Information Security Breach Report – 29 January 2015

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

FBI Issues Wire Transfer Scam Alert – http://www.databreachtoday.co.uk/fbi-issues-wire-transfer-scam-alert-a-7846 and http://www.fastcompany.com/3041628/fast-feed/cyber-thieves-stole-215-million-from-businesses-by-using-hacked-email-addresses

Scouts take down database due to ‘security vulnerabilities’ – http://www.theregister.co.uk/2015/01/28/scouts_takedown/

FreeBSD Patches Kernel Security Vulnerabilities – http://www.securityweek.com/freebsd-patches-kernel-security-vulnerabilities

United website breach let fliers see each others’ private data – http://boingboing.net/2015/01/28/united-website-breach-let-flie.html

Malware Being Masked Under Social Media Messaging Targeting the Region – http://me.pcmag.com/news/741/news/malware-being-masked-under-social-media-messaging

Serious Vulnerability in Blackphone Exposed Messages, Location – http://www.securityweek.com/serious-vulnerability-blackphone-exposed-messages-location and http://www.techmeme.com/150128/p12#a150128p12

Privilege Escalation, DoS Vulnerabilities Fixed in VMware Products – http://www.securityweek.com/privilege-escalation-dos-vulnerabilities-fixed-vmware-solutions

Card Breach Hints at Lingering Concerns – http://www.bankinfosecurity.com/card-breach-hints-at-lingering-concerns-a-7850

Local banks react to data breach – http://www.tdtnews.com/news/article_beefe35a-a767-11e4-af4f-f3148a3f361a.html

ZeroAccess Botnet Restarts Click Fraud Activity – http://www.securityweek.com/zeroaccess-botnet-restarts-click-fraud-activity

Hackers of Taylor Swift’s Twitter Account Say They Will Leak ‘Nude Photos’ of the Singer – http://www.ibtimes.co.in/hackers-taylor-swifts-twitter-account-say-they-will-leak-nude-photos-singer-621788

 

Miscellaneous Infosec stories:

‘The malware threat to online games is growing’ – http://www.mcvuk.com/news/read/the-malware-threat-to-online-games-is-growing/0144412

A Brief History of Accurate Hacking Scenes in Movies, From ‘The Conversation’ to ‘Blackhat’ – http://www.slashfilm.com/best-hacking-movies/

Twenty-eight percent of security spending wasted on shelfware – http://www.csoonline.com/article/2876101/metrics-budgets/28-percent-of-security-spending-wasted-on-shelfware.html#tk.rss_all

Businesses warned about new espionage campaigns from of China – http://www.csoonline.com/article/2876358/disaster-recovery/businesses-warned-about-new-espionage-campaigns-from-of-china.html#tk.rss_all

Endpoint security trends for 2015: What can we expect? – http://www.csoonline.com/article/2872709/network-security/endpoint-security-trends-for-2015-what-can-we-expect.html#tk.rss_all

Accidental breach is top cyber threat concern – http://fcw.com/articles/2015/01/28/accidental-breach-is-a-concern.aspx

Breaches are a personal nightmare for corporate security pros – http://www.csoonline.com/article/2876550/data-breach/breaches-are-a-personal-nightmare-for-corporate-security-pros.html#tk.rss_all

Infosec teams unprepared for new EU data protection laws – http://www.anti-malware.co.uk/infosec-teams-unprepared-for-new-eu-data-protection-laws/

WARNING: Wi-Fi Blocking is Prohibited – http://www.fcc.gov/document/warning-wi-fi-blocking-prohibited

UVA Engineers Develop Drones That Fend Off Cyber Attacks – http://jewishbusinessnews.com/2015/01/28/uva-engineers-develop-drones-that-fend-off-cyber-attacks/

Cisco says GHOST is more Casper than Sleepy Hollow – http://www.theregister.co.uk/2015/01/29/cisco_ghost_is_more_casper_than_sleepy_hollow/

Suits and Spooks DC 2015: The Agenda. – http://www.securityweek.com/suits-and-spooks-dc-2015-agenda

 

Tools, Tips and How it’s done:

This Guy Found a Way to Block Robocalls When Phone Companies Wouldn’t – http://www.wired.com/2015/01/guy-found-way-block-robocalls-phone-companies-wouldnt

Thwarting a new breed of cyberattack – http://www.fiercecio.com/story/thwarting-new-breed-cyberattack/2015-01-27

social engineering attack surface – http://whatis.techtarget.com/definition/social-engineering-attack-surface

Frequency vs. size of cloud data breaches: Which is worse? – http://www.cloudcomputing-news.net/news/2015/jan/28/frequency-vs-size-data-breaches-which-worse/

7 ideas for security leaders – http://www.csoonline.com/article/2876310/security-leadership/7-ideas-for-security-leaders.html#tk.rss_all

Busting the Ghost Security Vulnerability Haunting Linux Systems – http://www.securityweek.com/busting-ghost-security-vulnerability-haunting-linux-systems

Password Discovery and Patching by Disassembling: Explained – http://resources.infosecinstitute.com/password-discovery-patching-disassembling-explained/

GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data – https://community.rapid7.com/community/nexpose/blog/2015/01/28/ghostbuster-how-to-scan-just-for-cve-2015-0235-and-keep-your-historical-site-data

A Gentle Primer on Reverse Engineering – https://emily.st/2015/01/27/reverse-engineering/

ArnoldC – Arnold Schwarzenegger based programming language – https://github.com/lhartikk/ArnoldC

social engineering penetration testing –  http://whatis.techtarget.com/definition/social-engineering-penetration-testing

OAT – Oracle Auditing Tools For Database Security – http://www.darknet.org.uk/2015/01/oat-oracle-auditing-tools-database-security/

 

Miscellaneous Privacy stories

Child watch: The apps that let parents ‘spy’ on their kids – http://www.bbc.co.uk/news/technology-30930512

BC’s Privacy Commissioner Reveals Details About Government Breaches – http://www.kelownanow.com/watercooler/news/news/Provincial/15/01/28/BC_s_Privacy_Commissioner_Reveals_Details_About_Government_Breaches

Data Privacy Day musings from the Infosec community – http://itsecurityguru.org/data-privacy-day-musings-infosec-community/#.VMnxZmisWSo

B.C. privacy breaches on the rise – http://vancouver.24hrs.ca/2015/01/28/bc-privacy-breaches-on-the-rise

Tor Isn’t A Child Porn Enthusiast’s Best Friend, No Matter What The DOJ Claims – https://www.techdirt.com/articles/20150128/08575829838/tor-isnt-child-porn-enthusiasts-best-friend-no-matter-what-doj-claims.shtml

Law enforcement using Range-R devices to see through walls – http://securityaffairs.co/wordpress/32675/laws-and-regulations/law-enforcement-using-range-r.html

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/

Posted 3 years ago on · Permalink