Information Security Breach Report – 23 January 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Security Advisory – Vulnerabilities in Pagelines/Platform theme for WordPress – http://blog.sucuri.net/2015/01/security-advisory-vulnerabilities-in-pagelinesplatform-theme-for-wordpress.html

MnSCU campus warns of ‘likely’ data breach – http://www.bizjournals.com/twincities/morning_roundup/2015/01/mnscu-campus-warns-of-likely-data-breach.html

Schneider Electric SCADA Gateway contains Hard-Coded FTP Credentials – http://securityaffairs.co/wordpress/32570/security/schneider-electric-scada-flaws.html

Atlassian Fixes Critical Vulnerability in Several Products – http://www.securityweek.com/atlassian-fixes-critical-vulnerability-several-products

New CTB-Locker Variant Allows Victims to Recover 5 Files for Free – http://www.securityweek.com/new-ctb-locker-variant-allows-victims-recover-5-files-free

‘Scarab’ Hackers Focus Aim on Select Russian Targets in Attack Campaigns – http://www.securityweek.com/scarab-hackers-focus-aim-select-russian-targets-attack-campaigns

Email Scam Nets $214 Million in 14 Months: FBI – http://www.securityweek.com/email-scam-nets-214-million-14-months-fbi

Travelers Blames Web Designer In Bank Website Data Breach – http://www.law360.com/articles/614158/travelers-blames-web-designer-in-bank-website-data-breach

MS SQL Server Resolution Service enables reflected DDoS with 440x amplification – http://kurtaubuchon.blogspot.co.uk/2015/01/mc-sqlr-amplification-ms-sql-server.html

Data breach hits MPISD employees – http://www.dailytribune.net/news/data-breach-hits-mpisd-employees/article_051ec5d0-a1d2-11e4-b1c7-afde4a6d4ed1.html

Adobe Investigating Flash Player Zero-Day Found in Angler Exploit Kit – http://www.securityweek.com/adobe-investigating-flash-player-zero-day-found-angler-exploit-kit

 

Miscellaneous Infosec stories:

IT’s security metrics and reporting problem: A communication failure – http://www.csoonline.com/article/2873313/metrics-budgets/it-s-security-metrics-and-reporting-problem-a-communication-failure.html#tk.rss_all

Lack of security in small companies means big risk for the enterprise – http://www.csoonline.com/article/2872774/data-protection/lack-of-security-in-small-companies-means-big-risk-for-the-enterprise.html#tk.rss_all

Davos 2015: Banks call for free rein to fight cyber crime – http://www.ft.com/cms/s/0/d94e855c-a209-11e4-bbb8-00144feab7de.html#axzz3PczKJ7B2

CISOs must adopt ‘all hands on deck’ approach to defend against cyber attacks: Study – http://www.firstpost.com/business/cisos-must-adopt-hands-deck-approach-defend-cyber-attacks-study-2059713.html

GCHQ Used Compromised Hardware To Suck Data And Communications Out Of Exploit-Resistant iPhones – https://www.techdirt.com/articles/20150119/13515029750/gchq-used-compromised-hardware-to-suck-data-communications-out-exploit-resistant-iphones.shtml

Younger users prefer biometrics to passwords – http://www.computerweekly.com/news/2240238497/Younger-users-would-rather-have-biometrics-than-passwords

Report: Popularity of biometric authentication set to spike – http://searchsecurity.techtarget.com/news/2240238677/Report-Popularity-of-biometric-authentication-set-to-spike

The State of Security this Past Year is a Just a Glimpse of What’s to Come in 2015 – http://www.securityweek.com/state-security-past-year-just-glimpse-what%E2%80%99s-come-2015

The 7 biggest lies you’ve been told about hacking – http://theweek.com/articles/534055/7-biggest-lies-youve-been-told-about-hacking

Hack Group Spokesman Sentenced to 63 Months in Prison – http://www.businessweek.com/news/2015-01-22/hack-group-spokesman-sentenced-to-63-months-in-prison

As 0days get meaner, Google defenses increasingly outpace Microsoft – http://arstechnica.com/security/2015/01/as-0days-get-meaner-google-defenses-increasingly-outpace-microsoft/

A SPY IN THE MACHINE – http://www.theverge.com/2015/1/21/7861645/finfisher-spyware-let-bahrain-government-hack-political-activist

2014 in infosec: Spammers sneak small botnets under the wire, Java is dull – http://n0where.info/News/2014-in-infosec-spammers-sneak-small-botnets-under-the-wire-java-is-dull/

The supremely befuddling cyber attack that stumped an industry – http://fortune.com/2015/01/21/inception-cloudatlas-cyberattack/

Cyber Vulnerabilities Threaten National Security – http://www.defense.gov/news/newsarticle.aspx?id=128001

‘International cyber warfare is becoming more sophisticated’ – http://rt.com/op-edge/224823-cyber-war-obama-speech-leaks/

Retailers are facing up to severe threat posed by cyber security lapses, says top lawyer – http://www.computing.co.uk/ctg/news/2391433/retailers-are-facing-up-to-severe-threat-posed-by-cyber-security-lapses-says-top-lawyer

Security Budgets Going Up, Thanks To Mega-Breaches – http://www.darkreading.com/attacks-breaches/security-budgets-going-up-thanks-to-mega-breaches/d/d-id/1318714

Data breaches and hacking attacks rise as Irish firms wrestle with rules – http://www.independent.ie/business/technology/data-breaches-and-hacking-attacks-rise-as-irish-firms-wrestle-with-rules-30926469.html

 

Tools, Tips and How it’s done:

Knowing when there has been a data breach from your database – http://security.stackexchange.com/questions/79816/knowing-when-there-has-been-a-data-breach-from-your-database

Yes, 123456 is the most common password, but here’s why that’s misleading – http://arstechnica.com/security/2015/01/yes-123456-is-the-most-common-password-but-heres-why-thats-misleading/

How to Keep Client Data Safe From Online Attackers – http://www.financial-planning.com/news/technology/how-to-keep-client-data-safe-from-online-attackers-2691710-1.html

Social Engineering – A Constant Threat – https://mimswell.wordpress.com/2015/01/21/social-engineering-a-constant-threat/

 

Miscellaneous Privacy stories

Snowden doesn’t use iPhone for security reasons – http://securityaffairs.co/wordpress/32557/intelligence/snowden-doesnt-use-iphone.html

Privacy is Dead, Davos Hears – http://www.securityweek.com/privacy-dead-davos-hears

Illinois Says Rule-Breaking Students Must Give Teachers Their Facebook Passwords – http://motherboard.vice.com/read/illinois-says-students-have-to-give-up-facebook-passwords-or-face-prosecution

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


Posted 3 years ago on · Permalink