Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 16 March 2015

Written by SRM

16th March 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

MongoDB tool vulnerable to remote code execution flaw – http://www.csoonline.com/article/2897113/vulnerabilities/mongodb-tool-vulnerable-to-remote-code-execution-flaw.html#tk.rss_all

WPML WordPress Plugin Vulnerabilities Expose 400,000 Websites – http://www.securityweek.com/wpml-wordpress-plugin-vulnerabilities-expose-400000-websites

Texas A&M Data Breach of Nearly 4,700 Faculty & Graduate Assistants – http://www.databreaches.net/texas-am-data-breach-of-nearly-4700-faculty-graduate-assistants/

TalkTalk Criticized as Customers Face Fraud Following Data Breach – http://www.hacksurfer.com/posts/talktalk-criticized-as-customers-face-fraud-following-data-breach

Uber sued over driver data breach, adding to legal woes – http://ca.reuters.com/article/technologyNews/idCAKBN0M92HB20150313

Does Rowhammer mark a new wave of hardware vulnerabilities? – http://searchsecurity.techtarget.com/news/2240242289/Does-Rowhammer-mark-a-new-wave-of-hardware-vulnerabilities

Schneider Electric Patches Flaw in Pelco Video Management Software – http://www.securityweek.com/schneider-electric-patches-flaw-pelco-video-management-software?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Android 5.1 Lollipop Memory Leak Issue Gets Internal Fix But Still Lacks Public Release – http://www.androidheadlines.com/2015/03/android-5-1-lollipop-memory-leak-issue-gets-internal-fix-still-lacks-public-release.html

Data leak scandal involving personal info of 872 children suppressed, lawyer claims – http://www.todayszaman.com/national_data-leak-scandal-involving-personal-info-of-872-children-suppressed-lawyer-claims_375331.html

Corporate espionage: PricewaterhouseCoopers official under CBI scanner in document leak case – http://www.dnaindia.com/india/report-corporate-espionage-pricewaterhousecoopers-official-under-cbi-scanner-in-document-leak-case-2068845

News website gone down, visitors speculate Cyber attack – http://pulse.ng/world/bbc-news-website-gone-down-visitors-speculate-cyber-attack-id3568457.html

Hundreds of Facebook users hit by new cyber fraud in Vietnam – http://www.thanhniennews.com/tech/hundreds-of-facebook-users-hit-by-new-cyber-fraud-in-vietnam-39791.html

State Dept. Shuts Down Email After Cyber Attack – http://abcnews.go.com/US/state-dept-shuts-email-cyber-attack/story?id=29624866

Critical hole in popular WordPress SEO plugin allows SQLi, site hijacking – http://www.net-security.org/secworld.php?id=18080

CA: Bistro Burger discloses payment card breach at Mission Street location – http://www.databreaches.net/ca-bistro-burger-discloses-payment-card-breach-at-mission-street-location/

 

Miscellaneous Infosec stories:

Gartner: Digital Risk Officers on Rise – http://www.databreachtoday.com/gartner-digital-risk-officers-on-rise-a-8015

ICS-CERT MONITOR report states most critical infrastructure attacks involve APTs – http://securityaffairs.co/wordpress/34936/cyber-crime/ics-cert-monitor-report-apt.html

Hackable media box based on the Raspberry Pi: Five Ninjas Slice – http://www.theregister.co.uk/2015/03/16/review_five_ninjas_slice_not_raspberry_pi/

2015 Security Predictions – Have They Held True So Far? – http://www.securityweek.com/2015-security-predictions-have-they-held-true-so-far

Report says strong authentication use lagging in federal agencies – http://www.zdnet.com/article/report-says-strong-authentication-not-up-to-par-in-federal-agencies/

90% web, mobile apps open to cyber attacks: Expert – http://timesofindia.indiatimes.com/city/bhopal/90-web-mobile-apps-open-to-cyber-attacks-Expert/articleshow/46570274.cms

Health data breaches rise, but fines rare – http://www.bucyrustelegraphforum.com/story/news/state/2015/03/15/health-data-breaches-rise-fines-rare/70284702/

Revealed: Civil servant who issued RBS leak email links with Better Together leader – http://www.heraldscotland.com/news/home-news/revealed-civil-servant-who-issued-rbs-leak-email-links-with-better-together-leader.120666908

Does that email look phishy? – http://www.thestarphoenix.com/jobs/Does+that+email+look+phishy/10889901/story.html

IT Pros Still Concerned Over Public Cloud Security: Survey – http://www.securityweek.com/it-pros-still-concerned-over-public-cloud-security-survey?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

 

Tools, Tips and How it’s done:

Backdoors in Your Device: Security and Political Perspectives – http://resources.infosecinstitute.com/buying-your-device-with-a-backdoor-security-and-political-perspectives/

Information security innovation and research – http://www.net-security.org/article.php?id=2235&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Ransomware: Pay it or fight it? – http://www.csoonline.com/article/2896999/malware-cybercrime/ransomware-pay-it-or-fight-it.html#tk.rss_all

Anthem Breach: 9 Lessons for India – http://www.databreachtoday.co.uk/anthem-breach-9-lessons-for-india-a-8014

Ransomware Attacks’ New Focus: Businesses – http://www.databreachtoday.co.uk/ransomware-attacks-new-focus-businesses-a-8013

Top 3 Takeaways from the “Getting One Step Ahead of the Attacker: How to Turn the Tables” Webcast – https://community.rapid7.com/community/userinsight/blog/2015/03/13/top-3-takeaways-from-the-getting-one-step-ahead-of-the-attacker-how-to-turn-the-tables-webcast

‘How Bank Insiders Connive with Fraudsters’ – http://www.thisdaylive.com/articles/how-bank-insiders-connive-with-fraudsters/204219/

Anti-doxing strategy—or, how to avoid 50 Qurans and $287 of Chick-Fil-A – http://arstechnica.com/security/2015/03/anti-doxing-strategy-or-how-to-avoid-50-qurans-and-287-of-chick-fil-a/

Exploitation with Social Engineering Toolkit SET – http://tune.pk/video/5928342/exploitation-with-social-engineering-toolkit-set

Protecting customer data in the digital world – http://enterpriseinnovation.net/article/protecting-customer-data-digital-world-67940930

Adventures in breach alerts, Saturday edition – http://www.databreaches.net/adventures-in-breach-alerts-saturday-edition/

Hillary Clinton email debate highlighted by email security mistakes – http://searchsecurity.techtarget.com/news/2240242314/Hillary-Clinton-email-debate-highlighted-by-email-security-mistakes

The Growing Role of Machine Learning in Cyber Security – http://www.dataversity.net/the-growing-role-of-machine-learning-in-cyber-security/

Social engineering tales – http://www.slideshare.net/fiberghost1/social-engineering-tales

Introduction To Malware – Social Engineering – http://www.digitalmunition.me/2015/03/introduction-to-malware-social-engineering/

Three Reasons Social Engineering Still Threatens Companies – http://securityintelligence.com/three-reasons-social-engineering-still-threatens-companies/#.VQcCl46sV8E

Avoid Internet Catfishing Social Engineering Scams – http://www.defendpcthreats.com/avoid-internet-catfishing-social-engineering-scams

Challenges Remain in Upholding PCI Compliance: Report – http://www.securityweek.com/challenges-remain-upholding-pci-compliance-report?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

CIA spy chief says social media amplifies terror threat – http://www.streetwisejournal.com/cia-spy-chief-social-media/8192/

Yahoo wants to let you forget your Yahoo password – http://www.cnet.com/news/yahoo-wants-to-let-you-forget-your-yahoo-password/

Dot-com at 30: will the world’s best-known web domain soon be obsolete? – http://www.telegraph.co.uk/technology/internet/11470195/Dot-com-at-30-will-the-worlds-best-known-web-domain-soon-be-obsolete.html

Defending against PoS RAM scrapers – http://www.net-security.org/secworld.php?id=18079&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

 

Miscellaneous Privacy stories:

Americans Eye Ways to Skirt Online Snooping: Survey – http://www.securityweek.com/americans-eye-ways-skirt-online-snooping-survey

How Two Obscure Court Verdicts In Europe Could Impact Americans’ Privacy, Cybersecurity, and Taxes – http://www.forbes.com/sites/josephsteinberg/2015/03/15/how-two-obscure-court-verdicts-in-europe-could-impact-americans-privacy-cybersecurity-and-taxes/

Mysterious spy cameras collecting data at post offices – http://kdvr.com/2015/03/11/mysterious-spy-cameras-collecting-data-at-post-offices/

Twitter Takes Steps To Combat Stolen Nudes And Revenge Porn – http://www.buzzfeed.com/charliewarzel/twitter-tackles-revenge-porn#.tgYPAGbNAn

 

Safeguarding Children and School E-Safety stories:

Cyberbully Bill Approved by House – http://valdostatoday.com/2015/03/georgia-cyberbully-bill-approved-by-house/

SUPERINTENDENT CONFIRMS COMMON CORE’S PEARSON SPYING ON KIDS’ SOCIAL MEDIA ACCOUNTS – http://www.breitbart.com/big-government/2015/03/15/superintendent-confirms-common-cores-pearson-spying-on-kids-social-media-accounts/

5 things you need to know about protecting your child from cyber-bullying – http://memeburn.com/2015/03/5-things-you-need-to-know-about-protecting-your-child-from-cyber-bullying/

Seven in 10 Koreans experience ‘cyber stalking’ – http://www.koreatimes.co.kr/www/news/nation/2015/03/116_175249.html

Parents Feel Powerless in Face of Cyberbullying – http://www.infosecdailynews.com/parents-feel-powerless-in-face-of-cyberbullying/

Hornchurch students learn about e-safety – http://www.romfordrecorder.co.uk/news/education/hornchurch_students_learn_about_e_safety_1_3991339

Pingle School pupils get requests for naked images – http://www.bbc.co.uk/news/uk-england-derbyshire-31795883

Safeguarding the future of children – http://www.scotsman.com/news/safeguarding-the-future-of-children-1-3719208

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/