Threat Level: green Handler on Duty: Brad Duncan

SANS ISC Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

18 hours ago Microsoft backports data slurp to Windows 7 and 8 via patches

The Register View Synopsis+1
But no creepy Redmond robo-buddy for Windows 10 hold-outs - yet

We recently mused, half seriously, whether the entire point of the Windows 10 upgrade was to harvest your personal information. With Microsoft suffering from a serious case of Google envy, perhaps it felt it had some catching up to do.

1 day ago Microsoft accused of adding spy features to Windows 7, 8

ArsTechnica View Synopsis+1
The privacy impact of Windows' telemetry features continues to be scrutinized.

19 hours ago Samsung connected home fridge becomes weapon in MITM attacks

ZDNet View Synopsis+1
It is no longer only PCs and mobile devices which may harbor an attack designed to steal your data -- could your fridge be next?

1 day ago Ashley Madison Breach: 6 Essential Lessons

InfoRiskToday View Synopsis+1
Experts Offer Advice on Safeguarding Passwords, Expunging Data, Responding to AttacksThe Ashley Madison breach offers important lessons for all organizations about safeguarding customer information, storing passwords, securing the supply chain and avoiding bad technology decisions.

22 hours ago NT Police cracks down on crime with facial recognition technology

ZDNet View Synopsis+1
Northern Territory Police have implemented NEC's NeoFace Reveal solution to help it identify persons of interest using its existing database.

Top News

6 hours ago Why Excel often still wins as the King of reporting tools

IT Toolbox Blogs View Synopsis+1
Working with data sets for analysis is not necessarily an easy task. Part of the challenge is knowing where to go for the data and the second aspect is having a perfect or clear idea of what it is that you hope to gain from analyzing your data.

5 hours ago How many Ashley Madison users were flirting with fembots?

Yahoo Security View Synopsis+1
Ashley Madison is claiming that millions of real women regularly use its website to help them have affairs. But if that's the case, why do so many of the website's robo-users disproportionately send messages to male users? Gizmodo's Annalee Newitz has done some more detective work on the leaked Ashley Madison data and has discovered that the website has had its bots send more than 20 million messages to men while sending less than 2,000 such robo-messages to women. Meanwhile, Ashley Madison's bots engaged in instant message chats with men more than 11 million times and chatted with women on the site just 2,400 times. MUST READ: Enough: It's time for major tech companies to take a stand against ISP data caps

23 hours ago Wolf: Alleged Ashley Madison Hacker "Zu" Is Easy Target But Wrong One

Forbes View Synopsis+1
Theory of Ashley Madison hacker as Thadeus Zu refuted by investigative journalist Asher Wolf.

22 hours ago Vulnerability Exposed Smartsheet Accounts to Hijacking

SecurityWeek View Synopsis+1

Smartsheet has patched a serious vulnerability that could have been exploited to hijack user accounts. The company says the flaw has not been exploited in the wild.

20 hours ago Briefs: Company news, September 2015

SC Magazine View Synopsis+1
Personnel announcements, M&A activity and other happenings in the security marketplace.

18 hours ago What Can you Learn from Metadata?

Schneier blog View Synopsis+1

An Australian reporter for the ABC, Will Ockenden published a bunch of his metadata, and asked people to derive various elements of his life. They did pretty well, even though they were amateurs, which should give you some idea what professionals can do.

17 hours ago Two alternative futures for MBaaS and MAM convergence

TechRepublic View Synopsis+1
The next great convergence of mobility back-end platforms might be MBaaS and MAM depending on the alternative future you believe.

12 hours ago Ecuador Considered Smuggling Julian Assange to Freedom in a Bag

WIRED View Synopsis+1

Leaked documents detail a collection of failed schemes to get the long-trapped WikiLeaker out of London.

The post Ecuador Considered Smuggling Julian Assange to Freedom in a Bag appeared first on WIRED.

12 hours ago The Sliding Scale of Cyber Security

SANS Reading Room View Synopsis+1
The Sliding Scale of Cyber Security is a model for providing a nuanced discussion to the categories of actions and investments that contribute to cyber security.

10 hours ago Secretary of Defense Says US Could Fall Behind Adversaries in Cybersecurity (August 27, 2015)

SANS Newsbites View Synopsis+1

In the wake of revelations that attackers believed to be working on behalf of Russia or China infiltrated a server used by the Pentagon's Joint Chiefs, US military leaders expressed concern that the country could "fall behind" its adversaries in the cybersecurity arena.......

Latest News

7 hours ago Millions hit by personal data hack still have not been told

Yahoo Security View Synopsis+1

The U.S. government has not yet notified any of the 21.5 million federal employees and contractors whose security clearance data was hacked more than three months ago, officials acknowledged on Tuesday. The agency whose data was hacked, the Office of Personnel Management (OPM), said the Defense Department will begin "later this month" to notify employees and contractors across the government that their personal information was accessed by hackers.

10 hours ago Prepare to be Thunderstruck: What if 'deuszu' ISN'T the Ashley Madison hacker?

The Register View Synopsis+1
Attribution is harder than a taste in music

Security researcher Brian Krebs last week named whoever is behind the Twitter account deuszu as likely having had a hand in the Ashley Madison hack. But has Krebs named the right entity?

3 hours ago 'Concussion' director says no compromises were made for NFL

Yahoo Security View Synopsis+1

NEW YORK (AP) - A day after its trailer debuted online and months before it hits theaters, the Will Smith football head-trauma film "Concussion" is already sparking controversy.

4 hours ago IoT malware and ransomware attacks on the incline: Intel Security

ZDNet View Synopsis+1
Intel Security has released a five-year retrospective report on industry threats, finding people have become dependent on devices at the cost to their security and privacy, allowing malware and ransomware attacks to rapidly grow.

4 hours ago Big Blue bops modular menace

The Register View Synopsis+1
CoreBot infant could grow to painful teenager

IBM threat researcher Limor Kessem has found a new modular malware credential stealer that could become a significant enterprise threat.

5 hours ago Mac malware has a neat trick to install itself on OS X fans' machines

The Register View Synopsis+1
Click of doom

Mac malware that relied on a security exploit so small it fitted in a tweet has been upgraded to infect OS X machines after Apple closed that particular hole.

7 hours ago The software-defined data center: Security is a battlefield

TechRepublic View Synopsis+1
The security landscape in ever-changing, and VMware's Tom Corn thinks that the software-defined data center is the answer to its pressing challenges.

8 hours ago DDoS for Extortion: How to Fight Back

InfoRiskToday View Synopsis+1
Insights on How to Respond to the 'DD4BC' ThreatInternational law enforcement agencies are warning banking institutions and businesses about extortion attacks being waged by an entity known as DD4BC, or DDoS for Bitcoin. They're advising organizations not pay any ransom and to notify their ISPs and law enforcement officials of any threats.

8 hours ago EFF says warrants for phone location data should be mandatory

SC Magazine View Synopsis+1
The Electronic Frontier Foundation filed an amicus brief with the Supreme Court of the United States over the need for police to obtain a search warrant before receiving Americans' cell phone location data.

8 hours ago Fighting the Use of DDoS for Extortion

InfoRiskToday View Synopsis+1
Insights on How to Respond to the 'DD4BC' ThreatInternational law enforcement agencies are warning banking institutions and businesses about extortion attacks being waged by an entity known as DD4BC, or DDoS for Bitcoin. They're advising organizations not pay any ransom and to notify their ISPs and law enforcement officials of any threats.

8 hours ago Six teens accused of cyber-attacks using DDoS tool

SC Magazine View Synopsis+1
Six arrested teenagers from around the UK have been released on bail after suspicions of using Lizard Squad's cyber-attack tool to target websites and services.

10 hours ago FIFA scandal becomes exhibit at Mob Museum in Las Vegas

Yahoo Security View Synopsis+1

LAS VEGAS (AP) - Al Capone, with raised eyebrows, appeared to be taking a curious sideways glance at the two-minute video of soccer playing and talk about corruption and crooks.

10 hours ago Singtel completed $770M Trustwave acquisition

SC Magazine View Synopsis+1
Trustwave announced Monday that it has been acquired by Singapore Telecommunication Limited for $770 million.

10 hours ago DHS's Continuous Diagnostics and Mitigation Implementation Moving Too Slowly (August 24, 2015)

SANS Newsbites View Synopsis+1

Office of Personnel Management (OPM) director of IT security operations Jeff Wagner said that the DHS's CDM (Continuous Diagnostics and Mitigation) program is great, its "timeframe, timing, issuance, and getting things moving" is frustrating his agency's implementation efforts.......

10 hours ago HTTPS Frustrates Russia's Attempt to Censor Wikipedia (August 25, 28, & 31, 2015)

SANS Newsbites View Synopsis+1

Russian governmental media watchdog Roskomnadzor ordered Internet service providers (ISPs) to block a page about hashish on Wikipedia.......

10 hours ago KeyRaider Malware Steals Account Credentials (August 31, 2015)

SANS Newsbites View Synopsis+1

Malware known as KeyRaider hides in code for jailbroken Apple devices.......

11 hours ago Sneaky adware caught accessing users' Mac Keychain without permission

ArsTechnica View Synopsis+1
Genieo installer finds it easier to beg for forgiveness than to ask for permission.

11 hours ago ThreatQuotient Launches Threat Intelligence Management Platform

SecurityWeek View Synopsis+1

ThreatQuotient this week announced the general availability of ThreatQ, the company's threat intelligence platform designed to manage and correlate threat data from external sources with internal security and analytics solutions.

11 hours ago Jailbreaking iOS Devices: Risks to Users, Enterprises

InfoRiskToday View Synopsis+1
'KeyRaider' Malware Report Raises Awareness of Managing Apple DevicesInformation security experts offer two timely Apple iOS device reminders: First, never jailbreak the devices. Second, enterprise security managers must ensure that they ruthlessly block any jailbroken devices from accessing corporate networks because they pose a security risk.