Monthly Archive March 2015

Information Security Breach Report – 20 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Latest Dridex Campaign Evades Detection with AutoClose Function – https://threatpost.com/latest-dridex-campaign-evades-detection-with-autoclose-function/111743

At least 700,000 routers given to customers by ISPs are vulnerable to hacking – http://www.csoonline.com/article/2899874/network-security/at-least-700000-routers-given-to-customers-by-isps-are-vulnerable-to-hacking.html#tk.rss_all

DLL Hijacking Flaws Found in Rockwell Automation’s FactoryTalk – http://www.securityweek.com/dll-hijacking-flaws-found-rockwell-automation%E2%80%99s-factorytalk?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Drupal Flaw Allows Attackers to Forge Password Reset URLs – http://www.securityweek.com/drupal-flaw-allows-attackers-forge-password-reset-urls?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

HP Fixes Vulnerabilities in ArcSight Products – http://www.securityweek.com/hp-fixes-vulnerabilities-arcsight-enterprise-security-solutions

Johnson Controls, XZERES, Honeywell Patch Vulnerable Products – http://www.securityweek.com/johnson-controls-xzeres-honeywell-patch-vulnerable-products?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

NYPD cop in court for allegedly hacking into the FBI – http://www.theregister.co.uk/2015/03/20/nypd_cop_hacked_into_fbi_say_prosecutors/

Big Think’s Facebook Fan Page Hacked and Sending out Horrifying Spam – http://bigthink.com/think-tank/big-thinks-facebook-fan-page-hacked

More than 260 charged in online child abuse operation – http://www.bbc.co.uk/news/uk-31988732

Alert: Indian ATMs Face New Attacks – http://www.bankinfosecurity.com/alert-indian-atms-face-new-attacks-a-8035

EMC Patches Flaws in M&R, Secure Remote Services – http://www.securityweek.com/emc-patches-flaws-mr-secure-remote-services

Dozens of international students reporting credit card fraud – http://wlfi.com/2015/03/05/dozens-of-international-students-reporting-credit-card-fraud/

Public school board ‘actively’ investigating new allegations of privacy breach – http://calgaryherald.com/news/local-news/public-school-board-actively-investigating-new-allegations-of-privacy-breach

LAX POLICE REPORT CREDIT CARD DATA BREACH – http://abc7.com/news/lax-police-report-credit-card-data-breach/565562/

Anti-censorship group in China faces DDoS attack – http://www.csoonline.com/article/2899091/malware-cybercrime/anticensorship-group-in-china-faces-ddos-attack.html#tk.rss_all

 

Miscellaneous Infosec stories:

New attacks suggest leeway for patching Flash Player is shrinking – http://www.csoonline.com/article/2900112/malware-cybercrime/new-attacks-suggest-leeway-for-patching-flash-player-is-shrinking.html#tk.rss_all

Recommendations detailed for Mayor and Met on cyber policing – http://www.itsecurityguru.org/2015/03/20/recommendations-detailed-for-mayor-and-met-on-cyber-policing/

France ‘particularly fertile ground’ for cyber attacks, says security firm – http://www.france24.com/en/20150320-cyber-security-insecurity-fireeye-latest-analysis/

US hopes reward offers can help net foreign cyber criminals – http://bigstory.ap.org/article/85641ac2f86b474f96833ce91674ad70/us-turns-rewards-hunt-overseas-cyber-criminals

Data Breach Detection Takes Days or Longer For Many Businesses: Survey – http://www.securityweek.com/data-breach-detection-takes-days-or-longer-many-businesses-survey

 

Tools, Tips and How it’s done:

‘Compliance fatigue’ sets in – http://www.csoonline.com/article/2899612/compliance/compliance-fatigue-sets-in.html#tk.rss_all

Are your business partners secure? – http://www.csoonline.com/article/2899344/supply-chain-security/are-your-business-partners-secure.html#tk.rss_all

The High Cost of a Data Breach Data: Do You Have $5M to Lose? – http://www.cmswire.com/cms/information-management/the-high-cost-of-a-data-breach-data-do-you-have-5m-to-lose-028537.php

The decade of the data breach – how to cope – http://www.information-age.com/technology/security/123459205/decade-data-breach-how-cope

Assessing end-user awareness of social engineering and phishing – http://citeseerx.ist.psu.edu/viewdoc/download;jsessionid=1914F4739F4C6EF0C9ED9594EDABF371?doi=10.1.1.91.5838&rep=rep1&type=pdf

New Threat: ID Theft in the Workplace – http://www.inforisktoday.co.uk/interviews/new-threat-id-theft-in-workplace-i-2607

Defining “Meaningful Human Control” Over Autonomous Weapons – http://justsecurity.org/21244/defining-meaningful-human-control-autonmous-weapon-systems/

How Film Industry May Combat Cyber Crime – http://allafrica.com/stories/201503200238.html

These guys show how easy it is to scam people via social engineering – http://cyberwarzone.com/these-guys-show-how-easy-it-is-to-scam-people-via-social-engineering/

The Screen Savers – Hosted by Kevin Mitnick & Steve Wozniak – http://www.misleddit.com/p/2zkiws/

Pass the hash! – https://www.dshield.org/diary/Pass+the+hash!/19479

 

Miscellaneous Privacy stories:

Equifax mistakenly sends hundreds of credit reports to Biddeford woman – http://wgme.com/news/features/top-stories/stories/13-investigates-hundreds-credit-reports-mistakenly-sent-biddeford-woman-26458.shtml#.VQyVwo6sV8F

Common Mobile Application Security, Privacy Challenges – http://www.securityweek.com/common-mobile-application-security-privacy-challenges?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

 

Safeguarding Children and School E-Safety stories:

Cyber bullying is devastating, says Monica Lewinsky – http://www.independent.co.uk/news/world/americas/cyber-bullying-is-devastating-says-monica-lewinsky-10124053.html

Students learn how to stand up to cyber bullying on National Day of Action against Bullying and Violence – http://www.smh.com.au/technology/technology-news/students-learn-how-to-stand-up-to-cyber-bullying-on-national-day-of-action-against-bullying-and-violence-20150320-1m3sgz.html

Support pledged to campaign against child grooming – http://www.wakefieldexpress.co.uk/news/local-news/support-pledged-to-campaign-against-child-grooming-1-7163945

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 19 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Feds warned Premera about security flaws before breach – http://www.seattletimes.com/seattle-news/feds-warned-premera-about-security-flaws-before-breach/

FBI Uncovers Chinese Military Cyber Attack – http://yournewswire.com/fbi-uncovers-chinese-military-cyber-attack/

Target’s proposed data breach settlement pays victims up to $10k – http://www.engadget.com/2015/03/18/target-hacking-settlement/

Sacred Heart Health System notifies 14,000 patients of data breach after hacking attack – http://www.al.com/business/index.ssf/2015/03/sacred_heart_health_system_not.html

Microsoft takes cafeteria payment kiosks offline as vendor deals with breach – http://www.geekwire.com/2015/microsoft-takes-cafeteria-payment-kiosks-offline-as-vendor-deals-with-breach/

School board breach said to be human error – http://www.thewhig.com/2015/03/18/school-board-breach-said-to-be-human-error

Noobs can pwn world’s most popular BIOSes in two minutes – http://www.theregister.co.uk/2015/03/19/cansecwest_talk_bioses_hack/

Senators rip Anthem for ‘unacceptable’ response to data breach – http://thehill.com/policy/healthcare/236179-senators-blast-anthem-for-unacceptable-response-after-data-breach

EMC data security fails the old fashioned way – http://www.zdnet.com/article/emc-data-security-fails-the-old-fashion-way/

HP Fixes Vulnerabilities in ArcSight Products – http://www.securityweek.com/hp-fixes-vulnerabilities-arcsight-enterprise-security-solutions?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Dark Web’s ‘Evolution Market’ Vanishes – http://krebsonsecurity.com/2015/03/dark-webs-evolution-market-vanishes/

OKC.gov undergoes cyberattack for second straight day – http://www.koco.com/news/city-officials-okcgov-under-cyberattack-for-second-straight-day/31864190

 

Miscellaneous Infosec stories:

FFIEC to Prepare Cyber-Risk Policy – http://www.bankinfosecurity.com/ffiec-to-prepare-cyber-risk-policy-a-8030

HACKERONE USERNAME CHANGE EXPLOIT |SOCIAL ENGINEERING| – http://www.maadssec.com/blog/hackerone-username-change-exploit/

North Korea Internet outage could be a response to Sony Hack – http://securityaffairs.co/wordpress/35062/cyber-warfare-2/north-korea-sony-hack.html

6 notorious hackers and their second careers – http://fortune.com/2015/03/18/famous-hackers-jobs/

Tech firms ‘will win’ encryption battle: Google chief Eric Schmidt – http://cio.economictimes.indiatimes.com/news/digital-security/tech-firms-will-win-encryption-battle-google-chief-eric-schmidt/46616962

China Finally Admits It Has an Army of Hackers for Cyberwar – http://gizmodo.com/china-finally-admits-it-has-an-army-of-hackers-for-cybe-1692188006

Chief Information Officers Council Proposes HTTPS By Default For All Federal Government Websites – https://www.techdirt.com/articles/20150317/14515530349/chief-information-officers-council-proposes-https-default-all-federal-government-websites.shtml

Healthcare Breaches Like Premera First Stage Of Bigger Attacks? – http://www.darkreading.com/healthcare-breaches-like-premera-first-stage-of-bigger-attacks/d/d-id/1319520

5 EXPERT REACTIONS TO GCHQ’S ‘WEAK LINK’ WARNINGS – http://www.cbronline.com/news/security/5-expert-reactions-to-gchqs-weak-link-warnings-4535483

Brazilian office workers delegate information security to employers – http://www.zdnet.com/article/brazilian-office-workers-delegate-information-security-to-employers/

Lax security leaves medical info open to cyber-attacks – http://the-japan-news.com/news/article/0002009525

 

Tools, Tips and How it’s done:

Researchers Earn $317,500 on First Day of Pwn2Own 2015 – http://www.securityweek.com/researchers-earn-317500-first-day-pwn2own-2015

ndpoint Security Makes Quantum Shift: Part IV – Resolution – http://www.countertack.com/blog/endpoint-security-makes-quantum-shift-part-iv-resolution

The 7 Best Social Engineering Attacks Ever – http://www.darkreading.com/the-7-best-social-engineering-attacks-ever/d/d-id/1319411?_mc=RSS_DR_EDT

ANIMATION: How to Create the Perfect Password – http://www.informationsecuritybuzz.com/animation-how-to-create-the-perfect-password/

Making the Case for Security Investment – http://www.esecurityplanet.com/network-security/making-the-case-for-security-investment.html

How to tackle cyber crime before people even know they’re a victim – http://theconversation.com/how-to-tackle-cyber-crime-before-people-even-know-theyre-a-victim-38385

Introduction to GSM Security – http://resources.infosecinstitute.com/introduction-to-gsm-security/

Predicting Future Security Threats is a Risky Business – http://blogs.intralinks.com/collaborista/2015/03/predicting-future-security-threats-is-a-risky-business/

Why Are Health Insurers Hacker Targets? – http://www.bankinfosecurity.com/are-health-insurers-hacker-targets-a-8029

Common Mobile Application Security, Privacy Challenges – http://www.securityweek.com/common-mobile-application-security-privacy-challenges

Cyber snipers: are you the target? – http://www.scmagazineuk.com/cyber-snipers-are-you-the-target/article/404012/

Tips on e-commerce shops security – http://0x55.blogspot.co.uk/2015/03/tips-on-E-commerce-shops-security.html

Social Engineering – Most Challenging Cyber Security Threats – http://www.digitalqatar.qa/en/2015/03/18/social-engineering-most-challenging-cyber-security-threats/

 

Miscellaneous Privacy stories:

‘You are under attack,’ Snowden tells CeBIT-goers – http://www.dw.de/you-are-under-attack-snowden-tells-cebit-goers/a-18324290

How the dark web spurs a spying ‘arms race’ – http://www.bbc.co.uk/news/technology-31948818

NY Court Orders Sheriff To Reveal Details On Stingray Mobile Phone Surveillance – https://www.techdirt.com/articles/20150318/07075430353/ny-court-orders-sheriff-to-reveal-details-stingray-mobile-phone-surveillance.shtml

Campaigners call to curb GCHQ spying powers – http://www.bbc.co.uk/news/technology-31952973

Cisco posts kit to empty houses to dodge NSA chop shops – http://www.theregister.co.uk/2015/03/18/want_to_dodge_nsa_supply_chain_taps_ask_cisco_for_a_dead_drop/?mt=1426694168077

 

Safeguarding Children and School E-Safety stories:

Paedophile who tried to arrange to abuse eight-year-old girl while working at the SOUTH POLE is jailed for three years – http://www.dailymail.co.uk/news/article-3000692/Paedophile-arranged-abuse-young-girl-working-South-Pole.html

Australia gets its first Children’s e-Safety Commissioner – http://www.theaustralian.com.au/business/latest/australia-gets-its-first-childrens-e-safety-commissioner/story-e6frg90f-1227269535719

Police supporting Child Sexual Exploitation awareness day – http://www.loughboroughecho.net/news/local-news/police-supporting-child-sexual-exploitation-8864555

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

The Importance of Sustaining PCI DSS Compliance

In 2015, the good news is that businesses are getting better at achieving full PCI compliance. In fact, fully compliant organisations rose from 11.1% in 2013 to 20% by the end of 2014(1). The challenge going forward, however, is not in achieving this standard but in sustaining it.

As the PCI Security Standards Council states: “PCI DSS compliance is an ongoing process, not a one-off event.”

Formed in 2006, when the major players in the credit card business (Visa, Mastercard, American Express, Discover and JCB) came together to reduce credit card data loss, the Payment Card Industry Security Standards Council was created and that council established a standard for the security of cardholder data: the PCI Data Security Standard (PCI DSS) was born.

In spite of the uplift in full compliance in the last twelve months, this means that 80% of organisations are not meeting 90% of all sub-controls and testing procedures within the PCI DSS. And, if there is a breach, penalties for falling below the standard are severe.

Failure to meet compliance standards, resulting in compromise of systems, can lead to fines from credit card companies and banks. At worst, it can even lead to the removal of the facility to process payment cards and penalties from £3,500 to £350,000. Hard to stomach though they may be, these potential fines are not even the worst of it: non-compliance can ultimately result in the complete collapse of a business.

If, however, a merchant can be deemed to have been compliant at the point at which a compromise occurred, and full compliance can be demonstrated during forensic investigation, the potential fines from the card brands may be waived.

The crucial message to all UK companies, big and small, is to keep PCI DSS compliance at the forefront of their business strategies. It is not sufficient to achieve full compliance in 2015, but to ensure that the same levels are achieved in subsequent years as well. The only protection against potential heavy penalties is to demonstrate this fact year on year.

(1) Verizon 2015 Report

Information Security Breach Report – 18 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Premera has been the target of a sophisticated cyberattack – http://premeraupdate.com/

and http://www.bankinfosecurity.com/another-massive-health-data-hack-a-8026

Premera, Anthem data breaches linked by similar hacking tactics – http://www.csoonline.com/article/2898110/business-continuity/premera-anthem-data-breaches-linked-by-similar-hacking-tactics.html#tk.rss_all

Sensitive apps with 6.3 BILLION downloads found open to FREAK – http://www.theregister.co.uk/2015/03/18/freaky_apps_litter_top_spots_in_apple_android_app_stores/

South Korea – Hacker requests money for data on nuclear plants – http://securityaffairs.co/wordpress/35013/cyber-crime/hacker-south-korean-nuclear-plants.html

Banking Regulator Issues New Phishing Alert – http://www.databreachtoday.co.uk/banking-regulator-issues-new-phishing-alert-a-8027

D-Link patches yet more vulns – http://www.theregister.co.uk/2015/03/18/dlink_patches_yet_more_vulns/

Apple iOS Hardware Assisted Screenlock Bruteforce – http://blog.mdsec.co.uk/2015/03/bruteforcing-ios-screenlock.html

Apple Fixes WebKit Vulnerabilities With Release of Safari 8.0.4 – http://www.securityweek.com/apple-fixes-webkit-vulnerabilities-release-safari-804

Benesse finds new customer info data leak – http://www.japantimes.co.jp/news/2015/03/18/national/crime-legal/benesse-finds-new-customer-info-data-leak/#.VQlhZo6sWSo

LifeWise insurance firm confirms cyber attack – http://www.bizjournals.com/phoenix/news/2015/03/17/lifewise-insurance-firmconfirms-cyberattack.html

Education ministry notifies police after website security breached and private email addresses obtained – http://www.insidehalton.com/news-story/5481703-education-ministry-notifies-police-after-website-security-breached-and-private-email-addresses-obtai/

Exim Mail Server GHOST Exploit Now Available – http://blog.coresecurity.com/2015/03/17/exim-mail-server-ghost-exploit-now-available/

E K and Company notifies clients of stolen hard drive with financial information – http://www.databreaches.net/e-k-and-company-notifies-clients-of-stolen-hard-drive-with-financial-information/

 

Miscellaneous Infosec stories:

As DevOps Go From Niche to Mainstream, Will InfoSec Follow? – http://blogs.csc.com/2015/03/17/as-devops-go-from-niche-to-mainstream-will-infosec-follow/

Symantec Study Finds Home Smart Devices Wide Open to Cyber-Attack – http://www.eweek.com/security/symantec-study-finds-home-smart-devices-wide-open-to-cyber-attack.html

Is the DNS’ security protocol a waste of everyone’s time and money? – http://www.theregister.co.uk/2015/03/18/is_the_dns_security_protocol_a_waste_of_everyones_time_and_money/

Texas Data Breach Bill Would Ban Holding Card Data For More Than 48 Hours – http://www.cutoday.info/Fresh-Today/Texas-Data-Breach-Bill-Would-Ban-Holding-Card-Data-For-More-Than-48-Hours

Can software-based POS encryption improve PCI compliance? – http://www.csoonline.com/article/2897594/data-protection/can-software-based-pos-encryption-improve-pci-compliance.html#jump

Hacking has driven the importance of cyber security – http://www.in.techradar.com/news/world-of-tech/Hacking-has-driven-the-importance-of-cyber-security/articleshow/46599920.cms

Retail Breaches: End the Finger Pointing – http://www.bankinfosecurity.com/blogs/retail-breaches-end-finger-pointing-p-1827/op-1

Anthem Hack Now Tops ‘Wall of Shame’ – http://www.databreachtoday.com/anthem-hack-now-tops-wall-shame-a-8025

Judicial Committee Gives FBI The First OK It Needs To Hack Any Computer, Anywhere On The Planet – https://www.techdirt.com/articles/20150317/07440430342/judicial-committee-gives-fbi-first-ok-it-needs-to-hack-any-computer-anywhere-planet.shtml

 

Tools, Tips and How it’s done:

Are you ready for a data breach? – https://www.business-cloud.com/articles/news/are-you-ready-data-breach

Darpa creates dark web search engine – http://www.bbc.co.uk/news/technology-31808104

DLL Hijacking can affect OS X – http://securityaffairs.co/wordpress/35028/hacking/dll-hijacking-can-affect-os-x.html

Online guide helps employers battle social engineering scams – http://www.chubb.com/businesses/csi/chubb19105.html

The Spy in the Sandbox — Practical Cache Attacks in Javascript – http://arxiv.org/abs/1502.07373

Deanonymizing Tor users with Raptor attacks – http://www.net-security.org/secworld.php?id=18092&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Beating cyber criminals with quantum solutions – http://theconversation.com/beating-cyber-criminals-with-quantum-solutions-35921

Understanding WordPress Plugin Vulnerabilities – http://blog.sucuri.net/2015/03/understanding-wordpress-plugin-vulnerabilities.html

The evolution of vendor risk management in financial institutions – http://www.net-security.org/article.php?id=2236&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

The Enigma Machine Explained – https://www.youtube.com/watch?v=ASfAPOiq_eQ

Why the 1# Vulnerability for Cyber Attacks Will Be Apathy – http://www.circleid.com/posts/20150317_why_the_1_vulnerability_for_cyber_attacks_will_be_apathy/

 

Miscellaneous Privacy stories:

Apple’s ResearchKit: The Privacy Issues – http://www.databreachtoday.com/apples-researchkit-privacy-issues-a-8018

Private Companies Continue To Amass Millions Of License Plate Photos, Hold Onto The Data Forever – https://www.techdirt.com/articles/20150308/14332230253/private-companies-continue-to-amass-millions-license-plate-photos-hold-onto-data-forever.shtml

 

Safeguarding Children and School E-Safety stories:

Ryedale police warn about dangers of child sexual exploitation and online grooming – http://www.thescarboroughnews.co.uk/news/crime/ryedale-police-warn-about-dangers-of-child-sexual-exploitation-and-online-grooming-1-7161671

Sydney man charged with child grooming – http://www.9news.com.au/national/2015/03/18/16/01/sydney-man-charged-with-child-grooming

Cyber bullying long-term impacts include self-harm, depression and binge drinking, research finds – http://www.abc.net.au/news/2015-03-18/research-finds-cyber-bulluing-leads-to-depression-drinking/6329548

Forty per cent of Scottish pupils bullied – http://www.heraldscotland.com/news/education/forty-per-cent-of-scottish-pupils-bullied.120891190

Cyber bullies and virtual victims – http://www.watchfox29.com/content/newsexpress/story/Cyber-bullies-and-virtual-victims/BetSKcEun0Kb6GM8kLn6eg.cspx

Twitter makes it easier to report threatening tweets to police – http://venturebeat.com/2015/03/17/twitter-makes-it-easier-to-report-threatening-tweets-to-police/

Report reveals rise in cyber-bullying in Suffolk, and children aged 10 ‘sexting’ – http://www.eadt.co.uk/news/report_reveals_rise_in_cyber_bullying_in_suffolk_and_children_aged_10_sexting_1_3996676

If you would like this report sent to your inbox, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 16 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

MongoDB tool vulnerable to remote code execution flaw – http://www.csoonline.com/article/2897113/vulnerabilities/mongodb-tool-vulnerable-to-remote-code-execution-flaw.html#tk.rss_all

WPML WordPress Plugin Vulnerabilities Expose 400,000 Websites – http://www.securityweek.com/wpml-wordpress-plugin-vulnerabilities-expose-400000-websites

Texas A&M Data Breach of Nearly 4,700 Faculty & Graduate Assistants – http://www.databreaches.net/texas-am-data-breach-of-nearly-4700-faculty-graduate-assistants/

TalkTalk Criticized as Customers Face Fraud Following Data Breach – http://www.hacksurfer.com/posts/talktalk-criticized-as-customers-face-fraud-following-data-breach

Uber sued over driver data breach, adding to legal woes – http://ca.reuters.com/article/technologyNews/idCAKBN0M92HB20150313

Does Rowhammer mark a new wave of hardware vulnerabilities? – http://searchsecurity.techtarget.com/news/2240242289/Does-Rowhammer-mark-a-new-wave-of-hardware-vulnerabilities

Schneider Electric Patches Flaw in Pelco Video Management Software – http://www.securityweek.com/schneider-electric-patches-flaw-pelco-video-management-software?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Android 5.1 Lollipop Memory Leak Issue Gets Internal Fix But Still Lacks Public Release – http://www.androidheadlines.com/2015/03/android-5-1-lollipop-memory-leak-issue-gets-internal-fix-still-lacks-public-release.html

Data leak scandal involving personal info of 872 children suppressed, lawyer claims – http://www.todayszaman.com/national_data-leak-scandal-involving-personal-info-of-872-children-suppressed-lawyer-claims_375331.html

Corporate espionage: PricewaterhouseCoopers official under CBI scanner in document leak case – http://www.dnaindia.com/india/report-corporate-espionage-pricewaterhousecoopers-official-under-cbi-scanner-in-document-leak-case-2068845

News website gone down, visitors speculate Cyber attack – http://pulse.ng/world/bbc-news-website-gone-down-visitors-speculate-cyber-attack-id3568457.html

Hundreds of Facebook users hit by new cyber fraud in Vietnam – http://www.thanhniennews.com/tech/hundreds-of-facebook-users-hit-by-new-cyber-fraud-in-vietnam-39791.html

State Dept. Shuts Down Email After Cyber Attack – http://abcnews.go.com/US/state-dept-shuts-email-cyber-attack/story?id=29624866

Critical hole in popular WordPress SEO plugin allows SQLi, site hijacking – http://www.net-security.org/secworld.php?id=18080

CA: Bistro Burger discloses payment card breach at Mission Street location – http://www.databreaches.net/ca-bistro-burger-discloses-payment-card-breach-at-mission-street-location/

 

Miscellaneous Infosec stories:

Gartner: Digital Risk Officers on Rise – http://www.databreachtoday.com/gartner-digital-risk-officers-on-rise-a-8015

ICS-CERT MONITOR report states most critical infrastructure attacks involve APTs – http://securityaffairs.co/wordpress/34936/cyber-crime/ics-cert-monitor-report-apt.html

Hackable media box based on the Raspberry Pi: Five Ninjas Slice – http://www.theregister.co.uk/2015/03/16/review_five_ninjas_slice_not_raspberry_pi/

2015 Security Predictions – Have They Held True So Far? – http://www.securityweek.com/2015-security-predictions-have-they-held-true-so-far

Report says strong authentication use lagging in federal agencies – http://www.zdnet.com/article/report-says-strong-authentication-not-up-to-par-in-federal-agencies/

90% web, mobile apps open to cyber attacks: Expert – http://timesofindia.indiatimes.com/city/bhopal/90-web-mobile-apps-open-to-cyber-attacks-Expert/articleshow/46570274.cms

Health data breaches rise, but fines rare – http://www.bucyrustelegraphforum.com/story/news/state/2015/03/15/health-data-breaches-rise-fines-rare/70284702/

Revealed: Civil servant who issued RBS leak email links with Better Together leader – http://www.heraldscotland.com/news/home-news/revealed-civil-servant-who-issued-rbs-leak-email-links-with-better-together-leader.120666908

Does that email look phishy? – http://www.thestarphoenix.com/jobs/Does+that+email+look+phishy/10889901/story.html

IT Pros Still Concerned Over Public Cloud Security: Survey – http://www.securityweek.com/it-pros-still-concerned-over-public-cloud-security-survey?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

 

Tools, Tips and How it’s done:

Backdoors in Your Device: Security and Political Perspectives – http://resources.infosecinstitute.com/buying-your-device-with-a-backdoor-security-and-political-perspectives/

Information security innovation and research – http://www.net-security.org/article.php?id=2235&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Ransomware: Pay it or fight it? – http://www.csoonline.com/article/2896999/malware-cybercrime/ransomware-pay-it-or-fight-it.html#tk.rss_all

Anthem Breach: 9 Lessons for India – http://www.databreachtoday.co.uk/anthem-breach-9-lessons-for-india-a-8014

Ransomware Attacks’ New Focus: Businesses – http://www.databreachtoday.co.uk/ransomware-attacks-new-focus-businesses-a-8013

Top 3 Takeaways from the “Getting One Step Ahead of the Attacker: How to Turn the Tables” Webcast – https://community.rapid7.com/community/userinsight/blog/2015/03/13/top-3-takeaways-from-the-getting-one-step-ahead-of-the-attacker-how-to-turn-the-tables-webcast

‘How Bank Insiders Connive with Fraudsters’ – http://www.thisdaylive.com/articles/how-bank-insiders-connive-with-fraudsters/204219/

Anti-doxing strategy—or, how to avoid 50 Qurans and $287 of Chick-Fil-A – http://arstechnica.com/security/2015/03/anti-doxing-strategy-or-how-to-avoid-50-qurans-and-287-of-chick-fil-a/

Exploitation with Social Engineering Toolkit SET – http://tune.pk/video/5928342/exploitation-with-social-engineering-toolkit-set

Protecting customer data in the digital world – http://enterpriseinnovation.net/article/protecting-customer-data-digital-world-67940930

Adventures in breach alerts, Saturday edition – http://www.databreaches.net/adventures-in-breach-alerts-saturday-edition/

Hillary Clinton email debate highlighted by email security mistakes – http://searchsecurity.techtarget.com/news/2240242314/Hillary-Clinton-email-debate-highlighted-by-email-security-mistakes

The Growing Role of Machine Learning in Cyber Security – http://www.dataversity.net/the-growing-role-of-machine-learning-in-cyber-security/

Social engineering tales – http://www.slideshare.net/fiberghost1/social-engineering-tales

Introduction To Malware – Social Engineering – http://www.digitalmunition.me/2015/03/introduction-to-malware-social-engineering/

Three Reasons Social Engineering Still Threatens Companies – http://securityintelligence.com/three-reasons-social-engineering-still-threatens-companies/#.VQcCl46sV8E

Avoid Internet Catfishing Social Engineering Scams – http://www.defendpcthreats.com/avoid-internet-catfishing-social-engineering-scams

Challenges Remain in Upholding PCI Compliance: Report – http://www.securityweek.com/challenges-remain-upholding-pci-compliance-report?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

CIA spy chief says social media amplifies terror threat – http://www.streetwisejournal.com/cia-spy-chief-social-media/8192/

Yahoo wants to let you forget your Yahoo password – http://www.cnet.com/news/yahoo-wants-to-let-you-forget-your-yahoo-password/

Dot-com at 30: will the world’s best-known web domain soon be obsolete? – http://www.telegraph.co.uk/technology/internet/11470195/Dot-com-at-30-will-the-worlds-best-known-web-domain-soon-be-obsolete.html

Defending against PoS RAM scrapers – http://www.net-security.org/secworld.php?id=18079&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

 

Miscellaneous Privacy stories:

Americans Eye Ways to Skirt Online Snooping: Survey – http://www.securityweek.com/americans-eye-ways-skirt-online-snooping-survey

How Two Obscure Court Verdicts In Europe Could Impact Americans’ Privacy, Cybersecurity, and Taxes – http://www.forbes.com/sites/josephsteinberg/2015/03/15/how-two-obscure-court-verdicts-in-europe-could-impact-americans-privacy-cybersecurity-and-taxes/

Mysterious spy cameras collecting data at post offices – http://kdvr.com/2015/03/11/mysterious-spy-cameras-collecting-data-at-post-offices/

Twitter Takes Steps To Combat Stolen Nudes And Revenge Porn – http://www.buzzfeed.com/charliewarzel/twitter-tackles-revenge-porn#.tgYPAGbNAn

 

Safeguarding Children and School E-Safety stories:

Cyberbully Bill Approved by House – http://valdostatoday.com/2015/03/georgia-cyberbully-bill-approved-by-house/

SUPERINTENDENT CONFIRMS COMMON CORE’S PEARSON SPYING ON KIDS’ SOCIAL MEDIA ACCOUNTS – http://www.breitbart.com/big-government/2015/03/15/superintendent-confirms-common-cores-pearson-spying-on-kids-social-media-accounts/

5 things you need to know about protecting your child from cyber-bullying – http://memeburn.com/2015/03/5-things-you-need-to-know-about-protecting-your-child-from-cyber-bullying/

Seven in 10 Koreans experience ‘cyber stalking’ – http://www.koreatimes.co.kr/www/news/nation/2015/03/116_175249.html

Parents Feel Powerless in Face of Cyberbullying – http://www.infosecdailynews.com/parents-feel-powerless-in-face-of-cyberbullying/

Hornchurch students learn about e-safety – http://www.romfordrecorder.co.uk/news/education/hornchurch_students_learn_about_e_safety_1_3991339

Pingle School pupils get requests for naked images – http://www.bbc.co.uk/news/uk-england-derbyshire-31795883

Safeguarding the future of children – http://www.scotsman.com/news/safeguarding-the-future-of-children-1-3719208

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM Blog

SRM Blog