Information Security Breach Report – 18 December 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

Breaches, Incidents and Alerts:

Phishing email contains Word doc, enabling macros leads to malware infection – http://www.scmagazine.com/phishing-email-contains-word-doc-enabling-macros-leads-to-malware-infection/article/388936/

Mobile RAT Xsser continues to threaten Android, iOS device security – http://www.scmagazine.com/mobile-rat-xsser-continues-to-threaten-android-ios-device-security/article/388929/

Banks Sue Kmart Over Credit Card Data Breach – http://www.databreaches.net/banks-sue-kmart-over-credit-card-data-breach/

Vulnerable TLS Implementation Exposes Cisco Products to POODLE Attacks – http://www.securityweek.com/vulnerable-tls-implementation-exposes-cisco-products-poodle-attacks

ICANN targeted by Spear Phishing attack, several systems impacted – http://www.csoonline.com/article/2860737/social-engineering/icann-targeted-by-spear-phishing-attack-several-systems-impacted.html#tk.rss_all

New ransomware avoids hitting the same victim twice – http://www.csoonline.com/article/2860417/data-protection/new-ransomware-avoids-hitting-the-same-victim-twice.html#tk.rss_all

Certified pre-pw0ned Android Smartphones: Coolpad Firmware Backdoor – https://isc.sans.edu/diary/Certified+pre-pw0ned+Android+Smartphones%3A+Coolpad+Firmware+Backdoor/19075

Android OS And iOS Targeted by Man-in-the-Middle Attacks – http://www.techweekeurope.co.uk/workspace/android-os-ios-targeted-man-middle-attacks-157693

Docker Fixes Vulnerabilities, Shares Plans For Making Platform Safer – http://www.securityweek.com/docker-fixes-vulnerabilities-shares-plans-making-platform-safer

Union First Market Bank deactivates thousands of ATM cards after skimming incidents – http://wtvr.com/2014/12/15/security-breach-leads-union-first-market-bank-to-deactivate-thousands-of-atm-cards/

Did Regulator Cause a Data Breach? – http://www.databreachtoday.com/did-regulator-cause-data-breach-a-7685

 

Miscellaneous Infosec stories:

Cyber Attackers Increasingly Sneaking Corporate Data Out Through DNS – http://www.eweek.com/security/cyber-attackers-increasingly-sneaking-corporate-data-out-through-dns.html

Business interrupted: Telstra reveals Australia’s security breach impact – http://www.zdnet.com/article/business-interrupted-telstra-reveals-australias-security-breach-impact/

TorrentLocker Ransomware Makes Criminals Up to $500K – http://www.infosecurity-magazine.com/news/torrentlocker-ransomware-criminals/

Banks use lots of cloud services but are unaware – http://www.computerweekly.com/news/2240236836/Banks-are-using-hundreds-of-cloud-computing-services-but-dont-know

Top malware families turn point-of-sale into point-of-theft – http://www.csoonline.com/article/2860416/malware-cybercrime/top-malware-families-turn-point-of-sale-into-point-of-theft.html#tk.rss_all

Protecting the underground electronic communications infrastructure – http://www.net-security.org/secworld.php?id=17763

Can’t stop Home Depot-style card pwning, but suppliers will feel PCI regulation pain – http://www.theregister.co.uk/2014/12/17/pci_revamp_after_target_home_depot_breach/

Cryptologists meet in Delhi to make and break new codes – http://cio.economictimes.indiatimes.com/news/internet/cryptologists-meet-in-delhi-to-make-and-break-new-codes/45549123

Google considers warning internet users about data risks – http://www.bbc.co.uk/news/technology-30505970

Is Mobile the weakest link in Enterprise Security? – http://cio.economictimes.indiatimes.com/news/digital-security/is-mobile-the-weakest-link-in-enterprise-security/45534705?utm_source=RSS&utm_medium=ETRSS

 

Tools, Tips and How it’s done:

Using WPA2 to avoid data breach headlines – http://community.spiceworks.com/topic/694163-using-wpa2-to-avoid-data-breach-headlines

Social sniffer predicts which Nigerian prince has the best chance of scamming you – http://www.theregister.co.uk/2014/12/18/human_vulnerability_scanner_predicts_risky_behaviour/

Tallinn Paper: The Nature of International Law Cyber Norms – https://ccdcoe.org/multimedia/tallinn-paper-nature-international-law-cyber-norms.html

Zen and the Art of Cloud Database Security (Part 2) – http://www.securityweek.com/zen-and-art-cloud-database-security-part-2

The four Mac security options everyone should know – http://www.csoonline.com/article/2860380/data-protection/the-four-mac-security-options-everyone-should-know.html#tk.rss_all

Fast Flux Networks Working and Detection, Part 1 – http://resources.infosecinstitute.com/fast-flux-networks-working-detection-part-1/

Speculations Concerning the First Ultraintelligent Machine (1965) [pdf] – http://webdocs.cs.ualberta.ca/~sutton/Good65ultraintelligent.pdf

Fake2db: generates databases filled with fake but valid information – https://github.com/emirozer/fake2db

 

Miscellaneous Privacy stories

Kudos to Microsoft: Fighting US attempt to access emails at Dublin data centre – http://grahamcluley.com/2014/12/microsoft-dublin-data-centre/

Facebook privacy policy under Dutch lens – http://cio.economictimes.indiatimes.com/news/government-policy/facebook-privacy-policy-under-dutch-lens/45544927?utm_source=RSS&utm_medium=ETRSS

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Posted 4 years ago on · Permalink