Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Sunday Reading - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Sunday Reading

Time to catch up with that security reading now that your favourite team is second in the league, so lets see what we can do to bring us all up to speed ready for what Monday will bring, so in no particular order:

Data breach, after data breach it would appear as 2014 is turning into the year of the use of "sophisticated techniques" to breach online security.

Securing online applications via a mechanism which is susceptible to a brute force is not a good idea! 

Digging through our mail brings a gem. Nigeria Scams are still coming in, I do love todays which is from:

ACCESS BANK PLC
122 Adenirun Ogunsanya Street,
Off Bode Thomas Road,
Surulere Lagos - Nigeria
24/7 Banking
(24/7 Customer Care HotLine)
 
The colour coding is not mine, but is true to the original e-mail, nice touch! What makes this one truly special is that the e-mail was spoofed (shock!) to appear to come from "ACCESS BANK PLC - info@microsoft.com".
 
Ping over any other weekend news, and I'll add to the list to give ISC readers some additional reading material.

Steve Hall

ISC Handler

www.tarkie.net

Stephen

89 Posts
ISC Handler
Steve, where did you find the Smucker breach information? Google seems to have zero links beyond the site itself. I can't say I've bought a lot of jelly on-line, but it seems curious this doesn't seem to be very visible.

[edit] of course within moments of posting that question, Krebs noted on Twitter that he's notified 25 vendors of pwnage via Cold Fusion exploits...and Smucker site runs....wait for it.....CFM....
Paul

43 Posts Posts
I was keyword searching on Google for words such as sensitive / confidential / information / compromised etc. which are normally in the announcements that the Public Relations people use, with a date range of 7 days. It was half way down the page. I must admit I was looking for the latest on the potential Sears compromise and couldn't remember the name of the company!
Stephen

89 Posts Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!