Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Information Security News - SANS Internet Storm Center Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

1 day ago AMD security flaw saga, browsers broken, Lamo dead at 37, and more

The Register View Synopsis+1
It's the week in security

Roundup The lingering fallout of security flaws in AMD processor chipsets has dominated the news this week, and it ain't over yet.…

2 days ago Russia Hacks Into U.S. Nuclear Power Plants

Forbes View Synopsis+1
Russia has made hacking America its favorite past-time. But don't worry about our nuclear plants, they are truly operational islands wholly disconnected from the Internet. They can hack some business, personnel and other non-essential files, which may be embarrassing and costly, but not dangerous.

Top News

3 hours ago Hacker Adrian Lamo Dies at Age 37

SecurityWeek View Synopsis+1

Adrian Lamo, the former hacker best known for breaching the systems of The New York Times and turning in Chelsea Manning to authorities, has died at age 37.

His passing was announced on Friday by his father, Mario Lamo, on the Facebook page of the 2600: The Hacker Quarterly magazine.

"With great sadness and a broken heart I have to let know all of Adrian's friends and acquaintances that he is dead. A bright mind and compassionate soul is gone, he was my beloved son…" he wrote.

Lamo had been living in Wichita, Kansas, and he was found dead in an apartment on Wednesday. The cause of death is not known, but representatives of local police said they had found nothing suspicious, The Wichita Eagle reported.

Lamo broke into the systems of companies such as Yahoo, AOL, Comcast, Microsoft and The New York Times in an effort to demonstrate that they had been vulnerable to hacker attacks.

He was arrested in 2003 and in early 2004 he pleaded guilty to computer crimes against Microsoft, The New York Times, and data analytics provider LexisNexis. He was sentenced to six months' detention at the home of his parents.

Lamo drew criticism in 2010 after he reported Chelsea Manning (at the time U.S. Army intelligence analyst Bradley Manning) to the Army for leaking a massive amount of classified documents to WikiLeaks.

3 hours ago Unisys pockets AU$90m in border biometrics and Defence IT support

ZDNet View Synopsis+1
The system will match those who enter Australia against a watch list of people of interest.

3 hours ago Facebook suspends account of Cambridge Anlaytica whistle-blower

The Register View Synopsis+1
Data science firm says it did have Facebook data, but didn't harvest it

Chris Wylie, the whistle-blower who has alleged the knowingly improper use of Facebook data by Cambridge Analytica, says The Social Network™ has suspended his account.…

13 hours ago Facebook Needs To Understand The Difference Between Fault And Responsibility

Forbes View Synopsis+1
Facebook has made some uncharacteristic bad moves with the Cambridge Analytica fiasco. The whole affair has shown something big about Facebook, they don't understand fault and they don't takeresponsibility.

12 hours ago How Cambridge Analytical used Facebook to get millions of U.S. voter's personal data

TechRepublic View Synopsis+1
Cambridge Analytica, a data firm linked to President Trump's 2016 election campaign, is accused of harvesting millions of Facebook profiles of U.S voters. Dan Patterson, senior writer for TechRepublic, talked to CBS News about how they may have done it.

Latest News

1 hour ago Facebook suspends account of Cambridge Analytica whistle-blower

The Register View Synopsis+1
Data science firm says it did have Facebook data, but didn't harvest it

Chris Wylie, the whistleblower who has alleged the knowingly improper use of Facebook data by Cambridge Analytica, says The Social Network™ has suspended his account.…

1 hour ago Cisco Meraki Offers Up to $10,000 in Bug Bounty Program

SecurityWeek View Synopsis+1

Cisco Meraki, a provider of cloud-managed IT solutions, announced last week the launch of a public bug bounty program with rewards of up to $10,000 per vulnerability.

Cisco Meraki, which resulted from Cisco's acquisition of Meraki in late 2012, started with a private bug bounty program on the Bugcrowd platform. The private program led to the discovery of 39 flaws, for which the company paid out an average of roughly $1,100.

The firm has now decided to open its bug bounty program to all the white hat hackers on Bugcrowd and it's prepared to pay them between $100 and $10,000 per flaw.

The initiative covers the,, and domains and some of their subdomains, the Meraki Dashboard mobile apps for Android and iOS, and products such as the Cisco Meraki MX Security Appliances, Meraki MS Switches, MR Access Points, MV Security Cameras, MC Phones, Systems Manager, and Virtual Security Appliances.

The highest rewards can be earned for serious vulnerabilities in websites (except, and all hardware and software products. Researchers can receive between $6,000 and $10,000 for remote code execution, root logic, sensitive information disclosure, and device configuration hijacking issues.

There is a long list of security issues that are not covered by the program, including denial-of-service (DoS) attacks, SSL-related problems and ones that require man-in-the-middle (MitM) access, clickjacking, and classic self-XSS.

"We invest heavily in tools, processes and technologies to keep our users and their networks safe, including third party audits, features like two-factor authentication and our out-of-band cloud management architecture," said Sean Rhea, engineering director at Cisco Meraki. "The Cisco Meraki vulnerability rewards program is an important component of our security strategy, encouraging external researchers to collaborate with our security team to help keep networks safe."

Meraki says its wireless, switching, security, and communications products are used by more than 230,000 global customers for 3 million devices.

9 hours ago ?How Cambridge Analytica used your Facebook data to help elect Trump

ZDNet View Synopsis+1
The Russian-linked Cambridge Analytica scammed 50 million US Facebook users for their data. The right-wing, voter-profiling company then used their information to target Americans with personalized anti-Clinton and pro-Trump propaganda.

9 hours ago The sad old-but-true joke of IoT security

ZDNet View Synopsis+1
A new issues paper from ASPI highlights the risks to Australia's critical infrastructure, but suggests that regulation and new government structures may not be ready to face the challenge.