Information Security Breach Report – 25 March 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

A Large Number of Hacking Vulnerable Routers Have Been Released to the Public – http://securityaffairs.co/wordpress/35248/hacking/hacking-vulnerable-routers.html

Adobe CVE-2011-2461 flaw is exploitable by 4 years although it was fixed – http://securityaffairs.co/wordpress/35234/hacking/adobe-cve-2011-2461.html

Study: One-third of top websites vulnerable or hacked – http://www.csoonline.com/article/2900449/browser-security/study-one-third-of-top-websites-vulnerable-or-hacked.html#tk.rss_all

Kreditech Investigates Insider Breach – http://krebsonsecurity.com/2015/03/kreditech-investigates-insider-breach/

Wind turbine blown away by control system vulnerability – http://www.theregister.co.uk/2015/03/24/wind_turbine_blown_away_by_csrf_vulnerability/

Cyber criminals target financial professionals involved in deal-making – http://www.thenational.scot/business/cyber-criminals-target-financial-professionals-involved-in-deal-making.1342

Adobe Flash fix FAIL exposes world’s most popular sites – http://www.theregister.co.uk/2015/03/24/borked_adobe_flash_files_expose_worlds_most_popular_sites/

Hilton member accounts info, trip dates open to plunder – http://www.theregister.co.uk/2015/03/24/hilton_worldwide_csrf_membership_vulns/

Smart TVs have become the new target for cyber criminals – http://www.pandasecurity.com/mediacenter/security/smart-tvs-have-become-the-new-target-for-cyber-criminals/

njRAT Infections on the Rise: Security Firms – http://www.securityweek.com/njrat-infections-rise-security-firms?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

DDoS Attackers Distracting Security Teams With Shorter Attacks: Corero Networks – http://www.securityweek.com/ddos-attackers-distracting-security-teams-shorter-attacks-corero-networks

Twitch accounts were compromised, passwords for all users reset – http://thenextweb.com/insider/2015/03/23/twitch-accounts-were-compromised-passwords-being-reset/

Researchers map Drupal attack that bypasses poorly tuned Web Application Firewalls – http://www.csoonline.com/article/2900897/application-security/researchers-map-drupal-attack-that-bypasses-poorly-tuned-web-application-firewalls.html#tk.rss_all

More Powerful Ransomware with Increased File-Infection Spotted – http://www.spamfighter.com/News-19528-More-Powerful-Ransomware-with-Increased-File-Infection-Spotted.htm

Google warns of unauthorized TLS certificates trusted by almost all OSes [Updated] – http://arstechnica.com/security/2015/03/google-warns-of-unauthorized-tls-certificates-trusted-by-almost-all-oses/

Third US Health Entity Suspected of being Compromised – http://vulnerabledisclosures.blogspot.co.uk/2015/03/third-us-health-entity-suspected-of.html

Ghost blogging platform affected by multiple vulnerabilities – http://securityaffairs.co/wordpress/35217/hacking/ghost-blogging-platform-flaws.html

Details of more than 1,900 pupils from Henry Park Primary School leaked – http://news.asiaone.com/news/singapore/details-more-1900-pupils-henry-park-primary-school-leaked

Fake “Incoming Fax Report” emails lead to crypto-ransomware – http://www.net-security.org/malware_news.php?id=2994&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

 

Miscellaneous Infosec stories:

Cyber threat largest risk facing UK businesses: Marsh – http://www.canadianunderwriter.ca/news/cyber-threat-largest-risk-facing-uk-businesses-marsh/1003535958/?&er=NA

APT & Cyber-Extortion: Who’s at Risk? – http://www.bankinfosecurity.com/interviews/apt-cyber-extortion-whos-at-risk-i-2609

Attackers Target Community Banks – http://www.bankinfosecurity.com/interviews/attackers-target-community-banks-i-2610

CEOs have false perception of the extent of their cyber risk insurance cover, new report finds – http://www.out-law.com/en/articles/2015/march/ceos-have-false-perception-of-the-extent-of-their-cyber-risk-insurance-cover-new-report-finds/

 

Tools, Tips and How it’s done:

Open source security tool indicates Android app vulnerability spike – http://searchsecurity.techtarget.com/news/2240242888/Open-source-security-tool-indicates-Android-app-vulnerability-spike

Mainframe Security — Part 3 — Where is all your sensitive data? – https://www.linkedin.com/pulse/mainframe-security-part-3-where-all-your-sensitive-data-schrager

How Kevin Mitnick hacked the audience at CeBIT 2015 – https://news.hitb.org/content/how-kevin-mitnick-hacked-audience-cebit-2015

5 Social Engineering Attacks to Watch Out For – http://www.tripwire.com/state-of-security/security-awareness/5-social-engineering-attacks-to-watch-out-for/

HOW TO PROTECT YOURSELF FROM SOCIAL ENGINEERS IN THE SOCIAL MEDIA – https://www.halock.com/blog/protect-social-engineers-social-media/

What horrors lurk in the future: Networks without sysadmins – http://www.theregister.co.uk/2015/03/24/the_final_horror_networks_without_sysadmins/

Maintaining digital certificate security – http://googleonlinesecurity.blogspot.co.uk/2015/03/maintaining-digital-certificate-security.html

The blackjack vulnerability – http://xn--mric-bpa.fr/blog/blackjack.html

Security for Meetings – http://www.forbes.com/sites/stratfor/2015/03/23/security-for-meetings/

BitWhisper: Stealing Data From Isolated Computers Using Heat Emissions and Built-in Thermal Sensors – http://www.securityweek.com/air-gapped-computers-can-communicate-through-heat-researchers

4 Lessons Learned After Winning A Car at Ford’s Hackathon – http://danielscocco.com/4-lessons-learned-after-winning-a-car-at-fords-hackathon/

What is the True Cost of a Data Breach to an Organization? – http://globenewswire.com/news-release/2015/03/24/718130/10126019/en/What-is-the-True-Cost-of-a-Data-Breach-to-an-Organization.html

The hidden tricks of powerful persuasion – http://www.bbc.com/future/story/20150324-the-hidden-tricks-of-persuasion

BitWhisper: The Heat is on the Air-Gap – http://cyber.bgu.ac.il/blog/bitwhisper-heat-air-gap

Top 10 things to do when responding to a cyber security incident – http://www.strategic-risk-global.com/top-10-things-to-do-when-responding-to-a-cyber-security-incident/1413251.article

Were Weak Passwords A Problem In Recent Data Breaches? Usernames May Be A Bigger One – http://www.hstoday.us/briefings/industry-news/single-article/were-weak-passwords-a-problem-in-recent-data-breaches-usernames-may-be-a-bigger-one/b5eadaef9002380da155315a978f9592.html

Why aren’t you vulnerability scanning more often? – http://www.csoonline.com/article/2901472/vulnerabilities/why-aren-t-you-vulnerability-scanning-more-often.html#tk.rss_all

 

Miscellaneous Privacy stories:

Metadata retention is no worse than STALKING: Turnbull – http://www.theregister.co.uk/2015/03/24/metadata_retention_is_no_worse_than_stalking_turnbull/

 

Safeguarding Children and School E-Safety stories:

Details of more than 1,900 pupils from Henry Park Primary School leaked – http://news.asiaone.com/news/singapore/details-more-1900-pupils-henry-park-primary-school-leaked

It’s Our Responsibility to Stand Up to Cyber Bullies [VIDEO] – http://tech.co/justine-ezarik-video-interview-sxsw-2015-03

Schools Weigh Access to Students’ Social-Media Passwords – http://www.edweek.org/ew/articles/2015/02/18/schools-weigh-access-to-students-social-media.html

75-year-old man jailed after grooming 13-year-old on the internet and having sex with her – http://www.liverpoolecho.co.uk/news/liverpool-news/75-year-old-st-helens-man-jailed-8902756

Teachers to be trained to tackle homophobia – https://news.tes.co.uk/b/news/2015/03/24/teachers-to-be-trained-to-tackle-homophobia.aspx

Children’s details lost and sent to wrong place by Derby City Council employees – http://www.derbytelegraph.co.uk/Children-s-details-lost-sent-wrong-place-Derby/story-26219043-detail/story.html

Four advantages of an identity behavior-based approach to cybersecurity – http://www.net-security.org/article.php?id=2243&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Posted 4 years ago on · Permalink