Breach Report

Tuesday 2nd June 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

Breaches, Incidents and Alerts:

Angler Exploit Kit Loads Up CryptoWall 3.0, Flash Flaw – http://www.infosecurity-magazine.com/news/angler-exploit-kit-loads-up/

Blue Coat Fixes Several Flaws in SSL Visibility Appliance – http://www.securityweek.com/blue-coat-fixes-several-flaws-ssl-visibility-appliance?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Over 1,000 Vietnamese websites hacked by Chinese during weekend: report – http://www.thanhniennews.com/tech/over-1000-vietnamese-websites-hacked-by-chinese-during-weekend-report-45148.html

DYRE Banking Malware Upsurges; Europe and North America Most Affected – http://blog.trendmicro.com/trendlabs-security-intelligence/old-banking-malware-resurfaces-europe-north-america-most-affected/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29

Now Twitter and Snapchat get stung by the iPhone text crash – http://www.hotforsecurity.com/blog/now-twitter-and-snapchat-get-stung-by-the-iphone-text-crash-11888.html

Grabit Espionage Campaign Steals Thousands of Files From SMBs – http://www.eweek.com/security/grabit-espionage-campaign-steals-thousands-of-files-from-smbs.html

eBay bug turns phishing email links into malware-stuffed booby prizes – http://www.theregister.co.uk/2015/05/23/beware_forms_that_arent_ebay_hit_by_serious_security_problem/

Sally Beauty: Cybercriminals Planted Malware on PoS Systems for 6 Weeks – http://www.securityweek.com/sally-beauty-cybercriminals-planted-malware-pos-systems-6-weeks?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

More than 60 undisclosed vulnerabilities affect 22 SOHO routers – http://seclists.org/fulldisclosure/2015/May/129

Miscellaneous Infosec stories:

Tackling the human problem of security – http://www.itnews.com.au/Feature/404650,tackling-the-human-problem-of-security.aspx?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+

Business Risks Associated With Data Breaches – http://www.addrenal.com/groups/business-risks-associated-with-data-breaches/

Retail sector falling short in customer data protection – http://www.itproportal.com/2015/05/30/retail-sector-falling-short-customer-data-protection/

On Reflection: Don’t bring cyber crime in through the back door – http://www.windpowermonthly.com/article/1349274/reflection-dont-bring-cyber-crime-back-door

Number of Botnet-Powered DDoS Attacks Dropped in Q1: Kaspersky – http://www.securityweek.com/number-botnet-powered-ddos-attacks-dropped-q1-kaspersky?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

How a hack on Prince Philip’s Prestel account led to UK computer law – http://www.theregister.co.uk/2015/03/26/prestel_hack_anniversary_prince_philip_computer_misuse/

UAE firms targeted by cyber spying – http://gulfnews.com/business/sectors/technology/uae-firms-targeted-by-cyber-spying-1.1527377

CESG launch new Certified Cyber Security Consultancy scheme for government and industry – http://www.gchq.gov.uk/press_and_media/press_releases/Pages/CESG-launch-new-Certified-Cyber-Consultancy-scheme.aspx

Surfing porn, downloading apps: Employees ignore obvious cyber risks at work – http://www.firstpost.com/business/surfing-porn-downloading-apps-employees-ignore-obvious-cyber-risks-work-2274786.html

Protecting banks from the coming data breach liability storm – http://www.easier.com/130347-protecting-banks-from-the-coming-data-breach-liability-storm.html

Tools, Tips and How it’s done:

The cyber security expert Michael Fratello has made a detailed analysis of the locker ransomware that implements a unique delivery mechanism – http://securityaffairs.co/wordpress/37325/malware/locker-ransomware-analysis.html

Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems – http://www.rand.org/pubs/research_reports/RR620.html

10 Rules for Writing Safety Critical Code – http://spinroot.com/p10/

Malvertising Assaults Result in Attack Toolkit Magnitude and Ransomware says Zscaler – http://securitynewswire.com/latestsecuritynews/mobile_article.php?title=Malvertising_Assaults_Result_in_Attack_Toolkit_Magnitude_and_Ransomware_says_Zscaler

Technical analysis of Hola vulnerabilities enabling cyber attacks – http://blog.vectranetworks.com/blog/technical-analysis-of-hola

The vulnerable Border Gateway protocol, a quick-fix solution from 1989, still directs most internet traffic – http://www.washingtonpost.com/sf/business/2015/05/31/net-of-insecurity-part-2/

5 things you need to do to maintain your professional online hygiene – https://www.linkedin.com/pulse/5-things-you-need-do-maintain-your-professional-online-yotam-gutman

Shady Ad Network Using “Camo Sites” – https://www.bluecoat.com/security-blog/2015-05-30/shady-ad-network-using-camo-sites

The Importance of Operational Security and User Education – http://securityaffairs.co/wordpress/37368/security/operational-securit-user-education.html

What enterprise should do when helpless employees lose hope in fighting cyber attacks – http://www.networksasia.net/article/what-enterprise-should-do-when-helpless-employees-lose-hope-fighting-cyber-attacks

Miscellaneous Privacy stories:

Why you shouldn’t worry about privacy and security on your phone – https://nakedsecurity.sophos.com/2015/06/02/why-you-shouldnt-worry-about-privacy-and-security-on-your-phone/

Lower Merion School District explains the 56,000 Webcamgate shots – http://www.forbes.com/sites/kashmirhill/2010/04/22/lower-merion-school-district-explains-the-56000-webcamgate-shots/

Haunted by a stranger who stole my life online – http://www.dailymail.co.uk/femail/article-3105080/Haunted-stranger-stole-life-online-imposter-used-executive-s-photos-create-fantasy-life-duped-falling-fake-woman.html

Jennifer Newman: What employers look for when checking your Facebook, LinkedIn – http://www.cbc.ca/news/canada/british-columbia/jennifer-newman-what-employers-look-for-when-checking-your-facebook-linkedin-1.3094131

Unmasking hidden Tor service users is too easy, say infosec bods – http://www.theregister.co.uk/2015/05/30/researchers_claim_tracking_hidden_tor_services_is_easy/

Data breach liability: confidentiality vs. privacy – http://www.databreaches.net/data-breach-liability-confidentiality-vs-privacy/

Safeguarding Children and School E-Safety stories:

Filmed on Skype… the chilling exchange between reporter posing as a child and Islamic State fighter from London – http://www.dailymail.co.uk/news/article-3094448/Filmed-Skype-chilling-exchange-reporter-posing-child-Islamic-State-fighter-London-told-pick-going-picking-wife.html

Internet celebrities speak out against cyber bullying – http://www.3news.co.nz/nznews/internet-celebrities-speak-out-against-cyber-bullying-2015053115#axzz3bvBj1eI1

Students make lecturers life a ‘misery’ – http://m.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=11458573

Whose privacy matters most? – http://www.csoonline.com/article/2928700/privacy/whose-privacy-matters-most.html#tk.rss_all

If you would like this report sent direct to your inbox, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM

Thursday 28th May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

Breaches, Incidents and Alerts:

Banks’ Cyber Risks Compounded by ‘Commjacking’ of Wi-Fi Networks – http://www.americanbanker.com/news/bank-technology/banks-cyber-risks-compounded-by-commjacking-of-wi-fi-networks-1074518-1.html

Hospital Data Breach Affects Thousands of Patients – https://www.send2press.com/newswire/hospital-data-breach-affects-thousands-of-patients-2015-0526-02.shtml

There’s a Moose loose aboot this hoose: Linux worm hijacks Twitter feeds for spam slinging – http://www.theregister.co.uk/2015/05/26/routerbashing_worm_yanks_tens_of_thousands_of_twitter_accounts/

Researchers Exploit Patched Windows Group Policy Bug – https://threatpost.com/researchers-exploit-patched-windows-group-policy-bug/113000

POS Malware Nitlove Seen Spreading Through Spam Campaign – https://threatpost.com/pos-malware-nitlove-seen-spreading-through-spam-campaign/113009

Anon Coders take control of Kentucky GOP’s site; says expect more – http://www.databreaches.net/anon-coders-take-control-of-kentucky-gops-site-says-expect-more/

Florida releases personal data on 13,000 people, issues ‘fraud’ alert – http://www.miamiherald.com/news/politics-government/state-politics/article22395198.html

Thousands of UK Government PCs Exposed – http://www.infosecurity-magazine.com/news/thousands-uk-government-pcs-exposed/

Update on Sterne Agee Group laptop breach – http://www.databreaches.net/update-on-sterne-agee-group-laptop-breach/

Synology Fixes XSS, Command Injection Vulnerabilities in NAS Software – http://www.securityweek.com/synology-fixes-xss-command-injection-vulnerabilities-nas-software?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Attackers Use Exploit Kit to Hijack Routers: Researcher – http://www.securityweek.com/attackers-use-exploit-kit-hijack-routers-researcher

Recent Breaches a Boon to Extortionists – http://krebsonsecurity.com/2015/05/recent-breaches-a-boon-to-extortionists/

Beacon Health System notifies patients after phishing attack – http://www.databreaches.net/beacon-health-system-notifies-patients-after-phishing-attack/

Scam alert: New Facebook scam wants to steal your login and your money – http://bgr.com/2015/05/26/facebook-recovery-message-scam-phishing-warning/

Large-scale attack uses browsers to hijack routers – http://www.computerworld.com/article/2925580/cybercrime-hacking/large-scale-attack-uses-browsers-to-hijack-routers.html#tk.rss_security0

Cybercriminals Use SVG Files to Distribute Ransomware – http://www.securityweek.com/cybercriminals-use-svg-files-distribute-ransomware?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Emerson Patches SQL Injection Vulnerability in ICS Product – http://www.securityweek.com/emerson-patches-sql-injection-vulnerability-ics-product?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

MTN SOUTH AFRICA SHUTS DOWN EBILLING PORTAL OVER SECURITY BREACH – http://techcabal.com/2015/05/26/mtn-south-africa-shuts-down-ebilling-portal-over-security-breach/

Password reset sites expose crackable PeopleSoft creds – http://www.theregister.co.uk/2015/05/28/password_reset_sites_expose_crackable_peoplesoft_creds/

Unauthorized Access Vulnerability Fixed in Symfony – http://www.securityweek.com/unauthorized-access-vulnerability-fixed-symfony

LogJam flaw leaves 1,006 cloud applications vulnerable to attack – http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5109/logjam-flaw-leaves-1006-cloud-applications-vulnerable-to-attack

Miscellaneous Infosec stories:

Hacker’s List leaks its secrets, revealing true identities of those wanting to hack – http://www.hotforsecurity.com/blog/hackers-list-leaks-its-secrets-revealing-true-identities-of-those-wanting-to-hack-11847.html

INFOGRAPHIC: 8 Vulnerable Software Apps Exposing Your Computer to Cyber Attacks – http://www.adweek.com/socialtimes/infographic-8-vulnerable-software-apps-exposing-your-computer-to-cyber-attacks/620757

One More Reason for Companies to Report Data Breaches – http://justsecurity.org/23227/reason-companies-report-data-breaches/

Five Takeaways from the First Cyber Insurance Case – http://www.jdsupra.com/legalnews/five-takeaways-from-the-first-cyber-88215/

Number of identity theft victims ‘rises by a third’ – http://www.bbc.co.uk/news/uk-32890979

CISOs turn to security awareness solutions to change poor employee behaviors – http://www.csoonline.com/article/2926173/security-awareness/cisos-turn-to-security-awareness-solutions-to-change-poor-employee-behaviors.html

2014 marked by rise in spear-phishing, social engineering – Federal Times – http://www.hackbusters.com/news/stories/328746-2014-marked-by-rise-in-spear-phishing-social-engineering-federal-times

Why insider threats are succeeding – http://techspective.net/2015/05/26/why-insider-threats-are-succeeding/

How your old cell phone can leak your company’s confidential info – http://cio.economictimes.indiatimes.com/news/consumer-tech/how-your-old-cell-phone-can-leak-your-companys-confidential-info/47438372

WordPress malware: Don’t let too-good-to-be-true deals infest your site – http://www.zdnet.com/article/dont-let-too-good-to-be-true-deals-infest-your-site-with-malware/#ftag=RSSbaffb68

PCI Council Launches Group to Help Improve SME Compliance – http://www.infosecurity-magazine.com/news/pci-council-group-improve-sme/

Why The World’s Top Security Pros Are Furious About Exploit Export Rules – http://www.forbes.com/sites/thomasbrewster/2015/05/26/security-pro-fury-on-exploit-export-rules/

Who and why is attacking companies in the Nordic Countries? – http://securityaffairs.co/wordpress/37140/cyber-crime/apt-against-nordic-countries.html

Expert issues cyber-attack warning – http://www.financialstandard.com.au/news/view/50139844

Data Centre Consolidation – A Cyber Security perspective – http://dcseurope.info/news_full.php?id=37946

Threat Intelligence Sharing Valued, But Many Not Doing it: Survey – http://www.securityweek.com/threat-intelligence-sharing-valued-many-not-doing-it-survey?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Bad Bots’ Impact on Mobile Web Traffic Rose in 2014: Research – http://www.securityweek.com/bad-bots-impact-mobile-web-traffic-rose-2014-research?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

5 hackers who came over from the dark side – http://www.welivesecurity.com/2015/05/25/5-hackers-who-came-over-from-the-dark-side/

Threat Intelligence – http://www.solutionary.com/resource-center/blog/2015/05/threat-intelligence/

The cost of a data breach has jumped 23 percent in two years – http://www.pcworld.com/article/2927618/the-cost-of-a-data-breach-has-jumped-23-percent-in-two-years.html

Cyber-Attacks in 2015 Reveal Unknown Flaws in Flash, Windows – http://www.eweek.com/security/cyber-attacks-in-2015-reveal-unknown-flaws-in-flash-windows.html

Cyber attacks leave businesses wide open to lawsuits – https://www.siliconrepublic.com/enterprise/2015/05/28/cyber-attacks-leave-businesses-wide-open-to-lawsuits

Tools, Tips and How it’s done:

Windows Functions in Malware Analysis – Cheat Sheet – Part 1 – http://resources.infosecinstitute.com/windows-functions-in-malware-analysis-cheat-sheet-part-1/

How to monitor XSS attacks and other security threats on your website, in real-time – https://grahamcluley.com/2015/05/monitor-xss-attacks/

A primer on cyber security for online retailers – https://www.internetretailer.com/commentary/2015/05/26/primer-cyber-security-online-retailers

Is your “secret answer” hard to guess? – http://now.avg.com/is-your-secret-answer-hard-to-guess/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+avg-blogs+%28AVG+Blogs%29

The Samaritan and The Smartphone – 7 Tips to Secure and Help Your Cell Phone Get Home – http://www.solutionary.com/resource-center/blog/2015/05/the-samaritan-and-the-smartphone/

Profile Of A Cybercrime Petty Thief – http://www.darkreading.com/analytics/threat-intelligence/profile-of-a-cybercrime-petty-thief/d/d-id/1320559?_mc=RSS_DR_EDT

In Pictures: Seven best practices for cloud security – http://www.cio.com.au/slideshow/575891/pictures-seven-best-practices-cloud-security/

The Internet of Buggy Things – http://www.bankinfosecurity.com/blogs/internet-buggy-things-p-1862

Sniffing and tracking wearable tech and smartphones – http://www.net-security.org/secworld.php?id=18422

Tox, how to create your ransomware in 3 steps – http://securityaffairs.co/wordpress/37180/cyber-crime/tox-ransomware-builder.html

Miscellaneous Privacy stories:

Tracking Human Mobility using WiFi signals – http://sunelehmann.com/2015/05/26/tracking-human-mobility-using-wifi-signals/

Subway riders’ smartphones could carry tracking malware – http://techxplore.com/news/2015-05-subway-riders-smartphones-tracking-malware.html

A reminder that your Instagram photos aren’t really yours: Someone else can sell them for $90,000 – http://www.washingtonpost.com/blogs/style-blog/wp/2015/05/25/a-reminder-that-your-instagram-photos-arent-really-yours-someone-else-can-sell-them-for-90000/

Google’s Internet-connected toys patent sparks privacy concerns, visions of IoT Chucky – http://www.computerworld.com/article/2926333/data-privacy/googles-internet-connected-toys-patent-sparks-privacy-concerns-visions-of-iot-chucky.html#tk.rss_security0

iPhone users’ privacy at risk due to leaky Bluetooth technology – http://www.v3.co.uk/v3-uk/news/2409939/iphone-users-privacy-at-risk-due-to-leaky-bluetooth-technology

Safeguarding Children and School E-Safety stories:

Cyber bullying: Nip it in the bud – http://www.livemint.com/Leisure/lpQCFqjgETbXachoWRxysO/Cyber-bullying-Nip-it-in-the-bud.html

Google Play revamps its Android apps’ age ratings – http://www.bbc.co.uk/news/technology-32882136

Traditional Schoolyard Bullies Likely to Engage in Cyber-Bullying as Well – http://www.sydneycatholic.org/news/latest_news/2015/2015526_657.shtml

Why hackers want kids’ personal information – http://thehill.com/policy/cybersecurity/242865-why-hackers-want-kids-personal-information

Child sex abuse live streams loophole to be closed – http://www.bbc.co.uk/news/technology-32899033

Influence of Social Media on Teenagers – http://www.huffingtonpost.com/suren-ramasubbu/influence-of-social-media-on-teenagers_b_7427740.html

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM

Thursday 21st May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

Breaches, Incidents and Alerts:

New Router Attack Displays Fake Warning Messages – http://blog.trendmicro.com/trendlabs-security-intelligence/new-router-attack-displays-fake-warning-messages/

Data breach involves Southwest Licking student info – http://www.newarkadvocate.com/story/news/local/pataskala/2015/05/20/southwest-licking-schools-data-breach/27655485/

Android stock browser vulnerable to URL spoofing – http://www.csoonline.com/article/2924996/vulnerabilities/android-stock-browser-vulnerable-to-url-spoofing.html#tk.rss_all

Cps Experiencing Data Breach After Sharing 4,000 Students Personal Information – http://www.styrk.com/posts/cps-experiencing-data-breach-after-sharing-4-000-students-personal-information

Tech experts urge cyber ‘vigilance’ after ATW website hacked Tuesday – http://fox11online.com/2015/05/20/tech-experts-urge-cyber-vigilance-after-atw-website-hacked-tuesday/

Fee website used by Weber School District hacked – http://www.standard.net/Education/2015/05/20/School-fee-website-hacked.html

Data Belonging To 1.1 Million CareFirst Customers Stolen In Cyber Attack – http://www.forbes.com/sites/katevinton/2015/05/20/data-belonging-to-1-1-million-carefirst-customers-stolen-in-cyber-attack/

Say hello to the latest cyber superbug – http://www.businessspectator.com.au/article/2015/5/21/technology/say-hello-latest-cyber-superbug

‘Venom’ Security Bug Allows Network Intrusion via the Cloud – http://thevarguy.com/network-security-and-data-protection-software-solutions/052015/venom-security-bug-allows-network-intrusion-

Crypto Ransomware Seeks Dominance as New Threats Emerge to Encrypt and Destroy Files – http://www.spywareremove.com/crypto-ransomware-dominance-threats-encrypt-destroy-files.html

Hard-coded credentials placing dental offices at risk – http://www.csoonline.com/article/2923887/vulnerabilities/hard-coded-credentials-placing-dental-offices-at-risk.html#tk.rss_all

Miscellaneous Infosec stories:

Apple Fixes Security Bugs With First Update for Watch OS – http://www.securityweek.com/apple-fixes-security-bugs-first-update-watch-os?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Cracking down on poor cyber hygiene – http://fcw.com/articles/2015/05/20/cracking-down-on-cyber.aspx

Phishing and Malware Cyberattacks are Directed at Law Firms (and Clients) – So it’s Time to Train Employees – http://abovethelaw.com/2015/05/phishing-and-malware-cyberattacks-are-directed-at-law-firms-and-clients-so-its-time-to-train-employees/

FTC looks ‘favorably’ on firms that report data breach – http://thehill.com/policy/technology/242703-ftc-looks-favorably-on-firms-that-report-data-breach

Cyber thieves targeting the Internet with more sophistication – http://wivb.com/investigative-story/cyber-thieves-targeting-the-internet-with-more-sophistication/

EFF Asks Court To Reconsider Ruling That Would Make Violating Work Computer Policies A Criminal Act – https://www.techdirt.com/articles/20150515/07365131013/eff-asks-court-to-reconsider-ruling-that-would-make-violating-work-computer-policies-criminal-act.shtml

E-paper display gives payment cards a changing security code – http://www.csoonline.com/article/2924958/data-protection/epaper-display-gives-payment-cards-a-changing-security-code.html#tk.rss_all

DDoS attacks increase and methods changed in Q1 2015, report says – http://www.scmagazine.com/q1-report-shows-uptick-in-low-bandwidth-ddos-attacks/article/415876/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+SCMagazineNews+%28SC+Magazine+News%29

This 9-Year-Old CEO Knows more about Cyber Security Than You Do – http://tech.co/reuben-paul-9-year-old-ceo-cyber-security-2015-05

Google changes Chrome extension policy amid security concerns – http://searchsecurity.techtarget.com/news/4500246699/Google-changes-Chrome-extension-policy-amid-security-concerns

Cyber risk now seen as a top 10 global threat to businesses – http://www.supplymanagement.com/news/2015/cyber-risk-now-seen-as-a-top-10-global-threat-to-businesses

How much money do cyber crooks collect via crypto ransomware? – http://www.net-security.org/malware_news.php?id=3042

Tools, Tips and How it’s done:

5 Easy Ways to Avoid Getting Hacked at ATMs – http://time.com/3890898/atm-security/

Logjam vulnerability – what you need to know – http://blog.lumension.com/10143/logjam-vulnerability-faq/

All Roads Lead to the Need to Strengthen Your Security Operations Center? – http://www.csoonline.com/article/2925114/security0/all-roads-lead-to-the-need-to-strengthen-your-security-operations-center.html#tk.rss_all

Legally Blind and Deaf – How Computer Crime Laws Silence Helpful Hackers – https://hackerone.com/news/legally-blind-and-deaf

Hacker launches ransomware rescue kit – http://www.theregister.co.uk/2015/05/21/ransomware_rescue_kit/

What combination locks teach us about encryption weakness – http://www.csoonline.com/article/2922372/security-industry/what-combination-locks-teach-us-about-encryption-weakness.html#tk.rss_all

Miscellaneous Privacy stories:

Tribunal finds no breach of privacy law by employer using Facebook to investigate misconduct claims – http://www.smartcompany.com.au/legal/47015-tribunal-finds-no-breach-of-privacy-law-by-employer-using-facebook-to-investigate-misconduct-claims.html

Americans’ Attitudes About Privacy, Security and Surveillance – http://www.pewinternet.org/2015/05/20/americans-attitudes-about-privacy-security-and-surveillance/

Safeguarding Children and School E-Safety stories:

Online safety: If you want something done right, do it yourself – http://phys.org/news/2015-05-online-safety.html

Raising cyber kids in GenNBN – http://www.nbnco.com.au/blog/raising-cyber-kids-in-gennbn.html

Suspend, blacklist cyberbullies – http://www.odt.co.nz/news/schools-news/342761/suspend-blacklist-cyberbullies

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

SRM

Monday 11th May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

Breaches, Incidents and Alerts:

Newfoundland patient data breach investigated – http://metronews.ca/news/canada/1363605/newfoundland-patient-data-breach-investigated/

Cafe de Coral reveals accidental data leak – http://www.thestandard.com.hk/breaking_news_detail.asp?id=60956&icid=a&d_str=

95% of SAP deployments ‘vulnerable to cyber attacks’ – http://www.itpro.co.uk/hacking/24577/95-of-sap-deployments-vulnerable-to-cyber-attacks

Visitors to top porn sites hit by malvertising attack – http://www.csoonline.com/article/2920677/malware-cybercrime/visitors-to-top-porn-sites-hit-by-malvertising-attack.html#tk.rss_all

Meru Cabs: Customer Data Exposed – http://www.inforisktoday.com/meru-cabs-customer-data-exposed-a-8210

Child abuse images deface Nazi Mauthausen camp website – http://www.bbc.co.uk/news/world-europe-32652394

Flawed Open Smart Grid Protocol is a risk for Smart Grid – http://securityaffairs.co/wordpress/36648/hacking/flaws-open-smart-grid-protocol.html

Million WordPress websites vulnerable to DOM-based XSS – http://securityaffairs.co/wordpress/36607/hacking/million-wordpress-dom-based-xss.html

Android cellular voice channel used as new covert channel to leak info, spread malware – http://www.computerworld.com/article/2919516/cybercrime-hacking/android-cellular-voice-channel-used-as-new-covert-channel-to-leak-info-spread-malware.html

Adobe to Patch Critical Vulnerabilities in Reader, Acrobat – http://www.securityweek.com/adobe-patch-critical-vulnerabilities-reader-acrobat?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

GPS used to locate a gang using gas pump skimmers – http://securityaffairs.co/wordpress/36683/cyber-crime/gas-pump-skimmers-gang.html

Serious MacKeeper vulnerability found – http://www.thesafemac.com/serious-mackeeper-vulnerability-found/

Cyber-Attack Attempted By Former Nuclear Regulatory Commission Employee – http://www.inquisitr.com/2076983/cyber-attack-attempted-by-former-nuclear-regulatory-commission-employee/

Snapchat security breach – http://isnapchathack.com/ap/

Cyber security firm ‘doctored up’ data breaches to extort companies, ex-employee claims – http://www.smh.com.au/it-pro/security-it/cyber-security-firm-doctored-up-data-breaches-to-extort-companies-exemployee-claims-20150511-ggyoss.html

Beware! ‘Breaking Bad’ Is Now A Ransom-Styled Malware Currently Infecting Australian Computers – http://www.inquisitr.com/2080361/beware-breaking-bad-is-now-a-ransom-styled-malware-currently-hitting-australian-computer-users/

Miscellaneous Infosec stories:

Here’s how many U.S. adults were hacked in 2014 – http://www.cbsnews.com/news/heres-how-many-u-s-adults-were-hacked-in-2014/

Mobile malware statistics highlight unknown state of mobile threats – http://searchsecurity.techtarget.com/news/4500245950/Mobile-malware-statistics-highlight-unknown-state-of-mobile-threats

Kiwi company posts job ad for Windows support scammers – http://www.theregister.co.uk/2015/05/07/kiwi_company_posts_job_ad_for_windows_support_scammers/

Where is the Android DDoS Armageddon? – http://www.securityweek.com/where-android-ddos-armageddon

Here’s What a Cyber Warfare Arsenal Might Look Like – http://www.scientificamerican.com/article/here-s-what-a-cyber-warfare-arsenal-might-look-like/

Is cyber-warfare really that scary? – http://www.bbc.co.uk/news/world-32534923

As Data Breaches Spread, Providers and Payers Must Prepare – http://www.healthleadersmedia.com/content/TEC-316074/As-Data-Breaches-Spread-Providers-and-Payers-Must-Prepare

Windows 10: No More Monthly Patches – http://www.inforisktoday.com/windows-10-no-more-monthly-patches-a-8202

Why don’t you rent your electronic wireless doorlock, asks man selling doorlocks – http://www.theregister.co.uk/2015/05/06/why_dont_you_rent_your_doorlock_asks_man_selling_doorlocks/

70 million Americans report stolen data – http://www.consumerreports.org/cro/news/2015/05/70-million-americans-report-stolen-data/index.htm

Too Many Healthcare Employees Have Excessive Patient Data Access – http://www.infosecurity-magazine.com/news/healthcare-employees-excessive/

Hack renting portal charges fee to penetrate any account – http://pulse.ng/tech/cyber-business-hack-renting-portal-charges-fee-to-penetrate-any-account-id3739160.html

The Effectiveness of Spear Phishing Not Lost on Cyber Terrorists – http://www.benzinga.com/pressreleases/15/05/p5494834/the-effectiveness-of-spear-phishing-not-lost-on-cyber-terrorists

Tools, Tips and How it’s done:

MAKING SMART LOCKS SMARTER (AKA. HACKING THE AUGUST SMART LOCK) – http://blog.maintenancewindow.ca/post/2015/03/29/Making-Smart-Locks-Smarter-%28aka.-Hacking-the-August-Smart-Lock%29

PoC Linux Rootkit Uses GPU to Evade Detection – http://www.securityweek.com/poc-linux-rootkit-uses-gpu-evade-detection?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Facebook Friends Mapper – How to crawl Hidden Friends – http://securityaffairs.co/wordpress/36675/hacking/facebook-friends-mapper.html

A digital skeleton key to access any website – http://docs.higg.so/2015/03/10/a-digital-skeleton-key-for-accessing-any-website-proposal/

Ad Injection at Scale: Assessing Deceptive Advertisement Modifications – https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43346.pdf

True Private Messaging: 7 Apps to Encrypt Your Chats – http://www.infosecdailynews.com/true-private-messaging-7-apps-to-encrypt-your-chats/

Miscellaneous Privacy stories:

Wearable tech portends vast effects on health and privacy – http://www.washingtonpost.com/sf/national/2015/05/09/the-revolution-will-be-digitized/?hpid=z1

Safeguarding Children and School E-Safety stories:

Schools: have your say about cyberbullying – http://www.saferinternet.org.uk/news/schools-have-your-say-about-cyberbullying

Mother Speaks Out About Cyber-Bullies – http://cbs12.com/news/top-stories/stories/vid_25671.shtml

How to change your privacy setting on Facebook – http://www.itproportal.com/2015/05/09/how-to-change-your-privacy-setting-facebook/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+itproportal%2Frss+%28Latest+ITProPortal+News%29

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM