Information Security Breach Report – 22 December 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

Breaches, Incidents and Alerts:

STAY AWAY: Popular Tor exit relays look raided –

ISIS operates spear phishing attacks against a Syrian citizen media group –

Security breach at JMU releases thousands of employees’ data –

Mercy Medical Center Redding Oncology Clinic notifies patients of privacy breach –

Quest Diagnostics notifies employees of breach after email attachment error –

Whistleblower reveals how fraud of worked –

Critical #NTP Vulnerability in ntpd prior to 4.2.8 –

New security flaws in the SS7 protocol allow hackers to spy on phone users –

Several critical security vulnerabilities affect the Glassdoor website –

Staples Finds PoS Malware in 115 Stores; 1.16 Million Payment Cards Affected –

Huge data leak sees personal details of 15,000 Hackney residents published online –

Privilege Escalation Vulnerability Found in Linux Kernel –

Proxy auto-config attacks defeat 2-factor auth, hide using country specific content –

Serious Vulnerabilities Found in Schneider Electric’s ProClima Solution –


Miscellaneous Infosec stories:

I work at Sony Pictures. This is what it was like after we got hacked. –

Throwing Money at Data Breach May Make It Worse – Study offers model for response to large-scale data breaches –

Sony Hack Was Not All That Sophisticated, Cybersecurity Experts Say –

Hackers Used Sophisticated SMB Worm Tool to Attack Sony –

Aviation industry agrees on common roadmap for tackling cyber threats –

50% of companies unprepared for DDoS attacks: Report –

Top 10 Phone Scams of 2014 –

A cyber-resilience blueprint for ASEAN –

US tries to strike deal with EU for immunity over online security breaches –

What does a cyber counterattack look like? –

Ukraine conflict: Hackers take sides in virtual war –

ICANN: The TRUTH about that hacker attack on our DNS zone file database –

Risk modellers look to clarify cyber risk costs ––finance.html#oPltu3G

How North Korea, one of the world’s poorest countries, got so good at hacking –

What story are security leaders telling themselves? –

Post Breach, Regulator Reviews Policies –

Questions Abound Following Data Breach Caused By NCUA Examiner’s Error –

Complex Solutions to a Simple Problem –

Crimeware-as-a-Service Threatens Banks –


Tools, Tips and How it’s done:

Cloud VPN Security Recommendations –

Hiding Malware in Plain Sight From Online Scanners –

Ask HN: What encrypted chat application to choose? –

Bridging Datacenters for Disaster Recovery – Virtually –

10 Technical Papers Every Programmer Should Read (At Least Twice) –

Endpoint security fundamentals: The business case for antimalware protection –

How cookies can be used for global surveillance –

Live Map Shows Thousands Of Cyber Attacks As They Happen –

How good is your infosec knowledge really? Test your skills with this holiday quiz –

Do You Have A Data Security Breach Policy Yet? (Spoiler: You Should) –


Miscellaneous Privacy stories

LAPD Body Cam Footage Can’t Be FOIA’ed; Used In Court Cases Only –

The Future of Privacy –

BlackBerry Completes Acquisition of German Anti-Eavesdropping Firm –


If you would like this report sent to your inbox each morning, email me at


You can see all previous issues of this blog at

My Linkedin Profile is

Posted 4 years ago on · Permalink