Breach Report
PCI Breach Trend Report June 2015
Tuesday 30th June 2015
In the last twelve months, Security Risk Management (SRM) ltd has been contacted by over 65 companies legally required to seek assistance in securing data breaches. The largest number of cases (38%) came from specialist online retailers and clothing retailers (27%).
The majority of businesses affected with a breach were at the small end of the business scale. Where figures have been released, the average number of cards affected per breach was 850 on average.
The most common attack method was through Remote File Inclusion (RFI), a method of running malicious code on a victim’s system, providing the intruder with unrestricted access and enabling them to steal sensitive information and execute malicious actions.
Trend Report Businesses Affected
Information Security Breach Report – 02 June 2015
Tuesday 2nd June 2015
A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.
Breaches, Incidents and Alerts:
Angler Exploit Kit Loads Up CryptoWall 3.0, Flash Flaw – http://www.infosecurity-magazine.com/news/angler-exploit-kit-loads-up/
Blue Coat Fixes Several Flaws in SSL Visibility Appliance – http://www.securityweek.com/blue-coat-fixes-several-flaws-ssl-visibility-appliance?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
Over 1,000 Vietnamese websites hacked by Chinese during weekend: report – http://www.thanhniennews.com/tech/over-1000-vietnamese-websites-hacked-by-chinese-during-weekend-report-45148.html
DYRE Banking Malware Upsurges; Europe and North America Most Affected – http://blog.trendmicro.com/trendlabs-security-intelligence/old-banking-malware-resurfaces-europe-north-america-most-affected/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29
Now Twitter and Snapchat get stung by the iPhone text crash – http://www.hotforsecurity.com/blog/now-twitter-and-snapchat-get-stung-by-the-iphone-text-crash-11888.html
Grabit Espionage Campaign Steals Thousands of Files From SMBs – http://www.eweek.com/security/grabit-espionage-campaign-steals-thousands-of-files-from-smbs.html
eBay bug turns phishing email links into malware-stuffed booby prizes – http://www.theregister.co.uk/2015/05/23/beware_forms_that_arent_ebay_hit_by_serious_security_problem/
Sally Beauty: Cybercriminals Planted Malware on PoS Systems for 6 Weeks – http://www.securityweek.com/sally-beauty-cybercriminals-planted-malware-pos-systems-6-weeks?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
More than 60 undisclosed vulnerabilities affect 22 SOHO routers – http://seclists.org/fulldisclosure/2015/May/129
Miscellaneous Infosec stories:
Tackling the human problem of security – http://www.itnews.com.au/Feature/404650,tackling-the-human-problem-of-security.aspx?utm_source=feed&utm_medium=rss&utm_campaign=iTnews +
Business Risks Associated With Data Breaches – http://www.addrenal.com/groups/business-risks-associated-with-data-breaches/
Retail sector falling short in customer data protection – http://www.itproportal.com/2015/05/30/retail-sector-falling-short-customer-data-protection/
On Reflection: Don’t bring cyber crime in through the back door – http://www.windpowermonthly.com/article/1349274/reflection-dont-bring-cyber-crime-back-door
Number of Botnet-Powered DDoS Attacks Dropped in Q1: Kaspersky – http://www.securityweek.com/number-botnet-powered-ddos-attacks-dropped-q1-kaspersky?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
How a hack on Prince Philip’s Prestel account led to UK computer law – http://www.theregister.co.uk/2015/03/26/prestel_hack_anniversary_prince_philip_computer_misuse/
UAE firms targeted by cyber spying – http://gulfnews.com/business/sectors/technology/uae-firms-targeted-by-cyber-spying-1.1527377
CESG launch new Certified Cyber Security Consultancy scheme for government and industry – http://www.gchq.gov.uk/press_and_media/press_releases/Pages/CESG-launch-new-Certified-Cyber-Consultancy-scheme.aspx
Surfing porn, downloading apps: Employees ignore obvious cyber risks at work – http://www.firstpost.com/business/surfing-porn-downloading-apps-employees-ignore-obvious-cyber-risks-work-2274786.html
Protecting banks from the coming data breach liability storm – http://www.easier.com/130347-protecting-banks-from-the-coming-data-breach-liability-storm.html
Tools, Tips and How it’s done:
The cyber security expert Michael Fratello has made a detailed analysis of the locker ransomware that implements a unique delivery mechanism – http://securityaffairs.co/wordpress/37325/malware/locker-ransomware-analysis.html
Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems – http://www.rand.org/pubs/research_reports/RR620.html
10 Rules for Writing Safety Critical Code – http://spinroot.com/p10/
Malvertising Assaults Result in Attack Toolkit Magnitude and Ransomware says Zscaler – http://securitynewswire.com/latestsecuritynews/mobile_article.php?title=Malvertising_Assaults_Result_in_Attack_Toolkit_Magnitude_and_Ransomware_says_Zscaler
Technical analysis of Hola vulnerabilities enabling cyber attacks – http://blog.vectranetworks.com/blog/technical-analysis-of-hola
The vulnerable Border Gateway protocol, a quick-fix solution from 1989, still directs most internet traffic – http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/
5 things you need to do to maintain your professional online hygiene – https://www.linkedin.com/pulse/5-things-you-need-do-maintain-your-professional-online-yotam-gutman
Shady Ad Network Using “Camo Sites” – https://www.bluecoat.com/security-blog/2015-05-30/shady-ad-network-using-camo-sites
The Importance of Operational Security and User Education – http://securityaffairs.co/wordpress/37368/security/operational-securit-user-education.html
What enterprise should do when helpless employees lose hope in fighting cyber attacks – http://www.networksasia.net/article/what-enterprise-should-do-when-helpless-employees-lose-hope-fighting-cyber-attacks
Miscellaneous Privacy stories:
Why you shouldn’t worry about privacy and security on your phone – https://nakedsecurity.sophos.com/2015/06/02/why-you-shouldnt-worry-about-privacy-and-security-on-your-phone/
Lower Merion School District explains the 56,000 Webcamgate shots – http://www.forbes.com/sites/kashmirhill/2010/04/22/lower-merion-school-district-explains-the-56000-webcamgate-shots/
Haunted by a stranger who stole my life online – http://www.dailymail.co.uk/femail/article-3105080/Haunted-stranger-stole-life-online-imposter-used-executive-s-photos-create-fantasy-life-duped-falling-fake-woman.html
Jennifer Newman: What employers look for when checking your Facebook, LinkedIn – http://www.cbc.ca/news/canada/british-columbia/jennifer-newman-what-employers-look-for-when-checking-your-facebook-linkedin-1.3094131
Unmasking hidden Tor service users is too easy, say infosec bods – http://www.theregister.co.uk/2015/05/30/researchers_claim_tracking_hidden_tor_services_is_easy/
Data breach liability: confidentiality vs. privacy – http://www.databreaches.net/data-breach-liability-confidentiality-vs-privacy/
Safeguarding Children and School E-Safety stories:
Filmed on Skype… the chilling exchange between reporter posing as a child and Islamic State fighter from London – http://www.dailymail.co.uk/news/article-3094448/Filmed-Skype-chilling-exchange-reporter-posing-child-Islamic-State-fighter-London-told-pick-going-picking-wife.html
Internet celebrities speak out against cyber bullying – http://www.3news.co.nz/nznews/internet-celebrities-speak-out-against-cyber-bullying-2015053115#axzz3bvBj1eI1
Students make lecturers life a ‘misery’ – http://m.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11458573
Whose privacy matters most? – http://www.csoonline.com/article/2928700/privacy/whose-privacy-matters-most.html#tk.rss_all
If you would like this report sent direct to your inbox, email me at jon.fisher@srm-solutions.com
You can see all previous issues of this blog at http://blog.srm-solutions.com/
or www.jonfisherthoughts.co.uk
My Linkedin Profile is uk.linkedin.com/in/jonfisher99/
Information Security Breach Report – 28 May 2015
Thursday 28th May 2015
A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.
Breaches, Incidents and Alerts:
Banks’ Cyber Risks Compounded by ‘Commjacking’ of Wi-Fi Networks – http://www.americanbanker.com/news/bank-technology/banks-cyber-risks-compounded-by-commjacking-of-wi-fi-networks-1074518-1.html
Hospital Data Breach Affects Thousands of Patients – https://www.send2press.com/newswire/hospital-data-breach-affects-thousands-of-patients-2015-0526-02.shtml
There’s a Moose loose aboot this hoose: Linux worm hijacks Twitter feeds for spam slinging – http://www.theregister.co.uk/2015/05/26/routerbashing_worm_yanks_tens_of_thousands_of_twitter_accounts/
Researchers Exploit Patched Windows Group Policy Bug – https://threatpost.com/researchers-exploit-patched-windows-group-policy-bug/113000
POS Malware Nitlove Seen Spreading Through Spam Campaign – https://threatpost.com/pos-malware-nitlove-seen-spreading-through-spam-campaign/113009
Anon Coders take control of Kentucky GOP’s site; says expect more – http://www.databreaches.net/anon-coders-take-control-of-kentucky-gops-site-says-expect-more/
Florida releases personal data on 13,000 people, issues ‘fraud’ alert – http://www.miamiherald.com/news/politics-government/state-politics/article22395198.html
Thousands of UK Government PCs Exposed – http://www.infosecurity-magazine.com/news/thousands-uk-government-pcs-exposed/
Update on Sterne Agee Group laptop breach – http://www.databreaches.net/update-on-sterne-agee-group-laptop-breach/
Synology Fixes XSS, Command Injection Vulnerabilities in NAS Software – http://www.securityweek.com/synology-fixes-xss-command-injection-vulnerabilities-nas-software?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
Attackers Use Exploit Kit to Hijack Routers: Researcher – http://www.securityweek.com/attackers-use-exploit-kit-hijack-routers-researcher
Recent Breaches a Boon to Extortionists – http://krebsonsecurity.com/2015/05/recent-breaches-a-boon-to-extortionists/
Beacon Health System notifies patients after phishing attack – http://www.databreaches.net/beacon-health-system-notifies-patients-after-phishing-attack/
Scam alert: New Facebook scam wants to steal your login and your money – http://bgr.com/2015/05/26/facebook-recovery-message-scam-phishing-warning/
Large-scale attack uses browsers to hijack routers – http://www.computerworld.com/article/2925580/cybercrime-hacking/large-scale-attack-uses-browsers-to-hijack-routers.html#tk.rss_security0
Cybercriminals Use SVG Files to Distribute Ransomware – http://www.securityweek.com/cybercriminals-use-svg-files-distribute-ransomware?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
Emerson Patches SQL Injection Vulnerability in ICS Product – http://www.securityweek.com/emerson-patches-sql-injection-vulnerability-ics-product?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
MTN SOUTH AFRICA SHUTS DOWN EBILLING PORTAL OVER SECURITY BREACH – http://techcabal.com/2015/05/26/mtn-south-africa-shuts-down-ebilling-portal-over-security-breach/
Password reset sites expose crackable PeopleSoft creds – http://www.theregister.co.uk/2015/05/28/password_reset_sites_expose_crackable_peoplesoft_creds/
Unauthorized Access Vulnerability Fixed in Symfony – http://www.securityweek.com/unauthorized-access-vulnerability-fixed-symfony
LogJam flaw leaves 1,006 cloud applications vulnerable to attack – http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5109/logjam-flaw-leaves-1006-cloud-applications-vulnerable-to-attack
Miscellaneous Infosec stories:
Hacker’s List leaks its secrets, revealing true identities of those wanting to hack – http://www.hotforsecurity.com/blog/hackers-list-leaks-its-secrets-revealing-true-identities-of-those-wanting-to-hack-11847.html
INFOGRAPHIC: 8 Vulnerable Software Apps Exposing Your Computer to Cyber Attacks – http://www.adweek.com/socialtimes/infographic-8-vulnerable-software-apps-exposing-your-computer-to-cyber-attacks/620757
One More Reason for Companies to Report Data Breaches – http://justsecurity.org/23227/reason-companies-report-data-breaches/
Five Takeaways from the First Cyber Insurance Case – http://www.jdsupra.com/legalnews/five-takeaways-from-the-first-cyber-88215/
Number of identity theft victims ‘rises by a third’ – http://www.bbc.co.uk/news/uk-32890979
CISOs turn to security awareness solutions to change poor employee behaviors – http://www.csoonline.com/article/2926173/security-awareness/cisos-turn-to-security-awareness-solutions-to-change-poor-employee-behaviors.html
2014 marked by rise in spear-phishing, social engineering – Federal Times – http://www.hackbusters.com/news/stories/328746-2014-marked-by-rise-in-spear-phishing-social-engineering-federal-times
Why insider threats are succeeding – http://techspective.net/2015/05/26/why-insider-threats-are-succeeding/
How your old cell phone can leak your company’s confidential info – http://cio.economictimes.indiatimes.com/news/consumer-tech/how-your-old-cell-phone-can-leak-your-companys-confidential-info/47438372
WordPress malware: Don’t let too-good-to-be-true deals infest your site – http://www.zdnet.com/article/dont-let-too-good-to-be-true-deals-infest-your-site-with-malware/#ftag=RSSbaffb68
PCI Council Launches Group to Help Improve SME Compliance – http://www.infosecurity-magazine.com/news/pci-council-group-improve-sme/
Why The World’s Top Security Pros Are Furious About Exploit Export Rules – http://www.forbes.com/sites/thomasbrewster/2015/05/26/security-pro-fury-on-exploit-export-rules/
Who and why is attacking companies in the Nordic Countries? – http://securityaffairs.co/wordpress/37140/cyber-crime/apt-against-nordic-countries.html
Expert issues cyber-attack warning – http://www.financialstandard.com.au/news/view/50139844
Data Centre Consolidation – A Cyber Security perspective – http://dcseurope.info/news_full.php?id=37946
Threat Intelligence Sharing Valued, But Many Not Doing it: Survey – http://www.securityweek.com/threat-intelligence-sharing-valued-many-not-doing-it-survey?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
Bad Bots’ Impact on Mobile Web Traffic Rose in 2014: Research – http://www.securityweek.com/bad-bots-impact-mobile-web-traffic-rose-2014-research?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
5 hackers who came over from the dark side – http://www.welivesecurity.com/2015/05/25/5-hackers-who-came-over-from-the-dark-side/
Threat Intelligence – http://www.solutionary.com/resource-center/blog/2015/05/threat-intelligence/
The cost of a data breach has jumped 23 percent in two years – http://www.pcworld.com/article/2927618/the-cost-of-a-data-breach-has-jumped-23-percent-in-two-years.html
Cyber-Attacks in 2015 Reveal Unknown Flaws in Flash, Windows – http://www.eweek.com/security/cyber-attacks-in-2015-reveal-unknown-flaws-in-flash-windows.html
Cyber attacks leave businesses wide open to lawsuits – https://www.siliconrepublic.com/enterprise/2015/05/28/cyber-attacks-leave-businesses-wide-open-to-lawsuits
Tools, Tips and How it’s done:
Windows Functions in Malware Analysis – Cheat Sheet – Part 1 – http://resources.infosecinstitute.com/windows-functions-in-malware-analysis-cheat-sheet-part-1/
How to monitor XSS attacks and other security threats on your website, in real-time – https://grahamcluley.com/2015/05/monitor-xss-attacks/
A primer on cyber security for online retailers – https://www.internetretailer.com/commentary/2015/05/26/primer-cyber-security-online-retailers
Is your “secret answer” hard to guess? – http://now.avg.com/is-your-secret-answer-hard-to-guess/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+avg-blogs+%28AVG+Blogs%29
The Samaritan and The Smartphone – 7 Tips to Secure and Help Your Cell Phone Get Home – http://www.solutionary.com/resource-center/blog/2015/05/the-samaritan-and-the-smartphone/
Profile Of A Cybercrime Petty Thief – http://www.darkreading.com/analytics/threat-intelligence/profile-of-a-cybercrime-petty-thief/d/d-id/1320559?_mc=RSS_DR_EDT
In Pictures: Seven best practices for cloud security – http://www.cio.com.au/slideshow/575891/pictures-seven-best-practices-cloud-security/
The Internet of Buggy Things – http://www.bankinfosecurity.com/blogs/internet-buggy-things-p-1862
Sniffing and tracking wearable tech and smartphones – http://www.net-security.org/secworld.php?id=18422
Tox, how to create your ransomware in 3 steps – http://securityaffairs.co/wordpress/37180/cyber-crime/tox-ransomware-builder.html
Miscellaneous Privacy stories:
Tracking Human Mobility using WiFi signals – http://sunelehmann.com/2015/05/26/tracking-human-mobility-using-wifi-signals/
Subway riders’ smartphones could carry tracking malware – http://techxplore.com/news/2015-05-subway-riders-smartphones-tracking-malware.html
A reminder that your Instagram photos aren’t really yours: Someone else can sell them for $90,000 – http://www.washingtonpost.com/blogs/style-blog/wp/2015/05/25/a-reminder-that-your-instagram-photos-arent-really-yours-someone-else-can-sell-them-for-90000/
Google’s Internet-connected toys patent sparks privacy concerns, visions of IoT Chucky – http://www.computerworld.com/article/2926333/data-privacy/googles-internet-connected-toys-patent-sparks-privacy-concerns-visions-of-iot-chucky.html#tk.rss_security0
iPhone users’ privacy at risk due to leaky Bluetooth technology – http://www.v3.co.uk/v3-uk/news/2409939/iphone-users-privacy-at-risk-due-to-leaky-bluetooth-technology
Safeguarding Children and School E-Safety stories:
Cyber bullying: Nip it in the bud – http://www.livemint.com/Leisure/lpQCFqjgETbXachoWRxysO/Cyber-bullying-Nip-it-in-the-bud.html
Google Play revamps its Android apps’ age ratings – http://www.bbc.co.uk/news/technology-32882136
Traditional Schoolyard Bullies Likely to Engage in Cyber-Bullying as Well – http://www.sydneycatholic.org/news/latest_news/2015/2015526_657.shtml
Why hackers want kids’ personal information – http://thehill.com/policy/cybersecurity/242865-why-hackers-want-kids-personal-information
Child sex abuse live streams loophole to be closed – http://www.bbc.co.uk/news/technology-32899033
Influence of Social Media on Teenagers – http://www.huffingtonpost.com/suren-ramasubbu/influence-of-social-media-on-teenagers_b_7427740.html
If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com
You can see all previous issues of this blog at http://blog.srm-solutions.com/
or www.jonfisherthoughts.co.uk
My Linkedin Profile is uk.linkedin.com/in/jonfisher99/
Information Security Breach Report – 21 May 2015
Thursday 21st May 2015
A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.
Breaches, Incidents and Alerts:
New Router Attack Displays Fake Warning Messages – http://blog.trendmicro.com/trendlabs-security-intelligence/new-router-attack-displays-fake-warning-messages/
Data breach involves Southwest Licking student info – http://www.newarkadvocate.com/story/news/local/pataskala/2015/05/20/southwest-licking-schools-data-breach/27655485/
Android stock browser vulnerable to URL spoofing – http://www.csoonline.com/article/2924996/vulnerabilities/android-stock-browser-vulnerable-to-url-spoofing.html#tk.rss_all
Cps Experiencing Data Breach After Sharing 4,000 Students Personal Information – http://www.styrk.com/posts/cps-experiencing-data-breach-after-sharing-4-000-students-personal-information
Tech experts urge cyber ‘vigilance’ after ATW website hacked Tuesday – http://fox11online.com/2015/05/20/tech-experts-urge-cyber-vigilance-after-atw-website-hacked-tuesday/
Fee website used by Weber School District hacked – http://www.standard.net/Education/2015/05/20/School-fee-website-hacked.html
Data Belonging To 1.1 Million CareFirst Customers Stolen In Cyber Attack – http://www.forbes.com/sites/katevinton/2015/05/20/data-belonging-to-1-1-million-carefirst-customers-stolen-in-cyber-attack/
Say hello to the latest cyber superbug – http://www.businessspectator.com.au/article/2015/5/21/technology/say-hello-latest-cyber-superbug
‘Venom’ Security Bug Allows Network Intrusion via the Cloud – http://thevarguy.com/network-security-and-data-protection-software-solutions/052015/venom-security-bug-allows-network-intrusion-
Crypto Ransomware Seeks Dominance as New Threats Emerge to Encrypt and Destroy Files – http://www.spywareremove.com/crypto-ransomware-dominance-threats-encrypt-destroy-files.html
Hard-coded credentials placing dental offices at risk – http://www.csoonline.com/article/2923887/vulnerabilities/hard-coded-credentials-placing-dental-offices-at-risk.html#tk.rss_all
Miscellaneous Infosec stories:
Apple Fixes Security Bugs With First Update for Watch OS – http://www.securityweek.com/apple-fixes-security-bugs-first-update-watch-os?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
Cracking down on poor cyber hygiene – http://fcw.com/articles/2015/05/20/cracking-down-on-cyber.aspx
Phishing and Malware Cyberattacks are Directed at Law Firms (and Clients) – So it’s Time to Train Employees – http://abovethelaw.com/2015/05/phishing-and-malware-cyberattacks-are-directed-at-law-firms-and-clients-so-its-time-to-train-employees/
FTC looks ‘favorably’ on firms that report data breach – http://thehill.com/policy/technology/242703-ftc-looks-favorably-on-firms-that-report-data-breach
Cyber thieves targeting the Internet with more sophistication – http://wivb.com/investigative-story/cyber-thieves-targeting-the-internet-with-more-sophistication/
EFF Asks Court To Reconsider Ruling That Would Make Violating Work Computer Policies A Criminal Act – https://www.techdirt.com/articles/20150515/07365131013/eff-asks-court-to-reconsider-ruling-that-would-make-violating-work-computer-policies-criminal-act.shtml
E-paper display gives payment cards a changing security code – http://www.csoonline.com/article/2924958/data-protection/epaper-display-gives-payment-cards-a-changing-security-code.html#tk.rss_all
DDoS attacks increase and methods changed in Q1 2015, report says – http://www.scmagazine.com/q1-report-shows-uptick-in-low-bandwidth-ddos-attacks/article/415876/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SCMagazineNews+%28SC+Magazine+News%29
This 9-Year-Old CEO Knows more about Cyber Security Than You Do – http://tech.co/reuben-paul-9-year-old-ceo-cyber-security-2015-05
Google changes Chrome extension policy amid security concerns – http://searchsecurity.techtarget.com/news/4500246699/Google-changes-Chrome-extension-policy-amid-security-concerns
Cyber risk now seen as a top 10 global threat to businesses – http://www.supplymanagement.com/news/2015/cyber-risk-now-seen-as-a-top-10-global-threat-to-businesses
How much money do cyber crooks collect via crypto ransomware? – http://www.net-security.org/malware_news.php?id=3042
Tools, Tips and How it’s done:
5 Easy Ways to Avoid Getting Hacked at ATMs – http://time.com/3890898/atm-security/
Logjam vulnerability – what you need to know – http://blog.lumension.com/10143/logjam-vulnerability-faq/
All Roads Lead to the Need to Strengthen Your Security Operations Center? – http://www.csoonline.com/article/2925114/security0/all-roads-lead-to-the-need-to-strengthen-your-security-operations-center.html#tk.rss_all
Legally Blind and Deaf – How Computer Crime Laws Silence Helpful Hackers – https://hackerone.com/news/legally-blind-and-deaf
Hacker launches ransomware rescue kit – http://www.theregister.co.uk/2015/05/21/ransomware_rescue_kit/
What combination locks teach us about encryption weakness – http://www.csoonline.com/article/2922372/security-industry/what-combination-locks-teach-us-about-encryption-weakness.html#tk.rss_all
Miscellaneous Privacy stories:
Tribunal finds no breach of privacy law by employer using Facebook to investigate misconduct claims – http://www.smartcompany.com.au/legal/47015-tribunal-finds-no-breach-of-privacy-law-by-employer-using-facebook-to-investigate-misconduct-claims.html
Americans’ Attitudes About Privacy, Security and Surveillance – http://www.pewinternet.org/2015/05/20/americans-attitudes-about-privacy-security-and-surveillance/
Safeguarding Children and School E-Safety stories:
Online safety: If you want something done right, do it yourself – http://phys.org/news/2015-05-online-safety.html
Raising cyber kids in GenNBN – http://www.nbnco.com.au/blog/raising-cyber-kids-in-gennbn.html
Suspend, blacklist cyberbullies – http://www.odt.co.nz/news/schools-news/342761/suspend-blacklist-cyberbullies
If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com
You can see all previous issues of this blog at http://blog.srm-solutions.com/
or www.jonfisherthoughts.co.uk
Information Security Breach Report – 11 May 2015
Monday 11th May 2015
A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.
Breaches, Incidents and Alerts:
Newfoundland patient data breach investigated – http://metronews.ca/news/canada/1363605/newfoundland-patient-data-breach-investigated/
Cafe de Coral reveals accidental data leak – http://www.thestandard.com.hk/breaking_news_detail.asp?id=60956&icid=a&d_str =
95% of SAP deployments ‘vulnerable to cyber attacks’ – http://www.itpro.co.uk/hacking/24577/95-of-sap-deployments-vulnerable-to-cyber-attacks
Visitors to top porn sites hit by malvertising attack – http://www.csoonline.com/article/2920677/malware-cybercrime/visitors-to-top-porn-sites-hit-by-malvertising-attack.html#tk.rss_all
Meru Cabs: Customer Data Exposed – http://www.inforisktoday.com/meru-cabs-customer-data-exposed-a-8210
Child abuse images deface Nazi Mauthausen camp website – http://www.bbc.co.uk/news/world-europe-32652394
Flawed Open Smart Grid Protocol is a risk for Smart Grid – http://securityaffairs.co/wordpress/36648/hacking/flaws-open-smart-grid-protocol.html
Million WordPress websites vulnerable to DOM-based XSS – http://securityaffairs.co/wordpress/36607/hacking/million-wordpress-dom-based-xss.html
Android cellular voice channel used as new covert channel to leak info, spread malware – http://www.computerworld.com/article/2919516/cybercrime-hacking/android-cellular-voice-channel-used-as-new-covert-channel-to-leak-info-spread-malware.html
Adobe to Patch Critical Vulnerabilities in Reader, Acrobat – http://www.securityweek.com/adobe-patch-critical-vulnerabilities-reader-acrobat?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
GPS used to locate a gang using gas pump skimmers – http://securityaffairs.co/wordpress/36683/cyber-crime/gas-pump-skimmers-gang.html
Serious MacKeeper vulnerability found – http://www.thesafemac.com/serious-mackeeper-vulnerability-found/
Cyber-Attack Attempted By Former Nuclear Regulatory Commission Employee – http://www.inquisitr.com/2076983/cyber-attack-attempted-by-former-nuclear-regulatory-commission-employee/
Snapchat security breach – http://isnapchathack.com/ap/
Cyber security firm ‘doctored up’ data breaches to extort companies, ex-employee claims – http://www.smh.com.au/it-pro/security-it/cyber-security-firm-doctored-up-data-breaches-to-extort-companies-exemployee-claims-20150511-ggyoss.html
Beware! ‘Breaking Bad’ Is Now A Ransom-Styled Malware Currently Infecting Australian Computers – http://www.inquisitr.com/2080361/beware-breaking-bad-is-now-a-ransom-styled-malware-currently-hitting-australian-computer-users/
Miscellaneous Infosec stories:
Here’s how many U.S. adults were hacked in 2014 – http://www.cbsnews.com/news/heres-how-many-u-s-adults-were-hacked-in-2014/
Mobile malware statistics highlight unknown state of mobile threats – http://searchsecurity.techtarget.com/news/4500245950/Mobile-malware-statistics-highlight-unknown-state-of-mobile-threats
Kiwi company posts job ad for Windows support scammers – http://www.theregister.co.uk/2015/05/07/kiwi_company_posts_job_ad_for_windows_support_scammers/
Where is the Android DDoS Armageddon? – http://www.securityweek.com/where-android-ddos-armageddon
Here’s What a Cyber Warfare Arsenal Might Look Like – http://www.scientificamerican.com/article/here-s-what-a-cyber-warfare-arsenal-might-look-like/
Is cyber-warfare really that scary? – http://www.bbc.co.uk/news/world-32534923
As Data Breaches Spread, Providers and Payers Must Prepare – http://www.healthleadersmedia.com/content/TEC-316074/As-Data-Breaches-Spread-Providers-and-Payers-Must-Prepare
Windows 10: No More Monthly Patches – http://www.inforisktoday.com/windows-10-no-more-monthly-patches-a-8202
Why don’t you rent your electronic wireless doorlock, asks man selling doorlocks – http://www.theregister.co.uk/2015/05/06/why_dont_you_rent_your_doorlock_asks_man_selling_doorlocks/
70 million Americans report stolen data – http://www.consumerreports.org/cro/news/2015/05/70-million-americans-report-stolen-data/index.htm
Too Many Healthcare Employees Have Excessive Patient Data Access – http://www.infosecurity-magazine.com/news/healthcare-employees-excessive/
Hack renting portal charges fee to penetrate any account – http://pulse.ng/tech/cyber-business-hack-renting-portal-charges-fee-to-penetrate-any-account-id3739160.html
The Effectiveness of Spear Phishing Not Lost on Cyber Terrorists – http://www.benzinga.com/pressreleases/15/05/p5494834/the-effectiveness-of-spear-phishing-not-lost-on-cyber-terrorists
Tools, Tips and How it’s done:
MAKING SMART LOCKS SMARTER (AKA. HACKING THE AUGUST SMART LOCK) – http://blog.maintenancewindow.ca/post/2015/03/29/Making-Smart-Locks-Smarter-%28aka.-Hacking-the-August-Smart-Lock%29
PoC Linux Rootkit Uses GPU to Evade Detection – http://www.securityweek.com/poc-linux-rootkit-uses-gpu-evade-detection?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29
Facebook Friends Mapper – How to crawl Hidden Friends – http://securityaffairs.co/wordpress/36675/hacking/facebook-friends-mapper.html
A digital skeleton key to access any website – http://docs.higg.so/2015/03/10/a-digital-skeleton-key-for-accessing-any-website-proposal/
Ad Injection at Scale: Assessing Deceptive Advertisement Modifications – https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43346.pdf
True Private Messaging: 7 Apps to Encrypt Your Chats – http://www.infosecdailynews.com/true-private-messaging-7-apps-to-encrypt-your-chats/
Miscellaneous Privacy stories:
Wearable tech portends vast effects on health and privacy – http://www.washingtonpost.com/sf/national/2015/05/09/the-revolution-will-be-digitized/?hpid=z1
Safeguarding Children and School E-Safety stories:
Schools: have your say about cyberbullying – http://www.saferinternet.org.uk/news/schools-have-your-say-about-cyberbullying
Mother Speaks Out About Cyber-Bullies – http://cbs12.com/news/top-stories/stories/vid_25671.shtml
How to change your privacy setting on Facebook – http://www.itproportal.com/2015/05/09/how-to-change-your-privacy-setting-facebook/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+itproportal%2Frss+%28Latest+ITProPortal+News%29
If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com
You can see all previous issues of this blog at http://blog.srm-solutions.com/
or www.jonfisherthoughts.co.uk
My Linkedin Profile is uk.linkedin.com/in/jonfisher99/