Information Security Breach Report – 26 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Privacy bods Detekt FinFisher dressed as bookmark manager – http://www.theregister.co.uk/2014/11/26/privacy_bods_detekt_finisher_dressed_as_bookmark_manager/

Home Depot spent $43 million on data breach in just one quarter – http://www.pcworld.com/article/2852472/home-depot-spent-43-million-on-data-breach-in-just-one-quarter.html

Home Depot facing at least 44 civil suits in data breach – http://www.marketwatch.com/story/home-depot-facing-at-least-44-civil-suits-in-data-breach-2014-11-25-71031725?mod=MW_video_latest_news

Sony Pictures Computers Down for a Second Day After Network Breach – http://bits.blogs.nytimes.com/2014/11/25/sony-pictures-computers-down-for-a-second-day-after-network-breach/?_r=0

Sony Pictures data breach may have been an inside job: Report – http://mashable.com/2014/11/25/sony-pictures-hack-inside/ and http://www.csoonline.com/article/2851649/physical-security/hackers-suggest-they-had-physical-access-during-attack-on-sony-pictures.html

Beth Israel Agrees To Pay $100K To Settle 2012 Data Breach Case – http://www.ihealthbeat.org/articles/2014/11/25/beth-israel-agrees-to-pay-100k-to-settle-2012-data-breach-case

APT3 Group Using Windows OLE Vulnerability: FireEye – http://www.securityweek.com/apt3-group-using-windows-ole-vulnerability-fireeye

Revealed: How cyber criminals use Defra website to find farmers who have received EU handouts to raid their bank account – http://www.thisismoney.co.uk/money/saving/article-2847227/How-farmers-target-cyber-criminals-looking-raid-bank-accounts-fresh-EU-funds.html

Adobe Pushes Critical Flash Patch – http://krebsonsecurity.com/2014/11/adobe-pushes-critical-flash-patch/ and https://www.f-secure.com/weblog/archives/00002768.html

Craigslist Back Online Following DNS Hijack – http://threatpost.com/craigslist-back-online-following-dns-hijack/109559

U.S. Postal Service Breach: A Timeline – http://www.bankinfosecurity.co.uk/us-postal-service-breach-timeline-a-7606

Breach Reported After Vendor Dispute – http://www.databreachtoday.com/breach-reported-after-vendor-dispute-a-7605

Credit Union investigator fined €5k over data breach – http://www.herald.ie/news/courts/credit-union-investigator-fined-5k-over-data-breach-30771948.html

Data Breach Scottish Health Board Warned: Put Your House In Order – http://www.misco.co.uk/blog/news/02481/data-breach-scottish-health-board-warned-put-your-house-in-order

Axa Wealth apologises for advised clients data breach – http://www.ftadviser.com/2014/11/21/investments/wraps-and-platforms/axa-wealth-apologises-for-advised-clients-data-breach-8aof5ux5ly3RlmAL4luY3O/article.html

Brazilian bank users threatened by 2 malicious apps deployed on the Google Play – http://securityaffairs.co/wordpress/30390/cyber-crime/brazil-banks-2-malicious-apps.html

Siemens Fixes Critical Vulnerabilities in WinCC SCADA Products – http://www.securityweek.com/siemens-fixes-critical-vulnerabilities-wincc-scada-products

 

Miscellaneous Infosec stories:

Compromised Credentials Have a High ROI for Attackers – https://community.rapid7.com/community/userinsight/blog/2014/11/25/compromised-credentials-have-a-high-roi-for-attackers

The tipping point for biometric security – http://www.abc.net.au/technology/articles/2014/11/26/4136367.htm

Employers on high-alert of temp workers being targeted by scams – http://www.tweaktown.com/news/41429/employers-on-high-alert-of-temp-workers-being-targeted-by-scams/index.html

Essential reading: the irreconcilable tension between cybersecurity and national security – http://boingboing.net/2014/11/25/essential-reading-the-irrecon.html

Discover Financial sues Visa over anti-competitive card practices – http://www.reuters.com/article/2014/11/26/us-discover-finl-visa-lawsuit-idUSKCN0JA08H20141126

BREACH DETECTION VERSUS CHANGE DETECTION – http://www.tripwire.com/state-of-security/incident-detection/breach-detection-versus-change-detection/

Most CEOs clueless about cyberattacks – and their response to incidents proves it – http://www.zdnet.com/most-ceos-clueless-about-cyberattacks-and-their-response-to-incidents-proves-it-7000025396/#%21

Google turns on shiny new .google top-level domain – but WHY? – http://www.theregister.co.uk/2014/11/26/google_turns_on_google_internet_extension/

Infosec Isn’t A Gated Community – https://www.linkedin.com/pulse/article/20141125210306-6382932-infosec-isn-t-a-gated-community

The branded bug: Meet the people who name vulnerabilities – http://www.zdnet.com/the-branded-bug-meet-the-people-who-name-vulnerabilities-7000036140/

Why Competitors Should Collaborate More on Cyber Security Issues – http://www.entrepreneur.com/article/239550

Jack Into this Supercut of the Best Hacking of the ’90s – http://www.popularmechanics.com/technology/gadgets/tech-news/jack-into-this-supercut-of-the-best-hacking-of-the-90s-17461851

Automakers trying to drive away car computer hackers – http://www.sfchronicle.com/business/article/Automakers-trying-to-drive-away-car-computer-5917451.php

NSA SOURCE CODE LEAK: Information slurp tools to appear online – http://www.theregister.co.uk/2014/11/25/nsa_source_code_release/

[Note: Interesting paper from 2003] Self-Healing Networks – http://queue.acm.org/detail.cfm?id=864027

Vectra Networks’ Post Breach Report Reveals Attacker Habits – http://thevarguy.com/network-security-and-data-protection-software-solutions/112514/vectra-networks-post-breach-report

The Scary Truth About Credit Cards The Banks Don’t Want You To Know –  http://www.techweekeurope.co.uk/e-enterprise/financial-market/scary-truth-credit-cards-banks-dont-want-know-156362

How the World’s First Computer Was Rescued From the Scrap Heap – http://www.wired.com/2014/11/eniac-unearthed/

Regin Espionage Malware: 8 Key Issues – http://www.databreachtoday.co.uk/regin-espionage-malware-8-key-issues-a-7609

Groaning under talent squeeze, CIOs resort to outsourcing – http://cio.economictimes.indiatimes.com/news/corporate-news/groaning-under-talent-squeeze-cios-resort-to-outsourcing/45269317?utm_source=RSS&utm_medium=ETRSS

EGYPTIAN CYBER HACKERS TARGET ISIS, MUSLIM BROTHERHOOD – http://www.breitbart.com/Big-Peace/2014/11/24/Egyptian-Cyber-Hackers-Target-ISIS-Muslim-Brotherhood

In wake of Uber privacy scandal, Lyft announces data restrictions – http://arstechnica.com/business/2014/11/in-wake-of-uber-privacy-scandal-lyft-announces-data-restrictions/

Ransom malware attacks underscore limitations of anti-virus software – http://www.csoonline.com/article/2850978/malware-cybercrime/ransom-malware-attacks-underscore-limitations-of-antivirus-software.html

 

Tools, Tips and How it’s done:

Let’s Encrypt initiative to provide free encryption certificates – http://www.techrepublic.com/article/lets-encrypt-initiative-to-provide-free-encryption-certificates/

Guest diary: Detecting Suspicious Devices On-The-Fly – https://isc.sans.edu/diary/Guest+diary%3A+Detecting+Suspicious+Devices+On-The-Fly/18993

Sophos Techknow – Dealing with Ransomware [PODCAST] – https://nakedsecurity.sophos.com/2014/11/25/sophos-techknow-dealing-with-ransomware/

10 Ways Security Gurus Give Thanks – http://www.darkreading.com/10-ways-security-gurus-give-thanks/d/d-id/1317745

Android Application hacking with Insecure Bank Part 1 – http://resources.infosecinstitute.com/android-application-hacking-insecure-bank-part-1/

Speeding Up Breach Detection – http://www.databreachtoday.com/speeding-up-breach-detection-a-7604

[Note: Download] A STUDY OF INSIDER THREAT PERSONAS – http://www.isdecisions.com/insider-threat-persona-study/

Zen and the Art of Cloud Database Security (Part 1) – http://www.securityweek.com/zen-and-art-cloud-database-security-part-1

Hacker Lexicon: What Is End-to-End Encryption? – http://www.wired.com/2014/11/hacker-lexicon-end-to-end-encryption/

Balancing Risk and Performance: Managing Firewalls Shouldn’t Push Risks to the Extreme – http://www.securityweek.com/balancing-risk-and-performance-managing-firewalls-shouldnt-push-risks-extreme

Weekly Metasploit Wrapup: Exploiting Mobile Security Software – https://community.rapid7.com/community/metasploit/blog/2014/11/21/weekly-metasploit-wrapup

 

Miscellaneous Privacy stories

Lee Rigby murder: Should online surveillance be wider? – http://www.bbc.co.uk/news/uk-30203203

Hey, here’s some face-tracking tech from Samsung you probably won’t find creepy at all – http://www.theregister.co.uk/2014/11/26/like_samsungs_eyepowered_mouse_here_have_the_source_code/

Snowden doc leak lists submarine’d cables tapped by spooks – http://www.theregister.co.uk/2014/11/26/snowden_doc_leak_lists_all_the_compromised_cables/

Journalist phone records given to UK police in data breach – http://news.yahoo.com/journalist-phone-records-given-uk-police-data-breach-234810693.html

Seattle schools waited days to tell parents of huge student info leak – http://www.komonews.com/news/local/Seattle-schools-waited-days-to-tell-parents-of-huge-student-info-leak-283842361.html

Massive government privacy breach of famous Canadians shows urgent need for far stronger protections to safeguard Canadians’ data – https://openmedia.ca/news/massive-government-privacy-breach-famous-canadians-shows-urgent-need-far-stronger-protections-safegu

Man Pleads Guilty for Selling “StealthGenie” Spyware App and Ordered to Pay $500,000 Fine – http://www.justice.gov/opa/pr/man-pleads-guilty-selling-stealthgenie-spyware-app-and-ordered-pay-500000-fine

DailyDirt: Just Because You’re Paranoid, Doesn’t Mean They’re Not Watching You… – https://www.techdirt.com/articles/20100809/03583510559/dailydirt-just-because-youre-paranoid-doesnt-mean-theyre-not-watching-you.shtml

The Cyber Security Syndrome – http://opencanada.org/features/the-cyber-security-syndrome/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/


Posted 3 years ago on · Permalink