Information Security Breach Report – 17 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

Breaches, Incidents and Alerts:

16 million mobile devices hit by malware in 2014: Alcatel-Lucent – http://www.zdnet.com/article/16-million-mobile-devices-hit-by-malware-in-2014-alcatel-lucent/

Lincolnshire scammers using police logo in mobile con – http://www.eastlindseytarget.co.uk/Scammers-using-police-logo-mobile/story-26014332-detail/story.html

While Obama talks cyber security, his hotel’s computer system fails – http://uk.reuters.com/article/2015/02/15/uk-usa-cybersecurity-obama-hotel-idUKKBN0LJ00120150215

Over 100 banks in 30 countries hit by sophisticated cyber-attack – http://www.jamaicaobserver.com/news/Over-100-banks-in-30-countries-hit-by-sophisticated-cyber-attack

Crooks steal money from Standard Chartered Accounts by hacking ATMs – http://securityaffairs.co/wordpress/33511/cyber-crime/standard-chartered-accounts-hacked.html

Security breach affects SSC employees – http://www.news-star.com/article/20150213/NEWS/150219854

Personal weather stations can expose your Wi-Fi network – http://www.csoonline.com/article/2883910/privacy/personal-weather-stations-can-expose-your-wifi-network.html#tk.rss_all

Lack of CSPRNG Threatens WordPress Sites – http://threatpost.com/lack-of-csprng-threatens-wordpress-sites/111016

Discovered 40000 vulnerable MongoDB databases on the Internet – http://securityaffairs.co/wordpress/33487/hacking/40000-vulnerable-mongodbonline.html

Google Play, Browser Flaws Expose Android Devices to Remote Code Execution – http://www.securityweek.com/google-play-browser-flaws-expose-android-devices-remote-code-execution

Newsweek Twitter hack is a sign of the times – http://www.csoonline.com/article/2882977/social-networking-security/newsweek-twitter-hack-is-a-sign-of-the-times.html#tk.rss_all

15-year-old bug allows malicious code execution in all versions of Windows – http://arstechnica.com/security/2015/02/15-year-old-bug-allows-malicious-code-execution-in-all-versions-of-windows/

 

Miscellaneous Infosec stories:

Cybersecurity goes way beyond passwords – http://www.sfchronicle.com/opinion/article/Cybersecurity-goes-way-beyond-passwords-6081491.php

Security Concerns After Zero-Day Attacks in Adobe Flash – http://tech.co/security-concerns-zero-day-attacks-in-adobe-flash-2015-02

Beware of Phishing mails; you could be the next hack victim – http://www.indiatvnews.com/business/world/beware-of-phishing-mails-you-could-be-the-next-hack-victim-1207.html

Cyber security will shape the Internet of Things – http://www.itproportal.com/2015/02/14/cyber-security-will-shape-internet-things/

Employees vulnerable to cyber crime – http://www.scotsman.com/business/management/employees-vulnerable-to-cyber-crime-1-3690568

FIA claims arrest of two of FBI’s 10 most-wanted cyber criminals – http://tribune.com.pk/story/838615/fia-claims-arrest-of-two-of-fbis-10-most-wanted-cyber-criminals/

SRM launch the North East Cyber Security Business Cluster – http://www.srm-solutions.com/news/srm-launch-the-north-east-cyber-security-business-cluster/

When is a password leak not a password leak? –

https://blog.agilebits.com/2015/02/13/when-is-a-password-leak-not-a-password-leak/

Google cuts Microsoft and pals some slack in zero-day vuln crusade – an extra 14 days tops – http://www.theregister.co.uk/2015/02/14/google_vulnerability_disclosure_tweaks/

Banks, Gov’t Struggle to Contain Growing Cyber Threat – http://www.americanbanker.com/news/law-regulation/banks-govt-struggle-to-contain-growing-cyber-threat-1072744-1.html

Phishing for clickers – http://www.csoonline.com/article/2883744/security-leadership/phishing-for-clickers.html#tk.rss_all

Twitter sends employees fake spam to see if they’ll fall for it – http://globalnews.ca/news/1828773/twitter-sends-employees-fake-spam-to-see-if-theyll-fall-for-it/

‘Zero days’ last up to six months for some malware – http://www.csoonline.com/article/2883248/data-protection/zero-days-last-up-to-six-months-for-some-malware.html#tk.rss_all

HP Promises Half a Million Dollars in Prizes for Pwn2Own 2015 – http://www.securityweek.com/hp-promises-half-million-dollars-prizes-pwn2own-2015

Google’s Vint Cerf warns of ‘digital Dark Age’ – http://www.bbc.co.uk/news/science-environment-31450389

Breach Level Index Finds Data Breaches Increased 49 Percent – http://hospitalitytechnology.edgl.com/news/Breach-Level-Index-Finds-Data-Breaches-Increased-49-Percent98209

Ukrainian government to counter cyber-attacks – http://www.scmagazineuk.com/ukrainian-government-to-counter-cyber-attacks/article/397970/

Millions Of Users Unaware That Facebook Is On The Internet — Or Think It *Is* The Internet – https://www.techdirt.com/articles/20150211/01355929982/millions-users-unaware-that-facebook-is-internet-think-it-is-internet.shtml

HOST HIT IN CYBER ATTACK RIPS GOVERNMENT INACTION – http://www.nltimes.nl/2015/02/11/host-hit-cyber-attack-rips-government-inaction/

Report: Chinese groups behind most state-sponsored attacks in 2014 – http://www.csoonline.com/article/2882753/cyber-attacks-espionage/report-chinese-groups-behind-most-state-sponsored-attacks-in-2014.html#tk.rss_all

Tools, Tips and How it’s done:

HTML5 Security Cheat Sheet – https://www.owasp.org/index.php/HTML5_Security_Cheat_Sheet

Now, I can see wifi signals. – https://imgur.com/gallery/jdNA6

Cyber Attacks Through Power and Cooling Systems – http://www.alphaguardian.net/cyber-attacks-power-cooling-systems/

How secret Swiss banking works – http://www.businessinsider.co.id/hsbc-and-ubs-swiss-bank-account-and-tax-evasion-scandals-explainer-2015-2/#.VORiDPmsV8F

Hacker Hour: The Hackers Guide To Social Engineering – https://www.protectmybank.com/hacker-hour-hackers-guide-social-engineering/

UK Computer Emergency Response Team (CERT) Introduction to Social Engineering – https://publicintelligence.net/uk-cert-social-engineering/

Phishing attacks increasingly target financial data – http://www.net-security.org/secworld.php?id=17949

The limits of prevention-centric security programs – http://www.net-security.org/secworld.php?id=17950

Preparing for a Data Breach – What to Know About Breach Notification – http://www.lexisnexis.com/legalnewsroom/corporate/b/business/archive/2015/02/13/preparing-for-a-data-breach-what-to-know-about-breach-notification.aspx

Phishing: Learning from Recent Breaches – http://www.databreachtoday.com/interviews/phishing-learning-from-recent-breaches-i-2577

How to Defend Your Business Against Social Engineering Scams – http://blog.lifars.com/2015/02/13/how-to-defend-your-business-against-social-engineering-scam/

‘CIO of Year’ on Defending Against Hackers – http://www.databreachtoday.com/interviews/cio-year-on-defending-against-hackers-i-2578

PoS Malware Kits Rose in Underground in 2014: Report – http://www.securityweek.com/pos-malware-kits-rose-underground-2014-report?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

How To Protect Yourself From Dating App Cyber Threats – http://www.techweekeurope.co.uk/mobility/mobile-apps/protect-dating-app-cyber-threats-161856

Complexity is the Enemy of Security – http://www.securityweek.com/complexity-enemy-security?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

CTO Corner: Creation of CTIIC Demonstrates Heightened Importance of Cyber Security – https://blog.bit9.com/2015/02/11/cto-corner-creation-of-ctiic-demonstrates-heightened-importance-of-cyber-security/

Five sneaky ways companies are changing employees’ security behavior – http://www.csoonline.com/article/2881940/security-awareness/five-sneaky-ways-companies-are-changing-employees-security-behavior.html#tk.rss_all

Connected Home Security Systems Easy to Hack: HP – http://www.securityweek.com/connected-home-security-systems-easy-hack-hp

How to remotely install malicious apps on Android devices – http://securityaffairs.co/wordpress/33456/hacking/remotely-hack-android.html

Miscellaneous Privacy stories

Legal compliance challenges of Big Data: Seeing the forest for the trees – http://www.csoonline.com/article/2883796/big-data-security/legal-compliance-challenges-of-big-data-seeing-the-forest-for-the-trees.html

Tim Cook: Cyber privacy is a ‘life and death’ issue – http://www.telegraph.co.uk/finance/11412625/Tim-Cook-Cyber-privacy-is-a-life-and-death-issue.html

US lawmakers introduce two bills to protect email privacy – http://www.csoonline.com/article/2884134/privacy/us-lawmakers-introduce-two-bills-to-protect-email-privacy.html#tk.rss_all

Jeb Bush’s email dump puts constituents’ personal data online – http://www.csoonline.com/article/2882818/access-control/jeb-bushs-email-dump-puts-constituents-personal-data-online.html#tk.rss_all

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is