Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Information Security News - SANS Internet Storm Center Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

1 day ago Activist discovers iPhone spyware, sparking security update

Yahoo Security View Synopsis+1

AJMAN, United Arab Emirates (AP) - The suspicious text message that appeared on Ahmed Mansoor's iPhone promised to reveal details about torture in the United Arab Emirates' prisons. All Mansoor had to do was click the link.

1 day ago Apple Fixes Zero-Day Flaws Used to Target Activist

InfoRiskToday View Synopsis+1
Spyware Sold by Israel's NSO Group Linked to Attempted AttackA UAE-based activist targeted by a rare and valuable remote exploit for Apple's mobile software has caused concern over the continued sale of powerful spying tools to governments with poor human rights records.

1 day ago "‹Monitoring SSL traffic now everyone's concern: A10 Networks

ZDNet View Synopsis+1
As the uptake of SSL grows, Tim Blombery, systems engineer at A10 Networks, said threat actors are increasingly leveraging SSL-based encryption to hide malicious activity.

1 day ago Muddying the waters of infosec: Cyber upstart, investors short medical biz - then reveal bugs

The Register View Synopsis+1
Some sharks wear suits and ties

Analysis A team of security researchers tipped off an investment firm about software vulnerabilities in life-preserving medical equipment in order to profit from the fallout.

1 day ago VPN ban to protect copyright discriminatory, will drive users underground

ZDNet View Synopsis+1
As the Singapore government mulls over the role of VPNs in bypassing geo-blocks, any potential ban will unfairly penalise the use of such tools for security and privacy reasons and may drive content users to illegal downloads.

Top News

4 minutes ago How to not get scammed on Amazon

Yahoo Security View Synopsis+1
Amazon is the biggest online retailer in the US, but it's also not without problems. One of the ways Amazon became so big was by opening up its distribution network to third-party retailers, who use Amazon's warehouses and website to sell their own products. Buying from these retailers means you're not buying from Amazon proper, and that means you can be burned. DON'T MISS: How-To Geek  has the story of how one author got scammed by a mini PC with a cracked version of Windows. When you're paying good money for a computer off a giant website, it shouldn't arrive with pirated software. And yet: The particular PC I purchased was sold by " MarsKing ". Sure, that's a Chinese manufacturer I've never heard of, but it's solid Intel hardware inside. It was also marked by Amazon as the "#1 New Release" in this category and had solid 4-to-5-star reviews at the time. It even had a "Prime" logo, which meant that it would be shipped to me from an Amazon warehouse. Looks legit, right? Nope! The PC came with a KMS Loader activation crack installed and was using a KMS key - a common way to activate pirated Windows licenses. Windows Defender found the KMS activation crack and complained about malware as soon as Windows Update ran automatically. After I left a bad review and returned the product to Amazon, MarsKing contacted me through Amazon with an offer: "We would like to sell you a new pc box with legitimate [Windows license] at 50% money off as apologize." I didn't take them up on it. As the author points out, the reason he was burned was because he was buying from a third-party seller. Since Amazon never really verifies or tests products that it sells on behalf of third parties, there's very little quality control in the system. In fairness, Amazon is still better than buying from a scammer on eBay or Craigslist. Amazon's customer service is designed to keep the customers happy, so you can always return products, and I've personally been offered small discount vouchers when my Amazon purchases have gone wrong. But still, you don't want to go through the time and hassle of buying and returning something that's fake. To that end,  How-To Geek  has some good, simple tips to use when buying off Amazon. Avoid products that are sold and shipped by third-party sellers, and instead look for things sold by Amazon.com, or at least shipped by Amazon. Reading reviews is also important, but that's its own minefield. Amazon reviews have become tainted as of late. There's an entire cottage industry dedicated to writing fake Amazon reviews, and many companies have started trading discounted (or free) products in return for favourable reviews. Reviews aren't worthless (yet!), but you should pay attention when reading them to try and avoid reviews that have been incentivized.

23 hours ago WhatsApp Faces Challenging Tension Between Principle And Profit

Forbes View Synopsis+1
The messaging service's remarkable growth was founded on a strict code against advertising. Finally, and inevitably under Facebook, it has started bending those rules.

1 day ago Critical Vulnerabilities Affect Open Source Base Transceiver Stations

SecurityWeek View Synopsis+1

BTS (base transceiver station) products are susceptible to complete takeover because of critical vulnerabilities affecting the underlying software, security firm Zimperium warns.

1 day ago SECURED moves IoT and BYOD security to the network

TechRepublic View Synopsis+1
Researchers figured out a way to move the responsibility of securing millions of BYOD and IoT devices to the network. Get details about the SECURED project.

18 hours ago Red Cross Asks Disaster-Area Residents to Unlock WiFi Networks (August 25, 2016)

SANS Newsbites View Synopsis+1

Rescue workers at the earthquake site in Italy have asked local residents to disable passwords from their wi-fi networks to help rescuers and aid workers communicate.......

18 hours ago Congressman to FCC: Fix phone network flaw that allows eavesdropping

ArsTechnica View Synopsis+1
SS7 weakness, leak of phone numbers could let hackers spy on "half of Congress."

Latest News