Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Information Security News - SANS Internet Storm Center Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

1 day ago 25 Symantec products open to "wormable" attack by unopened e-mail or links

ArsTechnica View Synopsis+1
If you use a Symantec or Norton product, now would be a good time to update.

1 day ago US Senator Wyden: Why I had to halt FBI's latest internet spying demands

The Register View Synopsis+1
He tells El Reg he'll never surrender on privacy

US Senator Ron Wyden (D-OR) has placed a hold on the 2017 Intelligence Authorization Bill - because it would allow the FBI to snoop on people's browser histories without a court order, and weakens oversight of the intelligence community.

1 day ago Scientists Reveal The World's Ultimate Spy Camera

Forbes View Synopsis+1
Smartphone cameras are so small you can carry them anywhere, but what if you want a really small camera? Small enough, perhaps, to be injected into the human body with a syringe... Timo Gissibl, Simon Thiele, Alois Herkommer and Harald Giessen, researchers at the University of Stuttgart, have recently done just [...]

1 day ago High-severity bugs in 25 Symantec/Norton products imperil millions

ArsTechnica View Synopsis+1
If you use a Symantec or Norton product, now would be a good time to update.

17 hours ago Second Symantec Anti-Virus Bugfest Found by Researcher

InfoRiskToday View Synopsis+1
Google's Tavis Ormandy Finds More Flaws Exploitable via a Single EmailGoogle Project Zero researcher Tavis Ormandy has once again found major vulnerabilities in Symantec's security products. Symantec has released updates, but not all will install automatically - some vulnerable products must be manually updated.

Top News

3 hours ago 3 Unexpected Benefits of an Enterprise Resource Planning System

IT Toolbox Blogs View Synopsis+1

An enterprise resource planning system, or ERP, helps businesses link information and processes from multiple departments into a single system. This integration of corporate divisions has several obvious advantages, including improved communication between business departments and increased connections within related information sets - all resulting in a more efficient business. In addition, enterprise

3 hours ago Babe, why are there filthy smut apps on your phone?! ... Er, hackers gave me a Hummer!

The Register View Synopsis+1
Chinese malware infection hits 1.4 million gizmos at its peak

Security researchers are warning about the continuing spread of Hummer, a powerful trojan that roots handsets, downloads pornographic applications, and displays pop-up ads at random intervals.

14 hours ago The single best way to protect yourself against credit card fraud

ZDNet View Synopsis+1
Don't delegate your financial affairs. This simple technique will keep your financial house in order -- and it takes less than an hour a week.

4 hours ago "Dev-Sec.io Automated Hardening Framework"

Appsec Streetfighter Blog View Synopsis+1
  Editors Note: Today's post is from Jim Bird. Jim is the co-founder and CTO of a major U.S.-based institutional trading service, where he is responsible for managing the company's technology organization and information security program. Automated configuration management tools like Ansible, Chef and Puppet are changing the way that organizations provision and manage their … Continue reading Dev-Sec.io Automated Hardening Framework

22 hours ago The Great Analyst Debate Over Consumer IAM

SecurityWeek View Synopsis+1

Analysts typically are pretty close in their opinions. They're analyzing the same markets and pool of vendor solutions, so it stands to reason that they wouldn't depart much from each other. So it can be entertaining when they disagree, except that as a practitioner, eventually you will have to make a decision on which one is right.

13 hours ago China appoints new internet regulator

Yahoo Security View Synopsis+1

China on Wednesday appointed a new head of its powerful internet regulator, a man who has publicly vowed to maintain the ruling Communist Party's tight grip over cyberspace. In a brief report, the official Xinhua news agency said Lu Wei will no longer head the Cyberspace Administration of China, naming one of his deputies, Xu Lin, as his replacement. Xu, 53, was in charge of propaganda in China's commercial capital Shanghai from 2013-15 before being moved to Beijing to become a deputy to Lu, according to his biography.

8 hours ago Google My Activity site reveals all the data that's been collected about your online habits

TechRepublic View Synopsis+1
Google recently launched a new page called My Activity that shows you a history of your online activities and interactions with its products.

1 day ago Cerber Ransomware Targets Office365 Users (June 27 and 28, 2016)

SANS Newsbites View Synopsis+1

More than half of cloud security firm Avanan's customers using Office365 received phishing emails that were designed to infect computers with ransomware.......

1 day ago SANS 2016 State of ICS Security Survey

SANS Reading Room View Synopsis+1
Analysis of survey data collected between January and April 2016 indicates that security for ICSes has not improved in many areas and that many problems identified as high-priority concerns in our past surveys remain as prevalent as ever. In this report we focus on identifying and prioritizing recommendations to address the greatest concerns.

Latest News

10 hours ago Ransomware slams corporate Office 365 users with macro storm

The Register View Synopsis+1
Spam flood tried to drop malicious macros in inboxes

It's 2016, and Microsoft Office macros are still a viable infection vector: security outfit Avanan says it's spotted a week-long, large-scale malware attack against Office 365 users.

11 hours ago Biometrics for Children: Don't Share

InfoRiskToday View Synopsis+1
'Child ID Kits' Carry Identity Theft Risks, Experts WarnWarning to parents and guardians: Beware of collecting, storing or sharing your child's biometric information - including fingerprints and DNA - even if you're creating a so-called "Child ID Kit," because the data is a natural target for identity thieves.

8 minutes ago The National Electric Code (NEC)

IT Toolbox Blogs View Synopsis+1
In most cases, installing Poly Vinyl Chloride (or PVC) cable inside conduit greatly exceeds the cost of installing plenum-rated (Teflon or TFE) cable without conduit.

8 minutes ago 9 Tips for Combining CRM and BI for a Smarter Customer Strategy

IT Toolbox Blogs View Synopsis+1
Combining customer relationship management (CRM) and business intelligence (BI) can be tricky but the end result is a much smarter business.

3 hours ago How to Make the Most out of Your ERP Solutions

IT Toolbox Blogs View Synopsis+1

Enterprise resource planning is an ever-growing business software that allows companies to manage and organize their functions in various ways. While some businesses may not deem it a necessary component, those who do can find it to be one of the most beneficial decisions they make, if applied properly. Over the past 20 years, development of ERP software has amplified drastically due to the software's

5 hours ago While you filled your face at Noodles and Co, malware was slurping your bank cards

The Register View Synopsis+1
Run for the tills! Software nasty infected registers, admits US chain

American fast-food chain Noodles and Company says malware got into its sales registers, allowing it to slurp customers' payment card numbers.

5 hours ago Don't fall for this Android malware that pretends to be Uber, Facebook, or WhatsApp

Yahoo Security View Synopsis+1
Security researchers from FireEye recently uncovered a new piece of Android malware that can mimic the look and feel of app interfaces from the likes of Uber, WhatsApp and Google Play. The malware reportedly struck first in  Denmark and is now making its way through a handful of other European countries, including Italy, Germany and Austria. According to researchers, the malware is spread via a basic yet cleverly deceptive SMS phishing scheme. When a user receives and subsequently clicks on an ostensibly legit link, the malware is downloaded and begins to monitor which apps are active and which apps are running in the background. What happens next is extremely clever: when a user attempts to use an app that the "malware is programmed to target", the software overlays a fake user interface with "nearly identical credential input UIs as seen in benign apps." In turn, the malware than asks unassuming users to enter in sensitive information such as their banking credentials or credit card information. DON'T MISS:  The iPhone 7 nightmare All the while, victims of this attack believe that the UI screen in front of them is 100% authentic because it only sprung into existence once they decided to launch whatever app they happen to be using. All told, the malware is designed to mimic 8 separate apps, including WhatsApp, WeChat, Uber, Facebook, Viber, the Google Play store and more. Notably, the authors of this particular are seemingly becoming more sophisticated and ambitious now that they're targeting a larger array of popular apps. FireEye notes: For example, later campaigns usually targeted more benign apps than earlier campaigns, focusing on messaging apps, for example, as opposed to banking apps. Also, the malicious apps used in later campaigns are often harder to analyze because obfuscation techniques were adopted to evade detection. In addition, some new functionality was added; in particular, we noticed that more recent samples leveraged reflection to bypass the SMS writing restriction enforced by the App Ops service (introduced in Android 4.3). All of this suggests that threat actors are actively improving their code.   Additionally, the malware authors have begun sending out more enticing and seemingly benign links via SMS, with one message stating, "We could not deliver your order. Please check your shipping information here." In one particular malware campaign targeting users in Denmark, one SMS link managed to generate more than 130,000 clicks. More information on this particular strain of malware can be viewed via the source link below.

6 hours ago Tennis-Not my usual Wednesday, says unlikely lad Willis

Yahoo Security View Synopsis+1
By Martyn Herman LONDON, June 29 (Reuters) - With a huge dollop of understatement and a wry smile, rank outsider Marcus Willis described the day he faced the greatest player of all time on Wimbledon's Centre Court as "not my standard Wednesday". "It's not playing Roger Federer on Centre Court," added the 25-year-old. Then to earn a crack at seven-times Wimbledon champion Federer, he had to bridge a yawning rankings gap of more than 700 to oust Lithuania's Ricardas Berankis in the first round.

6 hours ago Alleged Brit hacker Lauri Love bailed amid US extradition battle lull

The Register View Synopsis+1
Final arguments to be heard next month over fate of bloke who 'broke into' FBI boxes

Alleged Brit hacker Lauri Love, who is accused of compromising US government servers and faces extradition to America, has been bailed by a UK court.

9 hours ago Hackers Use Basic Tools After Breaching Your Network

SecurityWeek View Synopsis+1

Standard Tools Leveraged in 99% of Post-Intrusion Activities: Report

11 hours ago Second Symantec Anti-Virus Bugfest Found

InfoRiskToday View Synopsis+1
Google's Tavis Ormandy Finds More Flaws Exploitable via a Single EmailGoogle Project Zero researcher Tavis Ormandy has once again found major vulnerabilities in Symantec's security products. Symantec has released updates, but not all will install automatically - some vulnerable products must be manually updated.

11 hours ago A massive financial crime and terrorism database has leaked

ZDNet View Synopsis+1
The list contains 2.2 million names of high risk individuals and organizations -- including those thought to be involved in financial crime and terrorism.

11 hours ago If You Are Using Security Software From Symantec Or Norton You Should Upgrade Immediately

Forbes View Synopsis+1
All Symantec and Norton anti-virus software has security flaws that can be exploited with results that can be devastating. If you are using these products you should make sure your software is updated immediately.

11 hours ago Secrets To Successful Crowdfunding Over Blockchain Revealed By Danish Crypto Exchange

Forbes View Synopsis+1
It has been a brutal past week, politically and economically. The UK's decision to exit the European Union (EU) at their referendum prompted global shockwaves. Stock markets have been volatile, Sterling crashed against the US dollar and euro, while gold and cryptocurrencies like Bitcoin were beneficiaries. So, alternatives do need [...]

11 hours ago Google just shamed the antivirus software you probably use, so update immediately

Yahoo Security View Synopsis+1
Whether you're looking to protect your PC or an entire fleet of computers, chances are you've either considered or have ended up purchasing products from Symantec. The company sells consumer software under the Norton brand, in addition to Symantec Endpoint Protection that targets enterprises. The bad news is that both products were just shamed by  Google's Project Zero security team , which found critical errors that leave users at risk. In fact, Google's security hacker Tavis Ormandy discovered numerous vulnerabilities in 25 different Norton and Symantec products, and he said they are "as bad as it gets." MUST READ:  The iPhone 7 nightmare "These vulnerabilities are as bad as it gets," Ormandy  wrote . "They don't require any user interaction, they affect the default configuration, and the software runs at the highest privilege levels possible. In certain cases on Windows, vulnerable code is even loaded into the kernel, resulting in remote kernel memory corruption." Rather than protecting users from malicious programs, the anti-virus programs could end up helping hackers by making it even easier to target these machines - essentially, a hacker could simply have to attack the software intended to protect a computer, rather than the computer itself. "Just emailing a file to a victim or sending them a link to an exploit is enough to trigger it -  the victim does not need to open the file or interact with it in any way," Google's researcher said. Google's team looks for zero-day security holes in various products and found issues in antivirus products from Trend Micro in the past. The researchers give companies 90 days plus a two-week grace period to fix issues, after which point they're revealed to the public. The good news is that Symantec has taken swift action  and all the issues were fixed in an update that was already sent to customers by the time Ormandy published his findings. Even so, while antivirus software on some systems is updated automatically, not all computers are set up that way. Admins might have to perform the updates themselves. It's still disconcerting to find out that one of the top antivirus makers out there had so many bugs in software meant to protect users from malicious hackers. More details about the software issues found in Symantec and Norton products are available at the source links - and make sure you update all your Symantec products immediately.

11 hours ago The Netflix VPN Ban Can Be Bypassed -- Here's How It Can Be Done Responsibly

Forbes View Synopsis+1
Netflix is winning the war in blocking users' from accessing content from different geographies. But an open source peer-to-peer tool could offer people hope.

11 hours ago Overwhelming Majority of Android Devices Don't Have Latest Security Patches

SecurityWeek View Synopsis+1

Only 17% of Android Devices Have Latest Security Patches