Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 04 March 2015

Written by SRM

4th March 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Phishers target victims of iOS device theft – http://www.net-security.org/secworld.php?id=18030&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Spammers leverage DMARC to more successfully distribute ransomware – http://www.scmagazine.com/malicious-messages-evade-spam-filters-go-directly-to-inboxes/article/401436/

Outbreak! Fake Amazon voucher offer seeds mobile malware attack – http://www.theregister.co.uk/2015/03/04/fake_amazon_voucher_mobile_malware/

Apple plans fix next week for newly uncovered Freak security bug – http://www.reuters.com/article/2015/03/03/us-apple-cybersecurity-idUSKBN0LZ2GA20150303 and http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/03/freak-flaw-undermines-security-for-apple-and-google-users-researchers-discover/

Hackers Breach Canadian ISP Rogers – http://www.bankinfosecurity.com/hackers-breach-canadian-isp-rogers-a-7971

Venmo mobile payment service under fire for security carelessness – https://nakedsecurity.sophos.com/2015/03/03/venmo-mobile-payment-service-under-fire-for-security-carelessness/

phpMoAdmin MongoDB GUI affected by a Zero-Day Remote Code Execution flaw – http://securityaffairs.co/wordpress/34380/breaking-news/phpmoadmin-mongodb-guizero-day.html

New gTLD Portals Taken Offline by ICANN Due to Security Flaw – http://www.securityweek.com/new-gtld-portals-taken-offline-icann-due-security-flaw

D-Link home routers affected by remote command injection flaw – http://securityaffairs.co/wordpress/34349/hacking/d-link-home-routers-flaw.html

Cops take 7 months to file FIR in skimming fraud – http://timesofindia.indiatimes.com/city/navi-mumbai/Cops-take-7-months-to-file-FIR-in-skimming-fraud/articleshow/46424806.cms

BitDefender bit trip slaps ‘valid’ on revoked certs – http://www.theregister.co.uk/2015/03/01/bitdefender_bit_trip_slaps_valid_on_revoked_certs/

Seagate NAS owners: hide it behind a firewall. Fast – http://www.theregister.co.uk/2015/03/02/seagate_nas_owner_hide_it_behind_a_firewall/

Natural Grocers Investigating Card Breach – https://krebsonsecurity.com/2015/03/natural-grocers-investigating-card-breach/

Bad movie: Hackers can raid networks with burnt Blu-Rays – http://www.theregister.co.uk/2015/03/02/bad_movie_hackers_can_raid_networks_with_burnt_blurays/ and http://www.securityweek.com/attackers-can-use-blu-ray-discs-breach-networks-researcher

Apple Pay: Fraudsters Exploit Authentication – http://www.inforisktoday.co.uk/apple-pay-fraudsters-exploit-authentication-a-7967

Crooks targeting call centers to further Apple Pay fraud – http://www.csoonline.com/article/2891673/loss-prevention/crooks-targeting-call-centers-to-further-apple-pay-fraud.html#tk.rss_all

Lossy Image Compression Can Hide Malicious Code in PDF Files: Researcher – http://www.securityweek.com/lossy-image-compression-can-hide-malicious-code-pdf-files-researcher

 

Miscellaneous Infosec stories:

Exposing the organized crime of tomorrow – http://www.net-security.org/secworld.php?id=18026&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Security threats and the retail industry – http://www.net-security.org/secworld.php?id=18027&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

2015 Internet Security Trend Report – http://blog.nexusguard.com/2015-internet-security-report/

Small, Medium Biz Uncertain on Breach Rules – http://www.cutoday.info/THE-news/Small-Medium-Biz-Uncertain-on-Breach-Rules

Data breaches, you say? Study says ID theft fell in 2014 – http://www.philly.com/philly/blogs/consumer/Data-breaches-ID-theft-drops-for-2d-year.html

Breach Victims Three Times Likelier To Be Identity Theft Victims – http://www.darkreading.com/breach-victims-three-times-likelier-to-be-identity-theft-victims/d/d-id/1319316

Disappointing: Google Not Yet Requiring Phone Makers To Encrypt By Default – https://www.techdirt.com/articles/20150303/06323830192/disappointing-google-not-yet-requiring-phone-makers-to-encrypt-default.shtml

Getting Breach Notification Right – http://techcrunch.com/2015/03/03/getting-breach-notification-right/#XOxgPM:2mOH

Costly Shift to New Credit Cards Won’t Fix Security Issues – http://www.businessoffashion.com/2015/03/costly-shift-new-credit-cards-wont-fix-security-issues.html

Lockheed sees shift in focus on infrastructure cyber security – https://www.yahoo.com/tech/s/lockheed-sees-shift-focus-infrastructure-cyber-security-234840533–finance.html

Terrorists are leaving secret messages in porn and on websites like eBay and Reddit to communicate with each other and plan future attacks, new book claims – http://www.dailymail.co.uk/news/article-2974639/Terrorists-leaving-secret-messages-websites-like-ebay-Reddit-communicate-plan-future-attacks.html

CIOs and cyber security—a growing match – http://www.bankingexchange.com/blogs-3/making-sense-of-it-all/item/5313-cios-and-cyber-security-a-growing-match

 

Tools, Tips and How it’s done:

FREAK attack: What is it? Here’s what you need to know – https://grahamcluley.com/2015/03/freak-attack-what-is-it-heres-what-you-need-to-know/

9 Dirty Tricks: Social Engineers’ Favorite Pick-Up Lines – http://www.slideshare.net/hollowfranchise36/9-dirty-tricks-social-engineers-favorite-pickup-lines

Firewall: The king of network security – http://www.net-security.org/secworld.php?id=18029&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

HTTP2 for front-end web developers – https://mattwilcox.net/web-development/http2-for-front-end-web-developers

6 tips to secure your Android device – http://www.csoonline.com/article/2891481/mobile-security/6-tips-to-secure-your-android-device.html#jump

How Data Diets Can Improve Cyber Health – http://blogs.wsj.com/cio/2015/03/03/how-data-diets-can-improve-cyber-health/

Practice Makes Perfect: Making Cyber Hygiene Part of Your Security Program – http://www.csoonline.com/article/2891689/security0/practice-makes-perfect-making-cyber-hygiene-part-of-your-security-program.html

Internet Enumeration and Discover – http://www.solutionary.com/resource-center/blog/2015/03/internet-enumeration/

HOW TO SABOTAGE ENCRYPTION SOFTWARE (AND NOT GET CAUGHT) – http://www.wired.com/2015/02/sabotage-encryption-software-get-caught/

Communicating security concepts – http://www.scmagazine.com/communicating-security-concepts/article/398547/

How to keep your email private with PGP encryption on your Mac – http://www.csoonline.com/article/2890546/data-protection/how-to-keep-your-email-private-with-pgp-encryption-on-your-mac.html#tk.rss_all

 

Miscellaneous Privacy stories:

US court rubber-stamps dragnet metadata surveillance (again) – http://www.theregister.co.uk/2015/03/02/dragnet_metadata_surveillance_extended/

Privacy? What privacy? EU’s draft law on your data is useless, say digital rights orgs – http://www.theregister.co.uk/2015/03/04/data_protection_what_data_protection_proposed_new_law_is_as_good_as_useless_say_digtal_rights_orgs/

 

Safeguarding Children and School E-Safety stories:

School’s e-safety measures praised – http://www.plymouthherald.co.uk/School-s-e-safety-measures-praised/story-26107294-detail/story.html

[Note – requires answer to 3 questions before content visible] Study: Most people who witness online abuse ignore it – http://www.abqjournal.com/548953/news/study-most-people-ignore-online-abuse.html

Pupils warned over ‘sexting’ danger by police – http://www.bbc.co.uk/news/uk-wales-31693118

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/