Threat Level: green Handler on Duty: Manuel Humberto Santander Pelaez

SANS ISC InfoSec News Summary

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

22 hours ago Facebook users targeted by iBanking Android trojan app

NetworkWorld Security View Synopsis+1
Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

22 hours ago How a cyber cop patrols the underworld of e-commerce

NetworkWorld Security View Synopsis+1
Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.

20 hours ago Tails

Schneier blog View Synopsis+1

Nice article on the Tails stateless operating system. I use it. Initially I would boot my regular computer with Tails on a USB stick, but I went out and bought a remaindered computer from Best Buy for $250 and now use that.

20 hours ago Putin tells Snowden: Russia conducts no US-style mass surveillance

The Register View Synopsis+1
Gov't is too broke for that, Russian prez says

Vladimir Putin has said that Russia has no mass telephone and internet surveillance programs to compare with those in the United States.

Top News

17 hours ago Michaels confirms breach of as many as 2.6M cards

Yahoo Security View Synopsis+1
Michaels Stores Inc. says Thursday that about 2.6 million cards used at its namesake stores may have been affected in a security breach but it has received "limited" reports of fraud. The nation's ...

1 day ago Distributed Denial-of-Service Attacks and VoIP

IT Toolbox Blogs View Synopsis+1

Anyone who has worked in IT for a while has undoubtedly heard the term distributed denial-of-service (DDoS). A common method of attack used by both criminal and "hacktivist" organizations, the term made its way into the everyday lexicon during the WikiLeaks controversy, when groups used these types of attacks to bring down credit card and

2 days ago Is RAID Fading Into The Sunset?

Network Computing Security View Synopsis+1
With the arrival of faster networks and SSDs, RAID can no longer keep up. Data protection alternatives such as replication and erasure codes are gaining traction.

2 days ago The 2014 Global Threat Intelligence Report

InfoRiskToday View Synopsis+1

The goal of the NTT Group Global Threat Intelligence Report (GTIR) is to raise awareness for executives and security professionals of how to avoid high-profile information security and data breaches, while understanding the needs for a strategic security program with proven controls that will help organizations balance cost and risk.

Using real-world case studies and findings from over 3 billion analyzed attacks, the 2014 NTT Global Threat Intelligence Report (GTIR) demonstrates strategies to minimize threat impact and compress the threat mitigation timeline. Among key findings of the study:

  • The cost for a "minor" SQL injection attack can exceed $196,000;
  • Anti-virus applications fail to detect 54 percent of new malware;
  • Healthcare has seen a 13 percent increase in botnet activity.

In this session, the report's key architects walk through case studies that bring the findings to life, and they focus on strategies for refining the five critical areas of security: threat avoidance, threat response, threat detection, investigate capabilities and response capabilities.

2 days ago Fingerprint lock in Samsung Galaxy 5 easily defeated by whitehat hackers

ArsTechnica View Synopsis+1
Multiple weaknesses put devices and PayPal accounts within reach of attackers.

2 days ago Researchers find Android security issue in app permissions protocol

SC Magazine View Synopsis+1
The permissions issue could allow a malicious app to alter legitimate home screen icons.

2 days ago Former Homeland Security chief: C-Suite needs to get a grip on cyber risks

ZDNet View Synopsis+1
The former Homeland Security chief outlined two conditions we're going to be dealing with as companies, countries, and individuals: the global scourge of terrorism and the digital "forevermore."

Latest News

3 hours ago Reverse Heartbleed

Schneier blog View Synopsis+1

Heartbleed can affect clients as well as servers.

3 hours ago How Does the Heartbleed Bug Work?

IT Toolbox Blogs View Synopsis+1
With so much conversation revolving around the Heartbleed bug, we turned to PC Mag to get the low down. For those of you that haven?t heard about the bug yet, people can capture portions of server memory, including encryption keys and passwords. The bug itself is supposed to be incredibly simple and many websites have already patched it.

4 hours ago Overreacting to Risk

Schneier blog View Synopsis+1

This is a crazy overreaction:

A 19-year-old man was caught on camera urinating in a reservoir that holds Portland's drinking water Wednesday, according to city officials.

Now the city must drain 38 million gallons of water from Reservoir 5 at Mount Tabor Park in southeast Portland.

I understand the natural human disgust reaction, but do these people actually think that their normal drinking water is any more pure? That a single human is that much worse than all the normal birds and other animals? Or that a few ounces distributed amongst 38 million gallons is negligible.

Another story.

4 hours ago "╦ťHighly sophisticated malware' stole credit card data from 3M Michaels customers

Yahoo Security View Synopsis+1

After LaCie announced earlier this week it was the victim of a massive credit card breach that lasted for a year, crafts store Michaels revealed in a press release that hackers may have stolen credit card data for 3 million of its customers, including buyers that shopped at its Aaron Brothers subsidiary. The company has hired two independent security firms to conduct an extensive investigation, which revealed that payment systems in Michaels and Aaron Brothers stores were attacked by "highly sophisticated malware" that had not been seen before by either firm. While the malware has been neutralized at this time, the company determined that the hack was quite extensive, allowing hackers to steal certain payment information including card number and

4 hours ago Federal CIOs Moving Cybersecurity Beyond Compliance

NetworkWorld Security View Synopsis+1
The evolving nature of cyberattacks demands a more dynamic response, according to government CIOs making an effort to implement real-time, continuous monitoring and reporting for security issues.

4 hours ago Netcraft tool flags websites affected by Heartbleed

NetworkWorld Security View Synopsis+1
Worried about how the Heartbleed vulnerability may affect your personal accounts? A new tool may be of help.

4 hours ago Will the march of science halt in Crimea?

IT Toolbox Blogs View Synopsis+1
Will the march of science halt in Crimea?

14 hours ago Netcraft adds Heartbleed sniffing to site-scanning browser tool

The Register View Synopsis+1
Checks if sites were vulnerable and what they've done about it

Internet stats clearinghouse Netcraft has released a new tool aimed at letting consumers know when the sites they visit might have been compromised by the Heartbleed encryption bug.

14 hours ago Arts and crafts store Michaels says 3 million credit cards exposed in breach

The Register View Synopsis+1
Meanwhile, Target investigators prepare for long process in nabbing hackers

As the officials investigating the Target data breach are settling in for what they believe will be a long and complex process of catching the hackers behind the heist, another US retailer is admitting that it lost millions of customer payment card details.