Information Security Breach Report – 19 February 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Meet Babar, a New Malware Almost Certainly Created by France – http://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france

Tens of thousands of home routers at risk with duplicate SSH keys – http://www.csoonline.com/article/2886236/network-security/tens-of-thousands-of-home-routers-at-risk-with-duplicate-ssh-keys.html#tk.rss_all

Cyber Espionage group attacking thousands of victims globally – http://www.itnewsafrica.com/2015/02/cyber-espionage-group-attacking-thousands-of-victims-globally/

Lenovo sold laptop with pre-installed Superfish malware – http://securityaffairs.co/wordpress/33800/malware/lenovo-laptop-pre-installed-superfish.html

Got a Netgear wireless router? You’ve got a security problem – http://www.hotforsecurity.com/blog/got-a-netgear-wireless-router-youve-got-a-security-problem-11429.html

Morgan Stanley breach probe shifts to hacker from fired employee: WSJ – http://www.reuters.com/article/2015/02/19/us-morgan-stanley-cybercrime-idUSKBN0LN07920150219?feedType=RSS&feedName=businessNews

Bitcoin exchange shuts down after suspected password breach – http://grahamcluley.com/2015/02/bitcoin-exchange-shuts-down/

Update On Morgan Stanley Breach Probe – http://www.bidnessetc.com/35121-update-on-morgan-stanley-ms-breach-probe/

Babar the Elephant: Another malware plague with a cute name – http://www.theregister.co.uk/2015/02/19/babar_french_cyberespionage/

25 billion Cyberattacks hit systems in Japan during 2014 – http://securityaffairs.co/wordpress/33776/hacking/25-billion-cyberattacks-hit-japan.html

Cisco – New Malware-Laced Spam Campaign Hits Corporate Users – http://www.spamfighter.com/News-19462-Cisco-New-Malware-Laced-Spam-Campaign-Hits-Corporate-Users.htm

UMaine Data Breach Exposes Information on Hundreds of Students – http://news.mpbn.net/post/umaine-data-breach-exposes-information-hundreds-students

RedTube porn website spreads malware, via iFrame invisible to the naked eye – http://grahamcluley.com/2015/02/redtube-malware/

Scammers using obituary notices to acquire new victims – http://www.csoonline.com/article/2885141/malware-cybercrime/scammers-using-obituary-notices-to-acquire-new-victims.html#tk.rss_all

Malicious Emails Can Cause Android Email App to Crash: Researcher – http://www.securityweek.com/malicious-emails-can-cause-gmail-app-crash-researcher

Vawtrak Banking Trojan Uses Windows PowerShell, Macros in Infection Routines – http://www.securityweek.com/vawtrak-banking-trojan-uses-windows-powershell-macros-infection-routines

 

Miscellaneous Infosec stories:

Swedish man pleads guilty to peddling Blackshades malware – http://www.csoonline.com/article/2886356/cyber-attacks-espionage/swedish-man-pleads-guilty-to-peddling-blackshades-malware.html#tk.rss_all

Banking Malware Redefined – http://www.securityweek.com/banking-malware-redefined?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

iBank: RBS, NatWest first UK banks to allow Apple Touch ID logins – http://www.theregister.co.uk/2015/02/19/natwest_mobile_banking_touch_id/

Vawtrack malware peddlers turn to malicious macros – http://www.net-security.org/malware_news.php?id=2967&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Software Advice: More than half of SMBs don’t have data breach plan – http://www.tweaktown.com/news/43626/software-advice-more-half-smbs-data-breach-plan/index.html

End Users Causing Bulk Of Infosec Headaches – http://www.darkreading.com/end-users-causing-bulk-of-infosec-headaches/d/d-id/1319143

The Average Face of a Hacker is Revealed by the Team at Secure Thoughts – http://www.virtual-strategy.com/2015/02/18/average-face-hacker-revealed-team-secure-thoughts#axzz3SCy59PFn

Hurd: Cyber security most pressing issues in U.S. – http://www.ksat.com/content/pns/ksat/news/2015/02/18/hurd–cyber-security-most-pressing-issues-in-u-s-.html

Lawsuit: Anthem Was Warned Of Cyber Threat To Health Care Providers – http://losangeles.cbslocal.com/2015/02/18/lawsuit-anthem-was-warned-of-cyber-threat-to-health-care-providers/

Kaspersky says his warnings about cyber threats have come true – http://latino.foxnews.com/latino/lifestyle/2015/02/18/kaspersky-says-his-warnings-about-cyber-threats-have-come-true/

An Internet of Things that do what they’re told – http://radar.oreilly.com/2015/02/an-internet-of-things-that-do-what-theyre-told.html

Social engineering the new norm for hackers, nation-states – http://www.scmagazineuk.com/social-engineering-the-new-norm-for-hackers-nation-states/article/399016/

Cars Are Delivering Tons Of Driving Data To Manufacturers With Minimal Security And Even Less Transparency – https://www.techdirt.com/articles/20150211/10134429988/cars-are-delivering-tons-driving-data-to-manufacturers-with-minimal-security-even-less-transparency.shtml

Carbanak Cybersecurity Threat Is Overhyped, Banking Groups Say – http://www.americanbanker.com/news/bank-technology/carbanak-cybersecurity-threat-is-overhyped-banking-groups-say-1072809-1.html

Security In The Year 2020 – http://www.tripwire.com/state-of-security/security-awareness/security-in-the-year-2020/

Hey, does anyone know if Dilbert has upset Kim Jong Un recently? – http://grahamcluley.com/2015/02/hey-does-anyone-know-if-dilbert-has-upset-kim-jong-un-recently/

Visual hacking exposed – http://www.net-security.org/secworld.php?id=17971&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Boards Not Regularly Briefed on Cyber-Security: Survey – http://www.securityweek.com/many-boards-directors-not-regularly-briefed-cyber-security-survey

Upgraded version of encryptors spreading with help of social engineering – http://techchannelmea.com/security/upgraded-version-encryptors-spreading-help-social-engineering

Secure Domains: The DNS Security Debate – http://www.inforisktoday.co.uk/secure-domains-dns-security-debate-a-7927

Kaspersky says his warnings about cyber threats have come true – http://latino.foxnews.com/latino/lifestyle/2015/02/18/kaspersky-says-his-warnings-about-cyber-threats-have-come-true/

Banking Malware Redefined – http://www.securityweek.com/banking-malware-redefined

 

Tools, Tips and How it’s done:

3 P’s to practice safe cyber security habits – http://www.ksat.com/content/pns/ksat/news/2015/02/18/3-p-sto-practice-safe-cyber-security-habits.html

Intel Security: social engineering hacking the human OS – http://www.itwire.com/business-it-news/security/67042-intel-security-social-engineering-hacking-the-human-os

Protect Yourself From Cyber Attacks – http://www.benzinga.com/general/topics/15/02/5243949/protect-yourself-from-cyber-attacks

Time for an Updated Cyber Risk Approach; BPI Data Breach – http://www.dataprivacymonitor.com/privacy/time-for-an-updated-cyber-risk-approach-bpi-data-breach/

Five Cyber Attacks that Made CISOs Rethink Security – http://www.itbusinessedge.com/slideshows/five-cyber-attacks-that-made-cisos-rethink-security.html

5 Ways Companies Can Avoid a Data Breach in 2015 – http://datashieldcorp.com/2015/02/18/5-ways-companies-can-avoid-data-breach-2015/

Three Keys to a Successful Cybersecurity Defense Program – http://www.tripwire.com/state-of-security/security-data-protection/cyber-security/three-keys-to-a-successful-cybersecurity-defense-program/

The Web Application Stack – A Growing Threat Vector – http://www.infosecdailynews.com/the-web-application-stack-a-growing-threat-vector/

Protecting Your Personal Information and Identity After a Breach – http://www.solutionary.com/resource-center/blog/2015/02/protecting-personal-information/

THE GREAT SIM HEIST – HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE – https://firstlook.org/theintercept/2015/02/19/great-sim-heist/

Android malware hijacks power button, empties wallet while you sleep – http://www.theregister.co.uk/2015/02/19/android_malware_hijacks_power_button_to_steal_while_you_sleep/

Expert Advice: How to Up Your Cyber Security – http://www.entrepreneur.com/article/241520

Anti-Virus: Applied Incorrectly? – http://www.inforisktoday.com/blogs/anti-virus-applied-incorrectly-p-1812

Preparing for a Data Security Breach – http://complianceriskforum.com/preparing-for-a-data-security-breach/

 

Miscellaneous Privacy stories

It’s not just Samsung TVs — lots of other gadgets are spying on you – http://fusion.net/story/49352/all-the-smart-gadgets-are-spying-on-you/

Yet Another Report Showing ‘Anonymous’ Data Not At All Anonymous – https://www.techdirt.com/articles/20150209/06111829955/yet-another-report-showing-anonymous-data-not-all-anonymous.shtml

UK Police Forces Have Secret Facial Recognition Database Of 18 Million People, Many Innocent – https://www.techdirt.com/articles/20150203/09153529893/uk-police-forces-have-secret-facial-recognition-database-18-million-people-many-innocent.shtml

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Posted 4 years ago on · Permalink