Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 02 February 2015

Written by SRM

2nd February 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Hackers tapped into Syrian opposition’s battle plans – http://www.cio.com/article/2878594/hackers-tapped-into-syrian-oppositions-battle-plans.html

Did your BMW just download a security patch? – http://grahamcluley.com/2015/02/bmw-security-patch/

Telephone sex: Beware of invites on WhatsApp – http://timesofindia.indiatimes.com/city/kochi/Telephone-sex-Beware-of-invites-on-WhatsApp/articleshow/46092139.cms

Topface Cuts Deal With Hacker to Prevent Sale of Massive Email Database – http://www.securityweek.com/topface-cuts-deal-hacker-prevent-sale-massive-email-database

New “F0xy” Malware Uses Clever Techniques to Stay Hidden – http://www.securityweek.com/new-%E2%80%9Cf0xy%E2%80%9D-malware-uses-clever-techniques-stay-hidden

6,000 Digital Certificates Used to Sign Malware, PUAs in 2014: Kaspersky – http://www.securityweek.com/6000-digital-certificates-used-sign-malware-puas-2014-kaspersky

Terrorist cyber-attack ‘very close’, security expert warns – https://www.politicshome.com/uk/story/46863/

Singapore Hacker Dubbed “The Messiah” Jailed Almost Five Years – http://www.securityweek.com/singapore-hacker-dubbed-messiah-jailed-almost-five-years

Researcher Calls Out Microsoft Over Outlook For iOS Security – http://www.securityweek.com/researcher-calls-out-microsoft-over-outlook-ios-security

For alleged Russian hacker, a visit to Amsterdam is a costly trip – http://www.washingtonpost.com/world/national-security/for-alleged-russian-hacker-a-visit-to-amsterdam-is-a-costly-trip/2015/01/30/1e240c96-a33c-11e4-9f89-561284a573f8_story.html

Isle of Man transport chiefs apologize after security breach on pupils’ bus cards – http://www.hackbusters.com/news/stories/242114-isle-of-man-transport-chiefs-apologize-after-security-breach-on-pupils-bus-cards

[WARNING – contains images which may offend] Hacking sex toys and dolls – http://securityaffairs.co/wordpress/32950/hacking/hacking-sex-toys-dolls.html

February fraud alert as hackers cash in on data harvested during Christmas shopping bonanza – http://www.thisismoney.co.uk/money/smallbusiness/article-2934744/Online-fraud-set-soar-80-hackers-data-hunt.html

Internet love scams and cyber extortions up 7.4 per cent in 2014 – http://news.asiaone.com/news/singapore/internet-love-scams-and-cyber-extortions-74-cent-2014

Insider Threat Alert as Former Spokesman Allegedly Leaks Corporate Data – http://www.infosecurity-magazine.com/news/insider-threat-alert-spokesman/

Hackers Compromise Business IM Service HipChat – http://www.securityweek.com/hackers-compromise-business-im-service-hipchat

How consumers are at risk of email terror scam – http://thenewdaily.com.au/life/2015/02/01/hackers-exploit-tragedy/

Abu Dhabi Police issue warning on new cyber bank scam – http://www.arabianbusiness.com/abu-dhabi-police-issue-warning-on-new-cyber-bank-scam-580551.html

Top smut site Flashes visitors, leaves behind nasty virus – http://www.theregister.co.uk/2015/01/29/top_smut_site_contracts_flash_0day_infection/

Spam campaign relies on macros embedded in empty Word documents – http://securityaffairs.co/wordpress/32831/cyber-crime/spam-macros-empty-word-docs.html

Critical DNS hijacking flaw affects D-Link DSL router – http://securityaffairs.co/wordpress/32857/hacking/dns-hijacking-d-link-dsl-router.html

ValuePetSupplies.com Announces Data Breach – http://news.softpedia.com/news/ValuePetSupplies-com-Announces-Data-Breach-471495.shtml

 

Miscellaneous Infosec stories:

2015: Top 5 application security trends to watch out for – http://www.firstpost.com/business/2015-top-5-application-security-trends-watch-2075241.html

GitHub Raises Maximum Bug Bounty Payout to $10,000 – http://www.securityweek.com/github-raises-maximum-bug-bounty-payout-10000

Significant data breach class action ruling – http://www.mcdonaldhopkins.com/alerts/data-privacy-and-cybersecurity-significant-data-breach-class-action-ruling

Cybercriminals are on the prowl – http://www.timeslive.co.za/businesstimes/2015/02/01/cybercriminals-are-on-the-prowl

The Gulf Between Perception and Reality of Cyber Threats is Widening, Says Cisco – http://me.pcmag.com/news/800/news/the-gulf-between-perception-and-reality-of-cyber-t

Google PRECOGS to pay researchers before they find software flaws – http://www.theregister.co.uk/2015/02/01/no_bugs_no_worries_choc_factory_will_still_pay_you/

The Top Two Cloud Computing Security Concerns of 2015 – http://www.cloudwedge.com/top-two-cloud-computing-security-concerns-2015/

Google boffins PROVE security warnings don’t … LOOK! A funny cat! – http://www.theregister.co.uk/2015/02/02/confused_about_ssl_dialogues_google_sec_boffins_arent_surprised/

Security Experts Unite to Rewrite Proposed Cyber Laws – http://www.securityweek.com/security-experts-unite-rewrite-proposed-cyber-laws

 

Tools, Tips and How it’s done:

Online Trust Alliance offers tips for preventing data breaches – http://www.bizjournals.com/sanjose/news/2015/02/01/online-trust-alliance-offers-tips-for-preventing.html

Data Breaches: The Government’s Approach – http://inhomelandsecurity.com/data-breaches-the-governments-approach/

Sovereignty and Cyber Attacks: Technology’s Challenge to the Law of State Responsibility – http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2557517

Improving SSL Warnings: Comprehension and Adherence – https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43265.pdf

Simple Testing Can Prevent Most Critical Failures: An Analysis of Production Failures in Distributed Data-Intensive Systems – https://www.usenix.org/conference/osdi14/technical-sessions/presentation/yuan

How to handle a security breach – http://community.spiceworks.com/how_to/106448-how-to-handle-a-security-breach

Why Alice has a problem if Bob can’t encrypt – https://blog.whiteout.io/2015/01/29/why-alice-has-a-problem-if-bob-cant-encrypt/

Protect critical assets in the cloud by applying Operations Security – http://www.techrepublic.com/article/protect-critical-assets-in-the-cloud-by-applying-operations-security/

Defending Against Spear Phishing, RAT Deployment and Email Tracking – http://securityaffairs.co/wordpress/32723/cyber-crime/defending-spear-phishing-rat-email-tracking.html

 

Miscellaneous Privacy stories

Cyberthreat sharing must include strong privacy protections, advocates say – http://www.csoonline.com/article/2877196/compliance/cyberthreat-sharing-must-include-strong-privacy-protections-advocates-say.html#tk.rss_all

Telstra: we don’t collect the metadata the government wants now – http://www.theregister.co.uk/2015/01/29/telstra_we_dont_store_everything_the_government_wants_now/

European Commission Wants Collection And Retention Of Passenger Data For Everyone Flying In And Out Of Europe – https://www.techdirt.com/articles/20150128/07425229837/european-commission-wants-collection-retention-passenger-data-everyone-flying-out-europe.shtml

IBM punts cryptotastic cloudy ID verification services – http://www.theregister.co.uk/2015/01/29/ibm_identity_mixer/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/