Information Security Breach Report – 24 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Clandestine Fox attack op uses social engineering to woo new victims – http://www.scmagazine.com/clandestine-fox-attack-op-uses-social-engineering-to-woo-new-victims/article/355318/

Insecure healthcare.gov allowed hacker to access 70,000 records in 4 minutes – http://www.computerworld.com/article/2475809/cybercrime-hacking/insecure-healthcare-gov-allowed-hacker-to-access-70-000-records-in-4-minutes.html

Now cyber criminals use E-cigarettes to spread malware – http://www.techworm.net/2014/11/e-cigarettes-spread-malware.html

Vodafone Germany suffers server breach – http://www.itnews.com.au/News/356956,vodafone-germany-suffers-server-breach.aspx

Attackers Hijack Craigslist Domain Name – http://www.securityweek.com/attackers-hijack-craigslist-domain-name

Backdoored CMS Plugins Used to Hijack Web Servers – http://www.securityweek.com/backdoored-cms-plugins-used-hijack-web-servers

Windows RCE Vulnerability Exploited in the Wild – http://www.securityweek.com/windows-rce-vulnerability-exploited-wild

Ecuadorean President Correa claims attacks on his private computers and accounts – http://securityaffairs.co/wordpress/30463/hacking/ecuador-president-correa-accuses-us.html

Hackers claim responsibility for cyberattack on city of Ottawa website – http://www.ctvnews.ca/canada/hackers-claim-responsibility-for-cyberattack-on-city-of-ottawa-website-1.2114999

Domain names in China hacked by overseas IPs – http://www.wantchinatimes.com/news-subclass-cnt.aspx?id=20141123000022&cid=1103

Security breach forces local banks to issue new cards for many customers – http://virginislandsdailynews.com/news/security-breach-forces-local-banks-to-issue-new-cards-for-many-customers-1.1791862

Foreign gangs top list of Target data breach suspects – http://www.startribune.com/local/283597021.html

DoubleDirect MitM Attacks are targeting users worldwide – http://securityaffairs.co/wordpress/30417/cyber-crime/doubledirect-mitm-attacks.html

Tacoma hospital suffers security breach, $100K stolen – http://www.kirotv.com/news/news/tacoma-hospital-suffers-security-breach-100k-stole/njDFF/

Beth Israel fined $100,000 for patient data breach – http://www.bostonglobe.com/business/2014/11/21/beth-israel-fined-for-patient-data-breach/W8LT4a0gN6NMT93KtEDq7H/story.html

Security breach reveals personal data on Prince George’s school employees – http://www.washingtonpost.com/local/education/security-breach-reveals-personal-data-on-prince-georges-school-employees/2014/11/21/fdd3de9c-71e2-11e4-ad12-3734c461eab6_story.html

FTC Continues Tech-Support Scam Busts – http://www.bankinfosecurity.com/ftc-continues-tech-support-scam-busts-a-7600

 

Miscellaneous Infosec stories:

How To Tell If Your Password Was Stolen By The Hackers Who Took Down Sony – http://www.businessinsider.com/how-to-tell-if-your-password-was-stolen-by-lulzsec-2011-6?IR=T

Before Getting Rid of Your Old Printer, Say ‘Goodbye’ to Lingering Data – http://www.huffingtonpost.com/robert-siciliano/before-getting-rid-of-you_b_5674562.html

Soon, access mobile banking without internet – http://cio.economictimes.indiatimes.com/news/mobility/soon-access-mobile-banking-without-internet/45257557?utm_source=RSS&utm_medium=ETRSS

(Note: Reflected File Download] New Web vulnerability enables powerful social engineering attacks – http://www.cso.com.au/article/557675/new-web-vulnerability-enables-powerful-social-engineering-attacks/

Why Social Engineering Should Be Your Biggest Security Concern – http://www.lifehacker.com.au/2014/09/why-social-engineering-should-be-your-biggest-security-concern/

[Note: Regin] Computer spying malware uncovered with ‘stealth’ features – Symantec – http://in.reuters.com/article/2014/11/23/symantec-malware-regin-idINKCN0J70S720141123

Traces of Regin malware may date back to 2006 – http://www.computerworld.com/article/2851513/traces-of-regin-malware-may-date-back-to-2006.html

The Regin Espionage Toolkit – https://www.f-secure.com/weblog/archives/00002766.html

Sony quietly POODLE-proofs Playstations – http://www.theregister.co.uk/2014/11/24/sony_playstation_update_spells_death_knell_for_poodle/

One in six smartphone users victim of cyber attack: Study – http://zeenews.india.com/news/net-news/one-in-six-smartphone-users-victim-of-cyber-attack-study_1503905.html

How to Prevent Heart Hackers From Turning Off Pacemakers – http://blogs.discovermagazine.com/80beats/2009/11/11/how-to-prevent-heart-hackers-from-turning-off-pacemakers/

Social engineering: How it’s used to gain cyber information – http://www.scmagazine.com/social-engineering-how-its-used-to-gain-cyber-information/article/358339/

eBay hack could result in social engineering schemes – http://www.pcworld.com/article/2157511/threat-from-ebay-hack-has-nothing-to-do-with-your-password.html

Salted Hash: Live from DEF CON – Social Engineering – http://www.csoonline.com/article/2463460/social-engineering/salted-hash-live-from-def-con-social-engineering.html

Sony Denies PSN Was Hacked – http://www.gamespot.com/articles/sony-denies-psn-was-hacked/1100-6423774/

Crypto protocols held back by legacy, says ENISA – http://www.theregister.co.uk/2014/11/24/crypto_protocols_held_back_by_legacy_says_enisa/

Organized crime increasingly behind cyber attacks – http://www.consumeraffairs.com/news/organized-crime-increasingly-behind-cyber-attacks-112414.html

Here’s What Chinese Hackers Can Actually Do To The US Power Grid – http://www.businessinsider.com/what-hackers-can-do-to-our-power-grid-2014-11?IR=T

Internal and External Forces Shaping Cybersecurity in Financial Services – http://www.securityweek.com/internal-and-external-forces-shaping-cybersecurity-financial-services

Retailers beefing up security against data breaches – http://www.detroitnews.com/story/business/retail/2014/11/23/retailers-focus-protecting-customers-data-breaches/19466287/

The White House breach and the evolving attack surface – http://www.gsnmagazine.com/node/43029?c=cyber_security

SandWorm thrived thanks to botched MSFT patch says HP – http://www.theregister.co.uk/2014/11/23/sandworm_thrived_thanks_to_botched_msft_patch_says_hp/

NIST revealing next steps to bolster cyber security – http://www.businessinsurance.com/article/20141123/NEWS07/311239980?tags=%7C299%7C303%7C335

UK police: up to 5 terror plots foiled this year – http://www.star-telegram.com/2014/11/23/6311641/uk-police-up-to-5-terror-plots.html?rh=1

Everything your users ever need to know about BYOD – http://www.theregister.co.uk/2014/11/23/byod_checklist/

Cyber attacks, more or less? – http://securityandconflict.umwblogs.org/2014/11/22/cyber-attacks-more-or-less/

The Secret Life of Passwords – http://www.nytimes.com/2014/11/19/magazine/the-secret-life-of-passwords.html?_r=0

“That’s not a hack…” – 60 Sec Security [VIDEO] – https://nakedsecurity.sophos.com/2014/11/22/thats-not-a-hack-60-sec-security-video/

Saving the Critical Infrastructure – http://www.business2community.com/tech-gadgets/saving-critical-infrastructure-01075883

Cyber Ghosts: Digital Espionage and the New Cold War – http://www.havokjournal.com/nation/cyber-ghosts-digital-espionage-new-cold-war/

David Ruben — Social Engineering, Brainwashing and Hypnosis, Part 2 – https://gyggrey.wordpress.com/2014/11/22/david-ruben-social-engineering-brainwashing-and-hypnosis-part-2/

Fears grow of Iran cyber attack – http://thehill.com/policy/cybersecurity/225045-fears-grow-of-iran-cyber-attack

A Rare Peek Into The Massive Scale of AWS – http://www.enterprisetech.com/2014/11/14/rare-peek-massive-scale-aws/

Intel boss’ warning on cyber attacks no joke, say experts – http://www.foxnews.com/world/2014/11/23/intel-boss-warning-on-cyber-attacks-no-joke-say-experts/?cmpid=NL_fntop

Hackers Target Medical Records as Electronic Data Becomes Less Lucrative – http://www.ibtimes.co.uk/hackers-target-medical-records-electronic-data-becomes-less-lucrative-1476043

EXECUTIVE CYBER INTELLIGENCE REPORT: NOVEMBER 21, 2014 – http://www.tripwire.com/state-of-security/government/executive-cyber-intelligence-report-november-21-2014/

Who is out there waiting to spy on you or steal your data? – http://www.theregister.co.uk/2014/11/21/cyber_security/

Critical XSS Flaw Affects WordPress 3.9.2 And Earlier – http://www.darknet.org.uk/2014/11/critical-xss-flaw-affects-wordpress-3-9-2-earlier/

EXCLUSIVE: eHarmony Members’ Personal Information Accessed In Security Breach – http://globaldatinginsights.com/21112014-exclusive-eharmony-members-personal-information-accessed-security-breach/

 

Miscellaneous Privacy stories

Do we want privacy or free stuff? Both – http://www.startribune.com/lifestyle/283542141.html

Security expert: Online privacy possible but not plausible – http://www.krdo.com/news/security-expert-online-privacy-possible-but-not-plausible/29516642

What you really agree to when you click ‘accept’ – http://money.cnn.com/2014/05/19/technology/security/privacy-policy/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


Posted 4 years ago on · Permalink