Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC InfoSec News Summary

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

2 days ago Google makes amends for Android anti-virus app scam turned best-seller

Yahoo Security View Synopsis+1

A fake Android anti-virus application managed to fool many customers into buying it, even though it didn't really have any anti-virus features. The $3.99 quickly rose through the ranks, reaching the top of the Google Play Store sales charts before Android Police discovered the truth behind it. The application was removed from the store once the fraud had been uncovered, but the fact still remained that more than 10,000 users purchased it - The Guardian says more than 30,000 buyers were duped. However it looks like Google has taken the issue into its own hands and it's making amends to those affected. Android Police reports that Google is now refunding those Android devices users that purchased Virus Shield, and throwing on top

1 day ago Merchants, buyers on Dark Web get their own search engine

NetworkWorld Security View Synopsis+1
A search engine for the Dark Web has been launched in beta to provide easier access to marketplaces selling illegal drugs and hacking tools and services.

1 day ago Why Security Auditors' (GAO) Recommendations Can't Be Implemented (See especially Pescatore note after the story) (April 17, 2014)

SANS Newsbites View Synopsis+1

Gregory Wilshusen, director of information security at the US Government Accountability Office (GAO), says he understands why government agencies do not always implement his recommendations.......

6 days ago Facebook users targeted by iBanking Android trojan app

NetworkWorld Security View Synopsis+1
Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

6 days ago How a cyber cop patrols the underworld of e-commerce

NetworkWorld Security View Synopsis+1
Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.

Top News

1 day ago ERP In The Cloud

IT Toolbox Blogs View Synopsis+1

As cloud computing continues to grow, more and more companies are moving their ERP systems into the cloud. There are several reasons for this, including cost and convenience. While ERP in the cloud represents only a small portion of ERP installations, that number is growing.


Cloud computing achieves economies of scale by sharing resources among ERP implementations. With a

1 day ago AOL Mail locks down email servers to deal with spam tsunami

The Register View Synopsis+1
Security problems like it's 1995

If you've been getting a lot of spam from AOL emails recently it's not because you've fallen into a time rift and it's the nineties all over again - the company has confirmed that it has been under an intensive spoofing attack.

1 day ago Dan Geer on Heartbleed and Software Monocultures

Schneier blog View Synopsis+1

Good essay:

To repeat, Heartbleed is a common mode failure. We would not know about it were it not open source (Good). That it is open source has been shown to be no talisman against error (Sad). Because errors are statistical while exploitation is not, either errors must be stamped out (which can only result in dampening the rate of innovation and rewarding corporate bigness) or that which is relied upon must be field upgradable (Real Politik). If the device is field upgradable, then it pays to regularly exercise that upgradability both to keep in fighting trim and to make the opponent suffer from the rapidity with which you change his target.

The whole thing is worth reading.

Latest News

12 hours ago Apple splats 'new' SSL snooping bug in iOS, OS X - but it's no Heartbleed

The Register View Synopsis+1
Triple-handshake flaw stalks Macs and iThings

Apple has squashed a significant security bug in its SSL engine for iOS and OS X as part of a slew of patches for iThings and Macs.

14 hours ago Sat comms kit riddled with backdoors for hackers - researcher

The Register View Synopsis+1
Right, shipmate, identify yourself. LOL? What's your meaning?

Security researchers claim to have uncovered myriad security problems with satellite communication systems. But while major manufacturer Iridium said the security weaknesses identified by security researchers at IOActive were in hand, Thuraya, another satellite comms service, has criticised the report as inaccurate.