Threat Level: green Handler on Duty: Tom Webb

SANS ISC: Information Security News - SANS Internet Storm Center Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

18 hours ago Attacker Uses Virtual Machine to Hide Malicious Activity

SecurityWeek View Synopsis+1

Cybercriminals have discovered a new method of hiding their nefarious activity on compromised machines, by using virtual machines (VMs), SecureWorks researchers warn.

1 day ago Two Model S cars were stolen despite Tesla's advanced tech

Yahoo Security View Synopsis+1
You'd have thought that nobody can steal your Tesla thanks to its advanced tracking system. Thieves foolish enough to try to get away with it could be easily caught with the help of the on-board GPS. However, that's not really the case. Tesla cars are incredibly valuable, which means thieves will do whatever it takes to grab one and leave no traces behind. In fact, at least two such thefts have already been reported in Europe. DON'T MISS: This is our first look at one of the two brand new PS4 consoles launching next month Two Tesla owners in Germany discovered that their Tesla Model S cars were stolen, Electrek reports . One of them is a brand new Tesla Model S P90D that was picked up on August 2nd, and another model disappeared on June 11th. Neither car has turned up yet, and it's not clear how it happened or whether their owners will ever get them back. It's believed that hackers were able to breach the owners' Tesla accounts and then use iPhone or Android apps to access and drive the cars away. One of the drivers said he still has the keys to the car. They also had to jam the GPS signal on the cars, although it's not clear how they did it. Last year, a Model S was briefly stolen in Vancouver, but the owner was able to direct the police to the location of the car by using tracking data from his account. It would certainly be interesting to hear how the thieves plan to use these stolen Teslas. Simply painting the cars over and changing their plates won't suffice. To take advantage of Tesla's features, you also have to use the car's software. And we all know Tesla keeps track of what happens with each car, so it might be able to find these stolen vehicles if they ever reconnect to the system. Tesla has yet to comment on the matter, but it's likely that the company is looking at ways to retrieve the stolen cars, and prevent similar thefts in the future.

21 hours ago Juniper Confirms Leaked Implants Target Its Products

SecurityWeek View Synopsis+1

Juniper Networks has analyzed the implants leaked by Shadow Brokers and while it has confirmed that some of them target its products, the company has not found any evidence that they exploit a vulnerability.

1 day ago Australia Post says use blockchain for voting. Expert: you're kidding

The Register View Synopsis+1
Centralise the decentralised. Magic happens, then profit

A prominent privacy consultant has criticised Australia Post's intervention in the Australian State of Victoria's inquiry into electronic voting.

1 day ago Is 'Pokémon GO' Keeping Tabs on Your Children?

Forbes View Synopsis+1
Just as the characters in the game pop up in unexpected places, so have "real world" issues.

Top News

6 hours ago Federal government claims DCNS data leak has 'no bearing' on Australia

ZDNet View Synopsis+1
Australia has not been affected by leaked documents revealing details around the combat capability of submarines that French company DCNS built for the Indian Navy, the government has said.

6 hours ago Hacked hookup site Ashley Madison's security was laughable

The Register View Synopsis+1
Canadian and Australian privacy watchdogs bite, hard

Ruby Corp, the rebranded parent company of illicit-affair-arranging outfit Ashley Madison, has had to enter into court-enforceable orders with privacy authorities in Canada and Australia, following the findings of a joint investigation in the two countries.

5 hours ago New York Times says suspected Russian hackers targeted Moscow bureau

Yahoo Security View Synopsis+1

The New York Times said on Tuesday its Moscow bureau was targeted by a cyber attack this month but that there was no evidence the hackers, believed to be Russian, were successful. "We are constantly monitoring our systems with the latest available intelligence and tools," Times spokeswoman Eileen Murphy told the newspaper. "We have seen no evidence that any of our internal systems, including our systems in the Moscow bureau, have been breached or compromised." Earlier on Tuesday, CNN, citing unnamed U.S. officials, reported that the Federal Bureau of Investigation and other U.S. security agencies were investigating cyber breaches targeting reporters at the Times and other U.S. news organizations that were thought to have been carried out by hackers working for Russian intelligence.

4 hours ago How Cell Phones Can Map The CIA: Is Location Secrecy Dead?

Forbes View Synopsis+1
In this mobile-drenched world the locations of the government's intelligence workforce can be mapped in realtime and the nation's most sensitive and classified facilities cataloged by private companies

4 hours ago Hunting with Prevention

SANS Reading Room View Synopsis+1
Traditional endpoint protection such as antivirus, while effective in some cases, is no match for the ever-changing techniques that attackers use to get past defenses, according to multiple SANS surveys.

17 hours ago Ransomware Gets Pokémon Go Treatment

InfoRiskToday View Synopsis+1
Crypto-Locking Ransomware Victims: Gotta Catch 'Em AllNew DetoxCrypto ransomware encrypts dozens of different file types with AES-256, adds a backdoor and admin-level account to Windows, then locks systems and demands a ransom, often using Pokémon-themed graphics and music.

15 hours ago Report: 82% of hospitals fear they aren't prepared for mobile cyberattacks

TechRepublic View Synopsis+1
As more hospitals deploy mobile devices for clinical communications, staff and IT leaders worry that cybercriminals will hack them and steal medical records.

11 hours ago NSA-linked Cisco exploit poses bigger threat than previously thought

ArsTechnica View Synopsis+1
With only a small amount of work, ExtraBacon will commandeer new versions of ASA.

9 hours ago NASA CIO Lets Network Cybersecurity Authorization Expire (August 22, 2016)

SANS Newsbites View Synopsis+1

NASA's CIO has allowed cybersecurity authorization for one of the agency's main networks to expire.......

Latest News

11 hours ago Ashley Madison parent broke Canada, Australia privacy laws

Yahoo Security View Synopsis+1

The parent company of infidelity dating website Ashley Madison was responsible for numerous violations of privacy laws at the time of a massive release of customer data in a cyber attack last year, privacy watchdogs in Canada and Australia said on Tuesday. The two countries launched an investigation after the 2015 breach of Avid Life Media Inc's computer network, when hackers exposed the personal details of millions who signed up for the site with the slogan "Life is short. Have an affair." The probe found the Toronto-based company had inadequate safeguards in place, including poor password management and a fabricated security trustmark on the website's home page.

53 minutes ago Source of submarine document leak 'from overseas': Indian defense ministry

Yahoo Security View Synopsis+1
India's defense ministry said on Wednesday that the source of secret documents detailing the capabilities of the French-designed Scorpene submarine being built for the Indian navy appeared to be "from overseas and not from India". Defence Minister Manohar Parrikar said earlier the security breach appeared to have been the work of hackers. The leak, first reported in The Australian newspaper, contains more than 22,000 pages outlining the secret combat capability of six submarines that DCNS of France has designed for the Indian Navy.

3 hours ago Mind the air-gap: Singapore's web cut-off balances security, inconvenience

Yahoo Security View Synopsis+1

By Jeremy Wagstaff and Aradhana Aravindan SINGAPORE (Reuters) - Singapore is working on how to implement a policy to cut off web access for public servants as a defense against potential cyber attack - a move closely watched by critics who say it marks a retreat for a technologically advanced city-state that has trademarked the term "smart nation". Some security experts say the policy, due to be in place by May, risks damaging productivity among civil servants and those working at more than four dozen statutory boards, and cutting them off from the people they serve. It may only raise slightly the defensive walls against cyber attack, they say.

3 hours ago Pilgrim finds Ashley Madison breached Australian Privacy Act

ZDNet View Synopsis+1
A joint investigation into the Ashley Madison data breach conducted by the Australian Privacy Commissioner and the Privacy Commissioner of Canada has been completed, confirming Ashley Madison breached both countries' privacy acts.

4 hours ago Intel douses Wildfire ransomware as-a-service Euro menace

The Register View Synopsis+1
Group scored $79k a month with infect-o-tronic rent-a-bot

An alliance of cops and anti-malware experts have doused the Wildfire ransomware that plagued users in Belgium and the Netherlands.

4 hours ago Equation Group exploit hits newer Cisco ASA, Juniper Netscreen

The Register View Synopsis+1
NSA cache dump keeps patches pumping

Hungary-based security consultancy SilentSignal has ported a public exploit to newer models of Cisco's Adaptive Security Appliance (ASA).

6 hours ago Boffins design security chip to spot hidden hardware trojans in processors

The Register View Synopsis+1
When fabs go rogue

Scientists at the NYU Tandon School of Engineering have designed a new form of application-specific integrated circuit (ASIC) designed to spot hidden vulnerabilities deep within a processor's design.

8 hours ago France, Germany push for access to encrypted messages after wave of terror attacks

ZDNet View Synopsis+1
But it conflicts with a recent review of EU privacy rules, which concluded that the use of encryption should be encouraged.

8 hours ago The Details Behind HHS Breach Investigation Ramp-Up

InfoRiskToday View Synopsis+1
In this in-depth interview, Iliana Peters of the HHS Office for Civil Rights explains the agency's strategy for ramping up investigations of health data breaches affecting fewer than 500 individuals.

9 hours ago The Details Behind HHS's Breach Investigation Ramp-Up

InfoRiskToday View Synopsis+1
In this in-depth interview, Iliana Peters of the HHS Office for Civil Rights explains the agency's strategy for ramping up investigations of health data breaches affecting fewer than 500 individuals.

9 hours ago Report: Which Android Manufacturers Push Out Updates Most Quickly? (August 19, 2016)

SANS Newsbites View Synopsis+1

According to a report from Apteligent, Motorola pushed out Android fixes more quickly than any other manufacturer except for Google's Nexus devices, which receive the updates the day they are released.......

9 hours ago Some Healthcare Providers Not Encrypting Data in Transit (August 22, 2016)

SANS Newsbites View Synopsis+1

According to a survey from the Healthcare Information Management Systems Society (HIMSS), roughly one-third of hospitals, and more than half of non-acute healthcare providers do not encrypt patient data while in transit.......

9 hours ago Australian Teen Will Not be Jailed for DDoS Attacks (August 21 and 22, 2016)

SANS Newsbites View Synopsis+1

An Australian teenager who pleaded guilty to launching distributed denial-of-service (DDoS) attacks against a bank, a school and the Australian Cybercrime Reporting network, will not go to jail.......

11 hours ago FBI Probing Possible Russian Hack of US Newsrooms: CNN

SecurityWeek View Synopsis+1

Hackers with apparent ties to Russia have conducted a series of cyber attacks on US media outlets including the New York Times, CNN reported Tuesday.