Information Security Breach Report – 27 November 2014

A daily round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

You can always access the latest, and all previous reports at www.jonfisherthoughts.co.uk

 

Breaches, Incidents and Alerts:

Experimental Malware Bypasses Top APT Detection Solutions: Report – http://www.securityweek.com/experimental-malware-bypasses-top-apt-detection-solutions-report

Home Security Systems Subject to Breaches – http://abcnews.go.com/GMA/video/home-security-systems-subject-breaches-27190627

DoS Vulnerability Found in MatrikonOPC Server for DNP3 – http://www.securityweek.com/dos-vulnerability-found-matrikonopc-server-dnp3

Sony Pictures’ computers are still locked as hackers demand equality – http://www.engadget.com/2014/11/26/sony-pictures-computers-are-still-locked-as-hackers-demand-equa/

 

Miscellaneous Infosec stories:

Hacker dodges FOUR HUNDRED YEARS in cooler for SCANNING sites – http://www.theregister.co.uk/2014/11/27/hacker_dodges_half_a_millennium_in_cooler_for_scanning_sites/

Tony Abbott announces cyber security review – http://www.theage.com.au/it-pro/security-it/tony-abbott-announces-cyber-security-review-20141127-11v27k.html

IoT World Forum Review: Interop, Data & Security – http://www.infosecprofessional.com/2014/11/iot-world-forum-review-interop-data.html

Look out: That data protection watchdog can bite – http://www.theregister.co.uk/2014/11/26/data_protection/

Cybercriminals could rake in profits 20 times more than cost of attacks: Kaspersky Lab – http://cio.economictimes.indiatimes.com/news/digital-security/cybercriminals-could-rake-in-profits-20-times-more-than-cost-of-attacks-kaspersky-lab/45291968

ENISA Issues Guidelines on Cryptographic Solutions – http://www.securityweek.com/enisa-issues-guidelines-cryptographic-solutions?utm_source=feedburner

Top 3 Takeaways from the “PCI DSS 3.0: Are You Ready for January?” Webcast – https://community.rapid7.com/community/infosec/blog/2014/11/26/top-3-takeaways-from-the-pci-dss-30-are-you-ready-for-january-webcast

Everything happens for a reason in security – https://community.rapid7.com/people/kevinbeaver/blog/2014/11/26/everything-happens-for-a-reason-in-security

3 staggering retail data breach statistics –

http://www.csoonline.com/article/2852383/data-breach/3-staggering-retail-data-breach-statistics.html

Top reasons for CSOs to give thanks – http://www.csoonline.com/article/2851425/data-protection/top-reasons-for-csos-to-give-thanks.html

San Francisco DA pushes for chip payment cards in tech’s backyard – http://www.csoonline.com/article/2852692/data-protection/san-francisco-da-pushes-for-chip-payment-cards-in-techs-backyard.html

Hack the halls: Watch out for Cyber Monday scamathon – http://www.csoonline.com/article/2852011/malware-cybercrime/hack-the-halls-watch-out-for-cyber-monday-scamathon.html

TechUK publishes guidelines for UK cyber security exports – http://www.computerweekly.com/news/2240235381/TechUK-publishes-guidelines-for-UK-cyber-security-exports

London Police Retool for Cybercrime – http://www.inforisktoday.co.uk/london-police-retool-for-cybercrime-a-7613

Developers of Android RAT DroidJack Traced to India – http://www.securityweek.com/developers-android-rat-droidjack-traced-india

AV Firms Defend Regin Alert Timing – http://www.bankinfosecurity.com/av-firms-defend-regin-alert-timing-a-7614

Examining 1 billion transactions for fraud – http://www.net-security.org/secworld.php?id=17676

Costs of a cyber data breach – http://pgitl.com/costs-cyber-data-breach/

Visa sees Visa Europe option now costing more than $10 billion – http://www.reuters.com/article/2014/11/22/us-visa-europe-option-idUSKCN0J600G20141122?feedType=RSS&feedName=businessNews

SSDP DDoS attacks driving up average DDoS sizes – http://searchsecurity.techtarget.com/news/2240235194/SSDP-DDoS-attacks-driving-up-average-DDoS-sizes

FTC Continues Tech-Support Scam Busts – http://www.bankinfosecurity.com/ftc-continues-tech-support-scam-busts-a-7600

CIA crypto-king offers new ‘clock’ clue to crack Kryptos code – http://www.theregister.co.uk/2014/11/21/cia_crypto_king_offers_new_clock_clue_to_crack_kryptos_code/

 

Tools, Tips and How it’s done:

Don’t Get Skunked in a Data Breach – http://www.business2community.com/tech-gadgets/dont-get-skunked-data-breach-01080234

How to be an InfoSec Geek – http://www.slideshare.net/j0b1n/how-to-be-an-infosec-geek

Simple yet Effective Methods to Solve Java Security Issues – http://resources.infosecinstitute.com/simple-yet-effective-methods-solve-java-security-issues/

Preparing for an information audit – http://www.net-security.org/article.php?id=2173

Skimmer Innovation: ‘Wiretapping’ ATMs – http://krebsonsecurity.com/2014/11/skimmer-innovation-wiretapping-atms/

The Anatomy of a Credit Card Breach: Whiteboard Wednesday [VIDEO] – https://community.rapid7.com/community/infosec/blog/2014/11/26/the-anatomy-of-a-credit-card-breach-whiteboard-wednesday-video

Embracing the Adversary Mindset – http://www.databreachtoday.co.uk/interviews/embracing-adversary-mindset-i-2514

Brute-force Attacks: Crossing the Online-Offline Password Chasm – http://www.securityweek.com/brute-force-attacks-crossing-online-offline-password-chasm

Protecting against Social Engineering – http://www.mytechlogy.com/IT-blogs/5668/protecting-against-social-engineering/#.VHbwdDGsWSo

How to use an authenticator app to improve your online security – http://www.zdnet.com/how-to-use-an-authenticator-app-to-improve-your-online-security-7000036049/

How can flash heap spray attacks be detected? – http://searchsecurity.techtarget.com/answer/How-can-flash-heap-spray-attacks-be-detected

3 Questions to Ask Vendors When Securing POS – http://www.databreachtoday.com/blogs/3-questions-to-ask-vendors-when-securing-pos-p-1774

 

Miscellaneous Privacy stories

‘Curiosity’ of Island Health employees led to privacy breach, probe reveals – http://www.vancouversun.com/health/Curiosity+Island+Health+employees+privacy+breach+probe/10417256/story.html

Case Suggests How Government May Get Around Phone Encryption – http://blogs.wsj.com/digits/2014/11/25/case-suggests-how-government-may-get-around-phone-encryption/

Privacy Groups Call for NIST to Keep Development of Crypto Standards Independent of NSA Influence – http://www.securityweek.com/privacy-groups-call-nist-keep-development-crypto-standards-independent-nsa-influence

Internet companies should not be monitoring terrorists or anyone else – http://techfruit.com/2014/11/26/internet-companies-not-monitoring-terrorists-anyone-else/

Internet data plan back on political agenda – http://www.bbc.co.uk/news/uk-politics-30166477

Encryption everywhere: Debating the risks and rewards – http://searchsecurity.techtarget.com/news/2240235173/Encryption-everywhere-Debating-the-risks-and-rewards

How One Guy Is Using the Law to Wreak Havoc Over Police Body Cams – http://origin-www.businessweek.com/articles/2014-11-20/how-one-guy-can-wreak-havoc-on-plans-for-police-body-cameras#r=rss

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Posted 3 years ago on · Permalink