Information Security Breach Report – 23 December 2014

This is the last report of 2014 – next one on Monday 5th January

I hope you have a great Christmas and a happy new year!

Here’s to a secure 2015.

 

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Entry Point of JPMorgan Data Breach Is Identified – http://dealbook.nytimes.com/2014/12/22/entry-point-of-jpmorgan-data-breach-is-identified/?_r=0

Apple releases critical NTP Security Update for OS X Yosemite, Mavericks, & Mountain Lion – http://9to5mac.com/2014/12/22/ntp-security-update-os-x-yosemite-mavericks-mountain-lion/

Easily Exploitable NTP Vulnerabilities Put ICS Operators at Risk – http://www.securityweek.com/easily-exploitable-ntp-vulnerabilities-put-ics-operators-risk

North Korea falls off the internet – is the United States to blame? – http://www.welivesecurity.com/2014/12/22/north-korea-internet/

Student information compromised in York County high school data breach: report – http://www.pennlive.com/midstate/index.ssf/2014/12/student_information_compromise.html

Police: Students’ information compromised in South Western HS data breach – http://www.yorkdispatch.com/breaking/ci_27188043/police-students-information-compromised-south-western-hs-data

Northwestern Memorial reports stolen laptop, notifies 2,800 patients of data breach – http://www.beckershospitalreview.com/healthcare-information-technology/northwestern-memorial-reports-stolen-laptop-notifies-2-800-patients-of-data-breach.html

Sony Threatens to Sue Twitter Unless It Removes Tweets Containing Hacked Emails – http://motherboard.vice.com/read/sony-threatens-to-sue-twitter-unless-it-removes-tweets-containing-hacked-emails

SoakSoak Campaign Evolves – New Wave of Attacks – http://blog.sucuri.net/2014/12/soaksoak-new-wave-evolution-attacks.html

‘Vawtrak’ Banking Malware Continues to Evolve – http://www.securityweek.com/vawtrak-banking-malware-continues-evolve

Cyber Gang Linked to Theft of $17M From Banks, Retailers: Research – http://www.securityweek.com/cyber-gang-linked-theft-17m-banks-retailers-research

Researcher to Demonstrate Attack on Apple EFI Firmware – http://www.securityweek.com/researcher-demonstrate-attack-apple-efi-firmware

Rackspace DNS DDOS – https://plus.google.com/+RackspaceHosting/posts/8yVxbLqfx6Q

Gang Hacked ATMs from Inside Banks – http://krebsonsecurity.com/2014/12/gang-hacked-atms-from-inside-banks/

 

Miscellaneous Infosec stories:

Sucker for punishment? Join Sony’s security team – http://www.theregister.co.uk/2014/12/23/sucker_for_punishment_join_sonys_security_team/

10 recent data breaches – http://www.beckershospitalreview.com/healthcare-information-technology/10-recent-data-breaches-12-22-14.html

Security News No One Saw Coming In 2014 – http://www.darkreading.com/attacks-breaches/security-news-no-one-saw-coming-in-2014/a/d-id/1318228

Will 2015 be the year of risk-based security? – http://www.net-security.org/article.php?id=2188

The Biggest Facebook Scams Of 2014 Targeted Curious Perverts – http://www.techweekeurope.co.uk/security/virus/facebook-scams-virus-trojan-157977

How The Sony Hack Will Turn Technology Upside Down… Again – http://uk.businessinsider.com/steven-sinofsky-sony-hack-is-a-major-security-breaking-point-2014-12?r=US

Why did the Sony hackers spend so much time leaking celebrity gossip? – http://www.vox.com/2014/12/22/7433243/sony-hack-gossip-information

Schwab password policies and two factor authentication: a comedy of errors – http://www.jeremytunnell.com/posts/swab-password-policies-and-two-factor-authentication-a-comedy-of-errors

What Is Wrong With ‘Legal Malware’? – http://www.forbes.com/sites/eugenekaspersky/2014/12/22/what-is-wrong-with-legal-malware/

Alleged Counterfeiter “Willy Clock” Arrested – http://krebsonsecurity.com/2014/12/alleged-counterfeiter-willy-clock-arrested/

Sony & Cybersecurity: Supply Chain Concerns – http://www.forbes.com/sites/kevinomarah/2014/12/22/sony-cybersecurity-supply-chain-concerns/

Wake-up call for banks as scandals weigh and cyber threats loom – http://www.standard.co.uk/business/business-news/wakeup-call-for-banks-as-scandals-weigh-and-cyber-threats-loom-9939794.html

Six cloud security predictions for 2015 – http://www.scmagazine.com/six-cloud-security-predictions-for-2015/article/388926/

Taking IT Security’s Pulse: What to Expect in 2015 – http://www.securityweek.com/taking-it-securitys-pulse-what-expect-2015

Two eras of the internet: pull and push – http://cdixon.org/2014/12/21/two-eras-of-the-internet-pull-and-push/

South Korea Nuclear Plants Stage Drill Against Cyber Attack – http://www.securityweek.com/south-korea-nuclear-plants-stage-drill-against-cyber-attack

 

Tools, Tips and How it’s done:

Principles of Distributed Computing (lecture collection) – http://dcg.ethz.ch/lectures/podc_allstars/

Interesting papers from NIPS 2014 – http://nicklothian.com/blog/2014/12/22/interesting-papers-from-nips-2014/

Pattern-Based Approach for In-Memory ShellCodes Detection – http://resources.infosecinstitute.com/pattern-based-approach-memory-shellcodes-detection/

Mitigate cyber attacks with crisis management – http://www.techrepublic.com/article/mitigate-cyber-attacks-with-crisis-management/

1995 Newsweek article that claimed the internet was useless – http://www.newsweek.com/clifford-stoll-why-web-wont-be-nirvana-185306

Old-school tricks to protect your passwords – http://www.csoonline.com/article/2862016/data-protection/old-school-tricks-to-protect-your-passwords.html#tk.rss_all

5 lessons to help security pros craft a New Year’s resolution – http://www.csoonline.com/article/2860409/data-protection/5-lessons-to-help-security-pros-craft-a-new-year-s-resolution.html#tk.rss_all

Analyzing cyberthreat intelligence definitions and trends – http://searchsecurity.techtarget.com/video/Analyzing-cyberthreat-intelligence-definitions-and-trends

What’s the True Cost of a Breach? – http://www.inforisktoday.co.uk/whats-true-cost-breach-a-7711

Column: “White hat hacker” reveals the tricks of the trade – http://www.wcpo.com/news/opinion/op-ed/column-white-hat-hacker-reveals-the-tricks-of-the-trade

Five things you should know about PCI DSS – http://www.scmagazineuk.com/five-things-you-should-know-about-pci-dss/article/389108/

 

Miscellaneous Privacy stories

Spyware use in domestic violence ‘escalating’ – http://www.bbc.co.uk/news/technology-30579307

Danah Boyd Of Microsoft Research: Teens Are Exploring Privacy Practices Outside The Frame Of Technology – http://www.forbes.com/sites/kaviguppta/2014/12/22/danah-boyd-of-microsoft-research-teens-are-exploring-privacy-practices-outside-the-frame-of-technology/

 

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Posted 4 years ago on · Permalink