Information Security Breach Report – 27 April 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Tesla’s website has been hacked – http://cio.economictimes.indiatimes.com/news/digital-security/teslas-website-has-been-hacked/47057428

White Lodging Services confirms second payment card breach – http://www.csoonline.com/article/2908853/data-breach/white-lodging-services-confirms-second-payment-card-breach.html#tk.rss_all

Punkey, a new POS Malware in the criminal ecosystem – http://securityaffairs.co/wordpress/36113/cyber-crime/punkey-pos-malware.html

Zero-Day Malvertising Attack Went Undetected For Two Months – http://www.darkreading.com/attacks-breaches/zero-day-malvertising-attack-went-undetected-for-two-months/d/d-id/1320092?_mc=RSS_DR_EDT

NetNanny Found Using Shared Private Key, Root CA – https://threatpost.com/netnanny-found-using-shared-private-key-root-ca/112354

Pushdo spamming botnet still active in the wild – http://securityaffairs.co/wordpress/36171/cyber-crime/pushdo-spamming-botnet.html

Cash register maker used same password – 166816 – non-stop since 1990 – http://www.theregister.co.uk/2015/04/23/166816_the_pos_pin_for_win_since_1990/

Phasebot, the fileless malware sold in the underground – http://securityaffairs.co/wordpress/36206/cyber-crime/phasebot-fileless-malware.html

Samsung Galaxy S5 could be open to fingerprint theft – http://www.welivesecurity.com/2015/04/23/samsung-galaxy-s5-open-fingerprint-theft/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

Costa Coffee Club members wake up and smell the data breach – http://www.theregister.co.uk/2015/04/23/costa_coffee_club_members_security_breach/

Hacked off: Tesco Clubcard and Costa Coffee cards breached in Cambridge area – http://www.cambridge-news.co.uk/Hacked-Tesco-Costa-Coffee-cards-breached/story-26392209-detail/story.html

Bypassing OS X Security Tools is Trivial, Researcher Says – https://threatpost.com/bypassing-os-x-security-tools-is-trivial-researcher-says/112410

Login Vulnerability Exposes SAP ASE Databases – http://www.securityweek.com/login-vulnerability-exposes-sap-ase-databases?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Magento Flaw Exploited in the Wild a few hours after disclosure – http://securityaffairs.co/wordpress/36252/hacking/magento-flaw-exploited-hackers.html

New Threats Range From ‘Dribbling Breached Data’ to IoT and Toys – http://www.eweek.com/security/new-threats-range-from-dribbling-breached-data-to-iot-and-toys.html

39,000 patients may have been victim in Seton data breach – http://kxan.com/2015/04/24/39000-affected-in-seton-phishing-attack-targeting-company-emails/

Hack breaches Taipei government computers – http://www.databreaches.net/hack-breaches-taipei-government-computers/

Phishing Leads to Healthcare Breach – http://www.infosecbuddy.com/news/phishing-leads-to-healthcare-breach/

No evidence that any data removed from system: Premera – http://www.databreaches.net/no-evidence-that-any-data-removed-from-system-premera/

Anonymous Claims Hack of Israeli Arms Importer, Fab-Defense; Leaks Massive Client Login Data – http://www.databreaches.net/anonymous-claims-hack-of-israeli-arms-importer-fab-defanse-leaks-massive-client-login-data/

Evil Wi-Fi kills iPhones, iPods in range – ‘No iOS Zone’ SSL bug revealed – http://www.theregister.co.uk/2015/04/22/apple_no_ios_zone_bug/

WordPress Releases Version 4.1.2, Calls It A “Critical Security Release” – http://marketingland.com/wordpress-releases-version-4-1-2-calls-it-a-critical-security-release-125965

 

Miscellaneous Infosec stories:

Hacking telesurgery robots, a concrete risk – http://securityaffairs.co/wordpress/36305/hacking/hacking-telesurgery-robots.html

Spy in the sandbox attack to spy on your online activity – http://securityaffairs.co/wordpress/36178/hacking/spy-in-the-sandbox-attack.html

Insider threats force balance between security and access – http://www.csoonline.com/article/2913740/data-breach/insider-threats-force-balance-between-security-and-access.html#tk.rss_all

Study: Firms not ready to respond to complex threats – http://www.csoonline.com/article/2913833/cyber-attacks-espionage/study-majority-of-firms-not-ready-to-respond-to-complex-threats.html#tk.rss_all

48,000 Windows XP PCs are still running at TEPCO … which are the risks? – http://securityaffairs.co/wordpress/36263/security/tepco-48000-pcs-running-xp.html

Insurers mull proposed cyber rules – http://www.businessinsurance.com/article/20150426/NEWS06/304269959

Low IT security spend in region leaves businesses open to cyber attacks – http://www.timesofoman.com/News/50815/Article-Low-IT-security-spend-in-region-leaves-businesses-open-to-cyber-attacks

Cyber-Attacks Getting Respect All Over The World – http://www.inquisitr.com/2044303/cyber-attacks-getting-respect-all-over-the-world/

Russian Hackers Read Obama’s Emails During White House Security Breach – http://gizmodo.com/russian-hackers-read-obamas-emails-during-white-house-s-1700271500

Congress to banks: Admit you’ve been hacked! – http://money.cnn.com/2014/11/18/technology/security/congress-bank-hack/

Should we fear hackers? – http://www.quotesinpics.com/kevin-mitnick/quote_khgzzd/

Banks Lose Up to $100K/Hour to Shorter, More Intense DDoS Attacks – http://www.americanbanker.com/news/bank-technology/banks-lose-up-to-100khour-to-shorter-more-intense-ddos-attacks-1073966-1.html

Massive TalkTalk data breach STILL causing customer scam tsunami – http://www.theregister.co.uk/2015/04/23/fresh_wave_of_scammers_target_talktalk_customers/

Fraud or Breach? Questions to Ask Before Calling in the Cavalry – http://www.techzone360.com/topics/techzone/articles/2015/04/22/402061-fraud-breach-questions-ask-before-calling-the-cavalry.htm

Ransomware crims drop Bitcoin faster than Google axes services – http://www.theregister.co.uk/2015/04/24/ransomware_bitcoin/

The international effort to confront international cybercrime – http://www.csoonline.com/article/2914234/malware-cybercrime/the-international-effort-to-confront-international-cybercrime.html#tk.rss_all

Encryption adoption slows, but users believe it frees them from breach reporting – http://www.cso.com.au/article/573196/encryption-adoption-slows-users-believe-it-frees-them-from-breach-reporting/

It’s official: David Brents are the weakest link in phishing attacks – http://www.theregister.co.uk/2015/04/22/proofpoint_phishing_study/

A Few Challenges in Calculating Total Cost of a Data Breach Using Insurance Claims Payment Data – http://www.ponemon.org/blog/a-few-challenges-in-calculating-total-cost-of-a-data-breach-using-insurance-claims-payment-data

Your city’s not smart if it’s vulnerable, says hacker – http://www.theregister.co.uk/2015/04/20/smart_city_vendors_blasted_for_dumb_security/

BYOD and cloud are top data breaches and malware risks, survey shows – http://www.csoonline.com/article/2906359/data-breach/byod-and-cloud-are-top-data-breaches-and-malware-risks-survey-shows.html#tk.rss_all

 

Tools, Tips and How it’s done:

Analyzing the Magento Vulnerability (Updated) – http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/

1,500 iOS apps have HTTPS-crippling bug. Is one of them on your device? – http://arstechnica.com/security/2015/04/20/1500-ios-apps-have-https-crippling-bug-is-one-of-them-on-your-device/

The hacker Stefan Esser shows the jailbreak for iOS 8.4 beta 1 – http://securityaffairs.co/wordpress/36154/hacking/ios-8-4-beta-1-jailbreak.html

How to hack Avaya phones with a simple text editor – http://securityaffairs.co/wordpress/36187/hacking/how-to-hack-avaya-phone.html

How to discover NSA Quantum Insert attacks on your systems – http://securityaffairs.co/wordpress/36224/hacking/nsa-quantum-insert-attacks.html

Former hacker talks phone password security – http://wishtv.com/2015/04/26/former-hacker-talks-about-cyber-security/

Your big data toolchain is a big security risk! – http://www.vitavonni.de/blog/201504/2015042601-big-data-toolchains-are-a-security-risk.html

Quantum Insert Attack – https://isc.sans.edu/diary/Quantum+Insert+Attack/19625

Smarter threats and the rising complexity of cybercrime – http://www.net-security.org/secworld.php?id=18285&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Millions of accounts are being compromised because developers don’t have a specialised user database – http://fourlightyears.blogspot.co.uk/2015/04/millions-of-accounts-are-being.html

How To Protect Your Business From Social Engineering – https://quostar.com/blog/how-to-protect-your-business-from-social-engineering/

This machine catches stingrays: Pwnie Express demos cellular threat detector – http://arstechnica.com/information-technology/2015/04/20/this-machine-catches-stingrays-pwnie-express-demos-cellular-threat-detector/

Inside the rickety, vulnerable systems that run just about every power plant – http://www.csoonline.com/article/2905402/data-protection/inside-the-rickety-vulnerable-systems-that-run-just-about-every-power-plant.html#tk.rss_all

 

Miscellaneous Privacy stories:

Hackers spy on Kansas family through unsecured baby monitor – http://www.welivesecurity.com/2015/04/22/hackers-spy-kansas-family-unsecured-baby-monitor/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29

 

Safeguarding Children and School E-Safety stories:

We’re not getting to grips with online hate – http://www.heraldsun.com.au/news/opinion/were-not-getting-to-grips-with-online-hate/story-fni0fhh1-1227322032416

Rise in reports of abusive texts prompts headteacher to send letter to parents – http://www.lancashiretelegraph.co.uk/news/12909796.Rise_in_reports_of_abusive_texts_prompts_headteacher_to_send_letter_to_parents/

5 ways to tell an online predator may be grooming your child – http://www.thedenverchannel.com/money/science-and-tech/5-ways-to-tell-a-predator-is-grooming-your-child

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Posted 3 years ago on · Permalink