Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 06 May 2015

Written by SRM

6th May 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

CozyDuke hackers targeting prominent US targets – http://www.theregister.co.uk/2015/04/22/cozyduke_hackers_white_house_state_dept_malware/

USIS data breach affected more than 27K – http://thehill.com/policy/cybersecurity/239732-dem-usis-data-breach-affected-more-than-27k

St. Vincent Medical Group notifies patients after successful phishing attempt compromises PHI – http://www.databreaches.net/in-st-vincent-medical-group-notifies-patients-after-successful-phishing-attempt-compromises-phi/

Costa Coffee Club warns of possible database intrusion – https://nakedsecurity.sophos.com/2015/04/22/costa-coffee-club-warns-of-possible-database-intrusion/?utm_source=twitterfeed&utm_medium=twitter&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29MI

Hyatt Gold Passport notifies a small number of loyalty program members of possible breach (update2) – http://www.databreaches.net/hyatt-gold-passport-notifies-a-small-number-of-loyalty-program-members-of-possible-breach/

Hackers hit Wake public schools server – http://www.wral.com/hackers-hit-wake-public-schools-server/14599060/

Verifone statement on default password Z66831 – http://www.databreaches.net/verifone-statement-on-default-password-z66831/

Seton Family Health notifying 39,000 patients after employee falls for phish; Second Ascension Health member to report breach this week (Update2) – http://www.databreaches.net/seton-family-health-notifying-39000-patients-after-employee-falls-for-phish-second-ascension-health-member-to-report-breach-this-week/

Update on Security Incident and Additional Security Measures – https://sendgrid.com/blog/update-on-security-incident-and-additional-security-measures/

Compass Group USA notifies consumers of NEXTEP-related payment card breach – http://www.compass-usa.com/pages/KioskUpdate.aspx

Oregon’s Health CO-OP Notifies Affected Plan Members Of Security Incident – http://www.databreaches.net/oregons-health-co-op-notifies-affected-plan-members-of-security-incident/

Big Credit Card Data Breach Hits Bars And Restaurants Using Harbortouch Point-of-Sale Systems – http://consumerist.com/2015/05/05/big-credit-card-data-breach-hits-bars-and-restaurants-using-harbortouch-point-of-sale-systems/

VA blocks more than a billion cyber threats in March – http://www.upi.com/Top_News/US/2015/05/05/VA-blocks-more-than-a-billion-cyber-threats-in-March/1391430841755/

Lawyers threaten researcher over key-cloning bug in high-security lock – http://arstechnica.com/security/2015/05/05/lawyers-threaten-researcher-over-key-cloning-bug-in-high-security-lock/

Attackers Used CareerBuilder to Send Malicious Resumes to Victims: Proofpoint – http://www.securityweek.com/attackers-used-careerbuilder-send-malicious-resumes-victims-proofpoint?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Skype vulnerable to “Redirect to SMB” – http://infosecaffairs.blogspot.in/2015/05/skype-vulnerable-to-redirect-to-smb.html

More Uber Accounts Have Been Hacked, This Time in the United States – http://motherboard.vice.com/read/more-uber-accounts-have-been-hacked-this-time-in-the-united-states

EllisLab Tells Users to Change Passwords After its Web Host Discovers Security Breach – http://www.thewhir.com/web-hosting-news/ellislab-tells-users-change-passwords-web-host-discovers-security-breach

‘Rombertik’ malware kills host computers if you attempt a cure – http://www.theregister.co.uk/2015/05/05/rombertik_malware/

Sally Beauty investigates possible second card breach – http://www.pcworld.com/article/2918652/sally-beauty-investigates-possible-second-card-breach.html

Hard Rock Hotel & Casino reveals data breach – http://www.nafcu.org/News/2015_News/May/Hard_Rock_Hotel___Casino_reveals_data_breach/

 

Miscellaneous Infosec stories:

The hotly disputed black magic of data breach cost estimates – http://fortune.com/2015/04/24/data-breach-cost-estimate-dispute/

More than 1 year after breach, data show up for sale on darknet – http://www.databreaches.net/more-than-1-year-after-breach-data-show-up-for-sale-on-darknet/

Taking out cyber insurance cover to become ‘the norm’ within 10 years, says ABI – http://www.out-law.com/en/articles/2015/may/taking-out-cyber-insurance-cover-to-become-the-norm-within-10-years-says-abi/

Lawsuit: Home Depot data breach was caused by management’s ‘overarching complacency’ over security – http://www.bizjournals.com/atlanta/news/2015/05/05/lawsuit-home-depot-data-breach-was-caused-by.html

Spending More on Breach Prevention Isn’t Fixing the Problem – http://www.infosecurity-magazine.com/news/spending-more-on-breach-prevention/

Firms ‘at risk of data breach’ – http://www.irishexaminer.com/business/firms-at-risk-of-data-breach-328950.html

Security Breach Detection, Prevention Harder Than 2 Years Ago Despite Security Spending: Survey – http://www.securityweek.com/security-breach-detection-prevention-harder-2-years-ago-despite-security-spending-survey

SHARED INFRASTRUCTURE AND THE RISK TO OUR DATA – http://www.thatchers.co.uk/blog/blog/cyber-security/shared-infrastructure-and-the-risk-to-our-data

The Top 10 Highest Paying Jobs in Information Security – Part 1 – http://www.tripwire.com/state-of-security/off-topic/the-top-10-highest-paying-jobs-in-information-security-part-1/

Data security in the payments ecosystem – http://www.net-security.org/secworld.php?id=18344&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Analogue modems allow UNSTOPPABLE Android attack … at 13bps – http://www.hp.com/make-it-matter/uk/en/smart-telcos.html?jumpid=ba_yfgpei6u4r

 

 

Tools, Tips and How it’s done:

Local Administrator Password Solution aims to stop credential replay – http://searchsecurity.techtarget.com/news/4500245671/Local-Administrator-Password-Solution-aims-to-stop-credential-replay

Deconstructing Mobile Fraud Risk – http://www.darkreading.com/attacks-breaches/deconstructing-mobile-fraud-risk/a/d-id/1320248

Facepwn: Script Kiddies Beware – http://thecryptosphere.com/2015/05/05/facepwn-script-kiddies-beware/

Defending Against Web Attacks: X-XSS Protection – http://resources.infosecinstitute.com/defending-against-web-attacks-using-http-headers-part-2/

 

Miscellaneous Privacy stories:

THE COMPUTERS ARE LISTENING – HOW THE NSA CONVERTS SPOKEN WORDS INTO SEARCHABLE TEXT – https://firstlook.org/theintercept/2015/05/05/nsa-speech-recognition-snowden-searchable-text/

 

Safeguarding Children and School E-Safety stories:

Mom Horrified After Kids’ Photos Stolen From Facebook – https://www.yahoo.com/parenting/mom-horrified-after-kids-photos-stolen-from-118210047777.html

Administrators Confront Student ‘Sexting’ – http://www.edweek.org/ew/articles/2009/06/17/35sexting_ep.h28.html

New Research Reveals Teens’ Near-Constant Use of Online Sites, Tools – http://blogs.edweek.org/edweek/DigitalEducation/2015/04/new_research_explores_teens_mobile_device_use_social_media.html

Anti-terror guidance for colleges and teachers published – https://www.tes.co.uk/news/further-education/breaking-news/anti-terror-guidance-colleges-and-teachers-published

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/