Information Security Breach Report – 19 December 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Webcam-snooping spawn of ZeuS hits 150 banks worldwide –

Hack hijacks electric skateboards, dumps hipsters in the gutter –

Researchers ID New Variant of Alina PoS Malware –

Over 100,000 Compromised WordPress Sites Serve Malware –

Vulnerability in embedded web server software from 2002 leaves about 12M home routers exposed – Misfortune Cookie – and

Vulnerability in Git, Mercurial allows for arbitrary code execution on OSX, Windows; affects Visual Studio, Github client app, among others –

Another OPM background check contractor breached –

New fear: ISIS killers use ‘digital AK-47’ malware to hunt victims –

Point-of-sale malware creators still in business with Spark, an Alina spinoff –

German researchers discover a flaw that could let anyone listen to your cell calls. –

Cyberattack on German Steel Plant Caused Significant Damage: Report –

SAP Patches Bugs in Business Apps –

Breach Occurs After Health System Donates CDs with PHI –


Miscellaneous Infosec stories:

Can We Learn from Big Breaches? –

Direct Line says your passwords should be alphanumeric and between 8-10 characters –

N.Korea’s cyber army’s next targets may be telecoms, utility grids –

Armouring up online: Duncan Campbell’s chief techie talks crypto with El Reg –

Ireland Doubles Down on Data Protection Funding –

OIT implements Cyber Security Incident Response Program to fight threats –

Ex-hacker: ‘It’s easy to break into companies like Sony’ –

Forget Google’s robot cars, now it’s on to ANDROID cars –

IOActive Expands Automotive Security Testing Practice –

Are We Prepared for the Future of Cyber-Attacks? –

4 Critical Cyber Trends for 2015 –

N.Korea’s cyber army’s next targets may be telecoms, utility grids –

Kiwi hacker ‘menace’ pops home detention tracker cuffs –

Bad Bots On The Rise –

UK firms turning to cyber-security contractors –

Employees are biggest security risk when it comes to the cloud –

Does Your Data Scientist Have Chief Data Officer Potential? –

Sony’s surrender will strengthen hackers, experts say –



Tools, Tips and How it’s done:

Public Key Cryptography: Diffie-Hellman Key Exchange –

Obfuscating “Hello world!” –

A Look at North Korea’s Cyber-Warfare Capabilities –

PCI Security Standards Council Publishes Guide for Securing Terminal Software –

Snapchat data breach: A case study –

One Phish, Two Phish, Read Phish, Spear Phish – No Room at the Inn for these Phishing Attempts –

Banish the fear of Big Brother when you bring in BYOD –

Dan Kaminsky on detecting malware with one line of code –

How to train your staff on cyber security (and make it stick) –

Safe way to upload files to Dropbox from an untrusted computer –

QR Inception: Barcode-in-Barcode Attacks –

The MPAA’s Secret Plan To Reinterpret The DMCA Into A Vast Censorship Machine That Breaks The Core Workings Of The Internet –

“USBdriveby” Emulates Mouse and Keyboard to Hijack Computers –

How to prevent theft, loss and snooping on the road –

Data Breach? Strategies to Stem the Damage –


Miscellaneous Privacy stories

Online privacy to remain thorny issue: Survey –

Privacy breaches at Rouge Valley hospital may have affected Ajax-Pickering patients –


If you would like this report sent to your inbox each morning, email me at


You can see all previous issues of this blog at

My Linkedin Profile is

Posted 4 years ago on · Permalink