Call us on 03450 21 21 51

SRM Solutions
The SRM Blog

Information Security Breach Report – 28 May 2015

Written by SRM

28th May 2015

Share this article

A round up of the most recent reports of information security breaches, infosec and privacy stories from around the world.

 

Breaches, Incidents and Alerts:

Banks’ Cyber Risks Compounded by ‘Commjacking’ of Wi-Fi Networks – http://www.americanbanker.com/news/bank-technology/banks-cyber-risks-compounded-by-commjacking-of-wi-fi-networks-1074518-1.html

Hospital Data Breach Affects Thousands of Patients – https://www.send2press.com/newswire/hospital-data-breach-affects-thousands-of-patients-2015-0526-02.shtml

There’s a Moose loose aboot this hoose: Linux worm hijacks Twitter feeds for spam slinging – http://www.theregister.co.uk/2015/05/26/routerbashing_worm_yanks_tens_of_thousands_of_twitter_accounts/

Researchers Exploit Patched Windows Group Policy Bug – https://threatpost.com/researchers-exploit-patched-windows-group-policy-bug/113000

POS Malware Nitlove Seen Spreading Through Spam Campaign – https://threatpost.com/pos-malware-nitlove-seen-spreading-through-spam-campaign/113009

Anon Coders take control of Kentucky GOP’s site; says expect more – http://www.databreaches.net/anon-coders-take-control-of-kentucky-gops-site-says-expect-more/

Florida releases personal data on 13,000 people, issues ‘fraud’ alert – http://www.miamiherald.com/news/politics-government/state-politics/article22395198.html

Thousands of UK Government PCs Exposed – http://www.infosecurity-magazine.com/news/thousands-uk-government-pcs-exposed/

Update on Sterne Agee Group laptop breach – http://www.databreaches.net/update-on-sterne-agee-group-laptop-breach/

Synology Fixes XSS, Command Injection Vulnerabilities in NAS Software – http://www.securityweek.com/synology-fixes-xss-command-injection-vulnerabilities-nas-software?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Attackers Use Exploit Kit to Hijack Routers: Researcher – http://www.securityweek.com/attackers-use-exploit-kit-hijack-routers-researcher

Recent Breaches a Boon to Extortionists – http://krebsonsecurity.com/2015/05/recent-breaches-a-boon-to-extortionists/

Beacon Health System notifies patients after phishing attack – http://www.databreaches.net/beacon-health-system-notifies-patients-after-phishing-attack/

Scam alert: New Facebook scam wants to steal your login and your money – http://bgr.com/2015/05/26/facebook-recovery-message-scam-phishing-warning/

Large-scale attack uses browsers to hijack routers – http://www.computerworld.com/article/2925580/cybercrime-hacking/large-scale-attack-uses-browsers-to-hijack-routers.html#tk.rss_security0

Cybercriminals Use SVG Files to Distribute Ransomware – http://www.securityweek.com/cybercriminals-use-svg-files-distribute-ransomware?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Emerson Patches SQL Injection Vulnerability in ICS Product – http://www.securityweek.com/emerson-patches-sql-injection-vulnerability-ics-product?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

MTN SOUTH AFRICA SHUTS DOWN EBILLING PORTAL OVER SECURITY BREACH – http://techcabal.com/2015/05/26/mtn-south-africa-shuts-down-ebilling-portal-over-security-breach/

Password reset sites expose crackable PeopleSoft creds – http://www.theregister.co.uk/2015/05/28/password_reset_sites_expose_crackable_peoplesoft_creds/

Unauthorized Access Vulnerability Fixed in Symfony – http://www.securityweek.com/unauthorized-access-vulnerability-fixed-symfony

LogJam flaw leaves 1,006 cloud applications vulnerable to attack – http://www.cloudpro.co.uk/cloud-essentials/cloud-security/5109/logjam-flaw-leaves-1006-cloud-applications-vulnerable-to-attack

 

Miscellaneous Infosec stories:

Hacker’s List leaks its secrets, revealing true identities of those wanting to hack – http://www.hotforsecurity.com/blog/hackers-list-leaks-its-secrets-revealing-true-identities-of-those-wanting-to-hack-11847.html

INFOGRAPHIC: 8 Vulnerable Software Apps Exposing Your Computer to Cyber Attacks – http://www.adweek.com/socialtimes/infographic-8-vulnerable-software-apps-exposing-your-computer-to-cyber-attacks/620757

One More Reason for Companies to Report Data Breaches – http://justsecurity.org/23227/reason-companies-report-data-breaches/

Five Takeaways from the First Cyber Insurance Case – http://www.jdsupra.com/legalnews/five-takeaways-from-the-first-cyber-88215/

Number of identity theft victims ‘rises by a third’ – http://www.bbc.co.uk/news/uk-32890979

CISOs turn to security awareness solutions to change poor employee behaviors – http://www.csoonline.com/article/2926173/security-awareness/cisos-turn-to-security-awareness-solutions-to-change-poor-employee-behaviors.html

2014 marked by rise in spear-phishing, social engineering – Federal Times – http://www.hackbusters.com/news/stories/328746-2014-marked-by-rise-in-spear-phishing-social-engineering-federal-times

Why insider threats are succeeding – http://techspective.net/2015/05/26/why-insider-threats-are-succeeding/

How your old cell phone can leak your company’s confidential info – http://cio.economictimes.indiatimes.com/news/consumer-tech/how-your-old-cell-phone-can-leak-your-companys-confidential-info/47438372

WordPress malware: Don’t let too-good-to-be-true deals infest your site – http://www.zdnet.com/article/dont-let-too-good-to-be-true-deals-infest-your-site-with-malware/#ftag=RSSbaffb68

PCI Council Launches Group to Help Improve SME Compliance – http://www.infosecurity-magazine.com/news/pci-council-group-improve-sme/

Why The World’s Top Security Pros Are Furious About Exploit Export Rules – http://www.forbes.com/sites/thomasbrewster/2015/05/26/security-pro-fury-on-exploit-export-rules/

Who and why is attacking companies in the Nordic Countries? – http://securityaffairs.co/wordpress/37140/cyber-crime/apt-against-nordic-countries.html

Expert issues cyber-attack warning – http://www.financialstandard.com.au/news/view/50139844

Data Centre Consolidation – A Cyber Security perspective – http://dcseurope.info/news_full.php?id=37946

Threat Intelligence Sharing Valued, But Many Not Doing it: Survey – http://www.securityweek.com/threat-intelligence-sharing-valued-many-not-doing-it-survey?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

Bad Bots’ Impact on Mobile Web Traffic Rose in 2014: Research – http://www.securityweek.com/bad-bots-impact-mobile-web-traffic-rose-2014-research?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29

5 hackers who came over from the dark side – http://www.welivesecurity.com/2015/05/25/5-hackers-who-came-over-from-the-dark-side/

Threat Intelligence – http://www.solutionary.com/resource-center/blog/2015/05/threat-intelligence/

The cost of a data breach has jumped 23 percent in two years – http://www.pcworld.com/article/2927618/the-cost-of-a-data-breach-has-jumped-23-percent-in-two-years.html

Cyber-Attacks in 2015 Reveal Unknown Flaws in Flash, Windows – http://www.eweek.com/security/cyber-attacks-in-2015-reveal-unknown-flaws-in-flash-windows.html

Cyber attacks leave businesses wide open to lawsuits – https://www.siliconrepublic.com/enterprise/2015/05/28/cyber-attacks-leave-businesses-wide-open-to-lawsuits

 

Tools, Tips and How it’s done:

Windows Functions in Malware Analysis – Cheat Sheet – Part 1 – http://resources.infosecinstitute.com/windows-functions-in-malware-analysis-cheat-sheet-part-1/

How to monitor XSS attacks and other security threats on your website, in real-time – https://grahamcluley.com/2015/05/monitor-xss-attacks/

A primer on cyber security for online retailers – https://www.internetretailer.com/commentary/2015/05/26/primer-cyber-security-online-retailers

Is your “secret answer” hard to guess? – http://now.avg.com/is-your-secret-answer-hard-to-guess/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+avg-blogs+%28AVG+Blogs%29

The Samaritan and The Smartphone – 7 Tips to Secure and Help Your Cell Phone Get Home – http://www.solutionary.com/resource-center/blog/2015/05/the-samaritan-and-the-smartphone/

Profile Of A Cybercrime Petty Thief – http://www.darkreading.com/analytics/threat-intelligence/profile-of-a-cybercrime-petty-thief/d/d-id/1320559?_mc=RSS_DR_EDT

In Pictures: Seven best practices for cloud security – http://www.cio.com.au/slideshow/575891/pictures-seven-best-practices-cloud-security/

The Internet of Buggy Things – http://www.bankinfosecurity.com/blogs/internet-buggy-things-p-1862

Sniffing and tracking wearable tech and smartphones – http://www.net-security.org/secworld.php?id=18422

Tox, how to create your ransomware in 3 steps – http://securityaffairs.co/wordpress/37180/cyber-crime/tox-ransomware-builder.html

 

Miscellaneous Privacy stories:

Tracking Human Mobility using WiFi signals – http://sunelehmann.com/2015/05/26/tracking-human-mobility-using-wifi-signals/

Subway riders’ smartphones could carry tracking malware – http://techxplore.com/news/2015-05-subway-riders-smartphones-tracking-malware.html

A reminder that your Instagram photos aren’t really yours: Someone else can sell them for $90,000 – http://www.washingtonpost.com/blogs/style-blog/wp/2015/05/25/a-reminder-that-your-instagram-photos-arent-really-yours-someone-else-can-sell-them-for-90000/

Google’s Internet-connected toys patent sparks privacy concerns, visions of IoT Chucky – http://www.computerworld.com/article/2926333/data-privacy/googles-internet-connected-toys-patent-sparks-privacy-concerns-visions-of-iot-chucky.html#tk.rss_security0

iPhone users’ privacy at risk due to leaky Bluetooth technology – http://www.v3.co.uk/v3-uk/news/2409939/iphone-users-privacy-at-risk-due-to-leaky-bluetooth-technology

 

Safeguarding Children and School E-Safety stories:

Cyber bullying: Nip it in the bud – http://www.livemint.com/Leisure/lpQCFqjgETbXachoWRxysO/Cyber-bullying-Nip-it-in-the-bud.html

Google Play revamps its Android apps’ age ratings – http://www.bbc.co.uk/news/technology-32882136

Traditional Schoolyard Bullies Likely to Engage in Cyber-Bullying as Well – http://www.sydneycatholic.org/news/latest_news/2015/2015526_657.shtml

Why hackers want kids’ personal information – http://thehill.com/policy/cybersecurity/242865-why-hackers-want-kids-personal-information

Child sex abuse live streams loophole to be closed – http://www.bbc.co.uk/news/technology-32899033

Influence of Social Media on Teenagers – http://www.huffingtonpost.com/suren-ramasubbu/influence-of-social-media-on-teenagers_b_7427740.html

 

If you would like this report sent to your inbox each morning, email me at jon.fisher@srm-solutions.com

You can see all previous issues of this blog at http://blog.srm-solutions.com/

or www.jonfisherthoughts.co.uk

My Linkedin Profile is uk.linkedin.com/in/jonfisher99/