Threat Level: green Handler on Duty: Brad Duncan

SANS ISC Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

21 hours ago Why Excel often still wins as the King of reporting tools

IT Toolbox Blogs View Synopsis+1
Working with data sets for analysis is not necessarily an easy task. Part of the challenge is knowing where to go for the data and the second aspect is having a perfect or clear idea of what it is that you hope to gain from analyzing your data.

13 hours ago The hidden danger of working in technology.

IT Toolbox Blogs View Synopsis+1

It happened one and a half weeks ago. I discovered what felt like a bruise on my leg. Right where a bruise would be if I had inadvertently hit my leg against the bed frame while walking around in the dark. Except I could not remember slamming my leg against the bed. There was no visible bruise either. "Oh well" I thought. "The bruise will probably show up in a day or so."

 

Saturday

1 day ago Microsoft backports data slurp to Windows 7 and 8 via patches

The Register View Synopsis+1
But no creepy Redmond robo-buddy for Windows 10 hold-outs - yet

We recently mused, half seriously, whether the entire point of the Windows 10 upgrade was to harvest your personal information. With Microsoft suffering from a serious case of Google envy, perhaps it felt it had some catching up to do.

12 hours ago Google Patches 29 Vulnerabilities With Release of Chrome 45

SecurityWeek View Synopsis+1

Google on Tuesday announced the availability of Chrome 45 for Windows, Mac, and Linux. The latest version of the web browser patches a total of 29 security issues, ten of which were reported by external researchers.

Top News

1 day ago Microsoft accused of adding spy features to Windows 7, 8

ArsTechnica View Synopsis+1
The privacy impact of Windows' telemetry features continues to be scrutinized.

1 day ago Samsung connected home fridge becomes weapon in MITM attacks

ZDNet View Synopsis+1
It is no longer only PCs and mobile devices which may harbor an attack designed to steal your data -- could your fridge be next?

8 hours ago Father And Son Become Billionaires With Tanium, The World's Hottest Cybersecurity Startup

Forbes View Synopsis+1
Fathers and sons everywhere can learn a lesson from new billionaires David and Orion Hindawi.

10 hours ago "˜Gone Girl' Suspect Confesses to Reporter - As FBI Listens In

WIRED View Synopsis+1

A word of advice to jail inmates who give press interviews: "Off the record" doesn't mean squat to the FBI agents listening in.

The post 'Gone Girl' Suspect Confesses to Reporter - As FBI Listens In appeared first on WIRED.

9 hours ago Report: Malware targeting Android smartphones on the rise

Yahoo Security View Synopsis+1

BERLIN (AP) - Malicious software targeting smartphones with the Android operating system is becoming more common, with some handsets already infected when they're bought.

9 hours ago History of the L0pht

Schneier blog View Synopsis+1

This Washington Post article uses the history of the L0pht to talk about the broader issues of Internet security.

9 hours ago Cyberarmies rising?

SC Magazine View Synopsis+1
When does cyberespionage cross the line into cyberwar? Adam Segal at the Council on Foreign Relations has answers.

8 hours ago OPM Breach Notifications: 21.5 Million Are Still Waiting

InfoRiskToday View Synopsis+1
Government Announces Bulk Buy of ID Theft, Breach Response ServicesThe U.S. Office of Personnel Management promises that it will soon notify 21.5 million individuals that their background-check information was breached. Meanwhile, the government has lined up notification and response services for future needs.

2 hours ago Sun Tzu-as-a-Service: How to protect the hybrid cloud

TechRepublic View Synopsis+1
The hybrid cloud brings unique security challenges to the enterprise. Ancient military strategist Sun Tzu has wisdom that can help businesses learn how to protect themselves.

1 day ago The Sliding Scale of Cyber Security

SANS Reading Room View Synopsis+1
The Sliding Scale of Cyber Security is a model for providing a nuanced discussion to the categories of actions and investments that contribute to cyber security.

1 day ago Secretary of Defense Says US Could Fall Behind Adversaries in Cybersecurity (August 27, 2015)

SANS Newsbites View Synopsis+1

In the wake of revelations that attackers believed to be working on behalf of Russia or China infiltrated a server used by the Pentagon's Joint Chiefs, US military leaders expressed concern that the country could "fall behind" its adversaries in the cybersecurity arena.......

Latest News

9 hours ago Mobile Gambling Apps Expose Enterprise Data: Report

SecurityWeek View Synopsis+1

The number of gambling applications installed on mobile devices used in corporate environments is on the rise, which creates an increasingly favorable environment for data theft and other types of cyberattacks, a recent report from enterprise security company Veracode shows.

10 hours ago Microsoft, Google, Mozilla to Kill RC4 in Browsers

SecurityWeek View Synopsis+1

Microsoft, Google and Mozilla announced on Tuesday their intention to end support for the RC4 stream cipher in their web browsers at the beginning of 2016.

11 hours ago Why Should Businesses Switch to Hosted VoIP Systems?

IT Toolbox Blogs View Synopsis+1

A hosted VoIP system is a telecommunication system which allows you to make phone calls over IP data networks. All conversations in a VoIP system are sent over the network as data packets. This service helps organizations in cutting down costs and enjoying many different features and services from the service provider. Most of the service providers also provide an optional gateway through which

12 minutes ago Negligence And Risk: The Imperfect Balance Of Cyber Security

Forbes View Synopsis+1
Terry Kurzynski is the founder and Senior Partner of HALOCK Security Labs. With a background in security, networking, application development, audit, project management and consulting, Terry has a unique skill set in providing strategic advice to clients. Terry has two related areas of focus; Incident Response Readiness and Risk Management. [...]

42 minutes ago Android ransomware uses XMPP chat to call home, claims it's from NSA

ArsTechnica View Synopsis+1
Improved Simplocker lurks disguised as legitimate Flash or video player app.

42 minutes ago The New Rules of Customer Service: Why You Need Mobile, Social, & Cloud

IT Toolbox Blogs View Synopsis+1

By Bob Vormittag, Jr., project director at VAI

 

It's no secret that ERP implementations have the highest success rates when the software is used to enhance an organization's competitive advantage.

42 minutes ago Big data, risk, and predictive analysis drive use of cloud-based ITSM, says panel

IT Toolbox Blogs View Synopsis+1
Learn how the increased use of big data and analytics when applied to ITSM improves IT assets inventory control and management.

54 minutes ago Android ransomware uses XMPP chat to call home, and claims it's from NSA

ArsTechnica View Synopsis+1
Improved Simplocker lurks disguised as legitimate Flash or video player app.

54 minutes ago Updates to Windows 7 and 8 compile more data

SC Magazine View Synopsis+1
Four new updates to Windows 7 and 8 allow Microsoft to collect a variety of usage information.

1 hour ago Negligence and Risk: The Imperfect Balance of Cyber Security

Forbes View Synopsis+1
Terry Kurzynski is the founder and Senior Partner of HALOCK Security Labs. With a background in security, networking, application development, audit, project management and consulting, Terry has a unique skill set in providing strategic advice to clients.  Terry has two related areas of focus; Incident Response Readiness and Risk Management. [...]

1 hour ago Aged RC4 cipher to be shunned by security conscious browsers

SC Magazine View Synopsis+1
In an apparent coordinated announcement, Google, Mozilla and Microsoft announced that they would stop using the RC4 stream cipher in their respective browsers.

1 hour ago London clinic leaks HIV status of 780 patients in newsletter

SC Magazine View Synopsis+1
A London sexual health clinic accidentally leaked the HIV status, names, and email addresses of 780 patients in a newsletter.

1 hour ago OH DEAR, WHSmith: Sensitive customer data spaffed to world+dog

The Register View Synopsis+1
Magazine form emails EVERYONE on mailing list

Updated British newsagent WHSmith has a major privacy hole on its website, after its magazine subscription service began emailing everyone on the mailing list.

3 hours ago 'Concussion' football movie altered to avoid angering NFL -NY Times

Yahoo Security View Synopsis+1

By Reuters Staff NEW YORK (Reuters) - Sony Pictures Entertainment executives altered the script of its forthcoming movie "Concussion," about football-related brain trauma, to avoid antagonizing the National Football League, the New York Times reported on Wednesday. Citing emails between Sony studio executives that were leaked by hackers last year, the Times said marketing plans for the movie were positioned to focus on the story of a whistle-blower, rather than a condemnation of the sport. Sony said on Wednesday that the New York Times story "contains many misleading references" and that nothing had been "softened" in the film to placate anyone.

3 hours ago Sony says 'Concussion' wasn't softened to placate NFL

Yahoo Security View Synopsis+1

NEW YORK (AP) - Sony Pictures insists that the Will Smith film "Concussion" was not "softened" to placate the NFL.

4 hours ago Iran-Linked Espionage Group Continues Attacks on Middle East

SecurityWeek View Synopsis+1

Despite the fact that its activities have been exposed by security researchers, the Iran-linked threat group dubbed "Rocket Kitten" continues to target individuals and organizations, particularly in the Middle East.

4 hours ago Turkey cites crypto software find in terror charges against TV crew

The Register View Synopsis+1
They use the same programs, so they must be helping the PKK, claims clueless gov

Possession of an encryption program used by jihadists is being cited of evidence against two Vice News journalists and a local fixer / translator arrested in Turkey, who now face terror-related charges.

4 hours ago 9 baby monitors wide open to hacks that expose users' most private moments

ArsTechnica View Synopsis+1
Despite its ubiquity, Internet of Things security still isn't ready for prime time.

4 hours ago New HIPAA Compliance Audit Details Revealed

InfoRiskToday View Synopsis+1
OCR Director Provides an Update, Announces a HIPAA SettlementThe HHS Office for Civil Rights is getting closer to resuming the HIPAA compliance audit program, says OCR Director Jocelyn Samuels. Plus, OCR has completed another major breach-related settlement, and it's firming up plans for several new compliance-related initiatives.

5 hours ago Chinese mobe market suffers pre-pwned Android pandemic

The Register View Synopsis+1
Amazingly, it might not even be the Chinese government causing it

Security researchers have discovered more examples of pre-installed malware on Android smartphones.

5 hours ago 'Concussion' football movie altered to avoid angering NFL: NY Times

Yahoo Security View Synopsis+1
Sony Pictures Entertainment executives altered the script of its forthcoming movie "Concussion," about football-related brain trauma, to avoid antagonizing the National Football League, the New York Times reported on Wednesday. Citing emails between Sony studio executives that were leaked by hackers last year, the Times said marketing plans for the movie were positioned to focus on the story of a whistle-blower, rather than a condemnation of the sport. Sony said on Wednesday that the New York Times story "contains many misleading references" and that nothing had been "softened" in the film to placate anyone.

5 hours ago HIPAA Compliance Audits on the Way

InfoRiskToday View Synopsis+1
OCR Director Provides New Details, Announces a HIPAA SettlementThe HHS Office for Civil Rights is getting closer to resuming the HIPAA compliance audit program, says OCR Director Jocelyn Samuels. Plus, OCR has completed another major breach-related settlement, and it's firming up plans for several new compliance-related initiatives.

5 hours ago Defense Strategies for Advanced Threats

InfoRiskToday View Synopsis+1

Whether the term used is "Advanced Persistent Threat (APT)," "advanced threat" or "state-sponsored threat actor," cyberattacks are increasing in sophistication and the amount of damage they can inflict. These attacks, frequently affiliated with governments or organized crime, have the resources, expertise and time necessary to meet their objectives.

Organizations should expect to be compromised in the future (if they have not already been compromised) because a well-funded, state-sponsored adversary is likely to find a weakness in a targeted environment and obtain access. This is sound advice, and all organizations must develop, implement and test incident response processes to prepare for inevitable security incidents.

If an organization experiences an intrusion, however, it does not necessarily mean that they will experience a substantial loss of sensitive data. A critical time period exists during an attack - the period of time after the attacker has established a presence in the targeted environment, but before the attacker has been able to identify, access and exfiltrate key data. If an intrusion is detected before critical data is exfiltrated, the impact can be minimized. Organizations must develop capabilities not only to prevent successful attacks, but also to detect attacks in progress.

In this webinar, Solutionary will present one approach to develop these capabilities. This approach maps the defensive techniques presented in the SANS 20 Critical Security Controls to the attack phases described in the Cyber Kill Chain. By ensuring that controls exist to detect each step of the kill chain, organizations provide themselves with the best opportunity to detect attacks.

7 hours ago New security flaws found in popular IoT baby monitors

ZDNet View Synopsis+1
Even internet-connected baby monitors aren't immune to hacking, including some flaws that are easy to exploit.

7 hours ago Father And Son Become Billionaires With Tanium, The Hottest Cybersecurity Startup

Forbes View Synopsis+1
Fathers and sons everywhere can learn a lesson from new billionaires David and Orion Hindawi.

9 hours ago The shadiest characters in the world of top-level domains

ZDNet View Synopsis+1
Research shows that a number of top-level domains are almost exclusively used for malicious purposes.

10 hours ago Applock riddled with security holes, researcher claims

ZDNet View Synopsis+1
A researcher claims the app locker not only doesn't encrypt user data -- but hides them where attackers can root them out.