Threat Level: green Handler on Duty: Brad Duncan

SANS ISC Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

22 hours ago Want to know if your employees are security savvy? Run your own phishing campaign

ZDNet View Synopsis+1
In a Q&A with ZDNet, the vice president of Cybersecurity Services at Fidelis explains why top-level management has to be the security-focused example for others to follow.

22 hours ago This Online Anonymity Box Puts You a Mile Away From Your IP Address

WIRED View Synopsis+1

It's designed to use a radio connection to add a physical layer of obfuscation to an internet user's location.

The post This Online Anonymity Box Puts You a Mile Away From Your IP Address appeared first on WIRED.

11 hours ago Amazon releases open-source TLS implementation in response to OpenSSL issues

TechRepublic View Synopsis+1
Long-standing problems and a history of high-profile bugs in OpenSSL such as Heartbleed have prompted Amazon to write a replacement minimalist TLS implementation.

1 day ago Emails show top officials aware of Clinton's private address

Yahoo Security View Synopsis+1
WASHINGTON (AP) - Senior Obama administration officials, including the White House chief of staff, knew as early as 2009 that Hillary Rodham Clinton was using a private email address for her government correspondence, according to some 3,000 pages of correspondence released by the State Department late Tuesday night

Top News

1 day ago Ransomware Exploits Flash Flaw (June 29, 2015)

SANS Newsbites View Synopsis+1

Ransomware known as CryptoWall is being used in attacks that exploit a flaw in Adobe Flash Player for which Adobe issued a patch just last week.......

20 hours ago The Second War of Independence: Wearables vs. Security

SecurityWeek View Synopsis+1

The 4th of July is approaching, a U.S. holiday celebrating independence from the British. But sometimes the first war doesn't solve all the problems. The War of 1812 is referred to as America's "Second War of Independence," fought to clarify a few things with the British Empire that remained from the American Revolutionary War.

9 hours ago Corrupt DEA Agent Pleads Guilty To Extorting Bitcoin From Silk Road Creator Ross Ulbricht

Forbes View Synopsis+1
A former DEA agent pleaded guilty Wednesday to money laundering, obstruction of justice and extortion for his actions during two years investigating the online drug marketplace Silk Road as an undercover agent.

7 hours ago IoT Devices and Persistent Threats

IT Toolbox Blogs View Synopsis+1
As hardware and software for IoT devices improves and proliferates we?ll see which IoT security challenges prove most crucial, and how they are being met.

2 hours ago Meeting the Digital Identity Challenge

InfoRiskToday View Synopsis+1
Security Panel: Improving Authentication, Access, GovernanceIn an exclusive panel hosted by ISMG, security leaders discuss new strategies and solutions for securing the digital customer experience. Are CISOs game to tackle this evolving security challenge?

11 hours ago Trump Hotel Collection investigating potential payment card breach

SC Magazine View Synopsis+1
According to a statement, Trump Hotel Collection has been alerted to potential suspicious credit card activity and is determining if it involves any of its properties.

21 hours ago Office of Personnel Management Data Hack

Schneier blog View Synopsis+1

I don't have much to say about the recent hack of the US Office of Personnel Management, which has been attributed to China (and seems to be getting worse all the time). We know that government networks aren't any more secure than corporate networks, and might even be less secure.

I agree with Ben Wittes here (although not the imaginary double standard he talks about in the rest of the essay):

For the record, I have no problem with the Chinese going after this kind of data. Espionage is a rough business and the Chinese owe as little to the privacy rights of our citizens as our intelligence services do to the employees of the Chinese government. It's our government's job to protect this material, knowing it could be used to compromise, threaten, or injure its people­ -- not the job of the People's Liberation Army to forebear collection of material that may have real utility.

Former NSA Director Michael Hayden says much the same thing:

If Hayden had had the ability to get the equivalent Chinese records when running CIA or NSA, he says, "I would not have thought twice. I would not have asked permission. I'd have launched the star fleet. And we'd have brought those suckers home at the speed of light." The episode, he says, "is not shame on China. This is shame on us for not protecting that kind of information." The episode is "a tremendously big deal, and my deepest emotion is embarrassment."

My question is this: Has anyone thought about the possibility of the attackers manipulating data in the database? What are the potential attacks that could stem from adding, deleting, and changing data? I don't think they can add a person with a security clearance, but I'd like someone who knows more than I do to understand that risks.

14 hours ago WikiLeaks: New intelligence briefs show US spied on German leader

ArsTechnica View Synopsis+1
"Merkel's fear was that Athens would be unable to overcome its problems."

1 day ago Accessing the inaccessible: Incident investigation in a world of embedded devices

SANS Reading Room View Synopsis+1
There are currently an estimated 4.9 billion embedded systems distributed worldwide. By 2020, that number is expected to have grown to 25 billion. Embedded systems can be found virtually everywhere, ranging from consumer products such as Smart TVs, Blu-ray players, fridges, thermostats, smart phones, and many more household devices. They are also ubiquitous in businesses where they are found in alarm systems, climate control systems, and most networking equipment such as routers, managed switches, IP cameras, multi-function printers, etc. Unfortunately, recent events have taught us these devices can also be vulnerable to malware and hackers. Therefore, it is highly likely that one of these devices may become a key source of evidence in an incident investigation. This paper introduces the reader to embedded systems technology. Using a Blu-ray player embedded system as an example; it demonstrates the process to connect to and then access data through the serial console to collect evidence from an embedded system non-volatile memory.

1 day ago Intel infosec folk TEE off open source app dev framework

The Register View Synopsis+1
World+dog can TEE off too, without spending megabucks

A trio of Intel boffins have broken a vendor lock-down on trusted execution environments (TEEs) with the release of an open source framework that could help developers to build more secure apps.

Latest News

11 hours ago Saboteurs leverage RIPv1 for DDoS reflection attacks

SC Magazine View Synopsis+1
According to an Akamai threat advisory, attackers leveraged an outdated routing protocol RIPv1 for their malicious aims.

9 minutes ago Level 3 acquires DDoS mitigation firm Black Lotus

ZDNet View Synopsis+1
The deal adds proxy-based DDoS mitigation services to Level 3's portfolio.

1 hour ago Trump Hotels Investigating Possible Card Breach

SecurityWeek View Synopsis+1

Trump Hotel Collection is working to determine if its payment systems have been breached by cybercriminals after several U.S. banks identified fraudulent activity on cards used at the company's hotel properties.

1 hour ago Singapore adds 2FA security to e-government services

ZDNet View Synopsis+1
SingPass users will need to set up the two-factor authentication process in their account, linking either their mobile number or the country's national 2FA token, OneKey.

2 hours ago Blacklist warnings spread on websites in North Korea

Yahoo Security View Synopsis+1
TOKYO (AP) - North Korea, already one of the least-wired places in the world, appears to be cracking down on the use of the Internet by even the small number of foreigners who can access it with relative freedom by blacklisting and blocking social media accounts or websites deemed to carry harmful content.

5 hours ago MasterCard to trial using selfies as authentication

ZDNet View Synopsis+1
Looking at your phone may become the new way to pay, as MasterCard begins experimenting with biometric technology to allow users to pay with a touch of a finger or a by taking a selfie upon checkout.

6 hours ago A Retailer's Checklist To Setup An ECommerce Website

IT Toolbox Blogs View Synopsis+1
The paradigm shift towards ecommerce has forced retail business owners with two options : either open up to ecommerce retailing or perish. But making the move is easier said than done

10 hours ago UK Gets Ironic by Spying on Amnesty International

WIRED View Synopsis+1

Pot, meet kettle. As Britain joins other Wassenaar nations in calling to prevent spying against human rights workers, it turns out it has been spying on Amnesty International.

The post UK Gets Ironic by Spying on Amnesty International appeared first on WIRED.

11 hours ago Do digital business, big data and the Internet of Things play well together?

IT Toolbox Blogs View Synopsis+1
...digital business, big data and the Internet of Things play together very well indeed. To find out more, register for the webcast ?Becoming an Enterprise Digital business: A perspective from featured Gartner analyst Donald Feinberg,? scheduled for July 28, 2015, at 11:00 a.m. ET, to learn from thought leaders what all this means for you and your business.

11 hours ago FISC judge gives NSA go-ahead to resume surveillance

SC Magazine View Synopsis+1
A surveillance court judge ruled Monday that the NSA could temporarily resume its bulk data collection program during the transition period to the reforms of the USA Freedom Act signed into law June 2.

11 hours ago Bug-hunter's Joy

Reddit +1