Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

5 hours ago Fraudsters exploit weak SSL certificate security to set up hundreds of phishing sites

SC Magazine View Synopsis+1
Certificate authorities are granting SSL certificates to the owners of spoof domain names which are being used to phish customers of well-known retail and banking brands.

4 hours ago Credit card numbers stolen from charity America's Thrift Stores

The Register View Synopsis+1
Break-in by Eastern European cybercriminals garners attention of US Secret Service

A malware-driven break-in and breach at the charity America's Thrift Stores may have compromised all sales transactions at the company between 1 September and 27 September, its CEO has admitted.

4 hours ago Email incident affects 9,400 Schwab Retirement Plan Services participants

SC Magazine View Synopsis+1
A spreadsheet containing personal information belonging to SRPS participants was accidentally emailed to a participant in another retirement plan serviced by SRPS.

4 hours ago Mapping an Adversary's Digital Footprint

Forbes View Synopsis+1
In the early 20th Century Dr. Edmond Locard famously observed "every contact leaves a trace," and that principle in forensics is no less true today in computer forensics. Everything we do online leaves a trail of IP addresses, of services used, of log files created. And whenever there is [...]

4 hours ago Google records your voice searches. Here's how to listen back to them

ZDNet View Synopsis+1
Google's searches add an extra layer of creepy by letting you listen back to exactly what you said -- and how you said it.

Top News

1 day ago They're baaaack! Verizon's zombie cookies to track users across massive AOL ad network

IT Toolbox Blogs View Synopsis+1
Verizon and it?s ?Limited? use of personal information They?re baaaack! Verizon's zombie cookies to track users across massive AOL ad network

1 day ago Soviet Spying on US Selectric Typewriters

Schneier blog View Synopsis+1

In the 19980s, the Soviet Union bugged the IBM Selectric typewriters in the U.S. Embassy in Moscow. This NSA document discusses how the US discovered the bugs and what we did about it. Codename is GUNMAN.

Is this the world's first keylogger? Maybe.

13 hours ago Only on AP: Clinton server ran software that risked hacking

Yahoo Security View Synopsis+1

WASHINGTON (AP) - The private email server Hillary Rodham Clinton used while secretary of state was connected to the Internet in ways that made it more vulnerable to hackers.

12 hours ago Cisco IOS Rootkits Can Be Created With Limited Resources: Researchers

SecurityWeek View Synopsis+1

A paper published last week aims to demonstrate that developing rootkits for devices running Cisco IOS doesn't require advanced knowledge or the resources of a nation state.

2 hours ago How Soviets used IBM Selectric keyloggers to spy on US diplomats

ArsTechnica View Synopsis+1
Highly sophisticated bugs went undetected for 8 years during the Cold War.

2 hours ago - Tallinn Manual 2.0 (October 12, 2015)

SANS Newsbites View Synopsis+1

Legal experts are drafting updates to the Tallinn Manual, a document that spells out how international law applies to cyberspace conflict.......

51 minutes ago A New Way for Tech Firms to Fight Orders to Unlock Devices

WIRED View Synopsis+1

A federal magistrate in New York declined to fall in step with the government's demand to access an Apple device seized by investigators, fanning the flames of a national debate.

The post A New Way for Tech Firms to Fight Orders to Unlock Devices appeared first on WIRED.

9 hours ago Report: The top tech trends impacting the enterprise

TechRepublic View Synopsis+1
A recent Deloitte survey found that security, cloud, and analytics are growing in importance among mid-market businesses. Here are some of the highlights from the report.

8 hours ago E*Trade, Dow Jones: 7 Breach Lessons

InfoRiskToday View Synopsis+1
Why Fraudsters Target Personally Identifiable InformationNewly discovered breaches at E*Trade Financial and Dow Jones highlight hackers' increasing attempts to steal, sell and utilize personal information. Security experts describe PII's value for fraudsters and scammers and offer lessons learned from these and other incidents.

2 hours ago The State of Dynamic Data Center and Cloud Security in the Modern Enterprise

SANS Reading Room View Synopsis+1
As organizations' data centers become more dynamic and the need to scale quickly in complex architectures grows, security will need to adapt accordingly. Read this survey results paper to learn the challenges hybrid data centers face, along with some of the steps you can take to update current practices to enhance security for the dynamic data centers in use today.

Latest News

1 hour ago Adobe addresses vulnerabilities in Flash Player, Acrobat and Reader

SC Magazine View Synopsis+1
Adobe on Tuesday released security updates for Flash Player, AIR, Acrobat and Reader that address numerous bugs, some of which are considered critical.

9 hours ago Researcher messes up Wi-Fi with an rPi and bargain buy radio stick

The Register View Synopsis+1
Putrid Piper picked apart a packet for just $15

KU Leuven Phd student Mathy Vanhoef has smashed conventional wireless security thought by creating continual, targeted and virtually indefensible stealth jamming of WiFi, Bluetooth, and Zigbee networks, and tampering with encrypted traffic, with little more than a $15 dongle.

3 minutes ago New zero-day exploit hits fully patched Adobe Flash

ArsTechnica View Synopsis+1
Attacks used to hijack end users' computers when they visit booby-trapped sites.

3 minutes ago UK hacker Lauri Love fights extradition to US

SC Magazine View Synopsis+1
UK graduate student Lauri Love is using a new tactic in his attempt to fight extradition to the U.S.

21 minutes ago Cops Knock Down Dridex Malware That Earned Eastern European Crooks At Least $50 Million

Forbes View Synopsis+1
The Dridex botnet, one of the most significant cybercriminal operations seen in recent years, has been dealt a severe blow, with one arrest and a takedown of the malware infrastructure.

33 minutes ago Credit card numbers compromised in America's Thrift Store data breach

SC Magazine View Synopsis+1
America's Thrift Stores reported a breach that compromised credit card information for an unknown number of its customers who shopped at the 18-store chain in September 2015.

1 hour ago Clinton seeks to move past email woes in Democratic debate

Yahoo Security View Synopsis+1

LAS VEGAS (AP) - Hillary Rodham Clinton entered Tuesday night's first Democratic debate a weakened front-runner, anxious to move past the controversy over her email practices and persuade voters she's the best-qualified candidate to lead the party to a third straight term in the White House.

2 hours ago Five Tools For Online Privacy And Security

Forbes View Synopsis+1
These tools will help you block ads, thwart sneaky third party trackers, and more.

2 hours ago Visa and FireEye bolster security partnership with new threat intelligence service

ZDNet View Synopsis+1
The subscription-based service includes a Web portal where Visa clients can share and view cyber intelligence, forensic threat analysis from recent data breaches, and information on malicious software.

2 hours ago DoE to Fund Power Grid Cybersecurity Projects (October 9 and 12, 2015)

SANS Newsbites View Synopsis+1

The US Department of Energy (DoE) will spend more than US $34 million to establish two research projects that will focus on protecting the country's power grid from cyberthreats.......

2 hours ago E-Trade Notifying 31,000 Customers of Breach (October 9, 2015)

SANS Newsbites View Synopsis+1

E-Trade has notified approximately 31,000 customers that their personal information may have been compromised in a 2013 breach.......

2 hours ago Dow Jones Acknowledges Data Breach (October 9, 10, and 12, 2015)

SANS Newsbites View Synopsis+1

Dow Jones says that its systems were breached and that some personal information was exposed.......

2 hours ago Marketing, Sales and Knowledge Management: Demystifying Common CRM Features

IT Toolbox Blogs View Synopsis+1

Customer relationship management (CRM) is growing faster than any form of enterprise software, according to Gartner Research. CRM tools have a predicted annual growth rate of 15.1 percent until 2017.

2 hours ago Best Fitness Apps for Android

IT Toolbox Blogs View Synopsis+1
This post looks at a few of the best fitness apps for Android

2 hours ago Four Changes in Enterprise Security After BYOD

IT Toolbox Blogs View Synopsis+1

Talk with 100 different CIOs, and you'll get 100 different answers for how they view bring-your-own-device (BYOD) and where their business falls on the readiness continuum.


Regardless of where the business stands, however, one thing is for certain: BYOD is already happening within the organization, like it or not.


"IT teams need to approach

3 hours ago Mapping An Adversary's Digital Footprint

Forbes View Synopsis+1
In the early 20th Century Dr. Edmond Locard famously observed "every contact leaves a trace," and that principle in forensics is no less true today in computer forensics. Everything we do online leaves a trail of IP addresses, of services used, of log files created. And whenever there is an [...]

3 hours ago All versions of Windows affected by critical security flaw

ZDNet View Synopsis+1
Even Windows 10 wasn't left out of the trifecta of monthly security patches.

3 hours ago Angler exploit kit targets up to 156 million UK Daily Mail readers in malvertising spree

ZDNet View Synopsis+1
The infamous Angler exploit kit has been striking up to 156 million Daily Mail readers a month.

4 hours ago Jamming Wi-Fi

Schneier blog View Synopsis+1

It's both easy and cheap.

Slashdot thread.

4 hours ago Adobe Patches Many Flaws in Flash Player, Acrobat, Reader

SecurityWeek View Synopsis+1

Updates released on Tuesday by Adobe for Flash Player, Reader and Acrobat address a significant number of vulnerabilities that expose the users of these products to hacker attacks.

4 hours ago Can we speak in private? Chat app intros end-to-end crypto tech

The Register View Synopsis+1
Making the terrorists' job easier? "˜Yes', say the cops

Messaging app LINE has introduced end-to-end encryption, with secure chat messaging available on all version of the software, including the desktop version, and turned on by default on Android.

5 hours ago AP Exclusive: Clinton email server setup risked intrusions

Yahoo Security View Synopsis+1

WASHINGTON (AP) - The private email server running in Hillary Rodham Clinton's home basement when she was secretary of state was connected to the Internet in ways that made it more vulnerable to hackers while using software that could have been exploited, according to data and documents reviewed by The Associated Press.

6 hours ago Is data loss prevention better than cure?

The Register View Synopsis+1
Join our experts on November 12 and find out

Regcast A quick glance at the mainstream press, never mind the pages of The Reg, will show why data loss and theft are very bad news for your company and your career.

6 hours ago Securing Digital India from Fraud

InfoRiskToday View Synopsis+1
Experts: You Need Boards Buy-in to Create Cybersecurity Eco-SystemIndian enterprises must strengthen their capabilities to secure Digital India. To combat emerging threats, security leaders prescribe a self-regulatory approach, rather than one driven by compliance mandates.

6 hours ago Gift Cards Preferred Payment Method in Japanese Underground

SecurityWeek View Synopsis+1

A report published on Tuesday by Trend Micro provides a detailed view of Japan's cybercriminal underground which, despite being in its infancy, has all the elements needed to thrive.

6 hours ago Visa and FireEye Launch Threat Intel Service for Payments Industry

SecurityWeek View Synopsis+1

Visa and FireEye today launched Visa Threat Intelligence, a new offering powered by FireEye that delivers real-time threat information to merchants and payment card issuers.