Threat Level: green Handler on Duty: Brad Duncan

SANS ISC Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

19 hours ago Brinks' Super-Secure Smart Safes: Not So Secure

WIRED View Synopsis+1

"Making these safes smart...has actually drastically reduced the security of something that was fairly safe to begin with."

The post Brinks' Super-Secure Smart Safes: Not So Secure appeared first on WIRED.

11 hours ago Researchers find vulnerability in Skoda vehicles

SC Magazine View Synopsis+1
Researchers at Trend Micro discovered a security flaw in Skoda automobiles that could allow an attacker to spy on vehicle data.

10 hours ago PKI Trust Models: Whom do you trust?

SANS Reading Room View Synopsis+1
There has been a substantial amount of attention in the media recently regarding Public Key Infrastructures (PKI). Most often, secure web server exploits and signed malware have generated this attention and have led to the erosion of trust in PKI. Despite this negative media attention, there has been very little detailed discussion of the topic of PKI Trust proliferation and control. PKI is an integral part of our daily lives even though, for the most part, we never notice it. Europe is several years ahead of North America in the ubiquitous deployment of PKI to its citizens, but North America has begun to catch up. This paper covers four major areas including the definition of trust and trust models, implementation of trust, auditing of trust, and managing trust. The paper provides proof of concept tools to allow administrators to understand their current level of PKI trust and techniques manage trust.

10 hours ago Fiat Chrysler Recall (July 27, 2015)

SANS Newsbites View Synopsis+1

Chrysler has issued a safety recall for 1.......

Top News

6 hours ago White House Says Snowden Should 'Come Home, Be Judged'

SecurityWeek View Synopsis+1

The White House rejected a call Tuesday to pardon Edward Snowden, saying the former intelligence contractor should "be judged by a jury of his peers" for leaking US government secrets.

6 hours ago The Atlantic Daily : Obama in Africa, Boston Olympics, Cosby's Accusers

Yahoo Security View Synopsis+1

During a symbolically powerful visit to his father's homeland over the weekend, President Barack Obama praised Kenya's progress while urging the country to protect gay rights. From there, Obama traveled to Ethiopia, where he spoke about the spiraling conflict in South Sudan and al-Shabaab's threat in Somalia. No Olympics For Boston: Boston Mayor Marty Walsh dealt a fatal blow to the city's controversial 2024 Olympic bid when he refused to a sign a contract guaranteeing the costs to host the Games.

4 hours ago Landscape of no fear: Sea turtles don't avoid hungry tiger sharks the way you'd think

CNET View Synopsis+1
Sea turtles don't alter their movements to avoid shark attacks, researchers find, which means sea turtles are tougher than most of us.

1 hour ago Why We Get Defective Power Feeds

IT Toolbox Blogs View Synopsis+1
Power defects (or disturbances, interference or transients) can have many causes. Lightning is an obvious source. Lightning does not have to hit power, telephone or data lines directly to affect electronic equipment. The electromagnetic field generat...

30 minutes ago Black Vine: Anthem hackers share zero-days with rival cyberattackers

ZDNet View Synopsis+1
The group behind the disastrous Anthem hack is believed to be part of a zero-day sharing network.

19 hours ago Serious Android Flaw: Devices At Risk

InfoRiskToday View Synopsis+1
Stagefright Flaw Affects 900M Devices, But Will OEMs Patch?Attackers could abuse flaws in Android's Stagefright media library to seize control of almost 950 million devices, just by sending a text, a security researcher warns. But will most devices ever see related fixes?

19 hours ago Stagefright Vulnerability in Android Phones

Schneier blog View Synopsis+1

The Stagefright vulnerability for Android phones is a bad one. It's exploitable via a text message (details depend on auto downloading of the particular phone), it runs at an elevated privilege (again, the severity depends on the particular phone -- on some phones it's full privilege), and it's trivial to weaponize. Imagine a worm that infects a phone and then immediately sends a copy of itself to everyone on that phone's contact list.

The worst part of this is that it's an Android exploit, so most phones won't be patched anytime soon -- if ever. (The people who discovered the bug alerted Google in April. Google has sent patches to its phone manufacturer partners, but most of them have not sent the patch to Android phone users.)

9 hours ago How the way you type can shatter anonymity - even on Tor

ArsTechnica View Synopsis+1
Researchers perfect technique that profiles people based on unique keystroke traits.

7 hours ago Android Users: This Simple Fix Will Help Keep You Safe From The Stagefright Exploit

Forbes View Synopsis+1
Stagefright is a nasty potential problem for a huge majority of the World's Android users. Thomas Fox-Brewster covered it in detail in his article yesterday, but here in brief is how to prevent the bug being used to access your phone without you even knowing. Stagefright is a core part of [...]

1 day ago Phishing Attacks Drive Spike In DNS Threat

Dark Reading View Synopsis+1
Nearly 75% jump in phishing helped propel DNS abuse in the second quarter of this year.

1 day ago Dreaming of a more secure and hybrid MBaaS future

TechRepublic View Synopsis+1
The future of MBaaS is going to be more hybrid and secure to meet the security requirements of customers across regulated industries.

Latest News

10 hours ago US Power Grid Vulnerable (July 24, 2015)

SANS Newsbites View Synopsis+1

According to analysis of the US power grid compiled by USA Today, the country's power grid experiences more failures than those in other developed countries.......

10 hours ago Pakistan Bans Blackberry Enterprise Server (July 27, 2015)

SANS Newsbites View Synopsis+1

Pakistan's Ministry of the Interior has issued a notice to the Pakistan Telecommunication Authority (PTA) to order telecommunications companies that serve that country to stop access to BlackBerry Enterprise Services as of December 1, 2015.......

30 minutes ago Doh! Teens sold iPhones that were Play-Doh bricks, police say

CNET View Synopsis+1
Technically Incorrect: In the latest attempt at fooling the unsuspecting and gullible, three Detroit area teens allegedly talk a MetroPCS store into buying fake iPhones.

1 hour ago The many faces of Cortana: How Microsoft's virtual assistant wants to woo the world

CNET View Synopsis+1
Virtual assistants have become commonplace in modern technology, but Microsoft thinks it knows how to push its Cortana a step beyond the rest.

3 hours ago Nokia jumps into virtual reality market with 360-degree Ozo camera

CNET View Synopsis+1
The camera taps eight synchronized shutters and eight microphones to capture 360-video and spatial audio.

6 hours ago The Debate Over Free Community College

Yahoo Security View Synopsis+1

While the Obama administration's proposal to make community college free languishes in the Beltway, several states, including Tennessee, are moving ahead with their own plans to make earning an associate's degree as standard as a high-school diploma. This month, Oregon Governor Kate Brown signed into law a program that will offer tuition-free community college to the state's recent high-school graduates.

7 hours ago Banks Suing Target Make New Demands

InfoRiskToday View Synopsis+1
Ask Court to Force Release of Details on Breach, SecurityU.S. banks and credit unions suing Target for reimbursement of costs associated with its massive 2013 data breach want a court to force the retailer to disclose more details about its breach and security practices.

7 hours ago On the Road Again: Taking VoIP Outside of the Office

IT Toolbox Blogs View Synopsis+1

There used to be a clear line between in-office and out-of-office work. With Voice over Internet Protocol (VoIP) services, though, that line is disappearing. Thanks to evolving IP telephony technology, it's now possible for you and other employees to complete in-office tasks anywhere you go.


Total Availability

Even the

7 hours ago How the FCC is Changing VoIP Services Forever

IT Toolbox Blogs View Synopsis+1

The Federal Communications Commission (FCC) is a governmental agency tasked with regulating interstate communications in America. It has long been the regulatory agency for TV, radio and even satellite communications, but with the rapid evolution of voice over internet protocol (VoIP) telephone services, the FCC has a new medium to regulate. In fact, recent recommendations and rulings

7 hours ago Hosted VoIP Success Factor - it's a Means, not an End

IT Toolbox Blogs View Synopsis+1

This is the second of five success factors for moving to hosted VoIP, and my intent here is for SMBs to think more broadly about how new value can be brought to the business. This won't happen if VoIP is a cost reduction move or one that just replicates legacy telephony. The cloud creates new possibilities for leveraging new technologies, and in this regard, VoIP is not the end game -

8 hours ago Vasco posts 2Q profit

Yahoo Security View Synopsis+1
The Oakbrook Terrace, Illinois-based company said it had profit of 35 cents per share. Earnings, adjusted for one-time gains and costs, were 40 cents per share. The Internet security company posted revenue ...

8 hours ago Bill Would Mandate Agencies Use Einstein Program

InfoRiskToday View Synopsis+1
Measure Aims to Hasten Adoption of Intrusion Prevention SystemCould a change to federal law help prevent breaches such as those at the Office of Personnel Management that exposed the private information of more than 22 million individuals? Sen. Ron Johnson thinks so.

8 hours ago Akamai's Q2 earnings fall short

ZDNet View Synopsis+1
Akamai saw its security services sales surge, but second quarter earnings missed expectations. Sales were on target.

8 hours ago Researcher finds several vulnerabilities in PHP File Manager

SC Magazine View Synopsis+1
Researcher Sijmen Ruwhof uncovered several critical security vulnerabilities in PHP File Manager that leave user data unprotected.

8 hours ago Darkode allegedly up and running again

SC Magazine View Synopsis+1
Two weeks after an international law enforcement effort shut it down and led to charges, indictments and arrests, reports say online crime forum Darkode is back.

8 hours ago Survey: Nearly all Americans support and want retaliation for cyberattacks

SC Magazine View Synopsis+1
A new poll indicates that Americans want the government to retaliate for cyberattacks that compromise sensitive data.

9 hours ago In a Twist, Fraud Probe Reveals Breach

InfoRiskToday View Synopsis+1
Federal Investigation Uncovers Exposure of Patient DataA breach of patient data on a Web portal was discovered during a lengthy criminal investigation into a multi-million-dollar fraud scheme targeting Healthfirst, a New York-based managed care organization.

9 hours ago Brinks safe hacked with USB stick and 100 lines of code

Yahoo Security View Synopsis+1
As typically portrayed in action movies, breaking into an ostensibly impenetrable safe often requires a world class lock-picker or, barring that, an array or C4 explosives positioned in just the right orientation. But in the real world, surprisingly enough, defeating the security mechanisms on a top-notch Brinks safe can be done with nothing more than a USB stick and 100 lines of code. At the always entertaining Def Con Hacking Conference set to kick off in Las Vegas next week, researchers Daniel Petro and Oscar Salazar of Bishop Fox will detail how they were able to skirt around the defenses of the Brinks CompuSafe Galileo with relative ease. DON'T MISS: The trailer for Seth Rogen's drug-filled Christmas movie is 172 seconds of

10 hours ago Stagefright Vulnerabilities Affect Nearly All Android Devices (July 27, 2015)

SANS Newsbites View Synopsis+1

Nearly all Android smartphones contain remote code execution vulnerabilities that could be exploited simply by sending the device a maliciously crafted text message.......

11 hours ago Cylance Raises $42 Million In Series C Funding

SecurityWeek View Synopsis+1

Cylance, an Irvine, California-based threat protection firm, has lined its pockets with new cash, thanks to a $42 million Series C funding round led by DFJ Growth.