Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec News Summary


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

1 day ago Facebook users targeted by iBanking Android trojan app

NetworkWorld Security View Synopsis+1
Cybercriminals have started using a sophisticated Android Trojan app designed for e-banking fraud to target Facebook users, possibly in an attempt to bypass the two-factor authentication protection on the social network.

1 day ago How a cyber cop patrols the underworld of e-commerce

NetworkWorld Security View Synopsis+1
Melissa Andrews, a resident of Canada, is a cyber security "cop" for Payza, an international e-commerce payment platform operating in 97 countries. Her job, described by the company's public relations firm as "the worst security job on the Internet," is to protect the public from illegal, and many times revolting, content, by shutting the sites down and alerting authorities about criminal activity. She spoke with CSO this week about her job and why she is proud of what she does.

1 day ago Tails

Schneier blog View Synopsis+1

Nice article on the Tails stateless operating system. I use it. Initially I would boot my regular computer with Tails on a USB stick, but I went out and bought a remaindered computer from Best Buy for $250 and now use that.

1 day ago Putin tells Snowden: Russia conducts no US-style mass surveillance

The Register View Synopsis+1
Gov't is too broke for that, Russian prez says

Vladimir Putin has said that Russia has no mass telephone and internet surveillance programs to compare with those in the United States.

Top News

1 day ago Michaels confirms breach of as many as 2.6M cards

Yahoo Security View Synopsis+1
Michaels Stores Inc. says Thursday that about 2.6 million cards used at its namesake stores may have been affected in a security breach but it has received "limited" reports of fraud. The nation's ...

9 hours ago Data Cleansing in Excel

IT Toolbox Blogs View Synopsis+1
I spent the whole week cleaning up somebody else?s mess.

3 days ago Is RAID Fading Into The Sunset?

Network Computing Security View Synopsis+1
With the arrival of faster networks and SSDs, RAID can no longer keep up. Data protection alternatives such as replication and erasure codes are gaining traction.

3 days ago The 2014 Global Threat Intelligence Report

InfoRiskToday View Synopsis+1

The goal of the NTT Group Global Threat Intelligence Report (GTIR) is to raise awareness for executives and security professionals of how to avoid high-profile information security and data breaches, while understanding the needs for a strategic security program with proven controls that will help organizations balance cost and risk.

Using real-world case studies and findings from over 3 billion analyzed attacks, the 2014 NTT Global Threat Intelligence Report (GTIR) demonstrates strategies to minimize threat impact and compress the threat mitigation timeline. Among key findings of the study:

  • The cost for a "minor" SQL injection attack can exceed $196,000;
  • Anti-virus applications fail to detect 54 percent of new malware;
  • Healthcare has seen a 13 percent increase in botnet activity.

In this session, the report's key architects walk through case studies that bring the findings to life, and they focus on strategies for refining the five critical areas of security: threat avoidance, threat response, threat detection, investigate capabilities and response capabilities.

3 days ago Fingerprint lock in Samsung Galaxy 5 easily defeated by whitehat hackers

ArsTechnica View Synopsis+1
Multiple weaknesses put devices and PayPal accounts within reach of attackers.

3 days ago Researchers find Android security issue in app permissions protocol

SC Magazine View Synopsis+1
The permissions issue could allow a malicious app to alter legitimate home screen icons.

3 days ago Former Homeland Security chief: C-Suite needs to get a grip on cyber risks

ZDNet View Synopsis+1
The former Homeland Security chief outlined two conditions we're going to be dealing with as companies, countries, and individuals: the global scourge of terrorism and the digital "forevermore."

Latest News

4 hours ago Health care site flagged in Heartbleed review

Yahoo Security View Synopsis+1

WASHINGTON (AP) - People who have accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed computer virus.

5 hours ago Now Android fans can play one of the greatest computer games ever on their tablets

Yahoo Security View Synopsis+1

Old-school RPG fans still get nostalgic when you bring up Baldur's Gate, the classic Bioware D&D-based adventure that set the standard for computer RPGs when it was released all the way back in 1998. In fact, the Balur's Gate series's popularity has been so enduring that studio Beamdog has overhauled it with improved graphics and features while also adding touch controls to make it easy to play on tablets. Although Beamdog released its Baldur's Gate: Enhanced Edition for the iPad a while ago, the studio has finally gotten around to porting it to Android, and it's now available on the Google Play store for $9.99. Although the iPad version of the overhauled Baldur's Gate received mixed marks for its buggy controls,

8 hours ago DB2 for z/OS is not affected by Heartbleed bug

IT Toolbox Blogs View Synopsis+1
(Posted Friday, April 17, 2014) As if there could be any doubt, here?s the official word.... IBM DB2 for z/OS is not affected by the OpenSSL Heartbleed vulnerability (CVE-2014-0160) The flash states that ?DB2 for z/OS in all editions and all platforms is NOT vulnerable to the...

11 hours ago Friday Squid Blogging: Squid Jigging

Schneier blog View Synopsis+1

Good news from Malaysia:

The Terengganu International Squid Jigging Festival (TISJF) will be continued and become an annual event as one of the state's main tourism products, said Menteri Besar Datuk Seri Ahmad Said.

He said TISJF will become a signature event intended to enhance the branding of Terengganu as a leading tourism destination in the region.

"Beside introducing squid jigging as a leisure activity, the event also highlights the state's beautiful beaches, lakes and islands and also our arts, culture and heritage," he said.

I assume that Malaysian squid jigging is the same as American squid jigging. But I don't really know.

13 hours ago APAR Friday: Today it's about stats, WLM_REFRESH, and storage management

IT Toolbox Blogs View Synopsis+1
(Posted on Friday, April 18, 2014) Last year, APAR  PM88804 changed that behavior of REALSTORAGE_MANAGEMENT to solve a CPU usage issue.  That behavior is being reversed and changed back to how it originally acted by APAR PM99575. PM99575: CHANGE THE DISCARDDATA LOGIC ...

13 hours ago Metaphors of Surveillance

Schneier blog View Synopsis+1

There's a new study looking at the metaphors we use to describe surveillance.

Over 62 days between December and February, we combed through 133 articles by 105 different authors and over 60 news outlets. We found that 91 percent of the articles contained metaphors about surveillance. There is rich thematic diversity in the types of metaphors that are used, but there is also a failure of imagination in using literature to describe surveillance.

Over 9 percent of the articles in our study contained metaphors related to the act of collection; 8 percent to literature (more on that later); about 6 percent to nautical themes; and more than 3 percent to authoritarian regimes.

On the one hand, journalists and bloggers have been extremely creative in attempting to describe government surveillance, for example, by using a variety of metaphors related to the act of collection: sweep, harvest, gather, scoop, glean, pluck, trap. These also include nautical metaphors, such as trawling, tentacles, harbor, net, and inundation. These metaphors seem to fit with data and information flows.

The only literature metaphor used is the book 1984.

This is sad. I agree with Daniel Solove that Kafka's The Trial is a much better literary metaphor. This article suggests some other literary metaphors, most notably Philip K. Dick. And this one suggests the Eye of Sauron.

13 hours ago Reddit users discover iOS malware threat

The Register View Synopsis+1
'Unflod Baby Panda' looks to snatch Apple IDs

Users on a mobile phone hacking subreddit are being credited with the discovery of a malware infection targeting iOS users.

14 hours ago Why security professionals need to get more creative with penetration testing (and how to do it)

NetworkWorld Security View Synopsis+1
Security professionals have long been running penetration tests against their firewalls and other security systems to find weaknesses that need to be addressed.

14 hours ago U.S. commercial drone industry struggles to take off

NetworkWorld Security View Synopsis+1
The U.S. commercial drone industry is still struggling to get off the ground more than two years after President Obama signed into law a bill that permits the civilian use of unmanned aerial vehicles (UAV) over the country's airspace.