Monthly Archive June 2015

PCI Breach Trend Report June 2015

In the last twelve months, Security Risk Management (SRM) ltd has been contacted by over 65 companies legally required to seek assistance in securing data breaches. The largest number of cases (38%) came from specialist online retailers and clothing retailers (27%).

The majority of businesses affected with a breach were at the small end of the business scale. Where figures have been released, the average number of cards affected per breach was 850 on average.

The most common attack method was through Remote File Inclusion (RFI), a method of running malicious code on a victim’s system, providing the intruder with unrestricted access and enabling them to steal sensitive information and execute malicious actions.

Trend Report Businesses Affected


SRM delivers Managing Cyber Threat lecture to City lawyers

Last month, Tom Fairfax, Managing Director of Security Risk Management Ltd joined forces with Robert Newcombe, Barrister with Dere Street Barristers, to deliver a talk on Managing Cyber Threat. The event took place in Church Court Chambers near Lincolns Inn, London, with the speakers addressing an audience containing a number of leading barristers and solicitors in their fields.

Tom Fairfax talked on practical ways to manage the cyber environment while Rob, who specialises in cyber cases, provided the legal perspective. This lecture combination was first delivered by Tom and Rob in November 2012.

Tom Fairfax said: “It was noted by several people, that whilst the practical cyber environment has changed significantly over the past 3 years, the legal position is relatively unchanged. While this might be evidence of excellent drafting of legislation, it also highlights a challenge for society based on the fact that the technological environment is evolving so much faster than the control and governance environment we have created to manage it.

“There has also been a significant shift in emphasis from perimeter protection to incident response over the past decade, acknowledging the fact that organisations increasingly see cyber incidents as issues that must be managed rather than things which can be avoided.”

Information Security Breach Report – 02 June 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Angler Exploit Kit Loads Up CryptoWall 3.0, Flash Flaw –

Blue Coat Fixes Several Flaws in SSL Visibility Appliance –

Over 1,000 Vietnamese websites hacked by Chinese during weekend: report –

DYRE Banking Malware Upsurges; Europe and North America Most Affected –

Now Twitter and Snapchat get stung by the iPhone text crash –

Grabit Espionage Campaign Steals Thousands of Files From SMBs –

eBay bug turns phishing email links into malware-stuffed booby prizes –

Sally Beauty: Cybercriminals Planted Malware on PoS Systems for 6 Weeks –

More than 60 undisclosed vulnerabilities affect 22 SOHO routers –


Miscellaneous Infosec stories:

Tackling the human problem of security –,tackling-the-human-problem-of-security.aspx?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+

Business Risks Associated With Data Breaches –

Retail sector falling short in customer data protection –

On Reflection: Don’t bring cyber crime in through the back door –

Number of Botnet-Powered DDoS Attacks Dropped in Q1: Kaspersky –

How a hack on Prince Philip’s Prestel account led to UK computer law –

UAE firms targeted by cyber spying –

CESG launch new Certified Cyber Security Consultancy scheme for government and industry –

Surfing porn, downloading apps: Employees ignore obvious cyber risks at work –

Protecting banks from the coming data breach liability storm –


Tools, Tips and How it’s done:

The cyber security expert Michael Fratello has made a detailed analysis of the locker ransomware that implements a unique delivery mechanism –

Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems –

10 Rules for Writing Safety Critical Code –

Malvertising Assaults Result in Attack Toolkit Magnitude and Ransomware says Zscaler –

Technical analysis of Hola vulnerabilities enabling cyber attacks –

The vulnerable Border Gateway protocol, a quick-fix solution from 1989, still directs most internet traffic –

5 things you need to do to maintain your professional online hygiene –

Shady Ad Network Using “Camo Sites” –

The Importance of Operational Security and User Education –

What enterprise should do when helpless employees lose hope in fighting cyber attacks –


Miscellaneous Privacy stories:

Why you shouldn’t worry about privacy and security on your phone –

Lower Merion School District explains the 56,000 Webcamgate shots –

Haunted by a stranger who stole my life online –

Jennifer Newman: What employers look for when checking your Facebook, LinkedIn –

Unmasking hidden Tor service users is too easy, say infosec bods –

Data breach liability: confidentiality vs. privacy –


Safeguarding Children and School E-Safety stories:

Filmed on Skype… the chilling exchange between reporter posing as a child and Islamic State fighter from London –

Internet celebrities speak out against cyber bullying –

Students make lecturers life a ‘misery’ –

Whose privacy matters most? –


If you would like this report sent direct to your inbox, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

SRM Blog

SRM Blog