Information Security Breach Report – 23 December 2014

This is the last report of 2014 – next one on Monday 5th January

I hope you have a great Christmas and a happy new year!

Here’s to a secure 2015.


A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


Breaches, Incidents and Alerts:

Entry Point of JPMorgan Data Breach Is Identified –

Apple releases critical NTP Security Update for OS X Yosemite, Mavericks, & Mountain Lion –

Easily Exploitable NTP Vulnerabilities Put ICS Operators at Risk –

North Korea falls off the internet – is the United States to blame? –

Student information compromised in York County high school data breach: report –

Police: Students’ information compromised in South Western HS data breach –

Northwestern Memorial reports stolen laptop, notifies 2,800 patients of data breach –

Sony Threatens to Sue Twitter Unless It Removes Tweets Containing Hacked Emails –

SoakSoak Campaign Evolves – New Wave of Attacks –

‘Vawtrak’ Banking Malware Continues to Evolve –

Cyber Gang Linked to Theft of $17M From Banks, Retailers: Research –

Researcher to Demonstrate Attack on Apple EFI Firmware –

Rackspace DNS DDOS –

Gang Hacked ATMs from Inside Banks –


Miscellaneous Infosec stories:

Sucker for punishment? Join Sony’s security team –

10 recent data breaches –

Security News No One Saw Coming In 2014 –

Will 2015 be the year of risk-based security? –

The Biggest Facebook Scams Of 2014 Targeted Curious Perverts –

How The Sony Hack Will Turn Technology Upside Down… Again –

Why did the Sony hackers spend so much time leaking celebrity gossip? –

Schwab password policies and two factor authentication: a comedy of errors –

What Is Wrong With ‘Legal Malware’? –

Alleged Counterfeiter “Willy Clock” Arrested –

Sony & Cybersecurity: Supply Chain Concerns –

Wake-up call for banks as scandals weigh and cyber threats loom –

Six cloud security predictions for 2015 –

Taking IT Security’s Pulse: What to Expect in 2015 –

Two eras of the internet: pull and push –

South Korea Nuclear Plants Stage Drill Against Cyber Attack –


Tools, Tips and How it’s done:

Principles of Distributed Computing (lecture collection) –

Interesting papers from NIPS 2014 –

Pattern-Based Approach for In-Memory ShellCodes Detection –

Mitigate cyber attacks with crisis management –

1995 Newsweek article that claimed the internet was useless –

Old-school tricks to protect your passwords –

5 lessons to help security pros craft a New Year’s resolution –

Analyzing cyberthreat intelligence definitions and trends –

What’s the True Cost of a Breach? –

Column: “White hat hacker” reveals the tricks of the trade –

Five things you should know about PCI DSS –


Miscellaneous Privacy stories

Spyware use in domestic violence ‘escalating’ –

Danah Boyd Of Microsoft Research: Teens Are Exploring Privacy Practices Outside The Frame Of Technology –



If you would like this report sent to your inbox each morning, email me at


You can see all previous issues of this blog at

My Linkedin Profile is

Posted 4 years ago on · Permalink