Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 05 February 2015

Written by SRM

5th February 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Anthem, America’s second biggest health insurer, HACKED: Millions hit by breach – http://www.theregister.co.uk/2015/02/05/anthem_hacked/

O2 notifies data cops ‘for courtesy’ … AFTER El Reg intervenes in email phish dustup – http://www.theregister.co.uk/2015/02/04/o2_turns_itself_in_to_uk_data_cops_email_phishing_scam/

Malicious advertisements on major sites compromised many computers – http://www.csoonline.com/article/2879655/malware-cybercrime/malicious-advertisements-on-major-sites-compromised-many-computers.html#tk.rss_all

1,800 Domains Overtaken by Flash Zero Day – http://threatpost.com/1800-domains-overtaken-by-flash-zero-day/110835

DC Public Schools say data breach left student information, passwords exposed – http://www.myfoxdc.com/story/28021428/dc-public-schools-say-data-break-left-student-information-passwords-exposed

Cyber thieves behind spate of van thefts in High Wycombe and Marlow, police believe – http://www.bucksfreepress.co.uk/news/crime/11768626.Cyber_thieves_behind_spate_of_van_thefts__police_believe/

Japan cyber-Riddler arrested after strapping virus details to cat – http://www.timeslive.co.za/scitech/2015/02/04/japan-cyber-riddler-arrested-after-strapping-virus-details-to-cat

8 recent data breaches – http://www.beckershospitalreview.com/healthcare-information-technology/8-recent-data-breaches-2-4-15.html

Zero-day in the Fancybox-for-WordPress Plugin – http://blog.sucuri.net/2015/02/zero-day-in-the-fancybox-for-wordpress-plugin.html

Siemens Patches Vulnerabilities in Ruggedcom, SCALANCE Products – http://www.securityweek.com/siemens-patches-vulnerabilities-ruggedcom-scalance-products

Siemens sighs: SCADA bugs abound – http://www.theregister.co.uk/2015/02/05/siemens_sighs_scada_bugs_abound/

Forget Norks, Russian hackers are in Sony Pictures’ servers – claim – http://www.theregister.co.uk/2015/02/04/sony_hack_russian_theory/

Spyware aimed at Western governments, journalists hits iOS devices – http://arstechnica.com/security/2015/02/spyware-aimed-at-western-governments-journalists-hits-ios-devices/

Phishers Hone Their Scams with Texts, Phone Calls, Big Data – http://www.americanbanker.com/news/bank-technology/phishers-hone-their-scams-with-texts-phone-calls-big-data-1072535-1.htm

Big breach at hotel chain, again! – https://www.komando.com/happening-now/294926/big-breach-at-hotel-chain-again/all

Breach Will Cost Sony $35 Million For Fiscal Year – http://www.hacksurfer.com/posts/breach-will-cost-sony-35-dollars-million-for-fiscal-year

Get your smartphone’s screen fixed, and have your nude selfies stolen while you wait – http://grahamcluley.com/2015/02/get-smartphones-screen-fixed-nude-selfies-stolen-wait/

About.com affected by XSS, XFS, Open Redirect Vulnerabilities since October 2014 – http://securityaffairs.co/wordpress/33070/hacking/com-affected-xss-xfs-open-redirect-vulnerabilities-since-october-2014.html

Ransomware campaign spread via ad networks and zero-day vulnerabilities – http://www.csoonline.com/article/2880173/data-protection/ransomware-campaign-spread-via-ad-networks-and-zero-day-vulnerabilities.html#tk.rss_all

‘Ruskie’ malware pwns iOS 7 – http://www.theregister.co.uk/2015/02/05/xagent_operation_pawn_storm_trend_micro/

Schneider Electric Fixes Potential RCE Flaw in Several Products – http://www.securityweek.com/schneider-electric-fixes-potential-rce-flaw-several-products

 

Miscellaneous Infosec stories:

Ransomware isn’t a serious threat says threat intelligence firm – http://www.csoonline.com/article/2879697/data-protection/ransomware-isnt-a-serious-threat-says-threat-intelligence-firm.html#tk.rss_all

US top developer of risky mobile applications – http://www.csoonline.com/article/2879446/mobile-security/us-top-developer-of-risky-mobile-applications.html#tk.rss_all

Data breach trends in the financial services sector – http://www.lexology.com/library/detail.aspx?g=7989e808-5b79-4c21-b5ce-3c64dc205ec1

Matrix – An Open Standard for Decentralised Persistent Communication – http://matrix.org/

Data breach view – http://www.professionalsecurity.co.uk/news/interviews/data-breach-view/

Biggest cyber security threat is non-reporting culture – http://www.bankingday.com/nl06_news_selected.php?act=2&stream=1&selkey=18104&hlc=2&hlw=

Data Integrity: The Core of Security – http://www.securityweek.com/data-integrity-core-security

New Snowden docs: Western spy agencies rely on hackers – http://www.panorama.am/en/miscellaneous/2015/02/05/snowden-documents/

NSA raided hackers’ troves of stolen data: report – http://www.theregister.co.uk/2015/02/05/snowden_documents_intolerant_and_lovely_horse/

Researcher Gets $5,000 for Severe Vulnerability in HackerOne – http://www.securityweek.com/researcher-gets-5000-severe-vulnerability-hackerone

Is Your Big Data Safe? Beware The Siren’s Data Song – http://www.forbes.com/sites/teradata/2015/02/04/is-your-big-data-safe-beware-the-sirens-data-song/?ss=leadership

Cost fallout of a data breach felt for years – http://www.vitrium.com/document-security-protection-drm-blog/cost-fallout-of-a-data-breach-felt-for-years/

OCR Launches Updated HIPAA Breach Reporting Portal with Reporting Implications – http://www.natlawreview.com/article/ocr-launches-updated-hipaa-breach-reporting-portal-reporting-implications

President Obama Proposes Legislation to Nationalize Data Breach Notification Standard – http://www.jdsupra.com/legalnews/president-obama-proposes-legislation-to-82833/

Slow and Low – The Tempo for Today’s Latest Round of Attacks – http://www.securityweek.com/slow-and-low-tempo-todays-latest-round-attacks

SecDef Nominee: Cyber threats require holistic defense strategy – http://www.federaltimes.com/story/government/cybersecurity/2015/02/04/cyber-part-broad-defense-strategy/22869325/

Who’s Hijacking Internet Routes? – http://www.bankinfosecurity.com/whos-hijacking-internet-routes-a-7874

Report compares exploit skills of APT actors, other malware groups – http://www.scmagazine.com/researcher-looks-at-attacker-exploit-skills/article/396487/

Vulnerability of operational technology is a ticking time bomb – http://cio.economictimes.indiatimes.com/news/digital-security/vulnerability-of-operational-technology-is-a-ticking-time-bomb/46109136

 

Tools, Tips and How it’s done:

How to create an effective data security communication plan – http://www.csoonline.com/article/2879498/business-continuity/how-to-create-an-effective-data-security-communication-plan.html#tk.rss_all

BLOG: How social media hacks can be the gateway to further breaches – http://www.ibamag.com/news/blog-how-social-media-hacks-can-be-the-gateway-to-further-breaches-21218.aspx

IT lessons from iCloud: the increasing need for file-centric security – http://www.techradar.com/news/world-of-tech/it-lessons-from-icloud-the-increasing-need-for-file-centric-security-1283344

Three Easy Steps to Protect Companies From Cyber Attacks – http://www.msn.com/en-ca/news/other/three-easy-steps-to-protect-companies-from-cyber-attacks/vp-AA8Y5Po

Harvard cracks DNA storage, crams 700 terabytes of data into a single gram – http://www.extremetech.com/extreme/134672-harvard-cracks-dna-storage-crams-700-terabytes-of-data-into-a-single-gram

After the Data Breach – Forum Owner Guidelines – The ‘Customer’ – https://theadminzone.com/threads/after-the-data-breach-forum-owner-guidelines-the-customer.131736/

Grave robbing cyber style – how to prevent it – http://www.wcnc.com/story/news/crime/2015/02/04/grave-robbing-cyber-style—how-to-prevent-it/22902937/

BackBox Linux 4.1Keeps Security Researchers Anonymous – http://www.eweek.com/enterprise-apps/slideshows/backbox-linux-4.1keeps-security-researchers-anonymous.html

Threat Analysis Template For BYOD Applications – http://resources.infosecinstitute.com/threat-analysis-template-byod-applications/

Toshiba packs NUMERIC KEYPAD onto self-bricking USB drive – http://www.theregister.co.uk/2015/02/05/toshiba_packs_numeric_keypad_onto_selfbricking_usb_stick/

What You Need to Know About ‘Drive-By’ Cyber Attacks – http://smallbusiness.foxbusiness.com/entrepreneurs/2015/02/04/what-need-to-know-about-drive-by-cyber-attacks/

Data Breach? Don’t Make This Mistake – http://www.onwallstreet.com/news/technology/data-breach-dont-make-this-mistake-2691865-1.html

From Castles to Beer: A different approach to cyber security – http://www.federaltimes.com/story/government/it/blog/2015/02/04/castles-beer-cybersecurity-approach/22890419/

CIO Network: How to Respond During a Cyber Attack – http://www.wsj.com/video/cio-network-how-to-respond-during-a-cyber-attack/E188A2BD-07BC-4B39-80A0-E2DE01EC85B7.html

The Home Depot data breach and why hackers love FTP – http://www.vordel.com/it/blog/2014/10/home-depot-data-breach-and-why-hackers-love-ftp

Confide app adds documents so you can leak without getting caught – http://mashable.com/2015/02/04/confide-app-adds-documents/

As Flash 0day exploits reach new level of meanness, what are users to do? – http://arstechnica.com/security/2015/02/as-flash-0day-exploits-reach-new-level-of-meanness-what-are-users-to-do/

CSO50 2015: Creating a Human Firewall – http://www.csoonline.com/article/2878690/data-protection/cso50-2015-creating-a-human-firewall.html#tk.rss_all

3 incentives to encourage the adoption of the cyber framework – http://www.federalnewsradio.com/241/3793132/3-incentives-to-encourage-the-adoption-of-the-cyber-framework

Why the 80-20 rule is only half the cyber battle – http://www.federaltimes.com/story/government/solutions-ideas/2015/02/03/80-20-rule-cyber-battle/22793131/

The Hidden Psychology of Wearing Glasses – http://www.psmag.com/health-and-behavior/more-than-just-four-eyes-the-hidden-psychology-of-wearing-glasses

 

Miscellaneous Privacy stories

Data Protection: Why it should matter to digital Indians – http://cio.economictimes.indiatimes.com/news/digital-security/data-protection-why-it-should-matter-to-digital-indians/46116302

Surfing terror? IT companies told to keep tabs – http://cio.economictimes.indiatimes.com/news/digital-security/surfing-terror-it-companies-told-to-keep-tabs/46128355

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/