Breach Report

PCI Breach Trend Report June 2015

In the last twelve months, Security Risk Management (SRM) ltd has been contacted by over 65 companies legally required to seek assistance in securing data breaches. The largest number of cases (38%) came from specialist online retailers and clothing retailers (27%).

The majority of businesses affected with a breach were at the small end of the business scale. Where figures have been released, the average number of cards affected per breach was 850 on average.

The most common attack method was through Remote File Inclusion (RFI), a method of running malicious code on a victim’s system, providing the intruder with unrestricted access and enabling them to steal sensitive information and execute malicious actions.

Trend Report Businesses Affected


Information Security Breach Report – 02 June 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Angler Exploit Kit Loads Up CryptoWall 3.0, Flash Flaw –

Blue Coat Fixes Several Flaws in SSL Visibility Appliance –

Over 1,000 Vietnamese websites hacked by Chinese during weekend: report –

DYRE Banking Malware Upsurges; Europe and North America Most Affected –

Now Twitter and Snapchat get stung by the iPhone text crash –

Grabit Espionage Campaign Steals Thousands of Files From SMBs –

eBay bug turns phishing email links into malware-stuffed booby prizes –

Sally Beauty: Cybercriminals Planted Malware on PoS Systems for 6 Weeks –

More than 60 undisclosed vulnerabilities affect 22 SOHO routers –


Miscellaneous Infosec stories:

Tackling the human problem of security –,tackling-the-human-problem-of-security.aspx?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+

Business Risks Associated With Data Breaches –

Retail sector falling short in customer data protection –

On Reflection: Don’t bring cyber crime in through the back door –

Number of Botnet-Powered DDoS Attacks Dropped in Q1: Kaspersky –

How a hack on Prince Philip’s Prestel account led to UK computer law –

UAE firms targeted by cyber spying –

CESG launch new Certified Cyber Security Consultancy scheme for government and industry –

Surfing porn, downloading apps: Employees ignore obvious cyber risks at work –

Protecting banks from the coming data breach liability storm –


Tools, Tips and How it’s done:

The cyber security expert Michael Fratello has made a detailed analysis of the locker ransomware that implements a unique delivery mechanism –

Ensuring U.S. Air Force Operations During Cyber Attacks Against Combat Support Systems –

10 Rules for Writing Safety Critical Code –

Malvertising Assaults Result in Attack Toolkit Magnitude and Ransomware says Zscaler –

Technical analysis of Hola vulnerabilities enabling cyber attacks –

The vulnerable Border Gateway protocol, a quick-fix solution from 1989, still directs most internet traffic –

5 things you need to do to maintain your professional online hygiene –

Shady Ad Network Using “Camo Sites” –

The Importance of Operational Security and User Education –

What enterprise should do when helpless employees lose hope in fighting cyber attacks –


Miscellaneous Privacy stories:

Why you shouldn’t worry about privacy and security on your phone –

Lower Merion School District explains the 56,000 Webcamgate shots –

Haunted by a stranger who stole my life online –

Jennifer Newman: What employers look for when checking your Facebook, LinkedIn –

Unmasking hidden Tor service users is too easy, say infosec bods –

Data breach liability: confidentiality vs. privacy –


Safeguarding Children and School E-Safety stories:

Filmed on Skype… the chilling exchange between reporter posing as a child and Islamic State fighter from London –

Internet celebrities speak out against cyber bullying –

Students make lecturers life a ‘misery’ –

Whose privacy matters most? –


If you would like this report sent direct to your inbox, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

Information Security Breach Report – 28 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Banks’ Cyber Risks Compounded by ‘Commjacking’ of Wi-Fi Networks –

Hospital Data Breach Affects Thousands of Patients –

There’s a Moose loose aboot this hoose: Linux worm hijacks Twitter feeds for spam slinging –

Researchers Exploit Patched Windows Group Policy Bug –

POS Malware Nitlove Seen Spreading Through Spam Campaign –

Anon Coders take control of Kentucky GOP’s site; says expect more –

Florida releases personal data on 13,000 people, issues ‘fraud’ alert –

Thousands of UK Government PCs Exposed –

Update on Sterne Agee Group laptop breach –

Synology Fixes XSS, Command Injection Vulnerabilities in NAS Software –

Attackers Use Exploit Kit to Hijack Routers: Researcher –

Recent Breaches a Boon to Extortionists –

Beacon Health System notifies patients after phishing attack –

Scam alert: New Facebook scam wants to steal your login and your money –

Large-scale attack uses browsers to hijack routers –

Cybercriminals Use SVG Files to Distribute Ransomware –

Emerson Patches SQL Injection Vulnerability in ICS Product –


Password reset sites expose crackable PeopleSoft creds –

Unauthorized Access Vulnerability Fixed in Symfony –

LogJam flaw leaves 1,006 cloud applications vulnerable to attack –


Miscellaneous Infosec stories:

Hacker’s List leaks its secrets, revealing true identities of those wanting to hack –

INFOGRAPHIC: 8 Vulnerable Software Apps Exposing Your Computer to Cyber Attacks –

One More Reason for Companies to Report Data Breaches –

Five Takeaways from the First Cyber Insurance Case –

Number of identity theft victims ‘rises by a third’ –

CISOs turn to security awareness solutions to change poor employee behaviors –

2014 marked by rise in spear-phishing, social engineering – Federal Times –

Why insider threats are succeeding –

How your old cell phone can leak your company’s confidential info –

WordPress malware: Don’t let too-good-to-be-true deals infest your site –

PCI Council Launches Group to Help Improve SME Compliance –

Why The World’s Top Security Pros Are Furious About Exploit Export Rules –

Who and why is attacking companies in the Nordic Countries? –

Expert issues cyber-attack warning –

Data Centre Consolidation – A Cyber Security perspective –

Threat Intelligence Sharing Valued, But Many Not Doing it: Survey –

Bad Bots’ Impact on Mobile Web Traffic Rose in 2014: Research –

5 hackers who came over from the dark side –

Threat Intelligence –

The cost of a data breach has jumped 23 percent in two years –

Cyber-Attacks in 2015 Reveal Unknown Flaws in Flash, Windows –

Cyber attacks leave businesses wide open to lawsuits –


Tools, Tips and How it’s done:

Windows Functions in Malware Analysis – Cheat Sheet – Part 1 –

How to monitor XSS attacks and other security threats on your website, in real-time –

A primer on cyber security for online retailers –

Is your “secret answer” hard to guess? –

The Samaritan and The Smartphone – 7 Tips to Secure and Help Your Cell Phone Get Home –

Profile Of A Cybercrime Petty Thief –

In Pictures: Seven best practices for cloud security –

The Internet of Buggy Things –

Sniffing and tracking wearable tech and smartphones –

Tox, how to create your ransomware in 3 steps –


Miscellaneous Privacy stories:

Tracking Human Mobility using WiFi signals –

Subway riders’ smartphones could carry tracking malware –

A reminder that your Instagram photos aren’t really yours: Someone else can sell them for $90,000 –

Google’s Internet-connected toys patent sparks privacy concerns, visions of IoT Chucky –

iPhone users’ privacy at risk due to leaky Bluetooth technology –


Safeguarding Children and School E-Safety stories:

Cyber bullying: Nip it in the bud –

Google Play revamps its Android apps’ age ratings –

Traditional Schoolyard Bullies Likely to Engage in Cyber-Bullying as Well –

Why hackers want kids’ personal information –

Child sex abuse live streams loophole to be closed –

Influence of Social Media on Teenagers –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

Information Security Breach Report – 21 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

New Router Attack Displays Fake Warning Messages –

Data breach involves Southwest Licking student info –

Android stock browser vulnerable to URL spoofing –

Cps Experiencing Data Breach After Sharing 4,000 Students Personal Information –

Tech experts urge cyber ‘vigilance’ after ATW website hacked Tuesday –

Fee website used by Weber School District hacked –

Data Belonging To 1.1 Million CareFirst Customers Stolen In Cyber Attack –

Say hello to the latest cyber superbug –

‘Venom’ Security Bug Allows Network Intrusion via the Cloud –

Crypto Ransomware Seeks Dominance as New Threats Emerge to Encrypt and Destroy Files –

Hard-coded credentials placing dental offices at risk –


Miscellaneous Infosec stories:

Apple Fixes Security Bugs With First Update for Watch OS –

Cracking down on poor cyber hygiene –

Phishing and Malware Cyberattacks are Directed at Law Firms (and Clients) – So it’s Time to Train Employees –

FTC looks ‘favorably’ on firms that report data breach –

Cyber thieves targeting the Internet with more sophistication –

EFF Asks Court To Reconsider Ruling That Would Make Violating Work Computer Policies A Criminal Act –

E-paper display gives payment cards a changing security code –

DDoS attacks increase and methods changed in Q1 2015, report says –

This 9-Year-Old CEO Knows more about Cyber Security Than You Do –

Google changes Chrome extension policy amid security concerns –

Cyber risk now seen as a top 10 global threat to businesses –

How much money do cyber crooks collect via crypto ransomware? –


Tools, Tips and How it’s done:

5 Easy Ways to Avoid Getting Hacked at ATMs –

Logjam vulnerability – what you need to know –

All Roads Lead to the Need to Strengthen Your Security Operations Center? –

Legally Blind and Deaf – How Computer Crime Laws Silence Helpful Hackers –

Hacker launches ransomware rescue kit –

What combination locks teach us about encryption weakness –


Miscellaneous Privacy stories:

Tribunal finds no breach of privacy law by employer using Facebook to investigate misconduct claims –

Americans’ Attitudes About Privacy, Security and Surveillance –


Safeguarding Children and School E-Safety stories:

Online safety: If you want something done right, do it yourself –

Raising cyber kids in GenNBN –

Suspend, blacklist cyberbullies –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


Information Security Breach Report – 11 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Newfoundland patient data breach investigated –

Cafe de Coral reveals accidental data leak –

95% of SAP deployments ‘vulnerable to cyber attacks’ –

Visitors to top porn sites hit by malvertising attack –

Meru Cabs: Customer Data Exposed –

Child abuse images deface Nazi Mauthausen camp website –

Flawed Open Smart Grid Protocol is a risk for Smart Grid –

Million WordPress websites vulnerable to DOM-based XSS –

Android cellular voice channel used as new covert channel to leak info, spread malware –

Adobe to Patch Critical Vulnerabilities in Reader, Acrobat –

GPS used to locate a gang using gas pump skimmers –

Serious MacKeeper vulnerability found –

Cyber-Attack Attempted By Former Nuclear Regulatory Commission Employee –

Snapchat security breach –

Cyber security firm ‘doctored up’ data breaches to extort companies, ex-employee claims –

Beware! ‘Breaking Bad’ Is Now A Ransom-Styled Malware Currently Infecting Australian Computers –


Miscellaneous Infosec stories:

Here’s how many U.S. adults were hacked in 2014 –

Mobile malware statistics highlight unknown state of mobile threats –

Kiwi company posts job ad for Windows support scammers –

Where is the Android DDoS Armageddon? –

Here’s What a Cyber Warfare Arsenal Might Look Like –

Is cyber-warfare really that scary? –

As Data Breaches Spread, Providers and Payers Must Prepare –

Windows 10: No More Monthly Patches –

Why don’t you rent your electronic wireless doorlock, asks man selling doorlocks –

70 million Americans report stolen data –

Too Many Healthcare Employees Have Excessive Patient Data Access –

Hack renting portal charges fee to penetrate any account –

The Effectiveness of Spear Phishing Not Lost on Cyber Terrorists –


Tools, Tips and How it’s done:


PoC Linux Rootkit Uses GPU to Evade Detection –

Facebook Friends Mapper – How to crawl Hidden Friends –

A digital skeleton key to access any website –

Ad Injection at Scale: Assessing Deceptive Advertisement Modifications –

True Private Messaging: 7 Apps to Encrypt Your Chats –


Miscellaneous Privacy stories:

Wearable tech portends vast effects on health and privacy –


Safeguarding Children and School E-Safety stories:

Schools: have your say about cyberbullying –

Mother Speaks Out About Cyber-Bullies –

How to change your privacy setting on Facebook –


If you would like this report sent to your inbox each morning, email me at

You can see all previous issues of this blog at


My Linkedin Profile is

SRM Blog