Information Security Breach Report – 17 December 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

Breaches, Incidents and Alerts:

Linux Distributions Affected by Two “mailx” Vulnerabilities – http://www.securityweek.com/linux-distributions-affected-two-mailx-vulnerabilities

Data Breach at Retail Giants, Malware Communicated with Same C&Cs – http://www.seculert.com/blog/2014/12/data-breach-at-retail-giants-malware-communicated-with-same-ccs.html

VCU Health warns of breach – http://www.fredericksburg.com/news/va_md_dc/vcu-health-warns-of-breach/article_7e4605e0-5ff5-5983-88c1-2554a31ef82e.html

Two New Ransomware Strains – http://www.exchangemagazine.com/morningpost/2014/week50/Tuesday/14121611.htm

PhpBB suffers massive security compromise – https://www.phpbb.com/community/viewtopic.php?f=64&t=1186015

Fake Cell Towers Found in Norway – https://www.schneier.com/blog/archives/2014/12/fake_cell_tower.html

Sony hackers threaten US cinemas – http://www.bbc.co.uk/news/entertainment-arts-30507306

Banks: Park-n-Fly Online Card Breach – http://krebsonsecurity.com/2014/12/banks-park-n-fly-online-card-breach/

Union First Market warns of breach – http://www.fredericksburg.com/business/local_business/union-first-market-warns-of-breach/article_2a4d741c-8550-11e4-bc93-871ee5929f2d.html

Delta security flaw let passengers access others’ boarding passes – http://mashable.com/2014/12/16/delta-security-flaw/

Former Employees Are Suing Sony Over ‘Epic Nightmare’ Hack – http://www.wired.com/2014/12/sony-getting-sued-former-employees-protecting-data/

Ofcom experiences one thousand cyber attacks in two months – http://www.cloudpro.co.uk/cloud-essentials/cloud-security/4709/ofcom-experiences-one-thousand-cyber-attacks-in-two-months

Spain: Four government ministries hit most from cyber hacking attempts – http://www.businessinsurance.com/article/20141216/NEWS09/141219907

Illinois hospital reports data blackmail – http://www.csoonline.com/article/2859900/data-breach/illinois-hospital-reports-data-blackmail.html#tk.rss_all

CA Technologies Fixes Vulnerabilities in CA Release Automation – http://www.securityweek.com/ca-technologies-fixes-vulnerabilities-ca-release-automation

 

Miscellaneous Infosec stories:

The Growing Threat Social Engineering Poses to Organizations… Is Your Team Equipped? – http://www.social-engineer.com/growing-threat-social-engineering-poses-organizations-team-equipped/

2014: Year of the New ‘Old’ Bugs – http://www.databreachtoday.com/2014-year-new-old-bugs-a-7681

Cyber experts predict top targets for 2015 – http://www.wbtw.com/story/27646143/cyber-experts-predict-top-targets-for-2015

Cyber cafes weak link in terror: Ruddock – http://www.pngloop.com/2014/12/17/cyber-cafes-weak-link-terror-ruddock/

2015 InfoSec Trends You Should and Shouldn’t Worry About – http://watchguardsecuritycenter.com/2014/12/16/2015-infosec-trends-you-should-and-shouldnt-worry-about/

2014: The Year of Privilege Vulnerabilities – http://www.darkreading.com/vulnerabilities—threats/2014-the-year-of-privilege-vulnerabilities/a/d-id/1318187

Gov’t beefs up cyber-security after website attacks – http://www.jamaicaobserver.com/latestnews/Govt-beefs-up-cyber-security-after-website-attacks

New England security group shares threat intelligence, strives to bolster region as cybersecurity mecca – http://www.csoonline.com/article/2860392/malware-cybercrime/new-england-security-group-shares-threat-intelligence-strives-to-bolster-region-as-cybersecurity-me.html#tk.rss_all

9 data breaches that cost someone their job – http://www.csoonline.com/article/2859485/data-breach/9-data-breaches-that-cost-someone-their-job.html#tk.rss_all

Data breaches lead long line of reasons for apologies this year – http://www.csoonline.com/article/2859903/data-breach/data-breaches-lead-long-line-of-reasons-for-apologies-this-year.html#tk.rss_all

This Linux grinch could put a hole in your security stocking – http://www.csoonline.com/article/2859511/malware-cybercrime/this-linux-grinch-could-put-a-hole-in-your-security-stocking.html#tk.rss_all

Breach Therapy: 10 Companies Who Can’t Wait For 2014 To Be Over – http://www.webroot.com/blog/2014/12/15/breach-therapy-10-companies-cant-wait-2014/

Gmail gets Content Security Policy support to stop extensions from loading unsafe code – http://venturebeat.com/2014/12/16/gmail-gets-content-security-policy-support-to-stop-extensions-from-loading-unsafe-code/

Spam Laced With Malicious Links Jumps: Symantec – http://www.securityweek.com/spam-laced-malicious-links-jumps-symantec

In A Riskier World, Security Teams Adopt Expanding Roles – http://www.forbes.com/sites/riskmap/2014/12/16/in-a-riskier-world-security-teams-adopt-expanding-roles/

Russian National Defense Control Center almost 100% protected from cyber attacks – http://itar-tass.com/en/russia/767317

Counting the real cost of cyber attacks – http://www.smh.com.au/it-pro/security-it/counting-the-real-cost-of-cyber-attacks-20141216-128ehk.html

From Lycos to Ask Jeeves to Facebook: Tracking the 20 most popular web sites every year since 1996 – http://www.washingtonpost.com/news/the-intersect/wp/2014/12/15/from-lycos-to-ask-jeeves-to-facebook-tracking-the-20-most-popular-web-sites-every-year-since-1996/

The Dawn of the Flying Smartphone – http://motherboard.vice.com/read/the-dawn-of-the-flying-smartphone

Phishing spam gets ‘Big Box Retailer’ holiday makeover – http://www.csoonline.com/article/2859490/malware-cybercrime/phishing-spam-gets-big-box-retailer-holiday-makeover.html#tk.rss_all

 

Tools, Tips and How it’s done:

TorrentLocker: Racketeering ransomware disassembled by ESET experts – http://www.welivesecurity.com/2014/12/16/torrentlocker-racketeering-ransomware-disassembled-by-eset-experts/

2014’s Top Malware: Less Money, Mo’ Problems – http://www.darkreading.com/2014s-top-malware-less-money-mo-problems/d/d-id/1318204

How Secure Are Temporary Messaging Apps for Work? – https://recode.net/2014/12/16/how-secure-are-temporary-messaging-apps-for-work/

SOCIAL ENGINEERING: HACKING WITHOUT PASSWORDS – http://www.droidmaverick.com/social-engineering-hacking-without-passwords/

Operation Tornado – FBI Used Metasploit to unmask Tor users – http://securityaffairs.co/wordpress/31174/cyber-crime/operation-tornado-fbi-against-tor.html

CYBER PLAYBOOK – http://invotas.csgi.com/cyber-playbook

Some Memory Forensic with Forensic Suite (Volatility plugins) – https://isc.sans.edu/diary/Some+Memory+Forensic+with+Forensic+Suite+%28Volatility+plugins%29/19071

A look inside Facebook’s source code – http://sintheticlabs.com/blog/a-look-inside-facebooks-source-code.html

Threat modeling for FPGA software backdoors – http://siliconexposed.blogspot.co.uk/2014/09/threat-modeling-for-fpga-software.html

How does the US government run the internet? This is how – http://www.theregister.co.uk/2014/12/16/this_is_how_the_us_government_runs_the_internet/

Basic Malware Analysis – http://www.solutionary.com/resource-center/blog/2014/12/basic-malware-analysis/

Legality of Jailbreaking Mobile Phones – http://resources.infosecinstitute.com/legality-jailbreaking-mobile-phones/

Android Hacking and Security, Part 16: Broken Cryptography – http://resources.infosecinstitute.com/android-hacking-security-part-16-broken-cryptography/

3 low-tech threats that lead to high-profile breaches – http://www.csoonline.com/article/2859482/data-protection/3-low-tech-threats-that-lead-to-high-profile-breaches.html#tk.rss_all

Virtual machines could be the gold standard for network security – http://www.csoonline.com/article/2859389/data-protection/pre-configured-secure-vms.html#tk.rss_all

A brief history of Mac malware – http://www.csoonline.com/article/2859905/malware-cybercrime/a-brief-history-of-mac-malware.html#tk.rss_all

Forget the Gossip, These Are the Lessons of the Sony Hack – http://www.businessweek.com/articles/2014-12-16/forget-the-gossip-these-are-the-lessons-of-the-sony-hack#r=rss

10 changes you can make to achieve security serenity now! – http://www.csoonline.com/article/2859273/infosec-staffing/top-10-changes-you-can-make-to-achieve-security-serenity-now.html#tk.rss_all

 

Miscellaneous Privacy stories

UK cops caught using 12 MILLION Brits’ mugshots on pic database – http://www.theregister.co.uk/2014/12/17/legality_of_coppers_facial_recognition_database_called_into_question/

Privacy Breach Class Actions in Ontario – What’s Coming in 2015 – http://conway.pro/fr/privacy-breach-class-actions-in-ontario-whats-coming-in-2015/

Privacy and security in cyberspace: right of all or luxury of the few? – https://www.opendemocracy.net/openglobalrights-blog/sarah-mckune/privacy-and-security-in-cyberspace-right-of-all-or-luxury-of-few

Angelina Jolie Hires Cyber Security to Protect Her Kids Online – http://www.people.com/article/angelina-jolie-brad-pitt-kids-monitor-internet

Iowa Dept. Of Transportation Announces Plan To Give Police Officers, Security Personnel Full Access To Your Smartphone – https://www.techdirt.com/articles/20141212/05024829407/iowa-dept-transportation-announces-plan-to-give-police-officers-security-personnel-full-access-to-your-smartphone.shtml

Google faces $18 mn fine for web privacy violations – http://cio.economictimes.indiatimes.com/news/government-policy/google-faces-18-mn-fine-for-web-privacy-violations/45534654?utm_source=RSS&utm_medium=ETRSS

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Posted 4 years ago on · Permalink