Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Information Security News - SANS Internet Storm Center Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

3 hours ago Unpatched Flaws in Python, Java Allow Firewall Bypass

SecurityWeek View Synopsis+1

Unpatched vulnerabilities related to how Java and Python handle file transfer protocol (FTP) URLs can be exploited for various purposes, including for sending unauthorized emails and bypassing firewalls, researchers warned.

15 hours ago How to minimize infection from Xagent, the latest malware threat to OS X

TechRepublic View Synopsis+1
Take these steps to protect your Mac from infection by the recently identified Xagent malware.

1 day ago Cybersecurity Chaos Dominates RSA Conference Discussions

InfoRiskToday View Synopsis+1
US Election Interference Highlights Ongoing Dangers, Industry Leaders SayAmidst the increasing security chaos facing individuals and organizations, one of the dominant themes at this year's RSA Conference was the need for information security professionals to do more, bringing order to enterprise IT security as well as by influencing public policy.

1 day ago Four Disruptive 'Cyber Trends' At RSA

Forbes View Synopsis+1
Perhaps the broadest disruption: vendors are improving their ability to understand how bad actors behave, and can thus take steps to prevent, detect, or mitigate their malicious activities. In particular, today's vendors understand the "˜Cyber Kill Chain.'

18 hours ago Hackers who took control of PC microphones siphon >600 GB from 70 targets

ArsTechnica View Synopsis+1
Critical infrastructure, media, and scientists targeted by suspected nation state.

Top News

3 hours ago 11 Takeaways From RSA Conference 2017

InfoRiskToday View Synopsis+1
Mirai Botnets, Breach Response Basics, a Security Guru Cocktail and MoreResponding to disruptive data breaches, dealing with Mirai botnets, hacking back and the need for enterprises to segment their backup environments were just some of the topics dominating this year's RSA Conference in San Francisco.

3 hours ago TeamSpy hackers get the crew back together after four-year hiatus

The Register View Synopsis+1
Remote-control app hijacked for use as snooping tool - again

Cybercrooks have once again begun slinging malware that subverts elements of the legitimate TeamViewer remote control app to snoop on victims.

3 hours ago Bitter - for DIageo that's the taste of negotiating with SAP

IT Toolbox Blogs View Synopsis+1
In the case of SAP UK Ltd v Diageo Great Britain Ltd [2017] EWHC 189 (TCC) (16 February 2017) - the courts found in favour of SAP regarding indirect use of SAP via Salesforce.

3 hours ago Android ransomware attacks have grown by 50 percent in a year

ZDNet View Synopsis+1
Cybercriminals are increasingly targeting mobile devices with malicious software, as more and more people use them to store their most personal data.

1 hour ago Bill Gates Warns Of Epidemic That Could Kill Over 30 Million People

Forbes View Synopsis+1
"There is a reasonable probability the world will experience such an outbreak in the next 10 to 15 years."

44 minutes ago Recent meeting finds Yahoo's badly hacked systems were still compromised

ArsTechnica View Synopsis+1
Company knocks $350 million off its purchase price.

1 day ago Explosive blog post details "˜abhorrent' sexism at Uber

Yahoo Security View Synopsis+1

In a blog post published Sunday, former Uber engineer Susan Fowler Riggetti details her experiences working for the company. Sadly, given she's a female engineer working at a thrusting, big-name Silicon Valley startup, the experiences are exactly what you'd expect.

In the post, Riggetti details numerous instances of overt sexist behaviour. She reportedly sent evidence, including email and chat logs to HR, but ran into a brick wall multiple times. In the end, she says that her attempts to quietly report sexist behaviour were turned against her:

I forwarded this absurd chain of emails to HR, and they requested to meet with me shortly after. I don't know what I expected after all of my earlier encounters with them, but this one was more ridiculous than I could have ever imagined. The HR rep began the meeting by asking me if I had noticed that *I* was the common theme in all of the reports I had been making, and that if I had ever considered that I might be the problem. I pointed out that everything I had reported came with extensive documentation and I clearly wasn't the instigator (or even a main character) in the majority of them - she countered by saying that there was absolutely no record in HR of any of the incidents I was claiming I had reported (which, of course, was a lie, and I reminded her I had email and chat records to prove it was a lie). She then asked me if women engineers at Uber were friends and talked a lot, and then asked me how often we communicated, what we talked about, what email addresses we used to communicate, which chat rooms we frequented, etc. -  an absurd and insulting request that I refused to comply with. When I pointed out how few women were in SRE, she recounted with a story about how sometimes certain people of certain genders and ethnic backgrounds were better suited for some jobs than others, so I shouldn't be surprised by the gender ratios in engineering. Our meeting ended with her berating me about keeping email records of things, and told me it was unprofessional to report things via email to HR.

Beyond the reports to HR, Riggetti also details a company overrun with internal politics and management problems:

In the background, there was a game-of-thrones political war raging within the ranks of upper management in the infrastructure engineering organization. It seemed like every manager was fighting their peers and attempting to undermine their direct supervisor so that they could have their direct supervisor's job. No attempts were made by these managers to hide what they were doing: they boasted about it in meetings, told their direct reports about it, and the like.

Shortly after the blog post was published, Uber CEO Travis Kalanick issued a statement promising a (secret, internal) investigation into the matter, and reaffirmed Uber's committment to a equitable workplace where everyone isn't trying to stab each other in the back:

"I have just read Susan Fowler's blog. What she describes is abhorrent and against everything Uber stands for and believes in. It's the first time this has come to my attention so I have instructed Liane Hornsey our new Chief Human Resources Officer to conduct an urgent investigation into these allegations. We seek to make Uber a just workplace and there can be absolutely no place for this kind of behavior at Uber -- and anyone who behaves this way or thinks this is OK will be fired."

This isn't the first time that Uber has run into human resources problems within its internal teams and management. In 2014, an Uber exec famously suggested digging up dirt on journalists to discredit them. That statement came in response to a journalist who had accused Uber of sexism once again.

More recently, #DeleteUber trended on Twitter after Uber removed surge pricing at JFK airport during a taxi strike -- a strike that was in protest of President Trump's Muslim travel ban. The same hashtag is trending again tonight following Riggetti's blog post.

Latest News

26 minutes ago The Evolution of Ransomware: Part 2

SecurityWeek View Synopsis+1

For most, ransomware attacks are the byproduct of uninformed users opening malicious attachments sent by devious and anonymous criminals.

26 minutes ago Hacks all the time. Engineers recently found Yahoo systems remained compromised

ArsTechnica View Synopsis+1
Company knocks $350 million off its purchase price.

44 minutes ago CompTIA Offers New Security Analyst Certification

SecurityWeek View Synopsis+1

An ISACA survey released during RSA week sought to illustrate the state of cyber security workforce development and its current trends. The results would surprise no-one in the industry: recruiting security talent is hard.

58 minutes ago TeamSpy Malware Spotted in New Campaign

SecurityWeek View Synopsis+1

TeamSpy, the data-stealing malware that was associated with a decade-long cyber-espionage operation several years ago, has resurfaced in a new attack campaign, Heimdal Security researchers warn.

58 minutes ago Hacking group RTM able to divert bulk financial transfers with malware

The Register View Synopsis+1
Attacks of great concern to Russian financial institutions

Cybercrime group RTM is deploying complex malware based in the Delphi programming language to target Remote Banking Systems (RBS), a type of business software used to make bulk financial transfers.

1 hour ago Android ransomware up more than 50%, locking users' devices until they pay

TechRepublic View Synopsis+1
A recent report stated that, over the past year, Android ransomware detections rose more than 50%, with many attacks occurring in the first half of 2016.

1 hour ago Former ONC Privacy Chief on Healthcare's Cyber Challenges

InfoRiskToday View Synopsis+1
To help prepare for ever-evolving cyber threats, healthcare entities need to learn from the security practices of other sectors, says Lucia Savage, former chief privacy officer at the Office of the National Coordinator for Health IT.

1 hour ago After hacks, Verizon cuts Yahoo price by $1.55 per customer

ZDNet View Synopsis+1
$1.55 may sound like small change, but $350 million overall for two of the largest data breaches on record remains the steepest financial ding in history.

2 hours ago Megaupload Founder Kim Dotcom Can Be Extradited

InfoRiskToday View Synopsis+1
Dotcom Says He Will Appeal New Zealand High Court RulingMegaupload Founder Kim Dotcom plans to appeal a New Zealand High Court ruling that found him and three colleagues eligible for extradition to the U.S. The four men are charged with profiting by allowing the trade of copyright-protected content on their file-sharing platform.

2 hours ago Kaspersky: No whiff of Linux in our OS because we need new start to secure IoT

ZDNet View Synopsis+1
While Linux might be on millions of IoT devices, Kaspersky says there's no trace of it on its new secure OS.

4 hours ago Ransomware: Why it's a really big problem for small businesses

ZDNet View Synopsis+1
Too many small and medium-sized businesses think they're not going to be targeted by ransomware. They're wrong.

6 hours ago Data Integrity in the Era of Fake News

InfoRiskToday View Synopsis+1
An analysis of integrity - a core foundation of cybersecurity - in the era of fake news leads the latest edition of the ISMG Security Report. Also, a new initiative aims to secure medical devices, and new cybersecurity regulations for financial institutions in New York State.

7 hours ago Big Data, Big Cities: Emerging Tech Hubs for Data Science

IT Toolbox Blogs View Synopsis+1
Knowing what customers and audiences want and how they react to products and services is an important aspect of all business enterprises, particularly for companies operating in the business sector.