Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 11 March 2015

Written by SRM

11th March 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Timing: The State Department target of ‘worst ever’ cyber attack – http://hotair.com/archives/2015/03/11/timing-the-state-department-target-of-worst-ever-cyber-attack/

Seagate Downplays Risks Posed by Business NAS Flaws – http://www.securityweek.com/seagate-downplays-risks-posed-business-nas-flaws?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Stolen hard drives bring more data breach pain for US health services – https://nakedsecurity.sophos.com/2015/03/11/stolen-hard-drives-bring-more-data-breach-pain-for-us-health-services/

Run WordPress SEO by Yoast on your website? You need to update it – https://grahamcluley.com/2015/03/wordpress-seo-yoast-plugin-update/

MyBB Says Hacker Didn’t Access User Data, Source Code – http://www.securityweek.com/mybb-says-hacker-didnt-access-user-data-source-code

Panda antivirus labels itself as malware, then borks EVERYTHING – http://www.theregister.co.uk/2015/03/11/panda_antivirus_update_self_pwn/

Kaspersky reveals CAPTCHA-tricking Podec Trojan – http://www.zdnet.com/article/kaspersky-reveals-captcha-tricking-podec-trojan/

Android SDK nonce flaw lets hackers fiddle with your Dropbox privates – http://www.theregister.co.uk/2015/03/11/dropbox_sdk_flaw_left_microsoft_office_mobile_open_to_attack/

Ad bidding network caught slinging ransomware – http://www.theregister.co.uk/2015/03/11/ad_bidding_network_caught_slinging_ransomware/

Malware uses Windows product IDs to mix mutex – http://www.theregister.co.uk/2015/03/11/malware_mutex/

Security Experts Warn of Apple Watch Risks – http://www.informationsecuritybuzz.com/security-experts-warn-of-apple-watch-risks/

Cyber attack: Pro-ISIS hackers target Vizag company – http://www.deccanchronicle.com/150311/nation-crime/article/cyber-attack-pro-isis-hackers-target-vizag-company

Colonial Williamsburg’s website hit by cyber attack attributed to ISIS terror group – http://wtkr.com/2015/03/10/colonial-williamsburgs-website-hit-by-cyber-attack-attributed-to-isis-terror-group/

GOOGLERS’ EPIC HACK EXPLOITS HOW MEMORY LEAKS ELECTRICITY – http://www.wired.com/2015/03/google-hack-dram-memory-electric-leaks/

“Rowhammer” Flaw in DRAM Allows Privilege Escalation: Researchers – http://www.securityweek.com/%E2%80%9Crowhammer%E2%80%9D-flaw-dram-allows-privilege-escalation-researchers?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

 

Miscellaneous Infosec stories:

Verizon 2015 PCI report: More achieving PCI compliance, but failing to keep it – http://searchsecurity.techtarget.com/news/2240242119/Verizon-2015-PCI-report-More-achieving-PCI-compliance-but-failing-to-keep-it

Prepare for Confidence-Shaking Cyber Attack: FBI’s Taddeo – http://www.bloomberg.com/news/videos/2015-03-11/prepare-for-confidence-shaking-cyber-attack-fbi-s-taddeo

SMALL DATA DOES NOT MEAN IMMUNITY FROM CYBER ATTACKS – http://www.cbronline.com/news/security/small-data-does-not-mean-immunity-from-cyber-attacks-4530044

Stuxnet leak probe stalls for fear of confirming US-Israel involvement – http://arstechnica.com/tech-policy/2015/03/stuxnet-leak-probe-stalls-for-fear-of-confirming-us-israel-involvement/

German firms have learned to fear cyber-crime – http://www.dw.de/german-firms-have-learned-to-fear-cyber-crime/a-18308420

Is Trailblazing Payment Technology Worth the Risk to Banks? – http://www.americanbanker.com/news/bank-technology/is-trailblazing-payment-technology-worth-the-risk-to-banks-1073202-1.html

Consumers beware! Ofcom’s seen a scary new mobe nasty: APPS – http://www.theregister.co.uk/2015/03/11/ofcom_discovers_apps_issues_patronising_guide/

UK does not want online services to be subject to new cyber security rules, says official – http://www.out-law.com/en/articles/2015/march/uk-does-not-want-online-services-to-be-subject-to-new-cyber-security-rules-says-official/

Infosec a victim of inter-company ‘red tape’ – http://www.itweb.co.za/index.php?option=com_content&view=article&id=141824:Infosec-a-victim-of-inter-company-red-tape-&catid=234

Enterprises Riddled With ‘Unsafe’ Mobile Apps: Study – http://www.securityweek.com/enterprises-riddled-unsafe-mobile-apps-study

Cloud security and adoption trends – http://www.net-security.org/secworld.php?id=18065&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Free identity protection from breached companies falls short – http://thirdcertainty.com/news-analysis/free-identity-protection-breached-companies-falls-short/

FIs urged to improve cyber protection – http://www.gtreview.com/news/global/fis-urged-to-improve-cyber-protection/

Cyber Crime: The Gray Area Between Crime and Cyber Coverages – http://swett.com/cyber-crime-the-gray-area-between-crime-and-cyber-coverages/

 

Tools, Tips and How it’s done:

Study warns security certificates, cryptographic keys are in peril – http://searchsecurity.techtarget.com/news/2240242113/Study-warns-security-certificates-cryptographic-keys-are-in-peril

Cyber Compliance Is Not Cyber Protection – http://dailysignal.com/2015/03/11/cyber-compliance-not-cyber-protection/

Reconnect tool for hacking Facebook is publicly available – http://securityaffairs.co/wordpress/34705/hacking/reconnect-hacking-facebook.html

Case Study: Thwarting Insider Threats – http://www.databreachtoday.com/interviews/case-study-thwarting-insider-threats-i-2600

Protecting healthcare records from cyber attacks is a game of cat and mouse – http://www.information-age.com/technology/security/123459148/protecting-healthcare-records-cyber-attacks-game-cat-and-mouse

Managing the Cyber risk to the global shipping industry Part I – http://www.informationsecuritybuzz.com/managing-the-cyber-risk-to-the-global-shipping-industry-part-i/

Managing the Cyber risk to the global shipping industry Part II – http://www.informationsecuritybuzz.com/managing-the-cyber-risk-to-the-global-shipping-industry-part-ii/

Security, Know Thine Enemy – http://www.securityweek.com/security-know-thine-enemy

 

Miscellaneous Privacy stories:

Is Differential Privacy practical? – http://blog.mrtz.org/2013/08/21/dp-practical.html

ACLU files new lawsuits in hunt for police ‘Stingray’ mobe-trackers – http://www.theregister.co.uk/2015/03/11/aclu_file_lawsuits_to_reveal_spoofed_celltowers/

Dutch court suspends metadata surveillance law over privacy – http://tech.eu/news/dutch-court-suspends-data-retention-law/

Security Operations: Don’t Forget the Rest of the World – http://www.securityweek.com/security-operations-dont-forget-rest-world

 

Safeguarding Children and School E-Safety stories:

Facebook to face U.S. class action over children’s online purchases – http://www.reuters.com/article/2015/03/11/us-facebook-classaction-idUSKBN0M724720150311?feedType=RSS&feedName=businessNews

How to fight a cyber-bully – http://www.nbcnews.com/watch/cnbc/how-to-fight-a-cyber-bully-411714627980

Webcams and naked Whatsapp competitions: The dark truth about children online – http://www.telegraph.co.uk/women/womens-life/11464282/Sexting-and-revenge-porn-What-children-get-up-to-online.html

Cyber bullying not as concerning as face-to-face for kids: study – http://www.brisbanetimes.com.au/queensland/cyber-bullying-not-as-concerning-as-facetoface-for-kids-study-20150311-13zx7y.html

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/