Monthly Archive February 2015

Information Security Breach Report – 10 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Anthem warns US customers of e-mail scam after data breach – http://www.thestar.com.my/Tech/Tech-News/2015/02/09/Anthem-warns-US-customers-of-email-scam-after-data-breach/

Fraudulent tax returns tied to data breach – http://www.thecitizen.com/articles/02-08-2015/fraudulent-tax-returns-tied-data-breach

WHAS11 I-Team investigates cyber threat to local power, water supply – http://www.whas11.com/story/news/investigations/iteam/2015/02/05/whas11-i-team-investigates-cyber-threat-to-local-power-water-supply/22953977/

Fessleak malvertising campaign used to serve ransomware – http://securityaffairs.co/wordpress/33153/cyber-crime/fessleak-malvertising-campaign.html

United website breach let fliers see each others’ private data – http://boingboing.net/2015/01/28/united-website-breach-let-flie.html

 

Miscellaneous Infosec stories:

Meet The Man Who Finds Your Stolen Passwords – http://www.popularmechanics.com/technology/security/a13844/alex-holden-finds-your-passwords/

Shy, retiring British spies come out as MEGA HACKERS – http://www.theregister.co.uk/2015/02/08/uk_government_draft_draft_interception_of_communications_and_equipment_interference/

Beyond the breach: cyberattacks force a defence strategy re-think – http://www.dailymail.co.uk/wires/reuters/article-2945054/Beyond-breach-cyberattacks-force-defence-strategy-think.html

Cyber attacks force a defence strategy re-think at major companies – http://www.theage.com.au/it-pro/security-it/cyber-attacks-force-a-defence-strategy-rethink-at-major-companies-20150208-139eez.html

One Week, Two Hacks And A Whole Bunch Of Cyber Worries – http://wvpe.org/post/one-week-two-hacks-and-whole-bunch-cyber-worries

Met Police staff lose 24 laptops – http://www.newsguardian.co.uk/news/national/met-police-staff-lose-24-laptops-1-7096081

Are Smart Homes Cyber-Security smart? – https://www.enisa.europa.eu/media/press-releases/are-smart-homes-cyber-security-smart

Report: Cars are vulnerable to wireless hacking – http://www.detroitnews.com/story/business/autos/2015/02/08/report-cars-vulnerable-wireless-hacking/23094215/

China week: A miscarriage of justice and a cyber crackdown – http://www.bbc.co.uk/news/world-asia-china-31159690

Biometric Tipping Point: USAA Deploys Face, Voice Recognition – http://www.americanbanker.com/news/bank-technology/biometric-tipping-point-usaa-deploys-face-voice-recognition-1072509-1.html

Amateur Cyber-defenders Thwart ‘Attack’ on Major Multinational Corporation – http://www.infosecurity-magazine.com/news/amateur-cyberdefenders-attack/

Here’s Where Europe Has Made Big Changes in Cyber Security – http://www.defenseone.com/threats/2015/02/heres-where-europe-has-made-big-changes-cyber-security/104454/

 

Tools, Tips and How it’s done:

Why startups need to worry about hackers — and what you can do to protect your business – http://business.financialpost.com/2015/02/08/startups-are-anything-but-inconsequential-to-cyber-thieves/?__lsa=9438-0ac9

Honored in the Breach: Employer Action Items for an Insurer Data Breach – http://www.jdsupra.com/legalnews/honored-in-the-breach-employer-action-i-39313/

Guide to Protection Against a Data Breach – http://www.informationsecuritybuzz.com/guide-protection-data-breach/

Why Fraud Is Shifting to Mobile Devices – http://www.databreachtoday.co.uk/interviews/fraud-shifting-to-mobile-devices-i-2569

DDoS-For-Hire Services Market Leads to Boom in DDoS Attacks: Akamai – http://www.securityweek.com/ddos-hire-services-market-leads-boom-ddos-attacks-akamai

Parse Security in iOS – http://resources.infosecinstitute.com/parse-security-ios/

Enginursday: InfoSec for Hardware Geeks – https://www.sparkfun.com/news/1733

New Chrome extension spots unencrypted tracking – http://www.csoonline.com/article/2877254/compliance/new-chrome-extension-spots-unencrypted-tracking.html#tk.rss_all

 

Miscellaneous Privacy stories

WATCH IT: It’s watching you as you WATCH IT (Your Samsung telly is) – http://www.theregister.co.uk/2015/02/09/samsung_listens_in_to_everything_you_say_to_your_smart_tellie/

Spying On Sharing: Canada’s Intelligence Agency Collecting Data And IP Addresses From Free File-Sharing Sites – https://www.techdirt.com/articles/20150128/07173529836/spying-sharing-canadas-intelligence-agency-collecting-data-ip-addresses-free-file-sharing-sites.shtml

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

 

Information Security Breach Report – 12 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Anthem warns US customers of e-mail scam after data breach – http://www.thestar.com.my/Tech/Tech-News/2015/02/09/Anthem-warns-US-customers-of-email-scam-after-data-breach/

Fraudulent tax returns tied to data breach – http://www.thecitizen.com/articles/02-08-2015/fraudulent-tax-returns-tied-data-breach

WHAS11 I-Team investigates cyber threat to local power, water supply – http://www.whas11.com/story/news/investigations/iteam/2015/02/05/whas11-i-team-investigates-cyber-threat-to-local-power-water-supply/22953977/

Fessleak malvertising campaign used to serve ransomware – http://securityaffairs.co/wordpress/33153/cyber-crime/fessleak-malvertising-campaign.html

United website breach let fliers see each others’ private data – http://boingboing.net/2015/01/28/united-website-breach-let-flie.html

 

Miscellaneous Infosec stories:

Meet The Man Who Finds Your Stolen Passwords – http://www.popularmechanics.com/technology/security/a13844/alex-holden-finds-your-passwords/

Shy, retiring British spies come out as MEGA HACKERS – http://www.theregister.co.uk/2015/02/08/uk_government_draft_draft_interception_of_communications_and_equipment_interference/

Beyond the breach: cyberattacks force a defence strategy re-think – http://www.dailymail.co.uk/wires/reuters/article-2945054/Beyond-breach-cyberattacks-force-defence-strategy-think.html

Cyber attacks force a defence strategy re-think at major companies – http://www.theage.com.au/it-pro/security-it/cyber-attacks-force-a-defence-strategy-rethink-at-major-companies-20150208-139eez.html

One Week, Two Hacks And A Whole Bunch Of Cyber Worries – http://wvpe.org/post/one-week-two-hacks-and-whole-bunch-cyber-worries

Met Police staff lose 24 laptops – http://www.newsguardian.co.uk/news/national/met-police-staff-lose-24-laptops-1-7096081

Are Smart Homes Cyber-Security smart? – https://www.enisa.europa.eu/media/press-releases/are-smart-homes-cyber-security-smart

Report: Cars are vulnerable to wireless hacking – http://www.detroitnews.com/story/business/autos/2015/02/08/report-cars-vulnerable-wireless-hacking/23094215/

China week: A miscarriage of justice and a cyber crackdown – http://www.bbc.co.uk/news/world-asia-china-31159690

Biometric Tipping Point: USAA Deploys Face, Voice Recognition – http://www.americanbanker.com/news/bank-technology/biometric-tipping-point-usaa-deploys-face-voice-recognition-1072509-1.html

Amateur Cyber-defenders Thwart ‘Attack’ on Major Multinational Corporation – http://www.infosecurity-magazine.com/news/amateur-cyberdefenders-attack/

Here’s Where Europe Has Made Big Changes in Cyber Security – http://www.defenseone.com/threats/2015/02/heres-where-europe-has-made-big-changes-cyber-security/104454/

 

Tools, Tips and How it’s done:

Why startups need to worry about hackers — and what you can do to protect your business – http://business.financialpost.com/2015/02/08/startups-are-anything-but-inconsequential-to-cyber-thieves/?__lsa=9438-0ac9

Honored in the Breach: Employer Action Items for an Insurer Data Breach – http://www.jdsupra.com/legalnews/honored-in-the-breach-employer-action-i-39313/

Guide to Protection Against a Data Breach – http://www.informationsecuritybuzz.com/guide-protection-data-breach/

Why Fraud Is Shifting to Mobile Devices – http://www.databreachtoday.co.uk/interviews/fraud-shifting-to-mobile-devices-i-2569

DDoS-For-Hire Services Market Leads to Boom in DDoS Attacks: Akamai – http://www.securityweek.com/ddos-hire-services-market-leads-boom-ddos-attacks-akamai

Parse Security in iOS – http://resources.infosecinstitute.com/parse-security-ios/

Enginursday: InfoSec for Hardware Geeks – https://www.sparkfun.com/news/1733

New Chrome extension spots unencrypted tracking – http://www.csoonline.com/article/2877254/compliance/new-chrome-extension-spots-unencrypted-tracking.html#tk.rss_all

 

Miscellaneous Privacy stories

WATCH IT: It’s watching you as you WATCH IT (Your Samsung telly is) – http://www.theregister.co.uk/2015/02/09/samsung_listens_in_to_everything_you_say_to_your_smart_tellie/

Spying On Sharing: Canada’s Intelligence Agency Collecting Data And IP Addresses From Free File-Sharing Sites – https://www.techdirt.com/articles/20150128/07173529836/spying-sharing-canadas-intelligence-agency-collecting-data-ip-addresses-free-file-sharing-sites.shtml

 

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

 

Information Security Breach Report – 09 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

DDoS malware for Linux systems comes with sophisticated custom-built rootkit – http://www.csoonline.com/article/2881134/malware-cybercrime/ddos-malware-for-linux-systems-comes-with-sophisticated-custombuilt-rootkit.html#tk.rss_all

New phishing scam preys on fear of child sexual predators – http://www.pcworld.com/article/2877951/new-phishing-scam-preys-on-fear-of-child-sexual-predators.html

55th Largest Private Company In America Sent Millions To China Because An Email Told Them To – https://www.techdirt.com/articles/20150205/06583729917/55th-largest-private-company-america-sent-millions-to-china-because-email-told-them-to.shtml

Bootle man admits to cyber attacks on more than 300 websites – http://www.bbc.co.uk/news/uk-england-merseyside-31161778

Free Tax Software Is Bad – https://common-form.com/blog/free-tax-software-bad/

New Web flaw enables powerful social engineering attacks – http://www.computerworld.com/article/2835091/new-web-flaw-enables-powerful-social-engineering-attacks.html

E-Mail Phishing Scam Related to Anthem Data Breach – http://wabi.tv/2015/02/06/e-mail-phishing-scam-related-anthem-data-breach/

Southwest Ohio county hit by cyber scammers – http://www.chillicothegazette.com/story/news/state/2015/02/07/southwest-ohio-county-hit-cyber-scammers/23037193/

HSBC leak shows 3100 secret Turkish bank accounts – http://www.worldbulletin.net/world/154654/hsbc-leak-shows-3100-secret-turkish-bank-accounts

#SwissLeaks: Irish people who made settlements with Revenue feature in leaked secret files – http://www.independent.ie/business/irish/swissleaks-irish-people-who-made-settlements-with-revenue-feature-in-leaked-secret-files-30974918.html

Australian Tax Office probes high-profile Australians’ Swiss bank accounts after account data leak – http://www.theaustralian.com.au/news/australian-tax-office-probes-high-profile-australians-swiss-bank-accounts-after-account-data-leak/story-e6frg6n6-1227213823578?nk=7edcdafcf42bd13e541b155991b2afd3

Capita has been responsible for a breach of NHS employees’ personal data in Liverpool – http://www.nursingtimes.net/nursing-practice/specialisms/management/hr-firm-reviews-protocols-after-nhs-staff-data-breach-in-liverpool/5081951.article

Viewers duped by TV game shows – http://www.deccanchronicle.com/150209/nation-current-affairs/article/viewers-duped-tv-game-shows

Popular CS:GO website HLTV reports security breach – http://www.tweaktown.com/news/43399/popular-cs-go-website-hltv-reports-security-breach/index.html

 

Miscellaneous Infosec stories:

Make sure your company isn’t the next Anthem – http://www.csoonline.com/article/2881181/data-breach/make-sure-your-company-isn-t-the-next-anthem.html#tk.rss_all

ACMC stresses importance of cyber innovation – http://www.marinecorpstimes.com/story/military/2015/02/06/acmc-stresses-importance-of-cyber-innovation-at-onr-conference/22953233/

Why sheep could be fitted with WiFi sensors – http://www.bbc.co.uk/news/technology-31188251

UK government asks: How’s our hacking? – http://mashable.com/2015/02/06/uk-government-hacking/

How much is a retro-computer worth? – http://www.bbc.co.uk/news/business-31188257

11 percent of mobile banking apps includes harmful code – http://securityaffairs.co/wordpress/33212/malware/mobile-banking-apps-suspect.html

Cyber Security in 2015 – https://www.ssls.com/blog/cyber-security-2015/

Is Your Middle-Market Company Under Cyber Attack? – http://www.middlemarketgrowth.org/middle-market-company-cyber-attack/

GCHQ created ‘Lovely Horse’ to keep track of top hackers’ and security specialists’ blogs and tweets – http://www.computing.co.uk/ctg/news/2394090/gchq-created-lovely-horse-to-keep-track-of-top-hackers-and-security-specialists-blogs-and-tweets

Here’s why the cyber insurance industry is worth £55.6 billion – http://www.itproportal.com/2015/02/07/heres-cyber-insurance-industry-worth-55-6-billion/

Our Favourite Scammers – http://www.head-fi.org/t/701900/schiit-happened-the-story-of-the-worlds-most-improbable-start-up/5130#post_11289247

SEC Examines Response From Financial Advisory, Brokerage Firms to Cyber Threats – http://www.securityweek.com/sec-examines-response-financial-advisory-brokerage-firms-cyber-threats

Cybercriminals ‘often start out with minor thefts in online games’ – http://www.theguardian.com/technology/2015/feb/07/cybercriminals-often-start-minor-thefts-online-games

Robert E. Stroud: Concerted action will help thwart cyber attacks – http://gulftoday.ae/portal/4f1ba6f0-9c64-47be-b35a-eaa0addff6fd.aspx

Computer hacking evolves from malicious to heroic – http://college.usatoday.com/2015/02/07/computer-hacking-evolves-from-malicious-to-heroic/

Cybersecurity is a C-Level Activity – http://www.tenable.com/blog/cybersecurity-is-a-c-level-activity

At the third beep, the Atomic Clock will be 60 … imprecisely – http://www.theregister.co.uk/2015/02/08/feature_atomic_clock_60_years_old/

There’s a weird problem with the new Raspberry Pi computer – http://cio.economictimes.indiatimes.com/news/hardware/theres-a-weird-problem-with-the-new-raspberry-pi-computer/46161680

How a dozen ministers who tried to smuggle mobiles into Cabinet were caught when GCHQ went to brief them – http://www.dailymail.co.uk/news/article-2944602/How-dozen-ministers-tried-smuggle-mobile-phones-Cabinet-meeting-caught-GCHQ-went-brief-them.html

Don’t count on antivirus software alone to keep your data safe – http://www.theregister.co.uk/2015/02/09/dont_count_on_antivirus_alone_to_protect_your_data/

How cyberattacks are turning the industry around – http://cio.economictimes.indiatimes.com/news/digital-security/how-cyberattacks-are-turning-the-industry-around/46171725

 

Tools, Tips and How it’s done:

Making PGP Key Management Invisible So Johnny Can Encrypt – https://blog.whiteout.io/2015/02/06/making-pgp-key-management-invisible-so-johnny-can-encrypt/

10 steps to deter and defeat Cyber Hackers – http://forums.juniper.net/t5/Security-Now/10-steps-to-deter-and-defeat-Cyber-Hackers/ba-p/268452

Credentials –> Compromises | Rinse and Repeat – https://community.rapid7.com/community/metasploit/blog/2015/02/06/credentials–compromises-rinse-and-repeat

Risk Management Lessons from Anthem Hack – http://www.inforisktoday.com/interviews/risk-management-lessons-from-anthem-hack-i-2571

I TURNED CAPS LOCK ON FOR A WEEK AND EVERYONE HATED IT – http://fusion.net/story/42057/caps-lock/

7 Best WordPress Security Plugins – http://resources.infosecinstitute.com/7-best-wordpress-security-plugins/

Hacking pinterest android app – http://kiennt.com/blog/2014/03/28/hacking-pinterest.html

Cybersecurity Coordinator: Don’t ‘Waste a Crisis’ – http://www.databreachtoday.com/cybersecurity-coordinator-dont-waste-crisis-a-7892

TOP 2015 Cell Phone Spy Software Apps – http://spyearpiece.com/shop/

The Computer as a Communication Device – http://www.utexas.edu/lbj/archive/news/images/file/20_20_03_licklider-taylor-1.pdf

The Computer Science Handbook – http://www.thecshandbook.com/public_html/TheComputerScienceHandbook.pdf

All about Cloud Computing – http://www.cloudcomputingpatterns.org/

An Introduction to Virtual Memory – http://deathbytape.com/post/110371790629/intro-virtual-memory

Security Breach 101 – https://medium.com/@magoo/security-breach-101-b0f7897c027c

Investigating online dating fraud – http://www.net-security.org/secworld.php?id=17922&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Using Social Engineering Toolkit (SET) over the Internet – http://www.discoverykeywords.com/keyword-research-tools/using-social-engineering-toolkit-set-over-the-internet/

They’ve finally solved it: Schrödinger’s cat is both ALIVE AND DEAD – http://www.theregister.co.uk/2015/02/08/schrdingers_cat_really_is_alive_and_dead/

VPNs Dissolve National Boundaries Online, for Work and Movie-Watching – http://bits.blogs.nytimes.com/2015/02/08/in-ways-legal-and-illegal-vpn-technology-is-erasing-international-borders/

Temporary credit card numbers safeguard cyber-shoppers – http://www.freep.com/story/money/business/michigan/2015/02/08/temporary-credit-card-numbers/23086507/

Dissidents and dealers rejoice! Droid app hides your stash in plain sight – http://www.theregister.co.uk/2015/02/09/droidstealth/

 

Miscellaneous Privacy stories

Facebook can now stalk you everywhere on the internet – http://cio.economictimes.indiatimes.com/news/internet/facebook-can-now-stalk-you-everywhere-on-the-internet/46146234

British Tribunal Rules Mass Internet Surveillance by GCHQ Was Unlawful – http://www.csoonline.com/article/2880945/cyber-attacks-espionage/british-tribunal-rules-mass-internet-surveillance-by-gchq-was-unlawful.html#tk.rss_all

Slurping air passengers’ private details not great for privacy, concede EU data bods – http://www.theregister.co.uk/2015/02/06/eu_data_watchdogs_say_tracking_flight_passengers_is_a_breach_of_privacy/

Canary Watch Site Launches to Track Warrant Canaries – http://threatpost.com/canary-watch-site-launches-to-track-warrant-canaries/110813

7 Things To Love About reddit’s First Transparency Report – https://www.eff.org/deeplinks/2015/02/7-things-love-about-reddits-first-transparency-report

Samsung SmartTV models transmit voice, and more, to a third-party service – http://securityaffairs.co/wordpress/33238/digital-id/samsung-smarttv-privacy-issue.html

Iggy Azalea hits out at Papa John’s Pizza over information leak – http://www.digitalspy.co.uk/showbiz/news/a627556/iggy-azalea-hits-out-at-papa-johns-pizza-over-information-leak.html#~p3TosNQ9dWDwNT

 

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/srm-breach-reports/ or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

The UK Cyber Security Strategy – Update

The latest document published by the Cabinet Office in relation to the UK Cyber Security Strategy provides an update of progress throughout 2014, and the plans moving forward in 2015.

Part of the plans involve Government and industry working together in a joint Cyber Growth Partnership (CGP) to drive innovation and growth in the UK cyber security sector, including helping to establish regional Cyber Security Business “Clusters”.

SRM are responsible for initiating and progressing the Cyber Security Business Cluster in the North East of England.

There are now 14 such clusters established or soon to be launched across the UK. These clusters support and champion smaller UK cyber security companies domestically and internationally.

The_UK_Cyber_Security_Strategy_Report_on_Progress_and_Forward_Plans_-_December_2014

 

 

SRM's Operations & Finance Director, Brian F is a regular contributor to the SRM Blog.

Why is agility a critical part of e-safety?

Last month dozens of images of British children were discovered on a Russian website used by paedophiles. Until they were tipped off, the parents of the children involved had been completely unaware that images of children as young as three had been taken from their own social media sites to be displayed inappropriately. As with so many such instances on the Internet, there followed a number of stable-door shutting exercises accompanied by statements of firm resolve that such a thing will never happen again.

In reality, this is an almost impossible claim to make. Because although a knowledgeable minority may keep their attention firmly fixed on making sure that the same type of incident is not repeated, the very nature of the Internet means that while they are doing so, somebody somewhere will have simply thought of another thing to do or another way in which to do it.

The Internet evolves at the pace of the fastest mind. It only takes one person to think creatively for shallow defences to be overrun. In safeguarding terms this means that as soon as one hole has been plugged, another one develops and that what might be have been right today won’t be right tomorrow.

This is a scary prospect in anyone’s Internet but particularly frightening when it comes to safeguarding children. In some cases, they might be victim to a deliberate, sophisticated and malicious cyber attack; but as often as not, they are more likely to be victims of cyber bullying or fraud. No one knows when and from where the next attack will come and that is why any Internet Security system must have an inbuilt capacity to evolve.

In the trade this is known as agility. And for Internet Security to be truly agile, it must have an inbuilt capacity to accumulate and interpret its own intelligence. That is why when SRM produced its Virtual E-Safety Officer portal, we developed its capacity to gather market intelligence from all participating schools, thus giving them and us the opportunity to spot developing trends.

SRM Blog

SRM Blog