Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 05 March 2015

Written by SRM

5th March 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

ShareLaTeX Fixes Remote Command Execution Vulnerability – http://www.securityweek.com/sharelatex-fixes-remote-command-execution-vulnerability

GoPro Users’ Wi-Fi Passwords Were Available Online: Researcher – http://www.securityweek.com/gopro-users%E2%80%99-wi-fi-passwords-were-available-online-researcher

New PoS malware family discovered – http://www.net-security.org/malware_news.php?id=2977&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Apple shirks responsibility for fraud happening on Apple Pay – http://qz.com/355210/apple-shirks-responsibility-for-fraud-happening-on-apple-pay/

Does Apple Pay really have a fraud problem? – The fraud is happening through the banks, not through Apple Pay – http://www.theverge.com/2015/3/4/8149663/apple-pay-credit-card-fraud-banks

Credit Card Breach at Mandarin Oriental – http://krebsonsecurity.com/2015/03/credit-card-breach-at-mandarian-oriental/

Anthem Refuses Full IT Security Audit – http://www.inforisktoday.com/anthem-refuses-full-security-audit-a-7980

Bank of America sued over $1.03 million cyber-breach – http://www.finextra.com/news/fullstory.aspx?newsitemid=27075

Android users spammed with fake Amazon gift card offers – http://www.csoonline.com/article/2892598/malware-cybercrime/android-users-spammed-with-fake-amazon-gift-card-offers.html#tk.rss_all

Drive-by attack relies on hacked GoDaddy accounts – http://www.csoonline.com/article/2892327/malware-cybercrime/driveby-attack-relies-on-hacked-godaddy-accounts.html#tk.rss_all and http://securityaffairs.co/wordpress/34428/cyber-crime/godaddy-accounts-compromised-angler.html

Play.com Suffers Security Breach – http://www.hacksurfer.com/posts/play-dot-com-suffers-security-breach?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Hacksurfer+(Hacksurfer+-+Industry-Focused+Cybercrime+Data)

 

Miscellaneous Infosec stories:

International effort to wrangle t’internet from NSA fizzles out in chaos – http://www.theregister.co.uk/2015/03/04/netmundial_council_meeting_cancelled_again/

Cyber commands coordinate strategies – http://www.c4isrnet.com/story/military-tech/cyber/2015/03/04/cyber-commands-coordinate-strategies/24373109/

Financial Malware Fell in 2014 As Takedown Operations Have Impact – http://www.securityweek.com/financial-malware-fell-2014-takedown-operations-have-impact

The cybercrime economy personified – http://www.csoonline.com/article/2892442/malware-cybercrime/the-cybercrime-economy-personified.html#tk.rss_all

The paranoid CISO – http://www.csoonline.com/article/2891687/security-awareness/the-paranoid-ciso.html#tk.rss_all

[Note: Download] Automotive Cyber Security – https://www.google.com/url?rct=j&sa=t&url=http://www.theiet.org/sectors/transport/documents/automotive-cs.cfm&ct=ga&cd=CAIyHGEwNjQ1MmEzNTIxYjlkNTQ6Y28udWs6ZW46R0I&usg=AFQjCNG0YY8YDxf1kVYQdBbp0Scz786Kyw

15 Lines of CSI: Cyber Dialogue That Will Scare Your Mom Off the Internet for Good – http://www.tv.com/shows/csi-cyber/community/post/csi-cyber-review-season-1-kidnapping-20-cmnd-crash-killer-en-route-142542924607/

Why would industry share cyber data with government? – http://thehill.com/policy/cybersecurity/234644-gop-rep-why-would-industry-share-cyber-data-with-government

“Is There a Cyber Security Worker Shortage?”, A Podcast with Someone Who’s “Been There, Done That” – http://www.novetta.com/2015/03/is-there-a-cyber-security-worker-shortage-a-podcast-with-someone-whos-been-there-done-that-2/

Infosec On The Go: What Do Your Road Warriors Know About Cybersecurity? – http://blogs.forrester.com/heidi_shey/15-03-04-infosec_on_the_go_what_do_your_road_warriors_know_about_cybersecurity

.hotels. .hoteis … not a typo but a window into ICANN’s baffling world – http://www.theregister.co.uk/2015/03/05/icann_taken_to_task_over_worthless_accountability_mechanisms/

Big data security analytics: Can it revolutionize information security? – http://searchsecurity.techtarget.com/news/2240241713/Big-data-security-analytics-Can-it-revolutionize-information-security

The Drug Cartels’ IT Guy – http://motherboard.vice.com/read/radio-silence

London’s forgotten pneumatic messaging system – http://lapsedhistorian.com/get-blower-londons-forgotten-pneumatic-messaging-tubes/

Graham Cluley nominated for security blogger award. Vote now! – https://grahamcluley.com/2015/03/graham-cluley-nominated-security-blogger-award/

 

Tools, Tips and How it’s done:

Preparing for Incident Response – https://community.rapid7.com/community/infosec/blog/2015/03/04/preparing-for-incident-response

Tokenization as a companion to Encryption – http://security-musings.blogspot.co.uk/2015/03/tokenization-as-companion-to-encryption.html

Social engineering attacks you might see in the IoT – https://blogs.mcafee.com/business/social-engineering-attacks-might-see-iot

Cryptography Fundamentals, Part 3 – Hashing – http://resources.infosecinstitute.com/cryptography-fundamentals-part-3-hashing/

A proactive approach to DDoS attack prevention – http://www.net-security.org/secworld.php?id=18036&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

 

Miscellaneous Privacy stories:

Privacy Breach Linked to Machinery Malfunction: Brazil – http://www.vocm.com/newsarticle.asp?mn=2&id=53109&latest=1

EFF to UN: You Need a Privacy Watchdog – https://www.eff.org/deeplinks/2015/03/eff-un-you-need-privacy-watchdog

‘Security, privacy’ main barrier to ‘government cloud’ rollout in EU – http://www.theregister.co.uk/2015/03/04/security_and_privacy_issues_main_barrier_to_government_cloud_deployment_in_eu/

Privacy? What privacy? EU’s draft law on your data is useless, say digital rights orgs – http://www.theregister.co.uk/2015/03/04/data_protection_what_data_protection_proposed_new_law_is_as_good_as_useless_say_digtal_rights_orgs/

 

Safeguarding Children and School E-Safety stories:

Government Unable To Block Students’ Tablets From Inappropriate Sites – http://jamaica-gleaner.com/article/news/20150305/government-unable-block-students-tablets-inappropriate-sites

Dad Goes After Cyber-bullies [AUDIO] – http://www.kiddnation.com/dad-goes-after-cyber-bullies/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/