Information Security Breach Report – 25 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Hackers shut down Sony Pictures’ computers and are blackmailing the studio – http://www.theverge.com/2014/11/24/7277451/sony-pictures-paralyzed-by-massive-security-compromise

Updated: Hackers replace Sony’s backup app on Google Play – https://gigaom.com/2014/11/24/hackers-replace-sonys-backup-app-on-google-play/

‘Regin’ Attack Platform Targeted GSM Networks – http://www.securityweek.com/regin-attack-platform-targeted-gsm-networks

Cyber Hacker Lewys Martin Wanted £1m in Bitcoin for 28,000 Halifax Customers’ Bank Details – http://www.ibtimes.co.uk/cyber-hacker-lewys-martin-wanted-1m-bitcoin-28000-halifax-customers-bank-details-1476302

Hackers claim attack on Cleveland’s websites – http://www.usatoday.com/story/news/nation/2014/11/24/cleveland-websites-hacked/19479657/

28 Charged, $2M Potentially Stolen in Minn. ID Theft Ring – http://kstp.com/article/stories/s3603595.shtml

Warning over ‘fake’ offshore bank – http://www.bbc.co.uk/news/world-europe-jersey-30178169

Using a password manager on Android? It may be wide open to sniffing attacks – http://arstechnica.com/security/2014/11/using-a-password-manager-on-android-it-may-be-wide-open-to-sniffing-attacks/

Fraud Service Uses Charity Websites to Validate Stolen Credit Card Data – http://www.securityweek.com/fraud-service-uses-charity-websites-validate-stolen-credit-card-data

 

Miscellaneous Infosec stories:

[Note: Regin] SECRET MALWARE IN EUROPEAN UNION ATTACK LINKED TO U.S. AND BRITISH INTELLIGENCE – https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/ and http://www.securityweek.com/cyberspying-tool-could-have-us-british-origins

New ‘Internet Security Council’ struggling to get off the ground – http://www.theregister.co.uk/2014/11/25/netmundial_initiative_struggling/

A year after Target data breach, aftershocks finally end – http://www.twincities.com/shopping/ci_27004429/year-after-target-data-breach-aftershocks-finally-end

Intel and McAfee plan to kill PC passwords with new biometric authentication – http://www.pcworld.com/article/2851892/intel-to-tame-passwords-with-biometric-authentication.html

The Cybersecurity Myths That Small Companies Still Believe – http://www.businessweek.com/articles/2014-11-24/the-cyber-security-myths-that-small-companies-still-believe

Video: ‘Clairvoyant’ freaks out Belgians with ‘mind reading techniques’ in viral web-security ad – http://www.tntmagazine.com/news/weird/video-clairvoyant-freaks-out-belgians-with-mind-reading-techniques-in-viral-web-security-ad

Hackers Shut Down City of Cleveland’s Website After Shooting Death of Tamir Rice – http://www.clevescene.com/scene-and-heard/archives/2014/11/24/hackers-shut-down-city-of-clevelands-website-after-shooting-death-of-tamir-rice

Webcam hackers arrested in Europe-wide raids – http://cio.economictimes.indiatimes.com/news/digital-security/webcam-hackers-arrested-in-europe-wide-raids/45261297?utm_source=RSS&utm_medium=ETRSS

Owner of site streaming webcam feeds ‘seeks new job’ – http://www.bbc.co.uk/news/technology-30176359

Experts Predict Retailers Will Face Holiday Hacking Surge – http://blogs.wsj.com/cio/2014/11/21/experts-predict-retailers-will-face-holiday-hacking-surge/

5 ways to escape password hell – http://www.csoonline.com/article/2851320/data-protection/5-ways-to-escape-password-hell.html

Cybersecurity lapses leave government agencies vulnerable to hackers – http://www.washingtontimes.com/news/2014/nov/23/cybersecurity-lapses-leave-us-government-agencies-/

How to restore customer’s trust in data security – http://www.information-age.com/technology/security/123458665/how-restore-customers-trust-data-security

China Voice: Cyber security should avoid becoming Achilles’ heel – http://www.shanghaidaily.com/article/article_xinhua.aspx?id=254362

Can Facebook’s Microphone Feature Get Hijacked? Probably YES! – http://www.huffingtonpost.com/rebecca-abrahams/can-facebooks-microphone_b_5417395.html

 

Tools, Tips and How it’s done :

Kevin Mitnick shows how easy it is to hack a phone – http://www.cnet.com/news/kevin-mitnick-shows-how-easy-it-is-to-hack-a-phone/

Cisco IOS Penetration Testing with Metasploit – https://community.rapid7.com/community/metasploit/blog/2010/12/17/cisco-ios-penetration-testing-with-metasploit

Scammers used fake product listings to steal from Walmart – http://www.net-security.org/secworld.php?id=17684

Google’s “Santa” Tracks Naughty and Nice Binaries on Mac OS X – http://www.securityweek.com/googles-santa-tracks-naughty-and-nice-binaries-mac-os-x

How hackers are exploiting vulnerable DVRs to conduct illegal activities – http://securityaffairs.co/wordpress/30451/cyber-crime/how-hackers-exploit-dvrs.html

LinEnum – Linux Enumeration & Privilege Escalation Tool – http://www.darknet.org.uk/2014/11/linenum-linux-enumeration-privilege-escalation-tool/

Protect Your Cards from Multiple Kinds of Skimmers – http://www.huffingtonpost.com/robert-siciliano/protect-your-cards-from-m_b_5487637.html

Researchers Warn Google Glass Users Could Steal Passwords From Afar – http://sanfrancisco.cbslocal.com/2014/06/24/how-google-glass-can-sneakily-steal-your-passwords-from-afar-wearable-tech/

Social Engineering Always Wins: An Epic Hack, Revisited – http://www.wired.com/2014/01/my-epic-hack-revisited/

How To Stop People Hacking Your Webcam – http://www.lifehacker.com.au/2014/11/how-to-stop-people-hacking-your-webcam/

How to create seamless mobile security for employees – http://www.csoonline.com/article/2851319/mobile-security/how-to-create-seamless-mobile-security-for-employees.html#tk.rss_all

How to use Tor to cloak your web browsing from prying eyes – http://howto.techworld.com/security/3290036/how-to-use-tor-to-cloak-your-web-browsing-from-prying-eyes/

Cloud Security By The Numbers – http://www.darkreading.com/cloud/cloud-security-by-the-numbers/d/d-id/1317665?image_number=2

When Every Minute Counts (Part 2) – http://www.darkreading.com/partner-perspectives/intel/when-every-minute-counts-(part-2)/a/d-id/1317660

Penetration Testing Methodology for Web Applications – http://resources.infosecinstitute.com/penetration-testing-methodology-web-applications/

Website Malware Removal: Phishing – http://blog.sucuri.net/2014/11/website-malware-removal-phishing.html

 

Miscellaneous Privacy stories

Who’s been writing in my apps? Googlilocks builds new apps-tracker – http://www.theregister.co.uk/2014/11/25/google_employs_security_wizard_for_apps_drops_intel_panels/

Postal Service almost never denies mail-surveillance requests – http://www.washingtonpost.com/blogs/federal-eye/wp/2014/11/20/postal-service-almost-never-denies-mail-surveillance-requests/

Security bill: The challenge of identifying internet users – http://www.bbc.co.uk/news/technology-30175097

Senator demands answers about DOJ mobile phone surveillance planes – http://www.computerworld.com/article/2848608/senator-demands-answers-about-doj-mobile-phone-surveillance-planes.htm

Internet of Things – Top 10 privacy and data protection concerns – http://www.jdsupra.com/legalnews/internet-of-things-top-10-privacy-and-33695/

Researcher Releases Facebook Profile Data – http://bits.blogs.nytimes.com/2010/07/28/100-million-facebook-ids-compiled-online/?_r=0

Facebook Tries To Silence Blogger To Cover Up User Data Scandal [Updated] – http://readwrite.com/2012/10/26/facebook-asked-blogger-who-purchased-user-data-to-keep-quiet

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


Posted 3 years ago on · Permalink