Threat Level: green Handler on Duty: Brad Duncan

SANS ISC Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

13 hours ago White House Says Snowden Should 'Come Home, Be Judged'

SecurityWeek View Synopsis+1

The White House rejected a call Tuesday to pardon Edward Snowden, saying the former intelligence contractor should "be judged by a jury of his peers" for leaking US government secrets.

7 hours ago Doh! Teens sold iPhones that were Play-Doh bricks, police say

CNET View Synopsis+1
Technically Incorrect: In the latest attempt at fooling the unsuspecting and gullible, three Detroit area teens allegedly talk a MetroPCS store into buying fake iPhones.

2 hours ago Getting physical: A $10 device to clone RFID access keys on the go

ZDNet View Synopsis+1
A tiny open-source skimmer is due for public release within weeks.

1 hour ago Hackers Can Disable a Sniper Rifle - Or Change Its Target

WIRED View Synopsis+1

If a hacker attacks your TrackingPoint smart gun over its Wi-Fi connection, you may find the weapon is aiming at a different target than you think.

The post Hackers Can Disable a Sniper Rifle - Or Change Its Target appeared first on WIRED.

Top News

1 hour ago Smart phone security

IT Toolbox Blogs View Synopsis+1
How many of you protect your smartphones with passwords?

12 hours ago The Atlantic Daily : Obama in Africa, Boston Olympics, Cosby's Accusers

Yahoo Security View Synopsis+1

During a symbolically powerful visit to his father's homeland over the weekend, President Barack Obama praised Kenya's progress while urging the country to protect gay rights. From there, Obama traveled to Ethiopia, where he spoke about the spiraling conflict in South Sudan and al-Shabaab's threat in Somalia. No Olympics For Boston: Boston Mayor Marty Walsh dealt a fatal blow to the city's controversial 2024 Olympic bid when he refused to a sign a contract guaranteeing the costs to host the Games.

1 hour ago Bizarre High-Tech Kidnapping

Schneier blog View Synopsis+1

This is a story of a very high-tech kidnapping:

FBI court filings unsealed last week showed how Denise Huskins' kidnappers used anonymous remailers, image sharing sites, Tor, and other people's Wi-Fi to communicate with the police and the media, scrupulously scrubbing meta data from photos before sending. They tried to use computer spyware and a DropCam to monitor the aftermath of the abduction and had a Parrot radio-controlled drone standing by to pick up the ransom by remote control.

The story also demonstrates just how effective the FBI is tracing cell phone usage these days. They had a blocked call from the kidnappers to the victim's cell phone. First they used an search warrant to AT&T to get the actual calling number. After learning that it was an AT&T prepaid Trakfone, they called AT&T to find out where the burner was bought, what the serial numbers were, and the location where the calls were made from.

The FBI reached out to Tracfone, which was able to tell the agents that the phone was purchased from a Target store in Pleasant Hill on March 2 at 5:39 pm. Target provided the bureau with a surveillance-cam photo of the buyer: a white male with dark hair and medium build. AT&T turned over records showing the phone had been used within 650 feet of a cell site in South Lake Tahoe.

Here's the criminal complaint. It borders on surreal. Were it an episode of CSI:Cyber, you would never believe it.

17 hours ago Fiat Chrysler Recall (July 27, 2015)

SANS Newsbites View Synopsis+1

Chrysler has issued a safety recall for 1.......

17 hours ago Researchers find vulnerability in Skoda vehicles

SC Magazine View Synopsis+1
Researchers at Trend Micro discovered a security flaw in Skoda automobiles that could allow an attacker to spy on vehicle data.

17 hours ago PKI Trust Models: Whom do you trust?

SANS Reading Room View Synopsis+1
There has been a substantial amount of attention in the media recently regarding Public Key Infrastructures (PKI). Most often, secure web server exploits and signed malware have generated this attention and have led to the erosion of trust in PKI. Despite this negative media attention, there has been very little detailed discussion of the topic of PKI Trust proliferation and control. PKI is an integral part of our daily lives even though, for the most part, we never notice it. Europe is several years ahead of North America in the ubiquitous deployment of PKI to its citizens, but North America has begun to catch up. This paper covers four major areas including the definition of trust and trust models, implementation of trust, auditing of trust, and managing trust. The paper provides proof of concept tools to allow administrators to understand their current level of PKI trust and techniques manage trust.

14 hours ago Android Users: This Simple Fix Will Help Keep You Safe From The Stagefright Exploit

Forbes View Synopsis+1
Stagefright is a nasty potential problem for a huge majority of the World's Android users. Thomas Fox-Brewster covered it in detail in his article yesterday, but here in brief is how to prevent the bug being used to access your phone without you even knowing. Stagefright is a core part of [...]

1 day ago Serious Android Flaw: Devices At Risk

InfoRiskToday View Synopsis+1
Stagefright Flaw Affects 900M Devices, But Will OEMs Patch?Attackers could abuse flaws in Android's Stagefright media library to seize control of almost 950 million devices, just by sending a text, a security researcher warns. But will most devices ever see related fixes?

15 hours ago How the way you type can shatter anonymity - even on Tor

ArsTechnica View Synopsis+1
Researchers perfect technique that profiles people based on unique keystroke traits.

1 day ago Phishing Attacks Drive Spike In DNS Threat

Dark Reading View Synopsis+1
Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year.

1 day ago Dreaming of a more secure and hybrid MBaaS future

TechRepublic View Synopsis+1
The future of MBaaS is going to be more hybrid and secure to meet the security requirements of customers across regulated industries.

Latest News

11 minutes ago Russian Hacker Tool Uses Legitimate Web Services to Hide Attacks: FireEye

SecurityWeek View Synopsis+1

HAMMERTOSS Malware From Russian Hackers Uses Popular Web Services to Conceal Attacks

42 minutes ago Extra sneaky Hammertoss malware acts just like you on your computer

CNET View Synopsis+1
Security company FireEye says a Russia-sponsored group uses malware that mimics normal computer use while stealing sensitive files.

42 minutes ago Windows 10 marks turnaround moment for Microsoft

CNET View Synopsis+1
The software maker's flagship product is renewing faith in the Windows world.

42 minutes ago Misfits in Vietnam: Creating the next fitness trackers (pictures)

CNET View Synopsis+1
For Road Trip 2015, CNET visits the Ho Chi Minh City, Vietnam, offices of fitness tracker maker Misfit.

1 hour ago Russians hackers used Twitter, photos to reach U.S. computers: report

Yahoo Security View Synopsis+1

By Joseph Menn SAN FRANCISCO (Reuters) - Russian government-backed hackers who penetrated high-profile U.S. government and defense industry computers this year used a method combining Twitter with data hidden in seemingly benign photographs, according to experts studying the campaign. In a public report Wednesday, researchers at security company FireEye Inc said the group used the unusual tandem as a means of communicating with previously infected computers. FireEye has briefed law enforcement on what it found.

1 hour ago BIND Update Patches Critical DoS Vulnerability

SecurityWeek View Synopsis+1

The Internet Systems Consortium (ISC) announced on Tuesday the release of BIND 9.10.2-P3 and BIND 9.9.7-P2. The updates for the popular Domain Name System (DNS) software address a critical denial-of-service (DoS) vulnerability that affects almost all BIND servers.

2 hours ago Average US vehicle age hits record 11.5 years

Yahoo Security View Synopsis+1
In the age of Apple's CarPlay, a lot of cars on the road still have tape decks. The average vehicle in the U.S. is now a record 11.5 years old, according to consulting firm IHS Automotive, a sign of the ...

3 hours ago Anthem Hackers Targeted Multiple Industries Since 2012: Symantec

SecurityWeek View Synopsis+1

Black Vine Espionage Group Attacked Aerospace, Energy, Healthcare Industries

Symantec has been monitoring the activities of the cyber espionage group that breached health insurance giant Anthem last year. Researchers say Anthem is just one of the threat actor's many high profile targets.

5 hours ago The Moral Responsibility of our Technology

IT Toolbox Blogs View Synopsis+1

Today I wanted to write something pithy and a bit irreverant.  I wanted to continue my thread on Mercenary Employees.  I thought about  writing about whether Apple has peaked or Microsoft is heading for a trough.

 

But I can't.

 

I've been sitting her grappling with what my heart really wants to write.  And that's the way that writing

7 hours ago Black Vine: Anthem hackers share zero-days with rival cyberattackers

ZDNet View Synopsis+1
The group behind the disastrous Anthem hack is believed to be part of a zero-day sharing network.

8 hours ago Why We Get Defective Power Feeds

IT Toolbox Blogs View Synopsis+1
Power defects (or disturbances, interference or transients) can have many causes. Lightning is an obvious source. Lightning does not have to hit power, telephone or data lines directly to affect electronic equipment. The electromagnetic field generat...