Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 06 February 2015

Written by SRM

6th February 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts: Anthem:

A Mere 8 Days After Breach, Anthem Healthcare Notifies Customers – http://www.darkreading.com/risk/a-mere-eight-days-after-breach-anthem-healthcare-notifies-customers-/d/d-id/1318979

The Morning Download: Anthem Attack Raises Questions About IT Architecture, Cyber Expert Says – http://blogs.wsj.com/cio/2015/02/05/the-morning-download-anthem-attack-raises-questions-about-it-architecture-cyber-expert-says/

Why even strong crypto wouldn’t protect SSNs exposed in Anthem breach – http://arstechnica.com/security/2015/02/why-even-strong-crypto-wouldnt-protect-ssns-exposed-in-anthem-breach/

State-sponsored Chinese hackers reportedly suspected in Anthem breach – http://www.pcworld.com/article/2880792/statesponsored-chinese-hackers-reportedly-suspected-in-anthem-breach.html

Update: Top 5 Health Data Breaches – http://www.inforisktoday.co.uk/update-top-5-health-data-breaches-a-7877

Hackers See Rewarding Targets in Health Care Companies – http://abcnews.go.com/Technology/wireStory/hackers-rewarding-targets-health-care-companies-28759891

Anthem data breach could be ‘lifelong battle’ for customers – http://www.indystar.com/story/news/2015/02/05/anthem-data-breach-lifelong-battle-customers/22953623/

Anthem Cyber Hack: 5 Fast Facts You Need to Know – http://heavy.com/news/2015/02/anthem-cyber-hack-computer-identity-theft-names-social-security-email-phone-numbers-blue-cross-blue-shield/

Anthem Hacking Points to Security Vulnerability of Health Care Industry – http://www.nytimes.com/2015/02/06/business/experts-suspect-lax-security-left-anthem-vulnerable-to-hackers.html

 

Breaches, Incidents and Alerts: The rest:

Portsmouth gangster jailed over £1.6m cyber attack – http://www.portsmouth.co.uk/news/local/portsmouth-gangster-jailed-over-1-6m-cyber-attack-1-6565051

Lincolnshire mobile phone users targeted in £200 mobile phone “porn” con – http://www.sleafordtarget.co.uk/Lincolnshire-mobile-phone-users-targeted-200/story-25972599-detail/story.html

Still using Adobe Flash? Oh well, get updating: 15 hijack flaws patched – http://www.theregister.co.uk/2015/02/05/adobesighpatches_anothersighflash_zeroday_vulnerability/

Ad Bidding Network Abused for Ransomware Delivery in “Fessleak” Attacks – http://www.securityweek.com/ad-bidding-network-abused-ransomware-delivery-%E2%80%9Cfessleak%E2%80%9D-attacks

Sony Exec Steps Down After Breach – http://www.databreachtoday.co.uk/sony-exec-steps-down-after-breach-a-7879

Prolific espionage group returns with iOS spyware – http://www.scmagazineuk.com/prolific-espionage-group-returns-with-ios-spyware/article/396697/

ID theft ring allegedly stole $700,000 in Apple gift cards – http://www.csoonline.com/article/2880145/access-control/with-employee-help-id-theft-ring-allegedly-stole-700000-in-apple-gift-cards.html#tk.rss_all

 

Miscellaneous Infosec stories:

Why we should worry about domestic drones and how to bring them down – http://blogs.reuters.com/great-debate/2015/02/05/why-we-should-care-about-domestic-drones-and-how-to-bring-them-down/?utm_source=Facebook

London behind surge in use of contactless cards – http://www.bbc.co.uk/news/business-31164806

Snowden leaks LEGALISED GCHQ’s ‘illegal’ dragnet spying, rules British tribunal – http://www.theregister.co.uk/2015/02/06/gchq_mass_surveillance_unlawful_but_now_lawful_thanks_snowden/

Start stockpiling tinned beans and ammo: This malware will end civilisation – http://www.theregister.co.uk/2015/02/06/hype_affects_patching/

Cyber security for a hyper-connected world – http://www.firstpost.com/business/cyber-security-hyper-connected-world-2083487.html

Swap your keyless key for keyless key-less key. You’ll need: a Tesla S and Apple Watch – http://www.theregister.co.uk/2015/02/05/control_your_tesla_with_your_apple_watch/

CEOs Are In The Dark About How Their Firms Use Data – http://www.forbes.com/sites/tomgroenfeldt/2015/02/05/ceos-are-in-the-dark-about-how-their-firms-use-data/

The World’s Email Encryption Software Relies On One Guy, Who Is Going Broke – https://www.techdirt.com/articles/20150205/11373529920/worlds-email-encryption-software-relies-one-guy-who-is-going-broke.shtml

High-Powered Electromagnetics Cyber Electronic Cyber Warfare Applications – https://www.fbo.gov/?s=opportunity&mode=form&id=a51eaeb2b00f19584f04cc8feeee96a2&tab=core&_cview=1

Inside nullcon Security Event – http://www.databreachtoday.com/inside-nullcon-security-event-a-7887

New High-Tech Farm Equipment Is a Nightmare for Farmers – http://www.wired.com/2015/02/new-high-tech-farm-equipment-nightmare-farmers/

SEC Examines Response From Financial Advisory, Brokerage Firms to Cyber Threats – http://www.securityweek.com/sec-examines-response-financial-advisory-brokerage-firms-cyber-threats

Be prepared: Cyber threats ignore all borders – http://borneobulletin.com.bn/prepared-cyber-threats-ignore-borders/

Most Brokerages and Advisory Firms Targeted by Cybercriminals – http://www.wsj.com/articles/most-brokerages-and-advisory-firms-targeted-by-cyber-criminals-1422993463

 

Tools, Tips and How it’s done:

Honored in the Breach: Employer Action Items for an Insurer Data Breach – http://blog.ogletreedeakins.com/honored-in-the-breach-employer-action-items-for-an-insurer-data-breach/

Why a dumb security video will help you work smarter, not harder – http://www.zdnet.com/article/why-a-dumb-security-video-will-help-you-work-smarter-not-harder/

Black box attack, hacking an ATM with Raspberry Pi – http://securityaffairs.co/wordpress/33173/hacking/black-box-attack-raspberry.html

5 ways your business is at risk from a cyber-security attack – http://betanews.com/2015/02/06/5-ways-your-business-is-at-risk-from-a-cyber-security-attack/

NIST Framework: Is It a Success? – http://www.bankinfosecurity.com/blogs/nist-framework-success-p-1807

Exploit Kit Evolution – Neutrino – https://isc.sans.edu/diary/Exploit+Kit+Evolution+-+Neutrino/19283

InfoSec Challenge: When To Be Quiet, When To Go Public – https://blogs.akamai.com/2015/02/infosecs-tlp-challenge-when-to-be-quiet-when-to-go-public.html

TLS/SSL Scanning Enhancements in Nexpose 5.12 – https://community.rapid7.com/community/nexpose/blog/2015/02/04/tlsssl-scanning-enhancements-in-nexpose-512

Closing the Privacy Gap in the OWASP IoT Top Ten – http://resources.infosecinstitute.com/closing-privacy-gap-owasp-iot-top-ten/

Most Infamous Hacks of the 21 Century – http://sputniknews.com/in_depth/20150205/1017828195.html

Disconnected Security Increases Risk – http://www.securityweek.com/disconnected-security-increases-risk

You can now send ‘screenshot-proof’ documents and photos with Confide, the ‘Snapchat for business’ – http://uk.businessinsider.com/confide-app-adds-screenshot-proof-photo-messaging-2015-2?op=1?r=US

The Industrialization of Hacking: Part 2 – The Cybersecurity Arms Race – http://www.cio.com/article/2880559/security0/the-industrialization-of-hacking-part-2-the-cybersecurity-arms-race.html

Why small firms struggle with cyber security – http://www.bbc.co.uk/news/technology-31039137

How to procure email encryption software – http://searchsecurity.techtarget.com/feature/How-to-procure-email-encryption-software

Time to reprioritise security awareness efforts – http://www.csoonline.com/article/2879660/security-awareness/time-to-reprioritize-security-awareness-efforts.html#tk.rss_all

How to keep track of all your passwords – http://www.csoonline.com/article/2879990/network-security/how-to-keep-track-of-all-your-passwords.html#tk.rss_all

Retail Needs to Take a Lesson From…Retail – http://www.solutionary.com/resource-center/blog/2015/02/retail-needs-to-take-a-lesson-from-retail/

Weekly Metasploit Wrapup: On Insecure Updates – https://community.rapid7.com/community/metasploit/blog/2015/02/05/weekly-metasploit-wrapup

The Privilege Escalation Cycle and Its Role in Russia’s Anunak Cyber Attack – http://www.cyberark.com/blog/privilege-escalation-cycle-role-russias-anunak-cyber-attack/

 

Miscellaneous Privacy stories

Google panel backs limit to ‘right to be forgotten’ – http://cio.economictimes.indiatimes.com/news/government-policy/google-panel-backs-limit-to-right-to-be-forgotten/46143246

‘Privacy is DAMAGING to PROGRESS’ says Irish big data whitepaper – http://www.theregister.co.uk/2015/02/06/big_data_needs_your_blood_sweat_and_tears_say_boffins/

The guy standing between Facebook and its next privacy disaster – http://fusion.net/story/41870/facebook-privacy-yul-kwon/

EFF Launches Awards Program For Most Outrageous Failures In FOIA Responses – https://www.techdirt.com/articles/20150204/04154629902/eff-launches-awards-program-most-outrageous-failures-foia-responses.shtml

Mass Surveillance: An Odd Justification – http://www.inforisktoday.co.uk/blogs/mass-surveillance-odd-justification-p-1805

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

 

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/