufacturers With Minimal Security And Even Less Transparency –

Carbanak Cybersecurity Threat Is Overhyped, Banking Groups Say –

Security In The Year 2020 –

Hey, does anyone know if Dilbert has upset Kim Jong Un recently? –

Visual hacking exposed –

Boards Not Regularly Briefed on Cyber-Security: Survey –

Upgraded version of encryptors spreading with help of social engineering –

Secure Domains: The DNS Security Debate –

Kaspersky says his warnings about cyber threats have come true –

Banking Malware Redefined –


Tools, Tips and How it’s done:

3 P’s to practice safe cyber security habits –

Intel Security: social engineering hacking the human OS –

Protect Yourself From Cyber Attacks –

Time for an Updated Cyber Risk Approach; BPI Data Breach –

Five Cyber Attacks that Made CISOs Rethink Security –

5 Ways Companies Can Avoid a Data Breach in 2015 –

Three Keys to a Successful Cybersecurity Defense Program –

The Web Application Stack – A Growing Threat Vector –

Protecting Your Personal Information and Identity After a Breach –


Android malware hijacks power button, empties wallet while you sleep –

Expert Advice: How to Up Your Cyber Security –

Anti-Virus: Applied Incorrectly? –

Preparing for a Data Security Breach –


Miscellaneous Privacy stories

It’s not just Samsung TVs — lots of other gadgets are spying on you –

Yet Another Report Showing ‘Anonymous’ Data Not At All Anonymous –

UK Police Forces Have Secret Facial Recognition Database Of 18 Million People, Many Innocent –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

Information Security Breach Report – 17 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

Breaches, Incidents and Alerts:

16 million mobile devices hit by malware in 2014: Alcatel-Lucent –

Lincolnshire scammers using police logo in mobile con –

While Obama talks cyber security, his hotel’s computer system fails –

Over 100 banks in 30 countries hit by sophisticated cyber-attack –

Crooks steal money from Standard Chartered Accounts by hacking ATMs –

Security breach affects SSC employees –

Personal weather stations can expose your Wi-Fi network –

Lack of CSPRNG Threatens WordPress Sites –

Discovered 40000 vulnerable MongoDB databases on the Internet –

Google Play, Browser Flaws Expose Android Devices to Remote Code Execution –

Newsweek Twitter hack is a sign of the times –

15-year-old bug allows malicious code execution in all versions of Windows –


Miscellaneous Infosec stories:

Cybersecurity goes way beyond passwords –

Security Concerns After Zero-Day Attacks in Adobe Flash –

Beware of Phishing mails; you could be the next hack victim –

Cyber security will shape the Internet of Things –

Employees vulnerable to cyber crime –

FIA claims arrest of two of FBI’s 10 most-wanted cyber criminals –

SRM launch the North East Cyber Security Business Cluster –

When is a password leak not a password leak? –

Google cuts Microsoft and pals some slack in zero-day vuln crusade – an extra 14 days tops –

Banks, Gov’t Struggle to Contain Growing Cyber Threat –

Phishing for clickers –

Twitter sends employees fake spam to see if they’ll fall for it –

‘Zero days’ last up to six months for some malware –

HP Promises Half a Million Dollars in Prizes for Pwn2Own 2015 –

Google’s Vint Cerf warns of ‘digital Dark Age’ –

Breach Level Index Finds Data Breaches Increased 49 Percent –

Ukrainian government to counter cyber-attacks –

Millions Of Users Unaware That Facebook Is On The Internet — Or Think It *Is* The Internet –


Report: Chinese groups behind most state-sponsored attacks in 2014 –

Tools, Tips and How it’s done:

HTML5 Security Cheat Sheet –

Now, I can see wifi signals. –

Cyber Attacks Through Power and Cooling Systems –

How secret Swiss banking works –

Hacker Hour: The Hackers Guide To Social Engineering –

UK Computer Emergency Response Team (CERT) Introduction to Social Engineering –

Phishing attacks increasingly target financial data –

The limits of prevention-centric security programs –

Preparing for a Data Breach – What to Know About Breach Notification –

Phishing: Learning from Recent Breaches –

How to Defend Your Business Against Social Engineering Scams –

‘CIO of Year’ on Defending Against Hackers –

PoS Malware Kits Rose in Underground in 2014: Report –

How To Protect Yourself From Dating App Cyber Threats –

Complexity is the Enemy of Security –

CTO Corner: Creation of CTIIC Demonstrates Heightened Importance of Cyber Security –

Five sneaky ways companies are changing employees’ security behavior –

Connected Home Security Systems Easy to Hack: HP –

How to remotely install malicious apps on Android devices –

Miscellaneous Privacy stories

Legal compliance challenges of Big Data: Seeing the forest for the trees –

Tim Cook: Cyber privacy is a ‘life and death’ issue –

US lawmakers introduce two bills to protect email privacy –

Jeb Bush’s email dump puts constituents’ personal data online –

If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

Information Security Breach Report – 18 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

New detail emerges on Boston Baskin Cancer Foundation breach –

Scammers target State of Franklin Healthcare employees in payroll breach –

16-year-old claims to be behind USyd data breach –

16 Million Mobile Devices Infected With Malware in 2014: Alcatel-Lucent –

Israeli gov & boffins targeted by pr0ntastic malware from Gaza –

Haskell Confirms Security Breach in Debian Builds –

Information disclosure flaw exposes Netgear wireless routers to attacks –

LOVELY HORSE: GCHQ Program Monitored Hacker/InfoSec Community on Social Media –

Russian report says 100 groups hit by $1bn cyber attack –

Scammers pushing fake AdwCleaner in active scareware campaign –


Miscellaneous Infosec stories:

Hacking Goes Mainstream –

Payment Security Initiatives Unveiled –

Regulator Hints at New Cyber Guidance –

New Studies Proving Non Immediate Reaction of Antivirus Tools to Threats –

MasterCard, Visa to Introduce New Cybersecurity Enhancements –

What Makes Hacker News Fame? –

Swinney: Scotland’s cyber security strategy ‘will not involve monitoring the internet’ –

8 areas where CSOs and CIOs will converge in 2015 –

Small Business Cyberattacks continuing to pose a threat –

Li-Fi-like System Would Bring 100-Gbps Speeds Straight to Your Computer –


Are you ready for EU laws on cyber security and data protection? –

The UK Cyber Security Strategy – Update –


Tools, Tips and How it’s done:

Security Think Tank: Use the Sony breach to plan for the worst –

Don’t let a breach trash your company’s reputation: look at Data Loss Prevention –

Fingerprinting is an increasingly common yet rarely discussed technique of identifying individual Web users –

Risk reduction key to tackling cyber crime, says Stroz Friedberg –

Tor design proposals: how we make changes to our protocol –


Miscellaneous Privacy stories

Euro ministers trade data for data protection – yes, your passenger records –


If you would like this report sent to your inbox each morning, email me at


You can see all previous issues of this blog at


My Linkedin Profile is


SRM Blog

SRM Blog