SANS ISC

• SANS Site Network
  • Current Site
  • Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • IT Audit
  • Computer Forensics
  • Software Security
  • Government OnSite Training

InfoSec News Summary

1 day ago MS14-016 - Important : Vulnerability in Security Account Manager Remote (SAMR) Protocol Could Allow Security Feature Bypass (2934418) - Version: 1.0

1 day ago SANS Institute Tackles Emerging Security Threats at SANS Security West 2014

BETHESDA, Md., March 11, 2014 /PRNewswire-USNewswire/ -- SANS Institute today announced its return to San Diego on May 8-17 for SANS Security West 2014. SANS Security West will arm information security professionals with the necessary insight to prepare their organization for today and the future. Attendees will have the opportunity to advance their information security skill set by learning ...

2 days ago TechInsight: Protection Tips for Third Party Vendor Access

Third party business connections often provide attackers easy, unfettered access to bigger, richer networks.

2 days ago ZDNetGovWeek: It's all about the RSPECT, plus breaches, Brazilians, and burqas

While President Obama can't get no "RSPECT," the retail world is scrambling in the wake of the Target breach (and yet, my wife shopped there for hours today), even Iran can't stop Facebook, and Brazil wants to build an undersea cable.

2 days ago Mt Gox fielded MASSIVE DDOS attack before collapse

Report in Japan says '150,000 hits per second'

A Japanese newspaper is reporting that during the spectacular collapse of the Mt Gox Bitcoin exchange, the operation's servers were also suffering a large-scale DDOS attack.

2 days ago thoughts on style, the TLS, and errors

2 days ago Tools To Keep Your Small Business Technologically Updated

A lot of these technology tools require constant updates. This mandates the need for an IT workforce that can ensure these updates are made on time. It?s important because outdated hardware is one of the leading causes of malware attacks. There are a number of tools that can help you keep your software updated without the need for a dedicated IT workforce. Here are some of them.

2 days ago After Recent Ruling, America’s Commercial Drone Pilots Come Out of the Shadows

Matt Gunn, an independent model aircraft or drone operator in Cleveland, says the recent court ruling barring the Federal Aviation Administration from enforcing rules prohibiting the commercial use of drones amounts to “mud being flung in their face.†Gunn is ...    

2 days ago A clear-eyed guide to Mac OS X's actual security risks

Apple has improved its security in recent years, but is it enough?

2 days ago Hackers call Mt. Gox CEO a liar, say he still controls ‘stolen’ bitcoin

Anonymous hackers on Sunday claimed to have published evidence that Mt. Gox CEO Mark Karpeles lied about the theft of more than $500 million worth of bitcoin. According to the hackers, Karpeles still controls all of the cryptocurrency he says was stolen recently in the biggest heist of bitcoin’s brief history. Mt. Gox was the world’s largest bitcoin exchange until about 850,000 bitcoin were allegedly stolen during a breach, forcing the exchange to shut down and file for bankruptcy protection. According to new claims from anonymous hackers, however, the heist never occurred and Karpeles still controls nearly 1 million bitcoin worth approximately $596 million at Monday’s exchange rate. According to a report from Forbes, the anonymous hackers took over Karpeles’s blog and published

23 minutes ago Senator's Spy Claims Chill CIA-Congress Relations

WASHINGTON - A top US lawmaker's hotly disputed charge that the CIA illegally spied on Senate staff has roiled the intelligence community, fraying ties between the agency and its overseers in Congress.

Senator Dianne Feinstein brought what had been a behind-the-scenes spat into the public glare Tuesday with her furious broadside against the Central Intelligence Agency, saying its agents searched computers used by staffers investigating its interrogation methods.

"I have grave ...

Read more

25 minutes ago High-Bandwidth NTP Amplification DDoS Attacks Escalate 371 Percent in the Last 30 days

Prolexic Issues High Alert DDoS Attack Threat Advisory

53 minutes ago Kaspersky Lab Details Connections Between 'Snake' and Agent.BTZ Malware

Security researchers from from BAE Systems and G-Data recentlyt shared research on a cyber-espionage toolkit called Snake (also referred to as Turla or Uroburos) that was used in attacks against targets in the Ukraine, Lithuania, Great Britain, the United States and other nations.

According to BAE Systems, the malware is the work of a technically sophisticated and well-organized group. However, BAE did not say exactly who is behind the campaign or who might be paying them despite evide...

Read more

55 minutes ago Study: Health care orgs see modest decline in incidence, cost of data breaches

An annual study on patient privacy and security marked improvements on the data breach front, though organizations voiced concerns with health information exchanges (HIEs).

56 minutes ago IT Security Pros Abandoning Traditional Security Measures In Favor Of SMS-Based Two-Factor Authentication

Ponemon and Tyntec survey finds 68% believe username/passwords not enough

1 hour ago Hybrid DIMMs And The Quest For Speed

SanDisk's UltraDIMM technology and Viking's ArxCis meld flash with DRAM for super-fast performance and could prove game changers for the storage industry.

1 hour ago Analysis of Zbot Spear-Phish Invincea, ThreatGRID and ThreatStream

1 hour ago Express Language Injection vulnerability in Paypal

1 hour ago What You Should Know About SOX Compliance Before Moving to the Cloud

The Sarbanes-Oxley Act of 2002 (SOX), which is administered by the Securities and Exchange Commission, is record-retention legislation specifying which records are to be kept and for how long (at least five years). It doesn’t describe how to retain those records, just that they must be retained. IT departments of companies that fall under SOX are affected by it because these days, most records

1 hour ago Why It's Time to Get On Board with the Cloud

Cloud computing is a mainstream technology tool used across several industries ranging from education to financial institutions and law offices. Using the Internet to deliver hardware and software services instead of maintaining physical hardware saves space and money. Software companies offer cloud services to businesses looking to jump on the latest technology trend so much that the cloud computing

1 hour ago Critical crypto flaw in Facebook’s WhatsApp for Android exposes chats

Message history is wide open to theft and decryption by rogue apps, consultant says.

1 hour ago Here’s what the Internet might look like in 2025

The World Wide Web turned 25 on Wednesday, and what better way to commemorate the occasion than by envisioning the Internet of the future? The Pew Research Center asked a group of what The Wall Street Journal refers to as “thinkers in science and technology†about what the Internet might look like in 2025. Their responses carry forth many of the concept of the Internet of Things we have seen so often recently, but they also take things much further. What follows below is a collec...

Read more

2 hours ago Adobe patches two important vulnerabilities in Flash Player

Adobe released updates for Flash Player that fix two vulnerabilities that could allow attackers to bypass security controls in the software.

2 hours ago Dutch intelligence illegally shared data with foreign services, says report

The Dutch Military Intelligence and Security Service (MIVD) illegally shared data with foreign services and hacked Web forums without ministerial approval, according to a report made at the request of the Dutch House of Representatives.

2 hours ago Nearly 5,000 impacted after Ohio manufacturer stores info on insecure server

The Timken Company stored the personal information of nearly 5,000 current and former associates, as well as past applicants, on an insecure server, during which time one unauthorized party accessed the file containing the data.

2 hours ago Why Client-Side Encryption Is Critical For Cloud Privacy

The only way to ensure privacy in the cloud era is to shift to a model in which the cloud customer controls encryption keys, not the cloud provider.

3 hours ago Starting Today, Jealous Lovers Can Buy NSA-Like Monitoring Powers

Imagine this happy occasion. On his girlfriend’s birthday a man announces he has a special gift. She unwraps the box to find a sleek new Android phone. She throws her arms around him and lands a warm kiss for his kindness.

4 hours ago What Justin Bieber's Twitter Hack Teaches Us About Social Media Security

Justin Bieber's 50 million follower strong Twitter account was hijacked briefly a couple of days ago and now the dust has settled it seems like a good opportunity to review how these attacks happen and what all of us (pop stars included) should learn about Twitter security. I'll briefly recount the attack, but if you just want the advice skip to the later section of this article for the top Twitter (and general social media) security tips.

5 hours ago Researchers prove Wi-Fi at risk for malware attacks

There's new proof that Wi-Fi is capable of propagating malware that transmits malcode wirelessly. Find out how to stop these attacks.

6 hours ago Tokyo lawsuit raised red flags on Mt. Gox funding, compliance

Two months before Mt. Gox filed for bankruptcy it was sued by a customer seeking the return of funds in a case that highlights some of the red flags raised in the run-up to the collapse of what was once the world's biggest bitcoin exchange. New York resident Marko Simovic filed a civil action at the Tokyo District Court on December 24, seeking to recover $105,000 he had on deposit at Mt. Gox and about $14,000 in interest, court filings show. Simovic, who described himself as a software develo...

Read more

6 hours ago Retail Breaches: The Malware Source

Attackers likely purchased malware in underground "cybercrime-as-a-service" markets to use in recent credit card breaches, including the Target Corp. attack, a new report from McAfee Labs asserts. Adam Wosotowsky explains the report's findings.

7 hours ago MUM's WordPress recipe blog USED AS ZOMBIE in DDoS attacks

Well, it's statistically reasonably likely. Just update to 3.8.1, OK?

Tens of thousands of vulnerable WordPress sites have been co-opted into a server-based botnet being used to run DDoS attacks.

8 hours ago CIA Hack Scandal Turns Senate’s Defender of Spying Into a Critic

It's refreshing to hear Dianne Feinstein express outrage over warrantless and illegal government spying, But sadly to say, there’s some dark humor of sorts here, too. Feinstein is perhaps the biggest congressional cheerleader of domestic surveillance, including the telephone snooping ...    

10 hours ago BB10's 'dated' crypto lets snoops squeeze the juice from your BlackBerry – researcher

BEAST will attack your sensitive web traffic, warns poster

BlackBerry BB10 OS uses dated protocols that leave users at risk to known cryptographic attacks, according to a security researcher.

14 hours ago Tim Berners-Lee calls for an online bill of rights

The British founder of the world wide web has called for an "Internet Users Bill of Rights".

16 hours ago Huawei aims for $10B enterprise revenue via cloud

But its 2017 goal will face challenges, particularly in data security, given the Chinese networking vendor's links to spying allegations.

20 hours ago Rogers Declines to Call Snowden a Traitor

But NSA Designee Says Snowden Has Caused Harm to NationAt his March 11 Senate confirmation hearing, Navy Vice Adm. Michael Rogers, chosen by President Obama to be the next director of the National Security Agency, declines to characterize NSA leaker Edward Snowden as a traitor.

23 hours ago Attackers trick 162,000 WordPress sites into launching DDoS attack

Technique allows lone attacker hidden in the shadows to wage crippling attacks.