Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 18 March 2015

Written by SRM

18th March 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Premera has been the target of a sophisticated cyberattack – http://premeraupdate.com/

and http://www.bankinfosecurity.com/another-massive-health-data-hack-a-8026

Premera, Anthem data breaches linked by similar hacking tactics – http://www.csoonline.com/article/2898110/business-continuity/premera-anthem-data-breaches-linked-by-similar-hacking-tactics.html#tk.rss_all

Sensitive apps with 6.3 BILLION downloads found open to FREAK – http://www.theregister.co.uk/2015/03/18/freaky_apps_litter_top_spots_in_apple_android_app_stores/

South Korea – Hacker requests money for data on nuclear plants – http://securityaffairs.co/wordpress/35013/cyber-crime/hacker-south-korean-nuclear-plants.html

Banking Regulator Issues New Phishing Alert – http://www.databreachtoday.co.uk/banking-regulator-issues-new-phishing-alert-a-8027

D-Link patches yet more vulns – http://www.theregister.co.uk/2015/03/18/dlink_patches_yet_more_vulns/

Apple iOS Hardware Assisted Screenlock Bruteforce – http://blog.mdsec.co.uk/2015/03/bruteforcing-ios-screenlock.html

Apple Fixes WebKit Vulnerabilities With Release of Safari 8.0.4 – http://www.securityweek.com/apple-fixes-webkit-vulnerabilities-release-safari-804

Benesse finds new customer info data leak – http://www.japantimes.co.jp/news/2015/03/18/national/crime-legal/benesse-finds-new-customer-info-data-leak/#.VQlhZo6sWSo

LifeWise insurance firm confirms cyber attack – http://www.bizjournals.com/phoenix/news/2015/03/17/lifewise-insurance-firmconfirms-cyberattack.html

Education ministry notifies police after website security breached and private email addresses obtained – http://www.insidehalton.com/news-story/5481703-education-ministry-notifies-police-after-website-security-breached-and-private-email-addresses-obtai/

Exim Mail Server GHOST Exploit Now Available – http://blog.coresecurity.com/2015/03/17/exim-mail-server-ghost-exploit-now-available/

E K and Company notifies clients of stolen hard drive with financial information – http://www.databreaches.net/e-k-and-company-notifies-clients-of-stolen-hard-drive-with-financial-information/

 

Miscellaneous Infosec stories:

As DevOps Go From Niche to Mainstream, Will InfoSec Follow? – http://blogs.csc.com/2015/03/17/as-devops-go-from-niche-to-mainstream-will-infosec-follow/

Symantec Study Finds Home Smart Devices Wide Open to Cyber-Attack – http://www.eweek.com/security/symantec-study-finds-home-smart-devices-wide-open-to-cyber-attack.html

Is the DNS’ security protocol a waste of everyone’s time and money? – http://www.theregister.co.uk/2015/03/18/is_the_dns_security_protocol_a_waste_of_everyones_time_and_money/

Texas Data Breach Bill Would Ban Holding Card Data For More Than 48 Hours – http://www.cutoday.info/Fresh-Today/Texas-Data-Breach-Bill-Would-Ban-Holding-Card-Data-For-More-Than-48-Hours

Can software-based POS encryption improve PCI compliance? – http://www.csoonline.com/article/2897594/data-protection/can-software-based-pos-encryption-improve-pci-compliance.html#jump

Hacking has driven the importance of cyber security – http://www.in.techradar.com/news/world-of-tech/Hacking-has-driven-the-importance-of-cyber-security/articleshow/46599920.cms

Retail Breaches: End the Finger Pointing – http://www.bankinfosecurity.com/blogs/retail-breaches-end-finger-pointing-p-1827/op-1

Anthem Hack Now Tops ‘Wall of Shame’ – http://www.databreachtoday.com/anthem-hack-now-tops-wall-shame-a-8025

Judicial Committee Gives FBI The First OK It Needs To Hack Any Computer, Anywhere On The Planet – https://www.techdirt.com/articles/20150317/07440430342/judicial-committee-gives-fbi-first-ok-it-needs-to-hack-any-computer-anywhere-planet.shtml

 

Tools, Tips and How it’s done:

Are you ready for a data breach? – https://www.business-cloud.com/articles/news/are-you-ready-data-breach

Darpa creates dark web search engine – http://www.bbc.co.uk/news/technology-31808104

DLL Hijacking can affect OS X – http://securityaffairs.co/wordpress/35028/hacking/dll-hijacking-can-affect-os-x.html

Online guide helps employers battle social engineering scams – http://www.chubb.com/businesses/csi/chubb19105.html

The Spy in the Sandbox — Practical Cache Attacks in Javascript – http://arxiv.org/abs/1502.07373

Deanonymizing Tor users with Raptor attacks – http://www.net-security.org/secworld.php?id=18092&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

Beating cyber criminals with quantum solutions – http://theconversation.com/beating-cyber-criminals-with-quantum-solutions-35921

Understanding WordPress Plugin Vulnerabilities – http://blog.sucuri.net/2015/03/understanding-wordpress-plugin-vulnerabilities.html

The evolution of vendor risk management in financial institutions – http://www.net-security.org/article.php?id=2236&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+HelpNetSecurity+%28Help+Net+Security%29

The Enigma Machine Explained – https://www.youtube.com/watch?v=ASfAPOiq_eQ

Why the 1# Vulnerability for Cyber Attacks Will Be Apathy – http://www.circleid.com/posts/20150317_why_the_1_vulnerability_for_cyber_attacks_will_be_apathy/

 

Miscellaneous Privacy stories:

Apple’s ResearchKit: The Privacy Issues – http://www.databreachtoday.com/apples-researchkit-privacy-issues-a-8018

Private Companies Continue To Amass Millions Of License Plate Photos, Hold Onto The Data Forever – https://www.techdirt.com/articles/20150308/14332230253/private-companies-continue-to-amass-millions-license-plate-photos-hold-onto-data-forever.shtml

 

Safeguarding Children and School E-Safety stories:

Ryedale police warn about dangers of child sexual exploitation and online grooming – http://www.thescarboroughnews.co.uk/news/crime/ryedale-police-warn-about-dangers-of-child-sexual-exploitation-and-online-grooming-1-7161671

Sydney man charged with child grooming – http://www.9news.com.au/national/2015/03/18/16/01/sydney-man-charged-with-child-grooming

Cyber bullying long-term impacts include self-harm, depression and binge drinking, research finds – http://www.abc.net.au/news/2015-03-18/research-finds-cyber-bulluing-leads-to-depression-drinking/6329548

Forty per cent of Scottish pupils bullied – http://www.heraldscotland.com/news/education/forty-per-cent-of-scottish-pupils-bullied.120891190

Cyber bullies and virtual victims – http://www.watchfox29.com/content/newsexpress/story/Cyber-bullies-and-virtual-victims/BetSKcEun0Kb6GM8kLn6eg.cspx

Twitter makes it easier to report threatening tweets to police – http://venturebeat.com/2015/03/17/twitter-makes-it-easier-to-report-threatening-tweets-to-police/

Report reveals rise in cyber-bullying in Suffolk, and children aged 10 ‘sexting’ – http://www.eadt.co.uk/news/report_reveals_rise_in_cyber_bullying_in_suffolk_and_children_aged_10_sexting_1_3996676

If you would like this report sent to your inbox, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/