Threat Level: green Handler on Duty: Tom Webb

SANS ISC: Information Security News - SANS Internet Storm Center Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

23 hours ago Whistleblower Everett Stern: 'Do the Right Thing'

InfoRiskToday View Synopsis+1
"If You See Something, Say Something' Applies to Banks, Money LaunderingIt's been nearly seven years since HSBC was fined $1.9 billion by U.S. authorities for money laundering violations involving international drug cartels. But Everett Stern, the former employee who blew the whistle on the bank, continues to tell his story because he believes similar criminal activity is ongoing.

17 hours ago Some Elasticsearch security features are now free for everyone

ZDNet View Synopsis+1
Company makes TLS support and fine-grained user/role management free for everyone.

12 hours ago iPhone gyroscopes, of all things, can uniquely ID handsets on anything earlier than iOS 12.2

The Register View Synopsis+1
Cheapskate fandroids get a pass on this one, though

Your iPhone can be uniquely fingerprinted by apps and websites in a way that you can never clear. Not by deleting cookies, not by clearing your cache, not even by reinstalling iOS.…

12 hours ago US Warns Chinese Drones May Steal Data: Report

SecurityWeek View Synopsis+1

Washington has warned that Chinese-made drones could be giving spy agencies in Beijing "unfettered access" to stolen data, according to a report in American media.

The Department of Homeland Security sent out an alert on Monday flagging drones built in China as a "potential risk to an organization's information", CNN reported.

19 hours ago Root account misconfigurations found in 20% of top 1,000 Docker containers

ZDNet View Synopsis+1
Issue similar to Alpine Linux's CVE-2019-5021 impacts 194 other Docker images.

Top News

2 hours ago Windows 10 May 2019 Update now rolling out to everyone… slowly

ArsTechnica View Synopsis+1
Unless you explicitly want it installed, you probably won't get this update.

1 day ago User Data Exposed in Stack Overflow Hack

SecurityWeek View Synopsis+1

Hackers had access to Stack Overflow systems for nearly one week before the attack was detected and some user data was exposed after all, the company has admitted.

1 day ago Google Restricts Huawei's Access to Android

InfoRiskToday View Synopsis+1
As US/China Trade Tensions Escalate, Experts Warn of 'Unintended Consequences'After the Trump administration last week blacklisted Huawei amid rising trade tensions, Google says it has canceled the Chinese smartphone giant's Android license. Many chipmakers and other technology firms have also said they will cease or at least pause the sharing of software, hardware and services.

1 day ago How to block hijacking attacks on your Google account

TechRepublic View Synopsis+1
Bot and phishing attacks can compromise your G Suite account, but there is an easy way to block the majority of these attempts, according to Google.

1 day ago Let adware be treated as malware, Canuck boffins declare after breaking open Wajam ad injector

The Register View Synopsis+1
If it walks like a duck and quacks like a duck then...

Analysis The technology industry has numerous terms for sneaky software, including malware, adware, spyware, ransomware, and the ever adorable PUPs - potentially unwanted programs. But there isn't always a clear difference between malware and less threatening descriptors.…

1 day ago Melbourne students are guinea pigs for NEC's facial recognition fraud tech

ZDNet View Synopsis+1
NEC's NeoFace facial recognition software will be used by Melbourne-based Cambridge Boxhill Language Assessments in a bid to ensure those sitting tests are those enrolled.

Latest News

9 hours ago Database May Have Exposed Instagram Data for 49 Million

InfoRiskToday View Synopsis+1
Email Addresses, Phone Numbers Potentially ExposedThere's been a potential leak of personally identifiable information from Instagram, but it's not clear yet whether the data on 49 million users came directly from the social media company. A database that was left online without password protection has since been taken down.

10 hours ago Why post-quantum encryption will be critical to protect current classical computers

TechRepublic View Synopsis+1
Quantum computers are theorized to be capable of breaking RSA encryption. Experts disagree on when it could happen, but agree on a need for quantum-proof encryption.

11 hours ago Database May Have Exposed Instagram Personal Data

InfoRiskToday View Synopsis+1
Email Addresses, Phone Numbers for 49 Million People Potentially ExposedThere's been a potential leak of personally identifiable information from Instagram, but it's not clear yet whether the data on 49 million users came directly from the social media company. A database that was left online without password protection has since been taken down.

2 hours ago Google says it stored some G Suite passwords in unhashed form for 14 years

ZDNet View Synopsis+1
G Suite passwords were encrypted when stored in disk, so at least they weren't stored in plaintext.

2 hours ago Google Warns G Suite Customers of Passwords Stored Unhashed

SecurityWeek View Synopsis+1

Google on Tuesday said that some customer passwords for its G Suite customers were stored in an unhashed format.

2 hours ago How does API Management Complement IAM?

InfoRiskToday View Synopsis+1
Flat-out, traditional IAM practices are insufficient to secure a modern enterprise that relies on such diverse endpoints and connected devices. But API management can play a strong complementary role, says Jay Thorne of CA Technologies, a Broadcom company.

3 hours ago Firefox Now Has Fingerprinting and Crypto-mining Protection

SecurityWeek View Synopsis+1

Mozilla this week released Firefox 67 to the stable channel with improved protection against tracking and with fingerprinting and crypto-mining protection capabilities. 

3 hours ago Fending off Zombieload attacks will crush your performance

ZDNet View Synopsis+1
To fully protect yourself from potential Zombieload attacks, vendors and early benchmarks show you'll face performance losses of up to 40%.

4 hours ago First official version of Tor Browser for Android released on the Play Store

ZDNet View Synopsis+1
After eight months of alpha testing, Tor Browser for Android is now ready for rollout.

5 hours ago Attack Combines Phishing, Steganography, PowerShell to Deliver Malware

SecurityWeek View Synopsis+1

URLZone Morphs Into a Downloader for Ursnif

Researchers have discovered a malware campaign targeting Japan and combining phishing, steganography, PowerShell, and the URLZone and Ursnif malwares.

8 hours ago How to improve cloud provider security: 4 tips

TechRepublic View Synopsis+1
Many IT pros remain concerned with the risk of data loss and leakage in the cloud, according to a new survey from AlgoSec.

8 hours ago Your data, stolen twice: Pirated phishing kit contains hidden backdoor

TechRepublic View Synopsis+1
A commercial phishing platform that targets Apple users has proven popular enough for other criminals to pirate, though the pirated version transmits harvested data through a hidden back channel.