Information Security Breach Report – 24 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.


You can always access the latest, and all previous reports at


Breaches, Incidents and Alerts:

Clandestine Fox attack op uses social engineering to woo new victims –

Insecure allowed hacker to access 70,000 records in 4 minutes –

Now cyber criminals use E-cigarettes to spread malware –

Vodafone Germany suffers server breach –,vodafone-germany-suffers-server-breach.aspx

Attackers Hijack Craigslist Domain Name –

Backdoored CMS Plugins Used to Hijack Web Servers –

Windows RCE Vulnerability Exploited in the Wild –

Ecuadorean President Correa claims attacks on his private computers and accounts –

Hackers claim responsibility for cyberattack on city of Ottawa website –

Domain names in China hacked by overseas IPs –

Security breach forces local banks to issue new cards for many customers –

Foreign gangs top list of Target data breach suspects –

DoubleDirect MitM Attacks are targeting users worldwide –

Tacoma hospital suffers security breach, $100K stolen –

Beth Israel fined $100,000 for patient data breach –

Security breach reveals personal data on Prince George’s school employees –

FTC Continues Tech-Support Scam Busts –


Miscellaneous Infosec stories:

How To Tell If Your Password Was Stolen By The Hackers Who Took Down Sony –

Before Getting Rid of Your Old Printer, Say ‘Goodbye’ to Lingering Data –

Soon, access mobile banking without internet –

(Note: Reflected File Download] New Web vulnerability enables powerful social engineering attacks –

Why Social Engineering Should Be Your Biggest Security Concern –

[Note: Regin] Computer spying malware uncovered with ‘stealth’ features – Symantec –

Traces of Regin malware may date back to 2006 –

The Regin Espionage Toolkit –

Sony quietly POODLE-proofs Playstations –

One in six smartphone users victim of cyber attack: Study –

How to Prevent Heart Hackers From Turning Off Pacemakers –

Social engineering: How it’s used to gain cyber information –

eBay hack could result in social engineering schemes –

Salted Hash: Live from DEF CON – Social Engineering –

Sony Denies PSN Was Hacked –

Crypto protocols held back by legacy, says ENISA –

Organized crime increasingly behind cyber attacks –

Here’s What Chinese Hackers Can Actually Do To The US Power Grid –

Internal and External Forces Shaping Cybersecurity in Financial Services –

Retailers beefing up security against data breaches –

The White House breach and the evolving attack surface –

SandWorm thrived thanks to botched MSFT patch says HP –

NIST revealing next steps to bolster cyber security –

UK police: up to 5 terror plots foiled this year –

Everything your users ever need to know about BYOD –

Cyber attacks, more or less? –

The Secret Life of Passwords –

“That’s not a hack…” – 60 Sec Security [VIDEO] –

Saving the Critical Infrastructure –

Cyber Ghosts: Digital Espionage and the New Cold War –

David Ruben — Social Engineering, Brainwashing and Hypnosis, Part 2 –

Fears grow of Iran cyber attack –

A Rare Peek Into The Massive Scale of AWS –

Intel boss’ warning on cyber attacks no joke, say experts –

Hackers Target Medical Records as Electronic Data Becomes Less Lucrative –


Who is out there waiting to spy on you or steal your data? –

Critical XSS Flaw Affects WordPress 3.9.2 And Earlier –

EXCLUSIVE: eHarmony Members’ Personal Information Accessed In Security Breach –


Miscellaneous Privacy stories

Do we want privacy or free stuff? Both –

Security expert: Online privacy possible but not plausible –

What you really agree to when you click ‘accept’ –


If you would like this report sent to your inbox each morning, email me at


You can see all previous issues of this blog at

My Linkedin Profile is

Posted 4 years ago on · Permalink