Information Security Breach Report – 19 December 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Webcam-snooping spawn of ZeuS hits 150 banks worldwide – http://www.theregister.co.uk/2014/12/19/chthonic_banking_trojan/

Hack hijacks electric skateboards, dumps hipsters in the gutter – http://www.theregister.co.uk/2014/12/19/hack_hijacks_boosted_skateboards_kills_hipsters/

Researchers ID New Variant of Alina PoS Malware – http://www.securityweek.com/researchers-id-new-variant-alina-pos-malware

Over 100,000 Compromised WordPress Sites Serve Malware – http://www.securityweek.com/over-100000-compromised-wordpress-sites-serve-malware

Vulnerability in embedded web server software from 2002 leaves about 12M home routers exposed – Misfortune Cookie – http://mis.fortunecook.ie/ and http://threatpost.com/12-million-home-routers-vulnerable-to-takeover/109970

Vulnerability in Git, Mercurial allows for arbitrary code execution on OSX, Windows; affects Visual Studio, Github client app, among others – http://article.gmane.org/gmane.linux.kernel/1853266

Another OPM background check contractor breached – http://fedscoop.com/another-opm-background-check-contractor-breached/

New fear: ISIS killers use ‘digital AK-47’ malware to hunt victims – http://www.theregister.co.uk/2014/12/18/experts_fear_isis_using_cheap_malware_as_digital_equivalent_of_ak47/

Point-of-sale malware creators still in business with Spark, an Alina spinoff – http://www.csoonline.com/article/2861027/data-breach/pointofsale-malware-creators-still-in-business-with-spark-an-alina-spinoff.html#tk.rss_all

German researchers discover a flaw that could let anyone listen to your cell calls. – http://www.washingtonpost.com/blogs/the-switch/wp/2014/12/18/german-researchers-discover-a-flaw-that-could-let-anyone-listen-to-your-cell-calls-and-read-your-texts/

Cyberattack on German Steel Plant Caused Significant Damage: Report – http://www.securityweek.com/cyberattack-german-steel-plant-causes-significant-damage-report

SAP Patches Bugs in Business Apps – http://www.securityweek.com/sap-patches-bugs-business-apps

Breach Occurs After Health System Donates CDs with PHI – http://www.healthdatamanagement.com/news/Breach-Occurs-After-Health-System-Donates-CDs-with-PHI-49461-1.html

 

Miscellaneous Infosec stories:

Can We Learn from Big Breaches? – http://www.securityweek.com/can-we-learn-big-breaches

Direct Line says your passwords should be alphanumeric and between 8-10 characters – http://grahamcluley.com/2014/12/direct-line-says-passwords-alphanumeric-8-10-characters/

N.Korea’s cyber army’s next targets may be telecoms, utility grids – http://www.abs-cbnnews.com/business/12/19/14/nkoreas-cyber-armys-next-targets-may-be-telecoms-utility-grids

Armouring up online: Duncan Campbell’s chief techie talks crypto with El Reg – http://www.theregister.co.uk/2014/12/19/crypto_toolkit_1/

Ireland Doubles Down on Data Protection Funding – http://www.securityweek.com/ireland-doubles-down-data-protection-funding

OIT implements Cyber Security Incident Response Program to fight threats – https://oit.ncsu.edu/news-releases/oit-implements-cyber-security-incident-response-program-to-fight-threats

Ex-hacker: ‘It’s easy to break into companies like Sony’ – http://www.bbc.co.uk/news/technology-30542855

Forget Google’s robot cars, now it’s on to ANDROID cars – http://www.theregister.co.uk/2014/12/19/android_m_car_infotainment_systems/

IOActive Expands Automotive Security Testing Practice – http://www.securityweek.com/ioactive-expands-automotive-security-testing-practice

Are We Prepared for the Future of Cyber-Attacks? – http://tech.co/sony-pictures-hack-cyber-attacks-2014-12

4 Critical Cyber Trends for 2015 – http://www.dataversity.net/4-critical-cyber-trends-2015/

N.Korea’s cyber army’s next targets may be telecoms, utility grids – http://www.abs-cbnnews.com/business/12/19/14/nkoreas-cyber-armys-next-targets-may-be-telecoms-utility-grids

Kiwi hacker ‘menace’ pops home detention tracker cuffs – http://www.theregister.co.uk/2014/12/19/kiwi_hacker_menace_pops_home_detention_ankle_monitor/

Bad Bots On The Rise – http://www.darkreading.com/informationweek-home/bad-bots-on-the-rise/d/d-id/1318276

UK firms turning to cyber-security contractors – http://www.scmagazineuk.com/uk-firms-turning-to-cyber-security-contractors/article/389017/

Employees are biggest security risk when it comes to the cloud – http://www.itproportal.com/2014/12/18/employees-biggest-security-risk-comes-cloud/

Does Your Data Scientist Have Chief Data Officer Potential? – http://www.forbes.com/sites/teradata/2014/12/18/does-your-data-scientist-have-chief-data-officer-potential/

Sony’s surrender will strengthen hackers, experts say – http://www.foxnews.com/tech/2014/12/18/experts-sonys-capitulation-will-strengthen-hackers/

ALMOST HALF OF AMERICANS HAVE BEEN SENT BREACH NOTIFICATIONS – http://www.pymnts.com/news/2014/almost-half-of-americans-have-been-sent-breach-notifications/#.VJQwxl4gKA

 

Tools, Tips and How it’s done:

Public Key Cryptography: Diffie-Hellman Key Exchange – https://www.youtube.com/watch?v=3QnD2c4Xovk&feature=share

Obfuscating “Hello world!” – http://benkurtovic.com/2014/06/01/obfuscating-hello-world.html

A Look at North Korea’s Cyber-Warfare Capabilities – http://gadgets.ndtv.com/internet/features/a-look-at-north-koreas-cyber-warfare-capabilities-636904

PCI Security Standards Council Publishes Guide for Securing Terminal Software – http://www.securityweek.com/pci-security-standards-council-publishes-guide-securing-terminal-software

Snapchat data breach: A case study – http://www.cyberrisknetwork.com/2014/12/18/snapchat-data-breach-case-study/

One Phish, Two Phish, Read Phish, Spear Phish – No Room at the Inn for these Phishing Attempts – http://www.solutionary.com/resource-center/blog/2014/12/holiday-spear-phishing/

Banish the fear of Big Brother when you bring in BYOD – http://www.theregister.co.uk/2014/12/18/byod_management/

Dan Kaminsky on detecting malware with one line of code – http://searchsecurity.techtarget.com/video/Dan-Kaminsky-on-detecting-malware-with-one-line-of-code

How to train your staff on cyber security (and make it stick) – http://www.pcworld.com/article/2861031/how-to-train-your-staff-on-cyber-security-and-make-it-stick.html

Safe way to upload files to Dropbox from an untrusted computer – https://github.com/frontsideair/dropboxwindow

QR Inception: Barcode-in-Barcode Attacks – https://www.iseclab.org/people/atrox/qrinception.pdf

The MPAA’s Secret Plan To Reinterpret The DMCA Into A Vast Censorship Machine That Breaks The Core Workings Of The Internet – https://www.techdirt.com/articles/20141217/17533629473/mpaas-secret-plan-to-reinterpret-dmca-into-vast-censorship-machine-that-breaks-core-workings-internet.shtml

“USBdriveby” Emulates Mouse and Keyboard to Hijack Computers – http://www.securityweek.com/usbdriveby-emulates-mouse-and-keyboard-hijack-computers

How to prevent theft, loss and snooping on the road – http://www.csoonline.com/article/2860837/mobile-security/how-to-prevent-theft-loss-and-snooping-on-the-road.html#tk.rss_all

Data Breach? Strategies to Stem the Damage – http://digitalmarketingmagazine.co.uk/digital-marketing-data/data-breach-strategies-to-stem-the-damage/1347

 

Miscellaneous Privacy stories

Online privacy to remain thorny issue: Survey – http://cio.economictimes.indiatimes.com/news/internet/online-privacy-to-remain-thorny-issue-survey/45570062

Privacy breaches at Rouge Valley hospital may have affected Ajax-Pickering patients – http://www.durhamregion.com/news-story/5211578-privacy-breaches-at-rouge-valley-hospital-may-have-affected-ajax-pickering-patients/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Posted 4 years ago on · Permalink