Monthly Archive May 2015

Smart TV vulnerability

The simple television is a thing of the past. The Smart TVs of today have much more in common with devices like smart phones and tablets than with the old boxes that used to sit in the corner of everyone’s homes. Nowadays televisions are connected, enabling viewers to tune in to anything and everything that is available via the Internet. But as well as multiple benefits, connected TVs also present some security risks.

Most of us take cyber security extremely seriously within our work environments. In business there is a legal framework to ensure that individuals’ personal details are kept secure. Many people are cautious about giving information out over the telephone or via unsecured payment methods and only the very reckless does not have some sort of security system operating on their personal computers.

While, at present, connected TVs do not offer quite the range of possibilities presented by smartphones and a television still does not fulfil all the functions of a personal computer, over the next few years they are likely to get increasingly close to this level of functionality. It is not impossible to imagine televisions being used for online shopping or banking virtual platforms.

This type of online activity is already the hunting ground for cyber criminals so the move to using a larger screen is only going to add a new area of vulnerability. Recent research by the European Union Agency for Network and Information Security (ENISA) identified Cyber Attacks as the principle threat to Smart Homes.

The recent controversy surrounding Samsung being accused of listening to the conversations and collecting data on users’ viewing habits of their customers through Smart TV microphones. LG was also accused of collecting information on its customers’ viewing habits through their Smart TVs. Both companies deny these accusations, but the sophistication of the technology contained within these TV systems does make such suspicions seem possible. Smart TVs have the potential to open householders up to a level of vulnerability which needs to be addressed.

Information Security Breach Report – 28 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Banks’ Cyber Risks Compounded by ‘Commjacking’ of Wi-Fi Networks –

Hospital Data Breach Affects Thousands of Patients –

There’s a Moose loose aboot this hoose: Linux worm hijacks Twitter feeds for spam slinging –

Researchers Exploit Patched Windows Group Policy Bug –

POS Malware Nitlove Seen Spreading Through Spam Campaign –

Anon Coders take control of Kentucky GOP’s site; says expect more –

Florida releases personal data on 13,000 people, issues ‘fraud’ alert –

Thousands of UK Government PCs Exposed –

Update on Sterne Agee Group laptop breach –

Synology Fixes XSS, Command Injection Vulnerabilities in NAS Software –

Attackers Use Exploit Kit to Hijack Routers: Researcher –

Recent Breaches a Boon to Extortionists –

Beacon Health System notifies patients after phishing attack –

Scam alert: New Facebook scam wants to steal your login and your money –

Large-scale attack uses browsers to hijack routers –

Cybercriminals Use SVG Files to Distribute Ransomware –

Emerson Patches SQL Injection Vulnerability in ICS Product –


Password reset sites expose crackable PeopleSoft creds –

Unauthorized Access Vulnerability Fixed in Symfony –

LogJam flaw leaves 1,006 cloud applications vulnerable to attack –


Miscellaneous Infosec stories:

Hacker’s List leaks its secrets, revealing true identities of those wanting to hack –

INFOGRAPHIC: 8 Vulnerable Software Apps Exposing Your Computer to Cyber Attacks –

One More Reason for Companies to Report Data Breaches –

Five Takeaways from the First Cyber Insurance Case –

Number of identity theft victims ‘rises by a third’ –

CISOs turn to security awareness solutions to change poor employee behaviors –

2014 marked by rise in spear-phishing, social engineering – Federal Times –

Why insider threats are succeeding –

How your old cell phone can leak your company’s confidential info –

WordPress malware: Don’t let too-good-to-be-true deals infest your site –

PCI Council Launches Group to Help Improve SME Compliance –

Why The World’s Top Security Pros Are Furious About Exploit Export Rules –

Who and why is attacking companies in the Nordic Countries? –

Expert issues cyber-attack warning –

Data Centre Consolidation – A Cyber Security perspective –

Threat Intelligence Sharing Valued, But Many Not Doing it: Survey –

Bad Bots’ Impact on Mobile Web Traffic Rose in 2014: Research –

5 hackers who came over from the dark side –

Threat Intelligence –

The cost of a data breach has jumped 23 percent in two years –

Cyber-Attacks in 2015 Reveal Unknown Flaws in Flash, Windows –

Cyber attacks leave businesses wide open to lawsuits –


Tools, Tips and How it’s done:

Windows Functions in Malware Analysis – Cheat Sheet – Part 1 –

How to monitor XSS attacks and other security threats on your website, in real-time –

A primer on cyber security for online retailers –

Is your “secret answer” hard to guess? –

The Samaritan and The Smartphone – 7 Tips to Secure and Help Your Cell Phone Get Home –

Profile Of A Cybercrime Petty Thief –

In Pictures: Seven best practices for cloud security –

The Internet of Buggy Things –

Sniffing and tracking wearable tech and smartphones –

Tox, how to create your ransomware in 3 steps –


Miscellaneous Privacy stories:

Tracking Human Mobility using WiFi signals –

Subway riders’ smartphones could carry tracking malware –

A reminder that your Instagram photos aren’t really yours: Someone else can sell them for $90,000 –

Google’s Internet-connected toys patent sparks privacy concerns, visions of IoT Chucky –

iPhone users’ privacy at risk due to leaky Bluetooth technology –


Safeguarding Children and School E-Safety stories:

Cyber bullying: Nip it in the bud –

Google Play revamps its Android apps’ age ratings –

Traditional Schoolyard Bullies Likely to Engage in Cyber-Bullying as Well –

Why hackers want kids’ personal information –

Child sex abuse live streams loophole to be closed –

Influence of Social Media on Teenagers –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

Information Security Breach Report – 21 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

New Router Attack Displays Fake Warning Messages –

Data breach involves Southwest Licking student info –

Android stock browser vulnerable to URL spoofing –

Cps Experiencing Data Breach After Sharing 4,000 Students Personal Information –

Tech experts urge cyber ‘vigilance’ after ATW website hacked Tuesday –

Fee website used by Weber School District hacked –

Data Belonging To 1.1 Million CareFirst Customers Stolen In Cyber Attack –

Say hello to the latest cyber superbug –

‘Venom’ Security Bug Allows Network Intrusion via the Cloud –

Crypto Ransomware Seeks Dominance as New Threats Emerge to Encrypt and Destroy Files –

Hard-coded credentials placing dental offices at risk –


Miscellaneous Infosec stories:

Apple Fixes Security Bugs With First Update for Watch OS –

Cracking down on poor cyber hygiene –

Phishing and Malware Cyberattacks are Directed at Law Firms (and Clients) – So it’s Time to Train Employees –

FTC looks ‘favorably’ on firms that report data breach –

Cyber thieves targeting the Internet with more sophistication –

EFF Asks Court To Reconsider Ruling That Would Make Violating Work Computer Policies A Criminal Act –

E-paper display gives payment cards a changing security code –

DDoS attacks increase and methods changed in Q1 2015, report says –

This 9-Year-Old CEO Knows more about Cyber Security Than You Do –

Google changes Chrome extension policy amid security concerns –

Cyber risk now seen as a top 10 global threat to businesses –

How much money do cyber crooks collect via crypto ransomware? –


Tools, Tips and How it’s done:

5 Easy Ways to Avoid Getting Hacked at ATMs –

Logjam vulnerability – what you need to know –

All Roads Lead to the Need to Strengthen Your Security Operations Center? –

Legally Blind and Deaf – How Computer Crime Laws Silence Helpful Hackers –

Hacker launches ransomware rescue kit –

What combination locks teach us about encryption weakness –


Miscellaneous Privacy stories:

Tribunal finds no breach of privacy law by employer using Facebook to investigate misconduct claims –

Americans’ Attitudes About Privacy, Security and Surveillance –


Safeguarding Children and School E-Safety stories:

Online safety: If you want something done right, do it yourself –

Raising cyber kids in GenNBN –

Suspend, blacklist cyberbullies –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


Snapchat data scandal

by Michelle Ali

This blog first appeared within the VE-SO Portal in March, as one of the regular updates for school E-Safety Officers. It now appears here for general information.

The impact of the Snapchat update

It’s fair to say that the recent major update of Snapchat (27/01/15) caused a huge uproar among Snapchat users. Most people’s biggest problem is that they can no longer see their contacts “best friends” i.e. their most frequently contacted. People don’t like this because it was always good gossip to see who had been messaging who.

However, another serious issue surfaced recently with users reporting that the app is burning through too much background data.

In the screenshot at the bottom of the article, you can see Snapchat having used over 40MB in the foreground (while the app was open) and a little more than 250MB in the background. In a span of a week, the app burned through a quarter of a gigabyte.

Snapchat introduced a discover page linked to news feeds from various sources such as CNN, National Geographic, and People. Users complained about the app quickly draining battery life, causing crashes, and sucking up background data.

Fortunately, users can prevent Snapchat from running in the background. Go to Data Usage under your phone’s settings menu and look for Snapchat. If it’s giving problems, it is likely to be at the top of the list of apps. Tap it and select the Restrict Background data option.

Snapchat can’t be held responsible for the things people do using its service, but the company should jump on this issue quickly if it doesn’t want customers taking up pitchforks over the potential charges on their cell phone bills. With any luck, it’s already on it.

Information Security Breach Report – 11 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Newfoundland patient data breach investigated –

Cafe de Coral reveals accidental data leak –

95% of SAP deployments ‘vulnerable to cyber attacks’ –

Visitors to top porn sites hit by malvertising attack –

Meru Cabs: Customer Data Exposed –

Child abuse images deface Nazi Mauthausen camp website –

Flawed Open Smart Grid Protocol is a risk for Smart Grid –

Million WordPress websites vulnerable to DOM-based XSS –

Android cellular voice channel used as new covert channel to leak info, spread malware –

Adobe to Patch Critical Vulnerabilities in Reader, Acrobat –

GPS used to locate a gang using gas pump skimmers –

Serious MacKeeper vulnerability found –

Cyber-Attack Attempted By Former Nuclear Regulatory Commission Employee –

Snapchat security breach –

Cyber security firm ‘doctored up’ data breaches to extort companies, ex-employee claims –

Beware! ‘Breaking Bad’ Is Now A Ransom-Styled Malware Currently Infecting Australian Computers –


Miscellaneous Infosec stories:

Here’s how many U.S. adults were hacked in 2014 –

Mobile malware statistics highlight unknown state of mobile threats –

Kiwi company posts job ad for Windows support scammers –

Where is the Android DDoS Armageddon? –

Here’s What a Cyber Warfare Arsenal Might Look Like –

Is cyber-warfare really that scary? –

As Data Breaches Spread, Providers and Payers Must Prepare –

Windows 10: No More Monthly Patches –

Why don’t you rent your electronic wireless doorlock, asks man selling doorlocks –

70 million Americans report stolen data –

Too Many Healthcare Employees Have Excessive Patient Data Access –

Hack renting portal charges fee to penetrate any account –

The Effectiveness of Spear Phishing Not Lost on Cyber Terrorists –


Tools, Tips and How it’s done:


PoC Linux Rootkit Uses GPU to Evade Detection –

Facebook Friends Mapper – How to crawl Hidden Friends –

A digital skeleton key to access any website –

Ad Injection at Scale: Assessing Deceptive Advertisement Modifications –

True Private Messaging: 7 Apps to Encrypt Your Chats –


Miscellaneous Privacy stories:

Wearable tech portends vast effects on health and privacy –


Safeguarding Children and School E-Safety stories:

Schools: have your say about cyberbullying –

Mother Speaks Out About Cyber-Bullies –

How to change your privacy setting on Facebook –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

SRM Blog

SRM Blog