Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 09 March 2015

Written by SRM

9th March 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

A critical flaw affecting Google Apps for Work allows hackers to run malicious phishing campaigns by abusing any website’s domain name – http://securityaffairs.co/wordpress/34625/hacking/google-apps-flaw-phishing.html

Stolen Patient Records in Calif. Mean Possible Data Breach – http://healthitsecurity.com/2015/03/09/stolen-patient-records-in-calif-mean-possible-data-breach/

Cybercriminals Use Help Files to Distribute Ransomware – http://www.securityweek.com/cybercriminals-use-help-files-distribute-ransomware

DDoS attack on feminist blog backfires on International Women’s Day – http://www.welivesecurity.com/2015/03/09/femsplain-ddos-attack/

Email Spoofing Flaw Found in Google Admin Console – http://www.securityweek.com/email-spoofing-flaw-found-google-admin-console

University of Chicago suffers data breach – http://www.zdnet.com/article/university-of-chicago-suffers-data-breach/

Point-of-Sale Vendor NEXTEP Probes Breach – http://krebsonsecurity.com/2015/03/point-of-sale-vendor-nextep-probes-breach/

Hackers target passwords and loyalty cards – http://www.usatoday.com/story/money/columnist/tompor/2015/03/08/hacker-loyalty-card-tompor-rewards/24520343/

Two New POS Breaches Lead to Fraud – http://www.bankinfosecurity.co.uk/two-pos-breaches-highlight-fraud-trends-a-7989

Internet users that have recently installed or updated the popular BitTorrent client μTorrent 3.4.2 Build 28913 may have installed a Bitcoin miner – http://securityaffairs.co/wordpress/34543/security/%CE%BCtorrent-bitcoin-miner.html

Fake “Flash Player Pro” update delivers password-stealing Trojan – http://www.net-security.org/malware_news.php?id=2982&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

SF General investigates security breach involving patient records – http://www.sfgate.com/health/article/SF-General-investigates-security-breach-involving-6119924.php

IoT’s dark side: Hundreds of unsecured devices open to attack – http://www.csoonline.com/article/2893770/mobile-security/iots-dark-side-hundreds-of-unsecured-devices-open-to-attack.html#tk.rss_all

BILLION email address spam scam: Feds collar two blokes, hunt another – http://www.theregister.co.uk/2015/03/06/feds_data_center_breach/ and http://thehill.com/policy/cybersecurity/234893-three-charged-in-historic-email-data-breach

Pupils’ personal data shared online in “serious breach” of data protection – http://www.thisislocallondon.co.uk/news/11839828.Pupils__personal_data_shared_online_in__serious_breach__of_data_protection/

WhatsApp users duped by cyber scammers – http://www.express.co.uk/life-style/science-technology/562367/WhatsApp-users-duped-by-cyber-scammers

Dozens arrested in cybercrime ‘strike week’ – http://www.bbc.co.uk/news/technology-31753934

 

Miscellaneous Infosec stories:

ROSS ULBRICHT CALLS FOR NEW TRIAL, ALLEGING FEDS HACKED TOR – http://www.wired.com/2015/03/ross-ulbricht-calls-new-trial-alleging-feds-hacked-tor/

BACK OFF, spooks: UK legal hacking code should be ‘resisted at all costs’ says lawyer – http://www.theregister.co.uk/2015/03/09/uk_spooks_equipment_interference_parliament/

PHI Data Breaches Up 25% – http://www.healthitoutcomes.com/doc/phi-data-breaches-up-0001

To Counter Systemic Cyber Threats, Share Information – http://deloitte.wsj.com/cio/2015/03/09/to-counter-systemic-cyber-threats-share-information/

No more weak links – elite law firms unite to fight cyber security threat – http://www.legalbusiness.co.uk/index.php/lb-blog-view/3797-no-more-weak-links-elite-law-firms-unite-to-fight-cyber-security-threat

Making microchips part of credit card culture – http://www.courierpostonline.com/story/news/local/south-jersey/2015/03/08/making-microchips-part-credit-card-culture/24599703/

Cyveillance Weekly Trends Report – March 6, 2015 – http://www.infosecdailynews.com/cyveillance-weekly-trends-report-march-6-2015/

Hillary’s Secret Email Was a Cyberspy’s Dream Weapon – http://www.thedailybeast.com/articles/2015/03/07/hillary-s-secret-email-was-a-cyberspy-s-dream-weapon.html

 

Tools, Tips and How it’s done:

Security in the Application Economy – http://www.inforisktoday.co.uk/security-in-application-economy-a-7993

5 common Wi-Fi attacks – and how to defend against them – http://www.networkworld.com/article/2893073/wi-fi/5-common-wi-fi-attacks-and-how-to-defend-against-them.html

Big Data, Surveillence, and Social Engineering – http://huemanbeings.blogspot.co.uk/2015/03/data-surveillance-and-broader-approach.html

Web protection: A flu mask for the internet – http://www.theregister.co.uk/2015/03/09/web_protection_a_flu_mask_for_the_internet/

How Malware Generates Mutex Names to Evade Detection – https://isc.sans.edu/diary/How+Malware+Generates+Mutex+Names+to+Evade+Detection/19429

Internet Explorer Zones and Stealing Autologon Hashes – http://ranger-cha.blogspot.co.uk/2015/03/internet-explorer-zones-and-stealing.html

Protecting yourself and your mobile in an ever connecting world – http://www.itproportal.com/2015/03/08/protecting-yourself-your-mobile-ever-connecting-world/

ANATOMY OF A HACK – http://www.theverge.com/a/anatomy-of-a-hack

How PayPal uses deep learning and detective work to fight fraud – http://www.skymind.io/2015/03/08/how-paypal-uses-deep-learning-and-detective-work-to-fight-fraud/

A website that irrevocably deletes itself once indexed by Google – https://github.com/mroth/unindexed/blob/master/README.md

Guide to HTTP Header Configuration – https://community.rapid7.com/community/nexpose/blog/2013/05/30/guide-to-http-header-configuration

Researchers hack NSA’s website with only $104 and 8 hours of Amazon’s cloud computing power using the #FREAK vulnerability – http://securityaffairs.co/wordpress/34554/hacking/nsa-site-vulnerable-freak-flaw.html

Bootkit Disk Forensics – Part 1 – http://www.malwaretech.com/2015/02/bootkit-disk-forensics-part-1.html?m=1

The Tricky World of Securing Firmware – https://blogs.intel.com/evangelists/2015/02/20/tricky-world-securing-firmware/

Give biometrics the FINGER: Horror tales from the ENCRYPT – http://www.theregister.co.uk/2015/03/07/give_biometrics_the_finger_horror_tales_from_the_encrypt/

Mind-reading DNS security analysis offers early warning for APT attacks – http://www.theregister.co.uk/2015/03/06/precog_dns_security/

 

Miscellaneous Privacy stories:

‘CCTV in all homes’: Police chief’s domestic security call attacked by privacy groups – http://rt.com/uk/239001-cctv-homes-uk-howes/

Privacy glasses that let you go incognito in a world filled with facial recognition software – http://www.dailymail.co.uk/news/article-2976772/Privacy-glasses-debut-make-invisible-facial-recognition.html

 

Safeguarding Children and School E-Safety stories:

Outlawing cyberbullying: Bill would prohibit online mischief by students – http://www.timesdaily.com/news/outlawing-cyberbullying-bill-would-prohibit-online-mischief-by-students/article_a225be04-c614-11e4-9da5-c337d56faa7d.html

16pc of children victims of cyber bullying – http://www.independent.ie/irish-news/news/16pc-of-children-victims-of-cyber-bullying-31050953.html

5 Reasons You Should Never Cyber-Shame Your Kids – https://www.yahoo.com/parenting/5-reasons-you-should-never-cyber-shame-your-kids-111893621258.html

Teacher Accused Of Using Social Media To Cyberbully A Student – http://www.cbs12.com/news/top-stories/stories/vid_24036.shtml

Pupils’ personal data shared online in “serious breach” of data protection – http://www.thisislocallondon.co.uk/news/11839828.Pupils__personal_data_shared_online_in__serious_breach__of_data_protection/

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/