Information Security Breach Report – 27 January 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Great Firewall of China blasts DDoS attacks at random IP addresses – http://www.theregister.co.uk/2015/01/26/great_firewall_of_china_ddos_bug/

Java is the biggest vulnerability for US computers – http://www.csoonline.com/article/2875535/application-security/java-is-the-biggest-vulnerability-for-us-computers.html#tk.rss_all

PHP 5 Updates Fix Several Vulnerabilities – http://www.securityweek.com/php-5-updates-fix-several-vulnerabilities

OS X 10.10.2 Includes Fix for ‘Thunderstrike’ Hardware Exploit Affecting Macs – http://www.macrumors.com/2015/01/26/os-x-10-10-2-thunderstrike-exploit-fix/

Researchers Tie Qwerty Keylogger to Regin Malware Platform – http://www.securityweek.com/researchers-tie-qwerty-keylogger-regin-malware-platform and https://securelist.com/blog/research/68525/comparing-the-regin-module-50251-and-the-qwerty-keylogger/

Critical ‘Ghost’ Vulnerability Impacts Linux Systems – http://www.securityweek.com/critical-ghost-vulnerability-impacts-linux-systems

P0wning for the fjords: Malware turns drones into DEAD PARROT – http://www.theregister.co.uk/2015/01/27/malware_backdoor_makes_parrot_ar_drones_squawk/

AT&T short codes exposes users to phishing scams – http://securityaffairs.co/wordpress/32730/hacking/at_e_t-short-codes-phishing-scams.html

Metropolitan State U data breach uncovered following hacker’s blog post – http://www.educationdive.com/news/metropolitan-state-u-data-breach-uncovered-following-hackers-blog-post/357112/

Startup finds malware intrusions by keeping an eye on processor radio frequencies – http://www.csoonline.com/article/2876054/supply-chain-security/startup-finds-malware-intrusions-by-keeping-an-eye-on-processor-radio-frequencies.html#tk.rss_all

Marriott Customers’ Personal Details Exposed by Simple Web Flaw – http://www.tripwire.com/state-of-security/security-data-protection/marriott-web-services-flaw/

Super Bowl Fans Warned About Vulnerable NFL Mobile App – http://www.securityweek.com/super-bowl-fans-warned-about-vulnerable-nfl-mobile-app

Wi-Fi Direct Flaw Exposes Android Devices to DoS Attacks – http://www.securityweek.com/wi-fi-direct-flaw-exposes-android-devices-dos-attacks

Facebook Denies Hackers Caused Outage – http://www.bankinfosecurity.co.uk/facebook-denies-hackers-caused-outage-a-7841

Hacktivists step up web attack volumes – http://www.bbc.co.uk/news/technology-31000908

Lizard Squad threatens Malaysia Airlines with data dump: We DID TOO hack your site – http://www.theregister.co.uk/2015/01/26/lizard_squad_threaten_data_dump_after_attack_on_malaysia_airlines_site/

 

Miscellaneous Infosec stories:

Cyber Warfare Pushes Colleges to Teach Cybersecurity – http://www.voicesofliberty.com/article/cyber-warfare-pushes-colleges-to-teach-cybersecurity/

Data Breaches Drive Investments In Security Response, Data Protection – http://www.crn.com/news/security/300075493/data-breaches-drive-investments-in-security-response-data-protection.htm

NSA Releases Defensive Strategies for Fighting Malware Targeting Corporate Data – http://www.securityweek.com/nsa-releases-defensive-strategies-fighting-malware-targeting-corporate-data

Internet of Things Security Challenging Enterprise Networks: Survey – http://www.securityweek.com/internet-things-security-challenging-enterprise-networks-survey

Turns out Apple Pay can’t solve credit card fraud – http://cio.economictimes.indiatimes.com/news/enterprise-services-and-applications/turns-out-apple-pay-cant-solve-credit-card-fraud/46025520

Keylogger: Somebody STOP ME! Oh hang on, I just did – http://www.theregister.co.uk/2015/01/27/spyshelter_anti_keylogging_software/

Cyber crooks make it personal – http://www.lep.co.uk/news/business/business/cyber-crooks-make-it-personal-1-7073416

CEO’S MUST BECOME FLUENT IN LANGUAGE OF CYBER SECURITY – http://www.cbronline.com/news/tech/cio-agenda/the-boardroom/ceos-must-become-fluent-in-language-of-cyber-security-4497344

US scrambling to hire enough cyber security agents to protect itself – http://www.theage.com.au/it-pro/expertise/us-scrambling-to-hire-enough-cyber-security-agents-to-protect-itself-20150127-12zd5l.html

Australia on the Cyber Offensive – http://thediplomat.com/2015/01/australia-on-the-cyber-offensive/

The vulnerability of our electric utility system to cyber attacks – http://www.energypost.eu/vulnerability-electric-utility-system-cyber-attacks/

Link between NSA and Regin cyberespionage malware becomes clearer – http://www.csoonline.com/article/2876074/malware-cybercrime/link-between-nsa-and-regin-cyberespionage-malware-becomes-clearer.html#tk.rss_all

Tougher cyber-crime laws would unfairly criminalise people – http://jerseyeveningpost.com/news/2015/01/27/tougher-cyber-crime-laws-would-unfairly-criminalise-people/

ENISA draws the Cyber Threat Landscape 2014: 15 top cyber threats, cyber threat agents, cyber-attack methods and threat trends for emerging technology areas – http://www.enisa.europa.eu/media/press-releases/enisa-draws-the-cyber-threat-landscape-2014

NIST Publishes Guide to Mobile Apps Vetting – http://www.inforisktoday.com/nist-publishes-guide-to-mobile-apps-vetting-a-7839

DDoS Attacks Boom as Hackers Increase Size, Frequency – http://www.securityweek.com/ddos-attacks-boom-hackers-increase-size-frequency

 

Tools, Tips and How it’s done:

How To Fortify Your Company’s Security Defenses – http://www.forbes.com/sites/ibm/2015/01/26/how-to-fortify-your-companys-security-defenses/

The Perl Jam: Exploiting a 20 Year-old Vulnerability – https://www.youtube.com/watch?v=gweDBQ-9LuQ

Prep for cyber emergency beforehand – http://csbj.com/2015/01/26/prep-for-cyber-emergency-beforehand/

It’s Okay to Fail – Security is a Problem That Can’t be Solved – http://www.securityweek.com/its-okay-fail-security-problem-cant-be-solved

Neuroscience Meets Cryptography: Designing Crypto Primitives Secure Against Rubber Hose Attacks – https://www.usenix.org/conference/usenixsecurity12/technical-sessions/presentation/bojinov

6 DNS services protect against malware and other unwanted content – http://www.csoonline.com/article/2876075/data-protection/6-dns-services-protect-against-malware-and-other-unwanted-content.html#tk.rss_all

Building A Cybersecurity Program: 3 Tips – http://www.darkreading.com/operations/building-a-cybersecurity-program-3-tips-/a/d-id/1318775

Top Five Hacker Tools Every CISO Should Understand – http://www.tripwire.com/state-of-security/security-data-protection/top-five-hacker-tools-every-ciso-should-understand/

Five More Hacker Tools Every CISO Should Understand – http://www.tripwire.com/state-of-security/security-data-protection/five-more-hacker-tools-every-ciso-should-understand/

DNS tips and tricks – http://www.csoonline.com/article/2875797/data-protection/dns-tips-and-tricks.html#tk.rss_all

APTs: Minimizing losses with early detection – http://www.net-security.org/article.php?id=2207&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

The NSA’s infosec tips won’t stop you from being hacked – http://www.itnews.com.au/BlogEntry/399706,the-nsas-infosec-tips-wont-stop-you-from-being-hacked.aspx

Lockitron Announces The $99 Bolt, A Deadbolt You Can Unlock With Your Phone – http://techcrunch.com/2015/01/27/lockitron-announces-the-99-bolt-a-deadbolt-you-can-unlock-with-your-phone/

Deconstructing an IRS Phishing scam – http://www.csoonline.com/article/2874403/security-awareness/deconstructing-an-irs-phishing-scam.html#tk.rss_all

Real time Drone object tracking using Python and OpenCV – http://blog.christianperone.com/?p=2768

How to Hack an ADT Alarm System – http://ipvm.com/report/hack-adt-alarm-system

 

Miscellaneous Privacy stories

DEA cameras tracking hundreds of millions of car journeys across the US – http://www.networkworld.com/article/2875934/dea-cameras-tracking-hundreds-of-millions-of-car-journeys-across-the-us.html

F.T.C. Says Internet-Connected Devices Pose Big Risks – http://bits.blogs.nytimes.com/2015/01/27/f-t-c-calls-for-strong-data-and-privacy-protection-with-connected-devices/?_r=0

UK Legislators Hoping To Rush Through New ‘Snooper’s Charter’ In The Wake Of The Charlie Hebdo Attacks – https://www.techdirt.com/articles/20150124/08503529800/uk-legislators-hoping-to-rush-through-new-snoopers-charter-wake-charlie-hebdo-attacks.shtml

Facebook goes ‘deep’ in getting to know you – http://www.csoonline.com/article/2872828/application-security/facebook-goes-deep-in-getting-to-know-you.html#tk.rss_all

Five myths (debunked) about security and privacy for Internet of Things – http://www.csoonline.com/article/2872360/privacy/five-myths-debunked-about-security-and-privacy-for-internet-of-things.html#tk.rss_all

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Posted 3 years ago on · Permalink