Breach Report

Information Security Breach Report – 07 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

FireKeepers Casino investigates possible data breach – http://woodtv.com/2015/05/06/firekeepers-casino-investigates-possible-data-breach/

West coast gang robs banks with texts, phone calls – http://www.csoonline.com/article/2912473/cyber-attacks-espionage/west-coast-gang-robs-banks-with-texts-phone-calls.html#tk.rss_all

Tesla attack started with a single phone call – http://www.csoonline.com/article/2915963/disaster-recovery/tesla-attack-started-with-a-single-phone-call.html#tk.rss_all

Mobile ransomware targets Canadian porn viewers – http://www.csoonline.com/article/2918476/mobile-security/mobile-ransomware-targets-canadian-porn-viewers.html#tk.rss_all

More than 22 Thousand Finns Clicked WhatsApp Spam Today – https://www.f-secure.com/weblog/archives/00002809.html

Unknown hackers have stolen €4.6m from Ryanair bank accounts – http://securityaffairs.co/wordpress/36440/cyber-crime/ryanair-bank-accounts-hacked.html

Flawed password reset procedure exposes Betfair accounts – http://securityaffairs.co/wordpress/36449/hacking/password-reset-procedure-betfair.html

Why hackers target background investigation databases – http://securityaffairs.co/wordpress/36455/cyber-crime/hack-background-investigation-databases.html

SendGrid admits hack, says all customers must reset their passwords – http://venturebeat.com/2015/04/28/sendgrid-admits-hack-says-all-customers-must-reset-their-passwords/

Linux and BSD Web Servers Infected with ‘Mumblehard’ Malware – http://spamnews.com/The-News/Latest/Linux-and-BSD-Web-Servers-Infected-with-%E2%80%98Mumblehard%E2%80%99-Malware-2015050617778/

 

Miscellaneous Infosec stories:

Hacking Still Leading Cause of 2015 Health Data Breaches – http://healthitsecurity.com/news/hacking-still-leading-cause-of-2015-health-data-breaches

Report: IT managers not best leaders in breach crisis – http://www.csoonline.com/article/2912434/data-breach/report-it-managers-not-best-leaders-in-breach-crisis.html#tk.rss_all

Reporting cybercrime feels like ‘Groundhog Day’ – http://www.csoonline.com/article/2913836/data-breach/reporting-cybercrime-feels-like-groundhog-day.html#tk.rss_all

Zombie apps haunt BYOD workplaces – http://www.csoonline.com/article/2915533/mobile-security/zombie-apps-haunt-byod-workplaces.html#tk.rss_all

Cybercriminals borrow from APT playbook in attack against PoS vendors – http://www.csoonline.com/article/2918616/data-protection/cybercriminals-borrow-from-apt-playbook-in-attack-against-pos-vendors.html#tk.rss_all

PayIvy Sells Your Online Accounts Via PayPal – http://krebsonsecurity.com/2015/05/payivy-sells-your-online-accounts-via-paypal/

 

Tools, Tips and How it’s done:

Study: Firms not ready to respond to complex threats – http://www.csoonline.com/article/2913833/cyber-attacks-espionage/study-majority-of-firms-not-ready-to-respond-to-complex-threats.html#tk.rss_all

Having ‘the ear of the CEO’ is key to battling cyberthreats – http://www.csoonline.com/article/2913953/malware-cybercrime/having-the-ear-of-the-ceo-is-key-to-battling-cyberthreats.html#tk.rss_all

Key management is the biggest pain of encryption – http://www.csoonline.com/article/2914084/data-protection/key-management-biggest-pain-of-encryption.html#tk.rss_all

6 hard truths security pros must learn to live with – http://www.csoonline.com/article/2914738/data-protection/6-hard-truths-it-security-pros-must-learn-to-live-with.html#tk.rss_all

The hardware roots of trust – http://www.csoonline.com/article/2912486/vulnerabilities/the-hardware-roots-of-trust.html#tk.rss_all

Identity as an attack surface – http://www.csoonline.com/article/2911537/identity-access/identity-as-an-attack-surface.html#tk.rss_all

Malware remodeled: New tricks, new suits slamming enterprise resources [free registration required]- http://www.csoonline.com/article/2915397/malware-cybercrime/malware-remodeled-new-tricks-new-suits-slamming-enterprise-resources.html?nsdr=true

Professional hackers talk social engineering threats and security awareness – http://www.csoonline.com/article/2915925/data-protection/professional-hackers-talk-social-engineering-threats-and-security-awareness.html#tk.rss_all

CeWL v5.1 – Password Cracking Custom Word List Generator – http://www.darknet.org.uk/2015/04/cewl-v5-1-password-cracking-custom-word-list-generator/

Tinba – Yet another anti-sandbox tricks – https://www.f-secure.com/weblog/archives/00002810.html

An Insider’s Look at the History of Cybersecurity – http://now.avg.com/an-insiders-look-at-the-history-of-cybersecurity/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+avg-blogs+%28AVG+Blogs%29

 

Miscellaneous Privacy stories:

How the top social networks compare on privacy — in one handy chart – http://www.csoonline.com/article/2915643/privacy/how-the-top-social-networks-compare-on-privacy-in-one-handy-chart.html#tk.rss_all

The Truth About Smartphone Apps That Secretly Connect to User Tracking and Ad Sites – http://www.technologyreview.com/view/537186/the-truth-about-smartphone-apps-that-secretly-connect-to-user-tracking-and-ad-sites/

 

Safeguarding Children and School E-Safety stories:

The dirty secrets of webcam-hacking peeping toms and sextortionists – http://www.welivesecurity.com/2015/04/21/webcam-hacking/

Canadian woman accused of remotely taking over victims’ PCs and spying on them using webcams – http://securityaffairs.co/wordpress/36422/cyber-crime/woman-spying-through-webcams.html

Online Safety – Protecting our children from Radicalisation and

Extremism – http://www.saferinternet.org.uk/Content/Childnet/SafterInternetCentre/downloads/Online_Safety_-_LSCB_bulletin_-_Radicalisation.pdf

60% of Parents Fear their Child is Visiting Pornography Sites Online – http://www.informationsecuritybuzz.com/60-of-parents-fear-their-child-is-visiting-pornography-sites-online/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+InformationSecurityBuzz+%28Information+Security+Buzz%29

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 06 May 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

CozyDuke hackers targeting prominent US targets – http://www.theregister.co.uk/2015/04/22/cozyduke_hackers_white_house_state_dept_malware/

USIS data breach affected more than 27K – http://thehill.com/policy/cybersecurity/239732-dem-usis-data-breach-affected-more-than-27k

St. Vincent Medical Group notifies patients after successful phishing attempt compromises PHI – http://www.databreaches.net/in-st-vincent-medical-group-notifies-patients-after-successful-phishing-attempt-compromises-phi/

Costa Coffee Club warns of possible database intrusion – https://nakedsecurity.sophos.com/2015/04/22/costa-coffee-club-warns-of-possible-database-intrusion/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29MI

Hyatt Gold Passport notifies a small number of loyalty program members of possible breach (update2) – http://www.databreaches.net/hyatt-gold-passport-notifies-a-small-number-of-loyalty-program-members-of-possible-breach/

Hackers hit Wake public schools server – http://www.wral.com/hackers-hit-wake-public-schools-server/14599060/

Verifone statement on default password Z66831 – http://www.databreaches.net/verifone-statement-on-default-password-z66831/

Seton Family Health notifying 39,000 patients after employee falls for phish; Second Ascension Health member to report breach this week (Update2) – http://www.databreaches.net/seton-family-health-notifying-39000-patients-after-employee-falls-for-phish-second-ascension-health-member-to-report-breach-this-week/

Update on Security Incident and Additional Security Measures – https://sendgrid.com/blog/update-on-security-incident-and-additional-security-measures/

Compass Group USA notifies consumers of NEXTEP-related payment card breach – http://www.compass-usa.com/pages/KioskUpdate.aspx

Oregon’s Health CO-OP Notifies Affected Plan Members Of Security Incident – http://www.databreaches.net/oregons-health-co-op-notifies-affected-plan-members-of-security-incident/

Big Credit Card Data Breach Hits Bars And Restaurants Using Harbortouch Point-of-Sale Systems – http://consumerist.com/2015/05/05/big-credit-card-data-breach-hits-bars-and-restaurants-using-harbortouch-point-of-sale-systems/

VA blocks more than a billion cyber threats in March – http://www.upi.com/Top_News/US/2015/05/05/VA-blocks-more-than-a-billion-cyber-threats-in-March/1391430841755/

Lawyers threaten researcher over key-cloning bug in high-security lock – http://arstechnica.com/security/2015/05/05/lawyers-threaten-researcher-over-key-cloning-bug-in-high-security-lock/

Attackers Used CareerBuilder to Send Malicious Resumes to Victims: Proofpoint – http://www.securityweek.com/attackers-used-careerbuilder-send-malicious-resumes-victims-proofpoint?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Skype vulnerable to “Redirect to SMB” – http://infosecaffairs.blogspot.in/2015/05/skype-vulnerable-to-redirect-to-smb.html

More Uber Accounts Have Been Hacked, This Time in the United States – http://motherboard.vice.com/read/more-uber-accounts-have-been-hacked-this-time-in-the-united-states

EllisLab Tells Users to Change Passwords After its Web Host Discovers Security Breach – http://www.thewhir.com/web-hosting-news/ellislab-tells-users-change-passwords-web-host-discovers-security-breach

‘Rombertik’ malware kills host computers if you attempt a cure – http://www.theregister.co.uk/2015/05/05/rombertik_malware/

Sally Beauty investigates possible second card breach – http://www.pcworld.com/article/2918652/sally-beauty-investigates-possible-second-card-breach.html

Hard Rock Hotel & Casino reveals data breach – http://www.nafcu.org/News/2015_News/May/Hard_Rock_Hotel___Casino_reveals_data_breach/

 

Miscellaneous Infosec stories:

The hotly disputed black magic of data breach cost estimates – http://fortune.com/2015/04/24/data-breach-cost-estimate-dispute/

More than 1 year after breach, data show up for sale on darknet – http://www.databreaches.net/more-than-1-year-after-breach-data-show-up-for-sale-on-darknet/

Taking out cyber insurance cover to become ‘the norm’ within 10 years, says ABI – http://www.out-law.com/en/articles/2015/may/taking-out-cyber-insurance-cover-to-become-the-norm-within-10-years-says-abi/

Lawsuit: Home Depot data breach was caused by management’s ‘overarching complacency’ over security – http://www.bizjournals.com/atlanta/news/2015/05/05/lawsuit-home-depot-data-breach-was-caused-by.html

Spending More on Breach Prevention Isn’t Fixing the Problem – http://www.infosecurity-magazine.com/news/spending-more-on-breach-prevention/

Firms ‘at risk of data breach’ – http://www.irishexaminer.com/business/firms-at-risk-of-data-breach-328950.html

Security Breach Detection, Prevention Harder Than 2 Years Ago Despite Security Spending: Survey – http://www.securityweek.com/security-breach-detection-prevention-harder-2-years-ago-despite-security-spending-survey

SHARED INFRASTRUCTURE AND THE RISK TO OUR DATA – http://www.thatchers.co.uk/blog/blog/cyber-security/shared-infrastructure-and-the-risk-to-our-data

The Top 10 Highest Paying Jobs in Information Security – Part 1 – http://www.tripwire.com/state-of-security/off-topic/the-top-10-highest-paying-jobs-in-information-security-part-1/

Data security in the payments ecosystem – http://www.net-security.org/secworld.php?id=18344&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Analogue modems allow UNSTOPPABLE Android attack … at 13bps – http://www.hp.com/make-it-matter/uk/en/smart-telcos.html?jumpid=ba_yfgpei6u4r

 

 

Tools, Tips and How it’s done:

Local Administrator Password Solution aims to stop credential replay – http://searchsecurity.techtarget.com/news/4500245671/Local-Administrator-Password-Solution-aims-to-stop-credential-replay

Deconstructing Mobile Fraud Risk – http://www.darkreading.com/attacks-breaches/deconstructing-mobile-fraud-risk/a/d-id/1320248

Facepwn: Script Kiddies Beware – http://thecryptosphere.com/2015/05/05/facepwn-script-kiddies-beware/

Defending Against Web Attacks: X-XSS Protection – http://resources.infosecinstitute.com/defending-against-web-attacks-using-http-headers-part-2/

 

Miscellaneous Privacy stories:

THE COMPUTERS ARE LISTENING – HOW THE NSA CONVERTS SPOKEN WORDS INTO SEARCHABLE TEXT – https://firstlook.org/theintercept/2015/05/05/nsa-speech-recognition-snowden-searchable-text/

 

Safeguarding Children and School E-Safety stories:

Mom Horrified After Kids’ Photos Stolen From Facebook – https://www.yahoo.com/parenting/mom-horrified-after-kids-photos-stolen-from-118210047777.html

Administrators Confront Student ‘Sexting’ – http://www.edweek.org/ew/articles/2009/06/17/35sexting_ep.h28.html

New Research Reveals Teens’ Near-Constant Use of Online Sites, Tools – http://blogs.edweek.org/edweek/DigitalEducation/2015/04/new_research_explores_teens_mobile_device_use_social_media.html

Anti-terror guidance for colleges and teachers published – https://www.tes.co.uk/news/further-education/breaking-news/anti-terror-guidance-colleges-and-teachers-published

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 27 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Tesla’s website has been hacked – http://cio.economictimes.indiatimes.com/news/digital-security/teslas-website-has-been-hacked/47057428

White Lodging Services confirms second payment card breach – http://www.csoonline.com/article/2908853/data-breach/white-lodging-services-confirms-second-payment-card-breach.html#tk.rss_all

Punkey, a new POS Malware in the criminal ecosystem – http://securityaffairs.co/wordpress/36113/cyber-crime/punkey-pos-malware.html

Zero-Day Malvertising Attack Went Undetected For Two Months – http://www.darkreading.com/attacks-breaches/zero-day-malvertising-attack-went-undetected-for-two-months/d/d-id/1320092?_mc=RSS_DR_EDT

NetNanny Found Using Shared Private Key, Root CA – https://threatpost.com/netnanny-found-using-shared-private-key-root-ca/112354

Pushdo spamming botnet still active in the wild – http://securityaffairs.co/wordpress/36171/cyber-crime/pushdo-spamming-botnet.html

Cash register maker used same password – 166816 – non-stop since 1990 – http://www.theregister.co.uk/2015/04/23/166816_the_pos_pin_for_win_since_1990/

Phasebot, the fileless malware sold in the underground – http://securityaffairs.co/wordpress/36206/cyber-crime/phasebot-fileless-malware.html

Samsung Galaxy S5 could be open to fingerprint theft – http://www.welivesecurity.com/2015/04/23/samsung-galaxy-s5-open-fingerprint-theft/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

Costa Coffee Club members wake up and smell the data breach – http://www.theregister.co.uk/2015/04/23/costa_coffee_club_members_security_breach/

Hacked off: Tesco Clubcard and Costa Coffee cards breached in Cambridge area – http://www.cambridge-news.co.uk/Hacked-Tesco-Costa-Coffee-cards-breached/story-26392209-detail/story.html

Bypassing OS X Security Tools is Trivial, Researcher Says – https://threatpost.com/bypassing-os-x-security-tools-is-trivial-researcher-says/112410

Login Vulnerability Exposes SAP ASE Databases – http://www.securityweek.com/login-vulnerability-exposes-sap-ase-databases?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Magento Flaw Exploited in the Wild a few hours after disclosure – http://securityaffairs.co/wordpress/36252/hacking/magento-flaw-exploited-hackers.html

New Threats Range From ‘Dribbling Breached Data’ to IoT and Toys – http://www.eweek.com/security/new-threats-range-from-dribbling-breached-data-to-iot-and-toys.html

39,000 patients may have been victim in Seton data breach – http://kxan.com/2015/04/24/39000-affected-in-seton-phishing-attack-targeting-company-emails/

Hack breaches Taipei government computers – http://www.databreaches.net/hack-breaches-taipei-government-computers/

Phishing Leads to Healthcare Breach – http://www.infosecbuddy.com/news/phishing-leads-to-healthcare-breach/

No evidence that any data removed from system: Premera – http://www.databreaches.net/no-evidence-that-any-data-removed-from-system-premera/

Anonymous Claims Hack of Israeli Arms Importer, Fab-Defense; Leaks Massive Client Login Data – http://www.databreaches.net/anonymous-claims-hack-of-israeli-arms-importer-fab-defanse-leaks-massive-client-login-data/

Evil Wi-Fi kills iPhones, iPods in range – ‘No iOS Zone’ SSL bug revealed – http://www.theregister.co.uk/2015/04/22/apple_no_ios_zone_bug/

WordPress Releases Version 4.1.2, Calls It A “Critical Security Release” – http://marketingland.com/wordpress-releases-version-4-1-2-calls-it-a-critical-security-release-125965

 

Miscellaneous Infosec stories:

Hacking telesurgery robots, a concrete risk – http://securityaffairs.co/wordpress/36305/hacking/hacking-telesurgery-robots.html

Spy in the sandbox attack to spy on your online activity – http://securityaffairs.co/wordpress/36178/hacking/spy-in-the-sandbox-attack.html

Insider threats force balance between security and access – http://www.csoonline.com/article/2913740/data-breach/insider-threats-force-balance-between-security-and-access.html#tk.rss_all

Study: Firms not ready to respond to complex threats – http://www.csoonline.com/article/2913833/cyber-attacks-espionage/study-majority-of-firms-not-ready-to-respond-to-complex-threats.html#tk.rss_all

48,000 Windows XP PCs are still running at TEPCO … which are the risks? – http://securityaffairs.co/wordpress/36263/security/tepco-48000-pcs-running-xp.html

Insurers mull proposed cyber rules – http://www.businessinsurance.com/article/20150426/NEWS06/304269959

Low IT security spend in region leaves businesses open to cyber attacks – http://www.timesofoman.com/News/50815/Article-Low-IT-security-spend-in-region-leaves-businesses-open-to-cyber-attacks

Cyber-Attacks Getting Respect All Over The World – http://www.inquisitr.com/2044303/cyber-attacks-getting-respect-all-over-the-world/

Russian Hackers Read Obama’s Emails During White House Security Breach – http://gizmodo.com/russian-hackers-read-obamas-emails-during-white-house-s-1700271500

Congress to banks: Admit you’ve been hacked! – http://money.cnn.com/2014/11/18/technology/security/congress-bank-hack/

Should we fear hackers? – http://www.quotesinpics.com/kevin-mitnick/quote_khgzzd/

Banks Lose Up to $100K/Hour to Shorter, More Intense DDoS Attacks – http://www.americanbanker.com/news/bank-technology/banks-lose-up-to-100khour-to-shorter-more-intense-ddos-attacks-1073966-1.html

Massive TalkTalk data breach STILL causing customer scam tsunami – http://www.theregister.co.uk/2015/04/23/fresh_wave_of_scammers_target_talktalk_customers/

Fraud or Breach? Questions to Ask Before Calling in the Cavalry – http://www.techzone360.com/topics/techzone/articles/2015/04/22/402061-fraud-breach-questions-ask-before-calling-the-cavalry.htm

Ransomware crims drop Bitcoin faster than Google axes services – http://www.theregister.co.uk/2015/04/24/ransomware_bitcoin/

The international effort to confront international cybercrime – http://www.csoonline.com/article/2914234/malware-cybercrime/the-international-effort-to-confront-international-cybercrime.html#tk.rss_all

Encryption adoption slows, but users believe it frees them from breach reporting – http://www.cso.com.au/article/573196/encryption-adoption-slows-users-believe-it-frees-them-from-breach-reporting/

It’s official: David Brents are the weakest link in phishing attacks – http://www.theregister.co.uk/2015/04/22/proofpoint_phishing_study/

A Few Challenges in Calculating Total Cost of a Data Breach Using Insurance Claims Payment Data – http://www.ponemon.org/blog/a-few-challenges-in-calculating-total-cost-of-a-data-breach-using-insurance-claims-payment-data

Your city’s not smart if it’s vulnerable, says hacker – http://www.theregister.co.uk/2015/04/20/smart_city_vendors_blasted_for_dumb_security/

BYOD and cloud are top data breaches and malware risks, survey shows – http://www.csoonline.com/article/2906359/data-breach/byod-and-cloud-are-top-data-breaches-and-malware-risks-survey-shows.html#tk.rss_all

 

Tools, Tips and How it’s done:

Analyzing the Magento Vulnerability (Updated) – http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/

1,500 iOS apps have HTTPS-crippling bug. Is one of them on your device? – http://arstechnica.com/security/2015/04/20/1500-ios-apps-have-https-crippling-bug-is-one-of-them-on-your-device/

The hacker Stefan Esser shows the jailbreak for iOS 8.4 beta 1 – http://securityaffairs.co/wordpress/36154/hacking/ios-8-4-beta-1-jailbreak.html

How to hack Avaya phones with a simple text editor – http://securityaffairs.co/wordpress/36187/hacking/how-to-hack-avaya-phone.html

How to discover NSA Quantum Insert attacks on your systems – http://securityaffairs.co/wordpress/36224/hacking/nsa-quantum-insert-attacks.html

Former hacker talks phone password security – http://wishtv.com/2015/04/26/former-hacker-talks-about-cyber-security/

Your big data toolchain is a big security risk! – http://www.vitavonni.de/blog/201504/2015042601-big-data-toolchains-are-a-security-risk.html

Quantum Insert Attack – https://isc.sans.edu/diary/Quantum+Insert+Attack/19625

Smarter threats and the rising complexity of cybercrime – http://www.net-security.org/secworld.php?id=18285&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Millions of accounts are being compromised because developers don’t have a specialised user database – http://fourlightyears.blogspot.co.uk/2015/04/millions-of-accounts-are-being.html

How To Protect Your Business From Social Engineering – https://quostar.com/blog/how-to-protect-your-business-from-social-engineering/

This machine catches stingrays: Pwnie Express demos cellular threat detector – http://arstechnica.com/information-technology/2015/04/20/this-machine-catches-stingrays-pwnie-express-demos-cellular-threat-detector/

Inside the rickety, vulnerable systems that run just about every power plant – http://www.csoonline.com/article/2905402/data-protection/inside-the-rickety-vulnerable-systems-that-run-just-about-every-power-plant.html#tk.rss_all

 

Miscellaneous Privacy stories:

Hackers spy on Kansas family through unsecured baby monitor – http://www.welivesecurity.com/2015/04/22/hackers-spy-kansas-family-unsecured-baby-monitor/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

 

Safeguarding Children and School E-Safety stories:

We’re not getting to grips with online hate – http://www.heraldsun.com.au/news/opinion/were-not-getting-to-grips-with-online-hate/story-fni0fhh1-1227322032416

Rise in reports of abusive texts prompts headteacher to send letter to parents – http://www.lancashiretelegraph.co.uk/news/12909796.Rise_in_reports_of_abusive_texts_prompts_headteacher_to_send_letter_to_parents/

5 ways to tell an online predator may be grooming your child – http://www.thedenverchannel.com/money/science-and-tech/5-ways-to-tell-a-predator-is-grooming-your-child

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 21 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Operation Pawn Storm on Continued Marathon, Attacking Targets Now with Advance Infrastructure – http://securityaffairs.co/wordpress/36139/cyber-crime/op-pawn-storm-continues.html

Several Vulnerabilities Found in Enterprise Search Engine SearchBlox – http://www.securityweek.com/several-vulnerabilities-found-enterprise-search-engine-searchblox?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

WikiLeaks Dumps Data from Sony Hacking Scandal – http://www.securityweek.com/wikileaks-dumps-data-sony-hacking-scandal

HSBC Acknowledges Data Breach – http://www.esecurityplanet.com/network-security/hsbc-acknowledges-data-breach.html

Updates Fix Several Vulnerabilities in HP Network Automation – http://www.securityweek.com/updates-fix-several-vulnerabilities-hp-network-automation

Local families among victims of improper use of DCF information – http://www.actionnewsjax.com/news/news/local/local-families-among-victims-dcf-security-breach/nkync/

D-Link: sorry we’re SOHOpeless – http://www.theregister.co.uk/2015/04/21/dlink_sorry_were_sohopeless/

JavaScript CPU cache snooper tells crooks EVERYTHING you do online – http://www.theregister.co.uk/2015/04/21/cache_creeps_can_spy_on_web_histories_for_80_of_net_users/

Watch: Nasty JPEG pops corporate locks on Windows boxes – http://www.theregister.co.uk/2015/04/20/nasty_jpg_pops_corporate_locks/

Patch Tuesday, exploit Thursday: Windows HTTP.sys flaw under attack – http://searchsecurity.techtarget.com/news/4500244600/Patch-Tuesday-exploit-Thursday-Windows-HTTPsys-flaw-under-attack

Flaw in Schneider Electric Vamp Software Allows Arbitrary Code Execution – http://www.securityweek.com/flaw-schneider-electric-vamp-software-allows-arbitrary-code-execution?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Moxa Industrial Surveillance Products Affected by RCE Vulnerability – http://www.securityweek.com/moxa-industrial-surveillance-products-affected-rce-vulnerability?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Hotel Operator White Lodging Struck Again by PoS Attack – http://www.securityweek.com/hotel-operator-white-lodging-struck-again-pos-attack

Phishing catches victims ‘in minutes’ – http://www.bbc.co.uk/news/technology-32285433

 

Miscellaneous Infosec stories:

Zero-Day Vulnerabilities Rose in 2014: Symantec – http://www.securityweek.com/zero-day-vulnerabilities-rose-2014-symantec?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

The Rise of the Chief Security Officer: What It Means for Corporations and Customers – http://www.forbes.com/sites/frontline/2015/04/20/the-rise-of-the-chief-security-officer-what-it-means-for-corporations-and-customers/

Verizon Data Breach Study Finds Old Flaws Remain Dangerous – http://myinforms.com/en-gb/a/12433349-verizon-data-breach-study-finds-old-flaws-remain-dangerous/

Anonymous slams cyber threat-sharing bill – http://thehill.com/policy/cybersecurity/239406-anonymous-slams-cyber-threat-sharing-bill

IT’S WAR: Hacktivists throw in their lot with spies and the military – http://www.theregister.co.uk/2015/04/20/hacktivists_and_spies_feature_isis_anonymous/

Most Cyberattacks Are Phishing Related, Not Sophisticated Technical Attacks – https://www.techdirt.com/articles/20150414/05574230648/most-cyberattacks-are-phishing-related-not-sophisticated-technical-attacks.shtml

It’s boom times for hackers as cyber sleuths gather – http://www.usatoday.com/story/tech/2015/04/20/rsa-computer-security-conference/26086277/

Can security analytics be key in breach detection? – http://www.computerworld.co.nz/article/573009/can-security-analytics-key-breach-detection/

Study highlights increasing cyber crime threats to governments – http://enterpriseinnovation.net/article/study-highlights-increasing-cyber-crime-threats-governments-213576350

United boots cyber security expert from flight after he noted security flaws – http://kdvr.com/2015/04/20/united-boots-cyber-security-expert-from-flight-after-he-noted-security-flaws/

The positive side of security threats – http://blog.avira.com/positive-side-of-security-threats/

Employees have no qualms in selling corporate passwords – http://www.csoonline.com/article/2905682/data-breach/employees-have-no-qualms-in-selling-corporate-passwords.html#tk.rss_all

 

Tools, Tips and How it’s done:

What does PCI DSS Version 3.1 mean to you? – http://blog.srm-solutions.com/what-does-pci-dss-version-3-1-mean-to-you/

The 20,000 fake phone numbers – http://www.bbc.co.uk/news/blogs-magazine-monitor-32348371

9 things retailers need to know about data breaches – http://www.retailingtoday.com/article/9-things-retailers-need-know-about-data-breaches

Cybercriminals still rely on decades-old techniques – http://www.networksasia.net/article/cybercriminals-still-rely-decades-old-techniques.1429495431

How to create a powerful password: Your ultimate guide to beating the hackers – http://www.itproportal.com/2015/04/20/create-powerful-password-ultimate-guide-beating-hackers/

4 Ways Your Small Business Can Better Prevent Cyber Crime – http://www.entrepreneur.com/article/245102

Get Cyber Fit Without Breaking a Sweat – http://www.ukfast.co.uk/blog/2015/04/20/get-cyber-fit-without-breaking-a-sweat/

RFIDs, Encryption, and Stop Rules. – http://www.thegrumpyprogrammer.com/2015/04/rfids-encryption-and-stop-rules-oh-my.html

sptoolkit Rebirth – Simple Phishing Toolkit – http://www.darknet.org.uk/2015/04/sptoolkit-rebirth-simple-phishing-toolkit/

 

Miscellaneous Privacy stories:

That’s right: FBI agents can’t pretend to be ISP repairmen to search homes without a warrant – http://www.theregister.co.uk/2015/04/20/fbi_warrantless_searches/

Lawyer: Cops dropped robbery case rather than detail FBI’s StingRay phone snoop gizmo – http://www.theregister.co.uk/2015/04/21/st_louis_stingray/

Lost in the clouds: Your private data has been indexed by Google – http://www.csoonline.com/article/2906137/cloud-security/lost-in-the-clouds-your-private-data-has-been-indexed-by-google.html#tk.rss_all

 

Safeguarding Children and School E-Safety stories:

Arrest Made In Connection With Instagram Death Threats In San Dimas – http://losangeles.cbslocal.com/2015/04/20/arrest-made-in-connection-with-cyber-death-threats-made-against-girl-in-san-dimas/

Thousands of children receive lessons on online safety – http://www.itv.com/news/meridian/update/2015-04-13/thousands-of-children-receive-lessons-on-online-safety/

Protecting Children’s Rights in the Digital World: An Ever-Growing Challenge – Social Work Helper – http://www.socialworkhelper.com/2015/04/16/protecting-children-rights-in-the-digital-world-an-ever-growing-challenge/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Information Security Breach Report – 13 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Lufthansa customers were targeted by a cyber attack – http://securityaffairs.co/wordpress/35894/cyber-crime/lufthansa-website-hacked.html

Apple Patches Critical Backdoor Flaw in OS X 10.10.3 – http://www.eweek.com/security/apple-patches-critical-backdoor-flaw-in-os-x-10.10.3.html

AT&T To Pay $25 Million to Resolve FCC Data Breach Claims – http://www.adlawaccess.com/2015/04/articles/att-to-pay-25-million-to-resolve-fcc-data-breach-claims/

ɘƨɿɘvɘЯ algo attack cracks Belkin router WPS PINs: researcher – http://www.theregister.co.uk/2015/04/12/belkin_wps_pins_easily_cracked_researcher/

18 out of 20 top boxlines vulnerable to ‘click-jacking’ cyber attacks – http://splash247.com/18-out-of-20-top-boxlines-vulnerable-to-click-jacking-cyber-attacks/

China Accused Of Decade Of Cyber Attacks On Governments And Corporates In Asia – http://techcrunch.com/2015/04/12/fireeye-apt-30-southeast-asia-india-report/

Hobart Airport website taken offline after cyber-attack – http://www.globaltimes.cn/content/916518.shtml

Hackers attack Belgian press group, second cyber siege since French station Tv5Monde – http://www.firstpost.com/world/hackers-attack-belgian-press-group-second-cyber-seige-since-french-station-tv5monde-2193865.html

IBM uncovers fraud scheme by well funded Eastern European gang of cyber criminals – http://customstoday.com.pk/ibm-uncovers-fraud-scheme-by-well-funded-eastern-european-gang-of-cyber-criminals-2/

AlienSpy RAT exploited to deliver the popular Citadel Trojan – http://securityaffairs.co/wordpress/35802/cyber-crime/alienspy-rat-citadel-trojan.html

Security Advisory: Persistent XSS in WP-Super-Cache – https://blog.sucuri.net/2015/04/security-advisory-persistent-xss-in-wp-super-cache.html

Many big companies are still vulnerable to the biggest computer bug ever discovered, report says – http://cio.economictimes.indiatimes.com/news/digital-security/many-big-companies-are-still-vulnerable-to-the-biggest-computer-bug-ever-discovered-report-says/46845677

FireEye claims discovery of 10-year hack campaign by China – http://www.zdnet.com/article/fireeye-claims-discovery-of-10-year-hack-campaign-by-china/

Walters McCann Fanska notifies clients of network security breach – http://www.databreaches.net/walters-mccann-fanska-notifies-clients-of-network-security-breach/

 

Miscellaneous Infosec stories:

In a flash, I became a victim of cyber thieves – http://www.asianewsnet.net/In-a-flash-I-became-a-victim-of-cyber-thieves-74004.html

Emergence of various gadgets gives rise to wider cyber crimes – http://www.thesundaily.my/news/1381512

Insurance payout ‘threat’ a push for better cyber-safety – http://www.timesofisrael.com/insurance-payout-threat-a-push-for-better-cyber-safety/

Your smartphone app may be… malware trap – http://www.bangaloremirror.com/News/India/Your-smartphone-app-may-be-malware-trapp/articleshow/46899269.cms

Thousands could launch Sony-style cyber attack, says ex-hacker – http://www.cnet.com/news/thousands-could-launch-sony-style-cyber-attack-says-ex-hacker/

“Great Canon” The most powerful Cyber-Weapon is getting used by China Government – http://www.hackersnewsbulletin.com/2015/04/great-canon-powerful-cyber-weapon-getting-used-china-government.html

Most Cyber Security Breaches Due to Known Issues, Says tech Firm’s Report – http://www.newindianexpress.com/cities/bengaluru/Most-Cyber-Security-Breaches-Due-to-Known-Issues-Says-tech-Firms-Report/2015/04/13/article2761708.ece

 

Tools, Tips and How it’s done:

How Identity Data Security Helps Financial Services Fight Cyber Crime – http://www.business2community.com/tech-gadgets/identity-data-security-helps-financial-services-fight-cyber-crime-01200490

Cyber Incident/Data Breach Response: Your emergency Checklist – http://www.jdsupra.com/legalnews/cyber-incidentdata-breach-response-you-04551/

Lessons in War Series – The Role of Computer Forensics – http://blog.srm-solutions.com/lessons-in-war-series-the-role-of-computer-forensics/

Backtrack 5 Social Engineering Toolkit Fake Facebook Arp Dns Sing – http://smovies.me/download/backtrack-5-social-engineering-toolkit-fake-facebo

Dealing With a Data Breach: What to Do if Your Server Is Compromised – http://www.socialmediatoday.com/technology-data/2015-04-12/dealing-data-breach-what-do-if-your-server-compromised

The critical 48 hours: how to mitigate the damage from a cyber-attack – http://www.itproportal.com/2015/04/12/critical-48-hours-how-to-mitigate-damage-cyber-attack/

The oldest trick in the ASCII book – http://www.infosecdailynews.com/the-oldest-trick-in-the-ascii-book/

Here’s a tip for some Crime Stoppers in Canada: you’ve been hacked – http://www.databreaches.net/heres-a-tip-for-some-crime-stoppers-in-canada-youve-been-hacked/

 

Miscellaneous Privacy stories:

The government hides surveillance programs just because people would freak out – http://www.theguardian.com/commentisfree/2015/apr/11/the-government-will-hide-its-surveillance-programs-but-they-wont-eliminate-them

As encryption spreads, U.S. grapples with clash between privacy, security – http://www.washingtonpost.com/world/national-security/as-encryption-spreads-us-worries-about-access-to-data-for-investigations/2015/04/10/7c1c7518-d401-11e4-a62f-ee745911a4ff_story.html

Meet the privacy activists who spy on the surveillance industry – http://fusion.net/story/112390/unveiling-secrets-of-the-international-surveillance-trade-one-fake-company-at-a-time/

Facebook claims ‘a bug’ made it track nonusers – http://thehill.com/policy/technology/238399-facebook-claims-a-bug-made-it-track-people-not-on-facebook

“I feel violated:” Fraudulent Green Dot accounts set up using stolen identities – http://fox6now.com/2015/04/12/i-feel-violated-fraudulent-green-dot-accounts-set-up-using-stolen-identities/

Process servers can find you on Facebook – http://edition.cnn.com/2015/04/12/opinions/cevallos-facebook-process-serving/

Snowden keeps saying that US is still catching our emails – http://securityaffairs.co/wordpress/35799/digital-id/snowden-interview.html

 

Safeguarding Children and School E-Safety stories:

Five steps for an effective school e-safety policy – http://blog.srm-solutions.com/five-steps-for-an-effective-school-e-safety-policy/

Limerick kids to take the fight to online bullies at major summit – http://www.limerickleader.ie/news/business/business-news/limerick-kids-to-take-the-fight-to-online-bullies-at-major-summit-1-6683746

Why community intelligence modelling is vital when dealing with the ‘digital native’ – http://blog.srm-solutions.com/why-community-intelligence-modelling-is-vital-when-dealing-with-the-digital-native/

Full Frame Panel: Cyberbullying 101 – http://www.cctv-america.com/2015/04/11/full-frame-panel-cyberbullying-101

Higgins proposes cyber bullying legislation after falling victim – http://connachttribune.ie/higgins-proposes-cyber-bullying-legislation-after-falling-victim-063/

Florida Teen Charged With Felony For Changing Teacher’s Desktop Wallpaper – http://www.inquisitr.com/2003490/florida-teen-charged-with-felony-for-changing-teachers-desktop-wallpaper/

Why Online Abuse Is Not Our Destiny – https://www.techdirt.com/articles/20150407/16041830577/why-online-abuse-is-not-our-destiny.shtml

Every Teacher’s Must Have Guide to Facebook – http://www.edudemic.com/every-teachers-must-have-guide-to-facebook/

TeaMp0isoN reveals schools’ vulnerabilities – http://www.databreaches.net/teamp0ison-reveals-schools-vulnerabilities/

Police Chief Unable To Simply Do Nothing Over Reported Teen Sexting, Brings Child Porn Charges Against Four Minors – https://www.techdirt.com/articles/20150331/14510830506/police-chief-unable-to-simply-do-nothing-over-reported-teen-sexting-brings-child-porn-charges-against-four-minors.shtml

“Lessons will Be learned”: Safeguarding in schools – http://www.computerweekly.com/blogs/itworks/2015/04/lessons-will-be-learned-safegu.html

Education Sector Struggles With Botnets: BitSight – http://www.securityweek.com/education-sector-struggles-botnets-bitsight

 

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

SRM Blog