Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Information Security News - SANS Internet Storm Center Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

21 hours ago Western Union coughs up $586m for turning a blind eye to fraudsters

The Register View Synopsis+1
Helping internet scammers proved profitable, for a while

Western Union will forfeit more than half a billion dollars after admitting it broke money laundering laws.

19 hours ago Widely used WebEx plugin for Chrome will execute attack code - patch now!

ArsTechnica View Synopsis+1
Publicly known "magic string" lets any site run malicious code, no questions asked.

9 hours ago I don't care what your eyeballs tell you. Alternative fact is, we've locked up your files

The Register View Synopsis+1
Survey: 'Bluff' ransomware is on the up

Two in five large UK businesses have fallen victim to a "bluff" ransomware attack, according to a new survey.

9 hours ago Can the law stop fake news and hoax-spreading bots? These politicians think so

ZDNet View Synopsis+1
With federal elections scheduled for late September in Germany, momentum is building behind using anti-botnet laws against automated social-media accounts that churn out disinformation.

18 hours ago Old Android malware still infecting millions of users

Yahoo Security View Synopsis+1
Remember HummingBad ? It's an "old" malware from early-to-mid 2016, which was discovered and addressed at the time. However, it looks like it wasn't killed, and a version of it called HummingWhale has been found in the Google Play store, inside over 20 apps that were downloaded several million times by unsuspecting users. HummingWhale comes with "cutting edge techniques" that let it perform fraud better than before, Check Point says . That's the same group that identified the first strain of the malware, which affected more than 10 million users last year. Check Point also discovered its creators and concluded that the malware was able to generate some $300,000 per month from fraudulent advertising. That's right, this malware doesn't steal sensitive data from you. Instead, it hijacks ad views for profit. The new Google Play apps seem to be camera-related apps uploaded under names of fake Chinese developers. Each of these apps has an encrypted file that's "suspiciously large." The malware can be used to download and execute other apps. Moreover, the app can use an Android plugin to upload fraudulent apps on a virtual machine. "First, the Command and Control server (C&C) provides fake ads and apps to the installed malware, which presents them to the user," Check Point writes. "Once the user tries to close the ad, the app, which was already downloaded by the malware, is uploaded to the virtual machine and run as if it is a real device. This action generates the fake referrer id, which the malware uses to generate revenues for the perpetrators." The malware is more sophisticated than its predecessor in many ways. It can install apps without getting elevated permissions, and it can install an infinite number of fraudulent apps without actually overloading the device. That means the user would not even notice that something is wrong. Additionally. HumingWhale also tries to increase its Google Play reputation using fraudulent comments and ratings. Check Point told BGR that it informed Google About these new malware apps, which were removed from Google Play. This is how you check if your phone or tablet was infected with a HummingBad strain, although the tools might not necessarily detect HummingWhale as well.

Top News

12 hours ago Cisco WebEx Extension Flaw Allows Code Execution

SecurityWeek View Synopsis+1

Google Project Zero researcher Tavis Ormandy has discovered a critical remote code execution vulnerability in the Cisco WebEx browser extension. Cisco's initial fix does not appear to be complete, which has led to Google and Mozilla temporarily removing the add-on from their stores.

18 hours ago Why Cyborg Essentials should be your penetration testing platform

TechRepublic View Synopsis+1
Penetration testing is essential for knowing where your network and systems are weak. Jack Wallen says the right tool for that task is the Debian-based Cyborg Essentials.

17 hours ago IP: Sending One Fragment in a Datagram

IT Toolbox Blogs View Synopsis+1
Procedure ipfsend creates and sends a single fragment. It allocates a new buffer for the copy, calls ipfhcopy to copy the header and IP options, copies the data for this fragment into the new datagram, and passes the result to netwrite.

11 hours ago Is Trump Militarizing Civilian Cyber Defense?

InfoRiskToday View Synopsis+1
This ISMG Security Report leads with comments from President Donald Trump that suggest the U.S. military will take the lead in defending civilian-owned critical infrastructure. Also, how insider defenses changed since Chelsea Manning's WikiLeaks data dump.

8 hours ago One Simple Bug Let This Guy Delete Any Facebook Video

Forbes View Synopsis+1
You've watched plenty of videos that other users uploaded to Facebook, but you might be shocked to learn that you had the ability to delete those videos, too. Even if they weren't yours to delete.

Latest News

19 minutes ago US govt can't stop Microsoft taking its Irish email seizure fight to the Supreme Court

The Register View Synopsis+1
Outdated law may now head to America's highest judges

The US government has lost a legal appeal to have a critical case against Microsoft reheard, paving the way for a Supreme Court challenge.

19 minutes ago More Collaboration Strategies for Gen Z - Provide the Tools

IT Toolbox Blogs View Synopsis+1

The back end of this series is focused on strategies businesses can take to help Gen Z workers succeed as they enter the workforce. In many regards, their needs are no different than any other freshman class, and ultimately each new employee will go through their sink or swim phase.

19 minutes ago HHS OIG: Medicare Contractors Struggle with Security Gaps

InfoRiskToday View Synopsis+1
New Report Highlights Security Weak Spots; Experts Say Others Face Similar WoesAn annual review of nine contractors providing Medicare with administrative services shows that while their information security programs were "adequate in scope and sufficiency," the number of gaps grew. Security experts say similar security issues, unfortunately, are common throughout the healthcare sector.

33 minutes ago The Netherlands sent President Trump a welcome video and it's the most amazing thing ever

Yahoo Security View Synopsis+1
Now that Donald Trump is finally president, it's practically guaranteed that we're going to see nonstop comedy at his expense. All the late night shows, SNL , and plenty of others have been mocking Trump since he started his political adventure, and they're not going to stop now that he's actually doing the job he wanted. In fact, it might be even easier now, considering the new things that pop up in the news each day. Add to that Twitter outbursts and official statements, and you end up with a treasure trove of material. But forget about the late shows in America for a moment and just watch the following video sent to Donald Trump all the way from the Netherlands. If there's one Trump-inspired satire you should absolutely watch, it's the one at the end of this post. Created by Dutch satirical TV show Zondag earlier this week, the video is a perfect welcome for the newly inaugurated President. The video was created in a way that would appeal to him, according to what presenter Arjen Lubach says in the clip's introduction - that's the Dutch-language part at the beginning of the clip. A man speaking English with both Trump and Dutch accents introduces the Netherlands to the new American president. The Trump impersonation is perfect. The tone of his voice... the choice of words... they're all going to remind you instantly of the president and his campaign. And it's hilarious. The point of the clip is pretty simple. If Trump is all about "America First," then the Netherlands should be second. The clip has already gone viral, having been viewed almost 2 million times on YouTube. Watch it below. https://www.youtube.com/watch?v=j-xxis7hDOE

49 minutes ago How To Drive Productivity Without Compromising Cybersecurity

Forbes View Synopsis+1
Security is a constant worry for CIOs and IT, and oftentimes it gets in the way of productivity. Here's how security and productivity can work together.

1 hour ago IoT Botnets Fuel DDoS Attacks Growth: Report

SecurityWeek View Synopsis+1

The weaponization of Internet of Things (IoT) botnets helped fuel a 60% increase in the size of distributed denial of service (DDoS) attacks last year, Arbor Networks reports.

1 hour ago Penguins force-fed root: Cruel security flaw found in <code>systemd</code> v228

The Register View Synopsis+1
Opens door to privilege escalation attacks

Some Linux distros will need to be updated following the discovery of an easily exploitable flaw in a core system management component.

1 hour ago The most stunning Galaxy S8 renders we've seen so far

Yahoo Security View Synopsis+1
Samsung and Apple are both expected to come out with brand new phone designs this year, and in both cases the screen will be one of the signature features. But the Galaxy S8 and its massive display will beat the iPhone 8 to market by almost six months if recent reports are to be believed. We've already seen plenty of leaks and renders of the Galaxy S8, all based on what rumors say. But the following concept gives us our best look at what an all-screen Samsung phone may look like. Designer Kingway Lee looked at all the existing Galaxy S8 rumors and created the following renders. They show a phone that looks somewhat like its predecessor, with a few notable differences. The screen's top and bottom bezels have been significantly reduced to make more room for the dual-edge curved display. The top lip includes various sensors, including a front-facing camera and iris scanner, as well as the speaker. The bottom bezel lacks a physical button - and there's no Samsung logo on the front either. The phone features various buttons on the sides, including what may be a dedicated button that would call up the Bixby virtual assistant. On the back, there's the main camera, heart rate sensor, and what seems to be a fingerprint sensor flanking it on the right side. Finally, on the bottom side, we have a 3.5mm headphone jack, USB-C port, and a speaker. Again, these are not genuine Galaxy S8 renders from Samsung, but they certainly seem to align well with what we've heard so far... and they're gorgeous

1 hour ago Apricorn Aegis Secure Key 3z hardware-encrypted flash drive

ZDNet View Synopsis+1
256-bit AES XTS hardware encryption security at entry-level pricing

1 hour ago Feds can't use US warrants to grab foreign data, says appeals court

ZDNet View Synopsis+1
The appeals court was split 4-4, ensuring a previous ruling in Microsoft's favor remained intact.

3 hours ago Forrester: What can we learn from a disastrous year of hacks and breaches?

TechRepublic View Synopsis+1
2016 may go down on record as one of the worst for cybersecurity. Hacks, breaches, and leaks were everywhere in the news. Forrester has a few things for us to remember going forward.

3 hours ago OCSL sets its sights on the Nirvana of hybrid IT-attaining the right mix of hybrid cloud for its clients

IT Toolbox Blogs View Synopsis+1
Explore how each enterprise -- and perhaps even units within each enterprise -- determines the path to a proper mix of public and private cloud. Closer to home, they're looking at the proper fit of converged infrastructure, hyper-converged infrastructure (HCI), and software-defined data center (SDDC) platforms.

3 hours ago 5 Ways Technology Will Create Huge Change In The Auto Insurance Industry

IT Toolbox Blogs View Synopsis+1
The car insurance industry hasn't seen a huge amount of change in the last hundred years. Here are some of the big changes about to affect the industry, which will hopefully be good for everyone.

3 hours ago RSA Conference 2017: A Preview

InfoRiskToday View Synopsis+1
RSA Conference 2017 is coming to San Francisco from Feb. 13 to 17. What new sessions, speakers and venues should attendees expect to see? Conference organizers Linda Gray Martin and Britta Glade offer a preview.

3 hours ago Was Russia Really Wrong To Hack The 2016 US Election?

Forbes View Synopsis+1
By now we have all heard it: Russia hacked the United States Election. We have all read the papers, we have all seen the evidence. What we have not done is look objectively at the ethical implications of Russia's dire actions.

4 hours ago Comments Widget Exposed Many Websites to Attacks

SecurityWeek View Synopsis+1

A stored cross-site scripting (XSS) vulnerability found in a popular comments widget exposed a large number of websites to attacks. The security hole was quickly patched by the product's developers.

A 14-year-old security enthusiast named Ibram Marzouk recently discovered a stored XSS flaw in the comments section of code snippet marketplace PasteCoin.

4 hours ago Windows 10 Is Getting Smarter, Easier Security Controls

Forbes View Synopsis+1
There's another massive Windows 10 upgrade headed your way. When the Creators Update arrives later this year, you'll see a number of changes, including a much better way to manage your computer's numerous security settings.

4 hours ago UK courts experiencing surge in cyber-crime case load

The Register View Synopsis+1
Value of fraud surpasses £1bn for first time in five years

The total cost of fraudulent activity in the UK surpassed a billion pounds for the first time in five years, reaching £1.137bn in 2016 compared to £732m the year before.

4 hours ago Microsoft scores privacy win after appeals court split vote

ZDNet View Synopsis+1
The appeals court was split 4-4, ensuring a previous ruling in Microsoft's favor remained intact.

4 hours ago All the gear you need for your Google Pixel or Pixel XL

Yahoo Security View Synopsis+1
Did you recently buy a brand new Google Pixel or Google Pixel XL smartphone? Well congratulations, because you've scored yourself what is hands down the hottest Android phone in the world right now. Google's Pixel phone and Pixel XL phablet feature a stunning glass and aluminum design, the best camera in the business, and more than enough power to outperform any other Android handset on the market. But now that you've purchased your sweet new smartphone, it's time to stock up on all of the accessories you need to go along with it. In this post, we'll show you our picks for the best clear cases, rugged cases, dock, car charger and extra USB-C charging cable for Google's Pixel and Pixel XL. iVoler Ultra-Thin Crystal Clear Case for Google Pixel Compatible with Google Pixel Case: Refined, functional, and practical, the Crystal Bumper series case fully complements your phone and show off natural beauty of the phone's design without compromising protection. IMPACT-RESISTANT DUAL LAYERS: Constructed from high-grade TPU and Polycarbonate. A soft, rubbery, premium Crystal clear TPU inside layer protects your phone from drop and scratch, while the hard, tough, PC Bumper outer layer offers grip and encases the device to shield from more serious collisions. PRECISE DESIGN: Sensitive button covers are easy to feel and allow responsive presses, all while looking Sleek and Minimal, and Precise Cutouts give you full access to port and fit most cables. FULL DEGREE OF PROTECTION: Front raised edges keep your screen from scratching or touching the ground; Raised lip and camera cutout lift screen and lens off flat surfaces; Anti-slip properties gives your more grip on surfaces; Hard TPU Bumper is designed for Shock Resistant against drops. LIFETIME CASE WARRANTY - from iVoler to provide lasting of your phone. Spigen Rugged Armor Google Pixel Case New look features glossy, carbon fiber textures for the premium look Exact fit ensures protection and shock-absorption all around Flexible TPU layer keeps itself fingerprint-resistant with hassle-free application Mil-Grade protection with Air Cushion Technology for all corners Google Pixel Case Compatible with Google Pixel (2016) iVoler Ultra-Thin Crystal Clear Case for Google Pixel XL Compatible with Google Pixel XL Case: Refined, functional, and practical, the Crystal Bumper series case fully complements your phone and show off natural beauty of the phone's design without compromising protection. IMPACT-RESISTANT DUAL LAYERS: Constructed from high-grade TPU and Polycarbonate. A soft, rubbery, premium Crystal clear TPU inside layer protects your phone from drop and scratch, while the hard, tough, PC Bumper outer layer offers grip and encases the device to shield from more serious collisions. PRECISE DESIGN: Sensitive button covers are easy to feel and allow responsive presses, all while looking Sleek and Minimal, and Precise Cutouts give you full access to port and fit most cables. FULL DEGREE OF PROTECTION: Front raised edges keep your screen from scratching or touching the ground; Raised lip and camera cutout lift screen and lens off flat surfaces; Anti-slip properties gives your more grip on surfaces; Hard TPU Bumper is designed for Shock Resistant against drops. LIFETIME CASE WARRANTY - from iVoler to provide lasting of your phone. Spigen Rugged Armor Google Pixel XL Case New look features glossy, carbon fiber textures for the premium look Exact fit ensures protection and shock-absorption all around Flexible TPU layer keeps itself fingerprint-resistant with hassle-free application Mil-Grade protection with Air Cushion Technology for all corners Google Pixel XL Case Compatible with Google Pixel XL (2016) Google Pixel Desktop Charging Dock by Encased This sleek charging cradle makes the perfect desktop or nightstand companion for your new Google Pixel Type-C compatible port ensures your phone is always juiced and ready to go Case compatible design allows the connector to reach the phone through all slim profile cases Sych compatible - the dock also allows the phone to sync with your computer using the built-in cable Backed by the Encased hassle-free LIFETIME GUARANTEE. HI-CABLE Braided Nylon Type-C Charger [6-Feet] USB Type-C to USB 2.0 Fast Charging/Data Charger Cable Compatibility with Google Pixel /Pixel xl, Nexus 5x 6P, LG G5 V20, Huawei Honor 8 P9 Mate 9, Motorola Moto Z, Sony Xperia XZ, Blackberry DTEK60, HTC 10 bolt, Microsoft Lumia 950 /950 xl, Oneplus 2/3, ZTE Axon 7,Asus ZenFone 3, and more type-c supported devices. Type C Fast+ Series, Thick/Rugged/Durable/Braided/Gold-Plated/Quality Charging Cable, Special and Professional Design for The Fast Charging Wall Charger/Quick Charger (QC) 2.0/ 3.0. High Speed charge and date: Charging Speed up to Max 2.4Amp, and data/sync speed up to 480Mbps. 56KΩ Pullup Resistor, Safe to charge, won't damage your devices. Sturdy and Tangle-free Nylon Fabric Braided USB Cable with Aluminum Connectors Can Bear 4000+ Bending Test. And With The Thick Bright Color Wire, Perfect and Luxury looking. Extend 6.6ft Long Cable provide more use space, You Can Easily Use Your Devices In The Bed or Sofa etc. Package Including 2 Pieces 6-Feet Cables, 30days Money Back and 1 Year Warranty Guarantee and friendly after sale service. Nekteck USB Type C Car Charger The premium attached USB C 3.1 cable features a next-generation Type-C connector with a new design that is fully reversible. This allows you to plug in without fail, regardless of how you are holding and inserting the cable. additional standard USB A port allows your to Charge Non-USBC devices at FULL speed simultaneously 5.4A(Shared by 2 ports: 3.0A, 2.4A) With Smart sense IC Technology, each port intelligently identifies your device and seeks to maximize its charging speed. Compatible with tablets and smartphones with a USB Type-C connector, such as Apple New 12 inch Retina MacBook,, HTC 10, Nokia N1, LG G5, Asus Zen AiO, Lumia 950/ 950XL, HP Pavilion x2, ASUS Zenpad S 8.0, Google ChromeBook Pixel, Nexus 5X/6P, Pixel/ Pixel XL, Galaxy Tabpro S, Nextbit Robin Certified by RoHS, CE & FCC; High quality fire proof material & anti-oxidation aluminum pull tab;No radio loss in your car or effect to Bluetooth or Wi-Fi devices.

4 hours ago Australia to Warn Political Parties of Hacking Risks

InfoRiskToday View Synopsis+1
Special Briefings Intended to Help Australia Avoid Problems the US FacedAustralia's federal government is planning to brief the country's political parties next month on cybersecurity threats, a move fueled by worries its electoral process could be targeted by a foreign power.

5 hours ago Video: Top 5 ways to secure your IoT

TechRepublic View Synopsis+1
Don't let your smart bulbs and thermostats fall prey to attack by bots. Use these five tactics to secure your IoT devices.

6 hours ago Apple Patches Dozens of Vulnerabilities Across Product Lines

SecurityWeek View Synopsis+1

Apple this week released a new set of important security updates for its products, to patch dozens of vulnerabilities in macOS, iOS, watchOS, tvOS, and Safari, as well as in the iCloud and iTunes for Windows applications.

6 hours ago Android users beware: New AI can crack your Pattern Lock from afar

TechRepublic View Synopsis+1
New research from a group of universities found that specific video and computer vision algorithm software can unlock an Android Pattern Lock in five attempts.