UK InfoSec Overview for July 2012

Microsoft patch two critical remote execution vulnerabilities in Internet Explorer http://technet.microsoft.com/en-us/security/bulletin/ms12-044

Yahoo investigating exposure of 400,000 passwords

• Hacking Group D33DS are said to be behind the attack.
• Hacking Groups continue to target big business websites, this attack demonstrates even hi-tec companies which have a high focus on IT security can be vulnerable to major data thefts.

Patient Data incorrectly placed on Facebook by Northern Ireland’s Health Trusts.

• Serious lapses in data protection and confidentiality procedures saw highly sensitive information lost, disclosed to the wrong people and even published on the internet.
• In one alarming case a client’s referral details were revealed on Facebook after a staff member dialled the wrong number and left a message on an answering machine. It was among almost 100 serious data breaches reported by the region’s five health trusts in recent years

Anti-Phishing Working Group (APWG) reports for the first quarter of 2012,

• 56,859 unique phishing sites were detected in February, while between 25,000 and 30,000 unique phishing email campaigns are detected each month.
• There has been a number of major data compromised due to phishing attacks, most notable is the RSA data breach of last year.

Hacking Group Anonymous steals 40GB user data from ISP in Australia and brings down 10 Australian government websites

• Despite a number of arrests, Anonymous remains very active

Two researchers demonstrated how they were able to push a malicious information-stealing app onto Google Play, even while Google's Bouncer custom malware scanner was watching

Tesco has come under fire for emailing users passwords in plain text

• Tesco received consider negative publicity for not protecting their user’s passwords adequately and in line with best practices. Passwords must never be Emailed in plain text!