Information Security Breach Report – 21 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Operation Pawn Storm on Continued Marathon, Attacking Targets Now with Advance Infrastructure – http://securityaffairs.co/wordpress/36139/cyber-crime/op-pawn-storm-continues.html

Several Vulnerabilities Found in Enterprise Search Engine SearchBlox – http://www.securityweek.com/several-vulnerabilities-found-enterprise-search-engine-searchblox?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

WikiLeaks Dumps Data from Sony Hacking Scandal – http://www.securityweek.com/wikileaks-dumps-data-sony-hacking-scandal

HSBC Acknowledges Data Breach – http://www.esecurityplanet.com/network-security/hsbc-acknowledges-data-breach.html

Updates Fix Several Vulnerabilities in HP Network Automation – http://www.securityweek.com/updates-fix-several-vulnerabilities-hp-network-automation

Local families among victims of improper use of DCF information – http://www.actionnewsjax.com/news/news/local/local-families-among-victims-dcf-security-breach/nkync/

D-Link: sorry we’re SOHOpeless – http://www.theregister.co.uk/2015/04/21/dlink_sorry_were_sohopeless/

JavaScript CPU cache snooper tells crooks EVERYTHING you do online – http://www.theregister.co.uk/2015/04/21/cache_creeps_can_spy_on_web_histories_for_80_of_net_users/

Watch: Nasty JPEG pops corporate locks on Windows boxes – http://www.theregister.co.uk/2015/04/20/nasty_jpg_pops_corporate_locks/

Patch Tuesday, exploit Thursday: Windows HTTP.sys flaw under attack – http://searchsecurity.techtarget.com/news/4500244600/Patch-Tuesday-exploit-Thursday-Windows-HTTPsys-flaw-under-attack

Flaw in Schneider Electric Vamp Software Allows Arbitrary Code Execution – http://www.securityweek.com/flaw-schneider-electric-vamp-software-allows-arbitrary-code-execution?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Moxa Industrial Surveillance Products Affected by RCE Vulnerability – http://www.securityweek.com/moxa-industrial-surveillance-products-affected-rce-vulnerability?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Hotel Operator White Lodging Struck Again by PoS Attack – http://www.securityweek.com/hotel-operator-white-lodging-struck-again-pos-attack

Phishing catches victims ‘in minutes’ – http://www.bbc.co.uk/news/technology-32285433

 

Miscellaneous Infosec stories:

Zero-Day Vulnerabilities Rose in 2014: Symantec – http://www.securityweek.com/zero-day-vulnerabilities-rose-2014-symantec?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

The Rise of the Chief Security Officer: What It Means for Corporations and Customers – http://www.forbes.com/sites/frontline/2015/04/20/the-rise-of-the-chief-security-officer-what-it-means-for-corporations-and-customers/

Verizon Data Breach Study Finds Old Flaws Remain Dangerous – http://myinforms.com/en-gb/a/12433349-verizon-data-breach-study-finds-old-flaws-remain-dangerous/

Anonymous slams cyber threat-sharing bill – http://thehill.com/policy/cybersecurity/239406-anonymous-slams-cyber-threat-sharing-bill

IT’S WAR: Hacktivists throw in their lot with spies and the military – http://www.theregister.co.uk/2015/04/20/hacktivists_and_spies_feature_isis_anonymous/

Most Cyberattacks Are Phishing Related, Not Sophisticated Technical Attacks – https://www.techdirt.com/articles/20150414/05574230648/most-cyberattacks-are-phishing-related-not-sophisticated-technical-attacks.shtml

It’s boom times for hackers as cyber sleuths gather – http://www.usatoday.com/story/tech/2015/04/20/rsa-computer-security-conference/26086277/

Can security analytics be key in breach detection? – http://www.computerworld.co.nz/article/573009/can-security-analytics-key-breach-detection/

Study highlights increasing cyber crime threats to governments – http://enterpriseinnovation.net/article/study-highlights-increasing-cyber-crime-threats-governments-213576350

United boots cyber security expert from flight after he noted security flaws – http://kdvr.com/2015/04/20/united-boots-cyber-security-expert-from-flight-after-he-noted-security-flaws/

The positive side of security threats – http://blog.avira.com/positive-side-of-security-threats/

Employees have no qualms in selling corporate passwords – http://www.csoonline.com/article/2905682/data-breach/employees-have-no-qualms-in-selling-corporate-passwords.html#tk.rss_all

 

Tools, Tips and How it’s done:

What does PCI DSS Version 3.1 mean to you? – http://blog.srm-solutions.com/what-does-pci-dss-version-3-1-mean-to-you/

The 20,000 fake phone numbers – http://www.bbc.co.uk/news/blogs-magazine-monitor-32348371

9 things retailers need to know about data breaches – http://www.retailingtoday.com/article/9-things-retailers-need-know-about-data-breaches

Cybercriminals still rely on decades-old techniques – http://www.networksasia.net/article/cybercriminals-still-rely-decades-old-techniques.1429495431

How to create a powerful password: Your ultimate guide to beating the hackers – http://www.itproportal.com/2015/04/20/create-powerful-password-ultimate-guide-beating-hackers/

4 Ways Your Small Business Can Better Prevent Cyber Crime – http://www.entrepreneur.com/article/245102

Get Cyber Fit Without Breaking a Sweat – http://www.ukfast.co.uk/blog/2015/04/20/get-cyber-fit-without-breaking-a-sweat/

RFIDs, Encryption, and Stop Rules. – http://www.thegrumpyprogrammer.com/2015/04/rfids-encryption-and-stop-rules-oh-my.html

sptoolkit Rebirth – Simple Phishing Toolkit – http://www.darknet.org.uk/2015/04/sptoolkit-rebirth-simple-phishing-toolkit/

 

Miscellaneous Privacy stories:

That’s right: FBI agents can’t pretend to be ISP repairmen to search homes without a warrant – http://www.theregister.co.uk/2015/04/20/fbi_warrantless_searches/

Lawyer: Cops dropped robbery case rather than detail FBI’s StingRay phone snoop gizmo – http://www.theregister.co.uk/2015/04/21/st_louis_stingray/

Lost in the clouds: Your private data has been indexed by Google – http://www.csoonline.com/article/2906137/cloud-security/lost-in-the-clouds-your-private-data-has-been-indexed-by-google.html#tk.rss_all

 

Safeguarding Children and School E-Safety stories:

Arrest Made In Connection With Instagram Death Threats In San Dimas – http://losangeles.cbslocal.com/2015/04/20/arrest-made-in-connection-with-cyber-death-threats-made-against-girl-in-san-dimas/

Thousands of children receive lessons on online safety – http://www.itv.com/news/meridian/update/2015-04-13/thousands-of-children-receive-lessons-on-online-safety/

Protecting Children’s Rights in the Digital World: An Ever-Growing Challenge – Social Work Helper – http://www.socialworkhelper.com/2015/04/16/protecting-children-rights-in-the-digital-world-an-ever-growing-challenge/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Posted 3 years ago on · Permalink