Information Security Breach Report – 26 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at


Breaches, Incidents and Alerts:

Privacy bods Detekt FinFisher dressed as bookmark manager –

Home Depot spent $43 million on data breach in just one quarter –

Home Depot facing at least 44 civil suits in data breach –

Sony Pictures Computers Down for a Second Day After Network Breach –

Sony Pictures data breach may have been an inside job: Report – and

Beth Israel Agrees To Pay $100K To Settle 2012 Data Breach Case –

APT3 Group Using Windows OLE Vulnerability: FireEye –

Revealed: How cyber criminals use Defra website to find farmers who have received EU handouts to raid their bank account –

Adobe Pushes Critical Flash Patch – and

Craigslist Back Online Following DNS Hijack –

U.S. Postal Service Breach: A Timeline –

Breach Reported After Vendor Dispute –

Credit Union investigator fined €5k over data breach –

Data Breach Scottish Health Board Warned: Put Your House In Order –

Axa Wealth apologises for advised clients data breach –

Brazilian bank users threatened by 2 malicious apps deployed on the Google Play –

Siemens Fixes Critical Vulnerabilities in WinCC SCADA Products –


Miscellaneous Infosec stories:

Compromised Credentials Have a High ROI for Attackers –

The tipping point for biometric security –

Employers on high-alert of temp workers being targeted by scams –

Essential reading: the irreconcilable tension between cybersecurity and national security –

Discover Financial sues Visa over anti-competitive card practices –


Most CEOs clueless about cyberattacks – and their response to incidents proves it –

Google turns on shiny new .google top-level domain – but WHY? –

Infosec Isn’t A Gated Community –

The branded bug: Meet the people who name vulnerabilities –

Why Competitors Should Collaborate More on Cyber Security Issues –

Jack Into this Supercut of the Best Hacking of the ’90s –

Automakers trying to drive away car computer hackers –

NSA SOURCE CODE LEAK: Information slurp tools to appear online –

[Note: Interesting paper from 2003] Self-Healing Networks –

Vectra Networks’ Post Breach Report Reveals Attacker Habits –

The Scary Truth About Credit Cards The Banks Don’t Want You To Know –

How the World’s First Computer Was Rescued From the Scrap Heap –

Regin Espionage Malware: 8 Key Issues –

Groaning under talent squeeze, CIOs resort to outsourcing –


In wake of Uber privacy scandal, Lyft announces data restrictions –

Ransom malware attacks underscore limitations of anti-virus software –


Tools, Tips and How it’s done:

Let’s Encrypt initiative to provide free encryption certificates –

Guest diary: Detecting Suspicious Devices On-The-Fly –

Sophos Techknow – Dealing with Ransomware [PODCAST] –

10 Ways Security Gurus Give Thanks –

Android Application hacking with Insecure Bank Part 1 –

Speeding Up Breach Detection –


Zen and the Art of Cloud Database Security (Part 1) –

Hacker Lexicon: What Is End-to-End Encryption? –

Balancing Risk and Performance: Managing Firewalls Shouldn’t Push Risks to the Extreme –

Weekly Metasploit Wrapup: Exploiting Mobile Security Software –


Miscellaneous Privacy stories

Lee Rigby murder: Should online surveillance be wider? –

Hey, here’s some face-tracking tech from Samsung you probably won’t find creepy at all –

Snowden doc leak lists submarine’d cables tapped by spooks –

Journalist phone records given to UK police in data breach –

Seattle schools waited days to tell parents of huge student info leak –

Massive government privacy breach of famous Canadians shows urgent need for far stronger protections to safeguard Canadians’ data –

Man Pleads Guilty for Selling “StealthGenie” Spyware App and Ordered to Pay $500,000 Fine –

DailyDirt: Just Because You’re Paranoid, Doesn’t Mean They’re Not Watching You… –

The Cyber Security Syndrome –


If you would like this report sent to your inbox each morning, email me at


You can see all previous issues of this blog at

My Linkedin Profile is

Posted 4 years ago on · Permalink