Cyber Security

Learning from ShellShock

IBM Intelligence report of the Shellshock Bash bug

Research and Intelligence Report- IBM MSS Threat Research Group

IBM has published an intelligence report detailing their experience and insight following the reporting of a long standing vulnerability in the GNU Bash shell (widely used on Linux, Solaris and Mac OS systems).
This sparked the mobilization of attacks known as “shellshock” beginning in late September 2014. This is the IBM Analysis of the Shellshock Bug and how it was used. 

Staples are the latest in a long line of US retailers breached

Staples PoS cyber breach adds impetus to the Chip and Pin driveReports are emerging of another credit card security breach this time concerning the Office supplies firm Staples.

They are the latest in a growing list of familiar retail names to have had their security breached.  The breach came to light following the detection of fraud patterns across the North Eastern United States.
A statement issued by the company has confirmed reports in a statement saying “Staples is in the process of investigating a potential issue involving credit card data and has contacted law enforcement.”

HMG steps up support for Lawyers and Accountants with free online training

Department of Business, Innovation and Skills helps Lawyers and Accountants develop Cyber Risk knowledge Digital Economy Minister Ed Vaizey has announced a new free online training course to help members of the legal and accountancy professions develop the skills they need to protect themselves and their clients from cyber-attacks.
Developed by government and industry, the on-line training will also enable lawyers and accountants to advise their clients on the cyber risks to their business. This will help UK businesses protect themselves from information breaches and other threats that could potentially cost them millions of pounds.

4.5 billion records stolen by cyber criminals

Reports have been confirmed that over four billion records from 500 million addresses have been stolen by by a Russian group.  From buying a set of stolen details on a Dark Web Site the gang was able to install malware on systems using both social media and email exploits. These infected systems were then used to expand the theft as their botnet grew through SQL injection attacks and other vulnerabilities enabling them to steal more data from more websites.