Monthly Archive March 2015

Information Security Breach Report – 27 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Cisco Fixes DoS Vulnerabilities in IOS Software – hit by cyber attack for third time in three days –

Hackers breach Fairbanks city website –

Amedisys notifies nearly 7,000 individuals of potential breach –

Cisco patches IOS to stop automation exploitation –

One in every three popular website ‘dangerous’: Study –

An SDN vulnerability forced OpenDaylight to focus on security –

Flaw in common hotel router threatens guests’ devices –

As GitHub is hit hard, experts disagree whether DDoS attacks are becoming more or less frequent –

Hackers hijack school Twitter account, post photoshopped image of teacher in his underpants –

Support Dell System Detect tool put PCs at risk –

Slack confirms hackers accessed its central user database in February, introduces two factor authentication –

State agency hacked; governor calls for study, changes –

Brunswick school officials, law enforcement investigate district computer hacking –

Bar Mitzvah attack exploits the Invariance Weakness in RC4 – and

Xtube porn website spreads malware, after being compromised by hackers –

DNV GL: Cyber Attacks on Ships, Offshore Structures Growing Threat –

Asian hackers using Android malware for sex extortion and blackmail –

WebSitePipeline notifying clients of breach –


Miscellaneous Infosec stories:

How a hack on Prince Phillip’s Prestel account led to UK computer law –

Cyber crooks turn to low-tech trickery –

The things end users do that drive security teams crazy –

Data breaches hurt more than e-retailers’ bottom lines –

Fighting U.S. Card Data Fraud Overseas –

The state of open source security –

Zero day, Web browser vulnerabilities spike in 2014 –


Tools, Tips and How it’s done:

Too Many Adverts and Porn pop-ups in your Web Browser? Maybe your Router has been Hijacked –

Vawtrak malware uses steganography to hide update files in favicons –

Security best practices for users is your first line of defense –

Evolving Security in the Face of Cyber Attacks –

True Threat Intelligence Finds What’s Related to You –

Reading the Secunia Vulnerability Review 2015 –

9 security gadgets for mobile devices –

Diagnosing networking issues in the Linux Kernel –

Mathematicians build code to take on toughest cyber attacks –

Risk-Driven Security: The Approach to Keep Pace With Advanced Threats –

The CSO Security Career Survival Guide –

Survey: 75% of firms would take hours or longer to spot breach –

Israeli boffins hack air gap, fire missiles on compromised kit –

Ransomware holds schools hostage: ‘Now give us Bitcoin worth $129k, er, $124k, wait …’ –


Miscellaneous Privacy stories:

Optus rapped for three privacy breaches –

Mandatory data retention passes Australian parliament –


Safeguarding Children and School E-Safety stories:

Why are people so mean to each other online? –

Grooming bans could stop child sex abuse say councils –

Children spend six hours or more a day on screens –

Hackers hijack school Twitter account, post photoshopped image of teacher in his underpants –

Facebook acknowledged Australia’s first children’s e-safety, aims to launch Suicide prevention  Support tools –

Feds Financing System to ‘Automatically Detect’ Cyberbullying –

Manito man pleads guilty to child grooming –

Brunswick school officials, law enforcement investigate district computer hacking –

FKA Twigs hit back at racist cyber bullies –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is


Lessons in War Series – The Role of Computer Forensics


Traditionally, computer forensic investigations are seen as reacting to historic incidents and understanding what went wrong retrospectively. But in the cyber world, forensic investigation is a critical weapon which allows us to look forward as well as back.

Cyberspace is a contested environment in which effective situational awareness is vital if we are to gain and maintain control of a particular environment (such as our corporate networks).  In this respect the cyber environment is like any traditional warfighting or security environment.

Cyber is, however, characterised by one significant difference; those senses that humans have evolved to make them so successful (and possibly dangerous) from an evolutionary point of view, don’t work in the cyber environment.  We can’t see, taste, feel or hear what is going on in the cyber environment unaided.  This sensory dislocation is one of the reasons why we often make (or see) so many of the silly mistakes and decisions which provide the basis for most of the successful attacks on our systems.

Cyber operations do have parallels with the kinetic battlespace; ranging from set piece offensive operations to covert, surveillance and persistent insurgency operations.  There are significant differences, however, not least with respect to Geographical Boundaries, Tempo and the way that we can apply force.  Whilst this post is not the place for a detailed analysis of these differences, an awareness of these areas can provide practical insights into how we operate more safely in the cyber environment.

Stripped to its basics, the purpose of the computer forensics (now a multi threaded discipline) is to gain information and understanding about a particular situation in a particular context.  This makes it a valuable proactive tool in delivering the situational awareness which can be so elusive.  Sun Tsu (506BC) advised “Know your enemy and know yourself”. I would argue that this principal is as relevant now as ever.  Forensic Tools and techniques can form the basis of proactive preparation and architecture hardening within a system often conducted as part of forensics readiness planning.

The environment can be designed, from the outset, to favour the defender. In the past, this might have been advantageous – now it is a fundamental requirement for system designers.  Elegantly designed architectures, based on a sound knowledge of the operational environment will make it harder for an attacker to gain the initiative.   Similarly, if accessing the system compels the attacker to leave footprints, it is not only a deterrent but also a helpful tool for later investigation.

In the eleventh chapter Sun Tzu states that a leader must be capable of comprehending “unfathomable plans”. At SRM we have many years’ experience in dealing with cyber criminals so can more readily see patterns in behaviour and predict future actions. We see all forensic investigations as part of the preventative process through which organisations gain visibility of their own, as well as their attacker’s capability.

Managing Director of SRM, Tom F is a regular contributor to the SRM blog.

Information Security Breach Report – 25 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

A Large Number of Hacking Vulnerable Routers Have Been Released to the Public –

Adobe CVE-2011-2461 flaw is exploitable by 4 years although it was fixed –

Study: One-third of top websites vulnerable or hacked –

Kreditech Investigates Insider Breach –

Wind turbine blown away by control system vulnerability –

Cyber criminals target financial professionals involved in deal-making –

Adobe Flash fix FAIL exposes world’s most popular sites –

Hilton member accounts info, trip dates open to plunder –

Smart TVs have become the new target for cyber criminals –

njRAT Infections on the Rise: Security Firms –

DDoS Attackers Distracting Security Teams With Shorter Attacks: Corero Networks –

Twitch accounts were compromised, passwords for all users reset –

Researchers map Drupal attack that bypasses poorly tuned Web Application Firewalls –

More Powerful Ransomware with Increased File-Infection Spotted –

Google warns of unauthorized TLS certificates trusted by almost all OSes [Updated] –

Third US Health Entity Suspected of being Compromised –

Ghost blogging platform affected by multiple vulnerabilities –

Details of more than 1,900 pupils from Henry Park Primary School leaked –

Fake “Incoming Fax Report” emails lead to crypto-ransomware –


Miscellaneous Infosec stories:

Cyber threat largest risk facing UK businesses: Marsh –

APT & Cyber-Extortion: Who’s at Risk? –

Attackers Target Community Banks –

CEOs have false perception of the extent of their cyber risk insurance cover, new report finds –


Tools, Tips and How it’s done:

Open source security tool indicates Android app vulnerability spike –

Mainframe Security — Part 3 — Where is all your sensitive data? –

How Kevin Mitnick hacked the audience at CeBIT 2015 –

5 Social Engineering Attacks to Watch Out For –


What horrors lurk in the future: Networks without sysadmins –

Maintaining digital certificate security –

The blackjack vulnerability –

Security for Meetings –

BitWhisper: Stealing Data From Isolated Computers Using Heat Emissions and Built-in Thermal Sensors –

4 Lessons Learned After Winning A Car at Ford’s Hackathon –

What is the True Cost of a Data Breach to an Organization? –

The hidden tricks of powerful persuasion –

BitWhisper: The Heat is on the Air-Gap –

Top 10 things to do when responding to a cyber security incident –

Were Weak Passwords A Problem In Recent Data Breaches? Usernames May Be A Bigger One –

Why aren’t you vulnerability scanning more often? –


Miscellaneous Privacy stories:

Metadata retention is no worse than STALKING: Turnbull –


Safeguarding Children and School E-Safety stories:

Details of more than 1,900 pupils from Henry Park Primary School leaked –

It’s Our Responsibility to Stand Up to Cyber Bullies [VIDEO] –

Schools Weigh Access to Students’ Social-Media Passwords –

75-year-old man jailed after grooming 13-year-old on the internet and having sex with her –

Teachers to be trained to tackle homophobia –

Children’s details lost and sent to wrong place by Derby City Council employees –

Four advantages of an identity behavior-based approach to cybersecurity –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

Doctrine or Dogma – will the Government hold its nerve?

Government hates a policy vacuum. So, while CESG, the UK government’s National Technical Authority for Information Assurance, has brought about changes to the management of Internet Security within government offices, many still rely on the legacy IS1 frameworks to manage their information risk.

No longer legally bound by the cumbersome process of IS 1/2, the new focus is on balance risk management, resilience and incident response. The old process was criticised for being un-wieldy, inevitably leaving system protection behind the curve. By putting the emphasis on guidelines and outcomes, rather than policy and dogma, the new system hopes to keep one step ahead of threats and attackers.

With this shift in focus, there is the potential for public sector risk management doctrine to become dramatically more dynamic. But, while this is ultimately a good thing because it will mean a more agile and responsive framework to operate within the increasingly dynamic risk environment, it will also be increasingly difficult for traditional risk managers (in all sectors) as the process becomes dependent on decision making under conditions of uncertainty as well as the tacit acceptance that mistakes can and will be made.

Protection of systems, particularly relating to the use of social media within the workplace, now relies on an individual practitioner’s capacity to respond effectively to a wide range of different events without recourse to a standardised process within which they can operate.  Significantly, individual practitioners must balance this new freedom with the need to ensure that risks can be managed across organisational and technical boundaries.

Where, in the past, considerable weight was given to process (sometimes 300 page documents were produced in support of IS 1 & 2), now the emphasis is on timely effect. Compliance has become about behaviour not policy.  For highly skilled practitioners this will not present a problem but for those with less experience and confidence, it can be a heavy burden of individual responsibility.

We now need to focus on doctrine rather than dogma.  (I see doctrine as the process by which we write down what we do so that we can do it better; where dogma is when we write things down for the sake of it)!  Policy is a reflection of management intent and in today’s world, our doctrine must be judged by its effect.

Regardless, there are many who feel uncomfortable taking responsibility for their own judgement without dogmatic policy to fall back on.  The question in the long term is whether the CESG will hold its nerve, producing proportional doctrine or whether it and the practitioner community will feel compelled to generate another generation of dogma.

Tom F

Managing Director of SRM, Tom F is a regular contributor to the SRM blog.

Information Security Breach Report – 23 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Decoder of secret information stolen, security agencies panic –

PNP website trashed by hacker –

Swedish city demands £40,000 to repair teenage hacking spree –

CREEPS rejoice: Small biz Cisco phones open to eavesdrop 0-day –

Australian online voting system may have FREAK bug –

Personal email ID of Southern Command chief under attack –

UAE is top-two victim of regional cyber attacks –

Tasty Spam: SMS Sex Spammer Moves into the Cloud –

Blunder leads to leak of 500 patient email addresses –

ISIS hackers call for homegrown ‘jihad’ against U.S. military, posts names and addresses of 100 service members –


Operation Woolen Goldfish, a hacking campaign in the wild –

Cisco Discovers New “PoSeidon” Point of Sale Malware –

Bank of America phishing attack hits customers –


Miscellaneous Infosec stories:

Is the UK gaining on the US in its spate of major cyber security breaches? –

Online ad revenue at risk in war on ‘click fraud’ –

The Growth of Cyber Crime in Finance –


Never assume your company is too small for a security breach –

Target Settlement: What About the Banks? –

No More Cyber Attacks! Blackberry On Its Way To Make The Dream Come True –

Pentagon wraps up new acquisition rules to protect weapons from cyberattacks ––2015-3?IR=T

Pakistan VS USA Cyber Crime Laws –

Nairobi rejects Beijing plea to extradite cyber suspects –

4 Reasons Data Breaches are on the Rise –


Tools, Tips and How it’s done:

Ten things you always wanted to know about IP Voice –

Here’s a brief history of the long and short of hacking –

Boffins twist light to carry 2.05 bits in one photon –

Bridging the Cyber-Security Skills Gap Using the Right Technology –

Want to hide your metadata? You probably can’t –

Cybersecurity: Tackling the insider threat –

ASIC issues major cyber guide –

CONNECTED CARS: Which are risks for automated vehicles? –

PC security upgrades a welcome antidote to breaches –

IoT will connect 1.1 billion devices in 2015: Gartner –

Firms stand to lose billions through fraud: bank chief –

Social Engineering 101 Frame and Posture –

Frankenimage – Reconstructing images with pieces from an image database –


Miscellaneous Privacy stories:

Defence ministry sounds red alert on web spying –

Federal government privacy breaches soar to record high –

Listen – Kevin Mitnick – CeBIT Radio – Defending Privacy –

Despite Wave Of Data Breaches, Official Says Patient Privacy Isn’t Dead –


Safeguarding Children and School E-Safety stories:

Cyber bullies playing truant with teens in wonder years –

Cyber Snoops Watching Your Kids –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

SRM Blog

SRM Blog