Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec News Summary


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

2 days ago Google makes amends for Android anti-virus app scam turned best-seller

Yahoo Security View Synopsis+1

A fake Android anti-virus application managed to fool many customers into buying it, even though it didn't really have any anti-virus features. The $3.99 quickly rose through the ranks, reaching the top of the Google Play Store sales charts before Android Police discovered the truth behind it. The application was removed from the store once the fraud had been uncovered, but the fact still remained that more than 10,000 users purchased it - The Guardian says more than 30,000 buyers were duped. However it looks like Google has taken the issue into its own hands and it's making amends to those affected. Android Police reports that Google is now refunding those Android devices users that purchased Virus Shield, and throwing on top

1 day ago Merchants, buyers on Dark Web get their own search engine

NetworkWorld Security View Synopsis+1
A search engine for the Dark Web has been launched in beta to provide easier access to marketplaces selling illegal drugs and hacking tools and services.

17 hours ago Why Security Auditors' (GAO) Recommendations Can't Be Implemented (See especially Pescatore note after the story) (April 17, 2014)

SANS Newsbites View Synopsis+1

Gregory Wilshusen, director of information security at the US Government Accountability Office (GAO), says he understands why government agencies do not always implement his recommendations.......

5 days ago Facebook users targeted by iBanking Android trojan app

NetworkWorld Security View Synopsis+1
Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

5 days ago How a cyber cop patrols the underworld of e-commerce

NetworkWorld Security View Synopsis+1
Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.

Top News

12 hours ago ERP In The Cloud

IT Toolbox Blogs View Synopsis+1

As cloud computing continues to grow, more and more companies are moving their ERP systems into the cloud. There are several reasons for this, including cost and convenience. While ERP in the cloud represents only a small portion of ERP installations, that number is growing.

 

Cloud computing achieves economies of scale by sharing resources among ERP implementations. With a

12 hours ago AOL Mail locks down email servers to deal with spam tsunami

The Register View Synopsis+1
Security problems like it's 1995

If you've been getting a lot of spam from AOL emails recently it's not because you've fallen into a time rift and it's the nineties all over again - the company has confirmed that it has been under an intensive spoofing attack.

23 hours ago Dan Geer on Heartbleed and Software Monocultures

Schneier blog View Synopsis+1

Good essay:

To repeat, Heartbleed is a common mode failure. We would not know about it were it not open source (Good). That it is open source has been shown to be no talisman against error (Sad). Because errors are statistical while exploitation is not, either errors must be stamped out (which can only result in dampening the rate of innovation and rewarding corporate bigness) or that which is relied upon must be field upgradable (Real Politik). If the device is field upgradable, then it pays to regularly exercise that upgradability both to keep in fighting trim and to make the opponent suffer from the rapidity with which you change his target.

The whole thing is worth reading.

Latest News

7 minutes ago Apple splats 'new' SSL snooping bug in iOS, OS X - but it's no Heartbleed

The Register View Synopsis+1
Triple-handshake flaw stalks Macs and iThings

Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs.

2 hours ago Sat comms kit riddled with backdoors for hackers - researcher

The Register View Synopsis+1
Right, shipmate, identify yourself. LOL? What's your meaning?

Security researchers claim to have uncovered myriad security problems with satellite communication systems. But while major manufacturer Iridium said the security weaknesses identified by security researchers at IOActive were in hand, Thuraya, another satellite comms service, has criticised the report as inaccurate.

11 hours ago The Intangible Benefits of ERP

IT Toolbox Blogs View Synopsis+1

Not all the benefits of ERP can be reduced to dollars and cents. Some of the most important benefits of an ERP implementation can't be measured in money, but they are important considerations nonetheless.

 

Intangibles present a special problem in building the business case for ERP. While they are real and improve the organization they don't show up in a cost-value analysis.

13 hours ago Getting Ready for ERP

IT Toolbox Blogs View Synopsis+1

Implementing Enterprise Resource Planning is a major undertaking. It requires a large commitment of resources over a long period to be successful. Before starting an ERP project you need to make sure your company is ready.

 

Do You Understand The Benefits Of ERP?

ERP requires a lot from the adopting company, but it promises a lot as well. It's important

15 hours ago Everything We Know (So Far) About iPhone 6

Yahoo Security View Synopsis+1

Under Tim Cook, Apple's innovation and launch process has taken a somewhat vanilla turn, but with the highly anticipated iPhone 6 in the works, there is hope for the tech giant to reclaim their mobile throne. The Wire poured through the rumors, leaks, and conjectures to put together this comprehensive list of what the tech world is expecting from Apple's next round of mobile devices. Keep in mind, none of these details have been confirmed by Apple, but they are best educated guesses from Apple watchers who a have pretty a good track record about these things. The names being tossed around are: iPhone Air, iPhone phablet, iPhone 6

15 hours ago Video: Meet Kelso's Quest, one of the hottest-looking iOS games we've seen this year

Yahoo Security View Synopsis+1

Kelso's Quest is the latest creation from Avocoder, the mobile app developer behind Toasty Boy, a Flappy Bird parody that managed to crack the top 100 free games chart on the App Store last month. Unlike Toasty Boy, Kelso's Quest is a completely original title, mixing in elements of the puzzle and adventure genres as the eponymous Kelso journeys through treacherous environments in search of his kidnapped son. At the end of each set of levels, Kelso will face off against a boss, learning more about the motivations behind the kidnapping as he takes down a variety of evil beasts. Kelso's Quest is expected to launch on the App Store this week and Google Play in the future. The full trailer follows below.