Monthly Archive March 2015

Information Security Breach Report – 20 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Latest Dridex Campaign Evades Detection with AutoClose Function –

At least 700,000 routers given to customers by ISPs are vulnerable to hacking –

DLL Hijacking Flaws Found in Rockwell Automation’s FactoryTalk –

Drupal Flaw Allows Attackers to Forge Password Reset URLs –

HP Fixes Vulnerabilities in ArcSight Products –

Johnson Controls, XZERES, Honeywell Patch Vulnerable Products –

NYPD cop in court for allegedly hacking into the FBI –

Big Think’s Facebook Fan Page Hacked and Sending out Horrifying Spam –

More than 260 charged in online child abuse operation –

Alert: Indian ATMs Face New Attacks –

EMC Patches Flaws in M&R, Secure Remote Services –

Dozens of international students reporting credit card fraud –

Public school board ‘actively’ investigating new allegations of privacy breach –


Anti-censorship group in China faces DDoS attack –


Miscellaneous Infosec stories:

New attacks suggest leeway for patching Flash Player is shrinking –

Recommendations detailed for Mayor and Met on cyber policing –

France ‘particularly fertile ground’ for cyber attacks, says security firm –

US hopes reward offers can help net foreign cyber criminals –

Data Breach Detection Takes Days or Longer For Many Businesses: Survey –


Tools, Tips and How it’s done:

‘Compliance fatigue’ sets in –

Are your business partners secure? –

The High Cost of a Data Breach Data: Do You Have $5M to Lose? –

The decade of the data breach – how to cope –

Assessing end-user awareness of social engineering and phishing –;jsessionid=1914F4739F4C6EF0C9ED9594EDABF371?doi=

New Threat: ID Theft in the Workplace –

Defining “Meaningful Human Control” Over Autonomous Weapons –

How Film Industry May Combat Cyber Crime –

These guys show how easy it is to scam people via social engineering –

The Screen Savers – Hosted by Kevin Mitnick & Steve Wozniak –

Pass the hash! –!/19479


Miscellaneous Privacy stories:

Equifax mistakenly sends hundreds of credit reports to Biddeford woman –

Common Mobile Application Security, Privacy Challenges –


Safeguarding Children and School E-Safety stories:

Cyber bullying is devastating, says Monica Lewinsky –

Students learn how to stand up to cyber bullying on National Day of Action against Bullying and Violence –

Support pledged to campaign against child grooming –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

Information Security Breach Report – 19 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Feds warned Premera about security flaws before breach –

FBI Uncovers Chinese Military Cyber Attack –

Target’s proposed data breach settlement pays victims up to $10k –

Sacred Heart Health System notifies 14,000 patients of data breach after hacking attack –

Microsoft takes cafeteria payment kiosks offline as vendor deals with breach –

School board breach said to be human error –

Noobs can pwn world’s most popular BIOSes in two minutes –

Senators rip Anthem for ‘unacceptable’ response to data breach –

EMC data security fails the old fashioned way –

HP Fixes Vulnerabilities in ArcSight Products –

Dark Web’s ‘Evolution Market’ Vanishes – undergoes cyberattack for second straight day –


Miscellaneous Infosec stories:

FFIEC to Prepare Cyber-Risk Policy –


North Korea Internet outage could be a response to Sony Hack –

6 notorious hackers and their second careers –

Tech firms ‘will win’ encryption battle: Google chief Eric Schmidt –

China Finally Admits It Has an Army of Hackers for Cyberwar –

Chief Information Officers Council Proposes HTTPS By Default For All Federal Government Websites –

Healthcare Breaches Like Premera First Stage Of Bigger Attacks? –


Brazilian office workers delegate information security to employers –

Lax security leaves medical info open to cyber-attacks –


Tools, Tips and How it’s done:

Researchers Earn $317,500 on First Day of Pwn2Own 2015 –

ndpoint Security Makes Quantum Shift: Part IV – Resolution –

The 7 Best Social Engineering Attacks Ever –

ANIMATION: How to Create the Perfect Password –

Making the Case for Security Investment –

How to tackle cyber crime before people even know they’re a victim –

Introduction to GSM Security –

Predicting Future Security Threats is a Risky Business –

Why Are Health Insurers Hacker Targets? –

Common Mobile Application Security, Privacy Challenges –

Cyber snipers: are you the target? –

Tips on e-commerce shops security –

Social Engineering – Most Challenging Cyber Security Threats –


Miscellaneous Privacy stories:

‘You are under attack,’ Snowden tells CeBIT-goers –

How the dark web spurs a spying ‘arms race’ –

NY Court Orders Sheriff To Reveal Details On Stingray Mobile Phone Surveillance –

Campaigners call to curb GCHQ spying powers –

Cisco posts kit to empty houses to dodge NSA chop shops –


Safeguarding Children and School E-Safety stories:

Paedophile who tried to arrange to abuse eight-year-old girl while working at the SOUTH POLE is jailed for three years –

Australia gets its first Children’s e-Safety Commissioner –

Police supporting Child Sexual Exploitation awareness day –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

The Importance of Sustaining PCI DSS Compliance

In 2015, the good news is that businesses are getting better at achieving full PCI compliance. In fact, fully compliant organisations rose from 11.1% in 2013 to 20% by the end of 2014(1). The challenge going forward, however, is not in achieving this standard but in sustaining it.

As the PCI Security Standards Council states: “PCI DSS compliance is an ongoing process, not a one-off event.”

Formed in 2006, when the major players in the credit card business (Visa, Mastercard, American Express, Discover and JCB) came together to reduce credit card data loss, the Payment Card Industry Security Standards Council was created and that council established a standard for the security of cardholder data: the PCI Data Security Standard (PCI DSS) was born.

In spite of the uplift in full compliance in the last twelve months, this means that 80% of organisations are not meeting 90% of all sub-controls and testing procedures within the PCI DSS. And, if there is a breach, penalties for falling below the standard are severe.

Failure to meet compliance standards, resulting in compromise of systems, can lead to fines from credit card companies and banks. At worst, it can even lead to the removal of the facility to process payment cards and penalties from £3,500 to £350,000. Hard to stomach though they may be, these potential fines are not even the worst of it: non-compliance can ultimately result in the complete collapse of a business.

If, however, a merchant can be deemed to have been compliant at the point at which a compromise occurred, and full compliance can be demonstrated during forensic investigation, the potential fines from the card brands may be waived.

The crucial message to all UK companies, big and small, is to keep PCI DSS compliance at the forefront of their business strategies. It is not sufficient to achieve full compliance in 2015, but to ensure that the same levels are achieved in subsequent years as well. The only protection against potential heavy penalties is to demonstrate this fact year on year.

(1) Verizon 2015 Report

Information Security Breach Report – 18 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Premera has been the target of a sophisticated cyberattack –


Premera, Anthem data breaches linked by similar hacking tactics –

Sensitive apps with 6.3 BILLION downloads found open to FREAK –

South Korea – Hacker requests money for data on nuclear plants –

Banking Regulator Issues New Phishing Alert –

D-Link patches yet more vulns –

Apple iOS Hardware Assisted Screenlock Bruteforce –

Apple Fixes WebKit Vulnerabilities With Release of Safari 8.0.4 –

Benesse finds new customer info data leak –

LifeWise insurance firm confirms cyber attack –

Education ministry notifies police after website security breached and private email addresses obtained –

Exim Mail Server GHOST Exploit Now Available –

E K and Company notifies clients of stolen hard drive with financial information –


Miscellaneous Infosec stories:

As DevOps Go From Niche to Mainstream, Will InfoSec Follow? –

Symantec Study Finds Home Smart Devices Wide Open to Cyber-Attack –

Is the DNS’ security protocol a waste of everyone’s time and money? –

Texas Data Breach Bill Would Ban Holding Card Data For More Than 48 Hours –

Can software-based POS encryption improve PCI compliance? –

Hacking has driven the importance of cyber security –

Retail Breaches: End the Finger Pointing –

Anthem Hack Now Tops ‘Wall of Shame’ –

Judicial Committee Gives FBI The First OK It Needs To Hack Any Computer, Anywhere On The Planet –


Tools, Tips and How it’s done:

Are you ready for a data breach? –

Darpa creates dark web search engine –

DLL Hijacking can affect OS X –

Online guide helps employers battle social engineering scams –

The Spy in the Sandbox — Practical Cache Attacks in Javascript –

Deanonymizing Tor users with Raptor attacks –

Beating cyber criminals with quantum solutions –

Understanding WordPress Plugin Vulnerabilities –

The evolution of vendor risk management in financial institutions –

The Enigma Machine Explained –

Why the 1# Vulnerability for Cyber Attacks Will Be Apathy –


Miscellaneous Privacy stories:

Apple’s ResearchKit: The Privacy Issues –

Private Companies Continue To Amass Millions Of License Plate Photos, Hold Onto The Data Forever –


Safeguarding Children and School E-Safety stories:

Ryedale police warn about dangers of child sexual exploitation and online grooming –

Sydney man charged with child grooming –

Cyber bullying long-term impacts include self-harm, depression and binge drinking, research finds –

Forty per cent of Scottish pupils bullied –

Cyber bullies and virtual victims –

Twitter makes it easier to report threatening tweets to police –

Report reveals rise in cyber-bullying in Suffolk, and children aged 10 ‘sexting’ –

If you would like this report sent to your inbox, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

Information Security Breach Report – 16 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

MongoDB tool vulnerable to remote code execution flaw –

WPML WordPress Plugin Vulnerabilities Expose 400,000 Websites –

Texas A&M Data Breach of Nearly 4,700 Faculty & Graduate Assistants –

TalkTalk Criticized as Customers Face Fraud Following Data Breach –

Uber sued over driver data breach, adding to legal woes –

Does Rowhammer mark a new wave of hardware vulnerabilities? –

Schneider Electric Patches Flaw in Pelco Video Management Software –

Android 5.1 Lollipop Memory Leak Issue Gets Internal Fix But Still Lacks Public Release –

Data leak scandal involving personal info of 872 children suppressed, lawyer claims –

Corporate espionage: PricewaterhouseCoopers official under CBI scanner in document leak case –

News website gone down, visitors speculate Cyber attack –

Hundreds of Facebook users hit by new cyber fraud in Vietnam –

State Dept. Shuts Down Email After Cyber Attack –

Critical hole in popular WordPress SEO plugin allows SQLi, site hijacking –

CA: Bistro Burger discloses payment card breach at Mission Street location –


Miscellaneous Infosec stories:

Gartner: Digital Risk Officers on Rise –

ICS-CERT MONITOR report states most critical infrastructure attacks involve APTs –

Hackable media box based on the Raspberry Pi: Five Ninjas Slice –

2015 Security Predictions – Have They Held True So Far? –

Report says strong authentication use lagging in federal agencies –

90% web, mobile apps open to cyber attacks: Expert –

Health data breaches rise, but fines rare –

Revealed: Civil servant who issued RBS leak email links with Better Together leader –

Does that email look phishy? –

IT Pros Still Concerned Over Public Cloud Security: Survey –


Tools, Tips and How it’s done:

Backdoors in Your Device: Security and Political Perspectives –

Information security innovation and research –

Ransomware: Pay it or fight it? –

Anthem Breach: 9 Lessons for India –

Ransomware Attacks’ New Focus: Businesses –

Top 3 Takeaways from the “Getting One Step Ahead of the Attacker: How to Turn the Tables” Webcast –

‘How Bank Insiders Connive with Fraudsters’ –

Anti-doxing strategy—or, how to avoid 50 Qurans and $287 of Chick-Fil-A –

Exploitation with Social Engineering Toolkit SET –

Protecting customer data in the digital world –

Adventures in breach alerts, Saturday edition –

Hillary Clinton email debate highlighted by email security mistakes –

The Growing Role of Machine Learning in Cyber Security –

Social engineering tales –

Introduction To Malware – Social Engineering –

Three Reasons Social Engineering Still Threatens Companies –

Avoid Internet Catfishing Social Engineering Scams –

Challenges Remain in Upholding PCI Compliance: Report –

CIA spy chief says social media amplifies terror threat –

Yahoo wants to let you forget your Yahoo password –

Dot-com at 30: will the world’s best-known web domain soon be obsolete? –

Defending against PoS RAM scrapers –


Miscellaneous Privacy stories:

Americans Eye Ways to Skirt Online Snooping: Survey –

How Two Obscure Court Verdicts In Europe Could Impact Americans’ Privacy, Cybersecurity, and Taxes –

Mysterious spy cameras collecting data at post offices –

Twitter Takes Steps To Combat Stolen Nudes And Revenge Porn –


Safeguarding Children and School E-Safety stories:

Cyberbully Bill Approved by House –


5 things you need to know about protecting your child from cyber-bullying –

Seven in 10 Koreans experience ‘cyber stalking’ –

Parents Feel Powerless in Face of Cyberbullying –

Hornchurch students learn about e-safety –

Pingle School pupils get requests for naked images –

Safeguarding the future of children –

If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

SRM Blog

SRM Blog