Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 01 April 2015

Written by SRM

1st April 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Energy companies infected by newly Laziok trojan malware – http://securityaffairs.co/wordpress/35567/cyber-crime/energy-companies-laziok-trojan.html

Hackers attack the energy industry with malware designed for snooping – http://fortune.com/2015/03/31/spies-malware-energy-email/

Data Breach at Westland Middle School Releases Student Locker Combinations – http://www.mymcmedia.org/data-breach-at-westland-middle-school-release-student-locker-combinations/

Fake Pirate Bay site pushes banking Trojan to WordPress users – http://www.theregister.co.uk/2015/04/01/fake_pirate_bay_malware_scam/

Mozilla Patches Critical Vulnerabilities With Release of Firefox 37 – http://www.securityweek.com/mozilla-patches-critical-vulnerabilities-release-firefox-37

Google Says 5% Of Visitors To Its Sites Have Ad Injectors Installed – http://techcrunch.com/2015/03/31/google-says-5-of-web-browsers-have-ad-injectors-installed/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29&utm_content=FaceBook#XOxgPM:O0u4

Ethiopian Government Uses Cyber-Attacks to Restrict Media Houses – http://www.spamfighter.com/News-19543-Ethiopian-Government-Uses-Cyber-Attacks-to-Restrict-Media-Houses.htm

Indiana Government Website Targeted By Cyber Attacks – http://chicago.cbslocal.com/2015/03/31/indiana-government-website-targeted-by-cyber-attacks/

POODLE vuln dogs Australian consumer modems – http://www.theregister.co.uk/2015/04/01/poodle_dogs_australian_consumer_modems/

More details on the French Lick Resort payment card breach – http://www.oag.state.md.us/idtheft/Breach%20Notices/itu-251181.pdf

China’s CNNIC issues false certificates in serious breach of crypto trust – https://cpj.org/blog/2015/03/chinas-cnnic-breaches-sacred-crypto-trust-endanger.php

Lebanese cyberespionage campaign hits defense, telecom, media firms worldwide – http://www.csoonline.com/article/2904396/data-protection/lebanese-cyberespionage-campaign-hits-defense-telecom-media-firms-worldwide.html#tk.rss_all

Cisco wipes its memory from susceptible-to-Row Hammer list – http://www.theregister.co.uk/2015/03/31/cisco_clears_its_memory_of_row_hammer_vuln/

Cyber Crime: Fake email from the boss is a popular fraud – http://www.theprovince.com/business/Cyber+Crime+Fake+email+from+boss+popular+fraud/10932607/story.html

Syrian Electronic Army hacks hosting companies to fight the IS – http://securityaffairs.co/wordpress/35493/hacking/syrian-electronic-army-vs-terrorists.html

NUI Galway examining possible data breach – http://www.irishtimes.com/news/ireland/irish-news/nui-galway-examining-possible-data-breach-1.2159274

Oregon’s Department of Administrative Services Suffers Data Breach – http://www.hacksurfer.com/posts/oregons-department-of-administrative-services-suffers-data-breach

Cyber attack hits Fairleigh Dickinson; Rutgers works to restore internet service – http://www.nj.com/middlesex/index.ssf/2015/03/cyber_attacks_hit_fairleigh_dickinson_rutgers_work.html

Nite Ize Inc. Submits Data Breach Notification – http://www.hacksurfer.com/posts/nite-ize-inc-submits-data-breach-notification

Colonial Car Wash credit breaches investigated – http://www.timesunion.com/news/article/Colonial-Car-Wash-credit-breaches-investigated-6166614.php

British Airways Executive Club members warned of hacked accounts – https://grahamcluley.com/2015/03/british-airways-executive-club-avios-hack/

 

Miscellaneous Infosec stories:

National Risk Register for Civil Emergencies – 2015 edition – https://www.gov.uk/government/publications/national-risk-register-for-civil-emergencies-2015-edition

Hacked uni’s admins hand ID theft prevention reward to data burglars – http://www.theregister.co.uk/2015/04/01/uni_admins_hand_reward_to_data_burglars/

Would financial incentives stop the rise of cybercrime? – http://www.computerworlduk.com/in-depth/security/3606129/would-financial-incentives-stop-the-rise-of-cybercrime/

Why We Need Holistic Context-based Security Decisions – http://www.securityweek.com/why-we-need-holistic-context-based-security-decisions

mDNS Can Be Used to Amplify DDoS Attacks: Researcher – http://www.securityweek.com/mdns-can-be-used-amplify-ddos-attacks-researcher

FFIEC: New Threats to Banks? – http://www.databreachtoday.com/ffiec-new-threats-to-banks-a-8066

We can’t address cyber threats in isolation”, chief lawyers of top companies agree – http://www.forbes.com/sites/elenakvochko/2015/03/31/we-cant-address-cyber-threats-in-isolation-chief-lawyers-of-top-companies-agree/

30 percent of practitioners say they would pay cyber extortionists to retrieve their data – http://www.scmagazine.com/30-percent-of-practitioners-say-they-would-pay-cyber-extortionists-to-retrieve-their-data/article/406453/

Let’s send an unencrypted thumb drive via mail. What can possibly go wrong, right? – http://www.databreaches.net/lets-send-an-unencrypted-thumb-drive-via-mail-what-can-possibly-go-wrong-right/

The CFO’s Role in Cyber Security – http://ww2.cfo.com/accounting-tax/2015/03/cfos-role-cyber-security/

 

Tools, Tips and How it’s done:

How to stop attackers getting a toehold on the corporate network – http://www.computing.co.uk/ctg/opinion/2402471/how-to-stop-attackers-getting-a-toehold-on-the-corporate-network

Intro to E-Commerce and PCI Compliance – Part I – http://blog.sucuri.net/2015/03/intro-to-e-commerce-and-pci-compliance-part-i.html

Phishing Attacks: Not Sophisticated, but Successful – http://www.esecurityplanet.com/network-security/phishing-attacks-not-sophisticated-but-successful.html

A Fresh Look at Application Security – http://www.inforisktoday.co.uk/fresh-look-at-application-security-a-8062

You Are What You Keep: Data Breach – http://www.natlawreview.com/article/you-are-what-you-keep-data-breach

How to build physical security into a data center – http://www.csoonline.com/article/2112402/physical-security/physical-security-19-ways-to-build-physical-security-into-a-data-center.html#jump

Put those smartphones away: Google adds anti-copying measures to Drive for Work – http://www.theregister.co.uk/2015/03/31/google_drive_business/

Report Spells Out Medical Device Risks – http://www.databreachtoday.com/report-spells-out-medical-device-risks-a-8065

Inception: DMA Attack Against Linux, Windows, and Mac – https://github.com/carmaa/inception

How Would I?… Inside the devious mind of a security professional – http://www.csoonline.com/article/2902970/security0/how-would-i-inside-the-devious-mind-of-a-security-professional.html#tk.rss_all

 

Miscellaneous Privacy stories:

Periscope’s first privacy foul-up – https://grahamcluley.com/2015/03/periscope-privacy-foul-up/

 

Safeguarding Children and School E-Safety stories:

Osgodby Primary School in UK first on cyber-security – http://www.marketrasenmail.co.uk/news/education/education-news/osgodby-primary-school-in-uk-first-on-cyber-security-1-6664596

Record A Teacher Bullying A Student? That’s A Suspension – https://www.techdirt.com/articles/20150331/09321030499/record-teacher-bullying-student-thats-suspension.shtml

Computer whizz kids learn how to stay safe online – http://www.theboltonnews.co.uk/news/12749877.Computer_whizz_kids_learn_how_to_stay_safe_online/

Cyber Awareness: A Teen’s Perspective – http://www.hanscom.af.mil/news/story.asp?id=123443629

Teen cyberbullying victims shun online help, UniSA study finds – http://www.news.com.au/national/south-australia/teen-cyberbullying-victims-shun-online-help-unisa-study-finds/story-fnii5yv4-1227283753869

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/