Threat Level: green Handler on Duty: Brad Duncan

SANS ISC Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

21 hours ago Researchers identify stealth malware targeting POS systems since at least 2013

SC Magazine View Synopsis+1
Security researchers at cyber threat intelligence company iSight Partners identified malware - called ModPOS - that targets retail point-of-sale systems.

21 hours ago Fifth arrest in TalkTalk hacking probe: Now Plod cuff chap in Wales

The Register View Synopsis+1
A ydynt yn hyd yn oed yn cael y rhyngrwyd yng Nghymru?

Cops probing the TalkTalk mega-hack arrested a teen in south Wales on Tuesday.

19 hours ago Hilton Hotels Hit by Cyber Attack

SecurityWeek View Synopsis+1

US hotel chain Hilton revealed Tuesday that hackers stole credit card information from some of its point-of-sale computer systems.

16 hours ago Colored lights are a fun way to automate your house

IT Toolbox Blogs View Synopsis+1

Yesterday I wrote about putting in a WeMo plug in the bedroom to start digital control of my house.  It's the beginning of a topic that I was calling "Home Automation".  


I have to be honest.  I may have misled a bit in that post.  While I did purchase the WeMo a long time ago, it sat and collected dust.  It was the first purchased, but not the first

14 hours ago Why Microsoft yanked its latest Windows 10 update download: It hijacked privacy settings

The Register View Synopsis+1
Update now fixed, we're told

Microsoft withdrew downloads for its latest official edition of Windows 10, version 1511, after it meddled with people's privacy settings.

Top News

10 hours ago "‹Dell in hot water again as second 'Superfish' root certificate surfaces

ZDNet View Synopsis+1
After the discovery of eDellroot, Dell users now need to revoke trust for a second root certificate that makes them an easy target on a Wi-Fi hotspot.

9 hours ago Hilton Hotels: We Were Breached

InfoRiskToday View Synopsis+1
Hilton Confirms Payment Card Data Was StolenReversing recent claims that it was unaware of any data breaches, hotel chain Hilton Worldwide now says it suffered a POS malware infection that affected an unspecified number of hotels, customers and payment cards in 2014 and 2015.

46 minutes ago This Is What France's New Surveillance Laws Look Like

Forbes View Synopsis+1
LUDOVIC MARIN/AFP/Getty Images Since December 2014, France passed four separate laws expanding surveillance authority, data collection, and data retention. Since the Paris attacks (and with several suspects still at large), France expanded its 1955 State of Emergency law. Access policy analyst Estelle Mass has posted a detailed analysis of French surveillance. One change [...]

22 hours ago PCs running Dell support app can be uniquely ID'd by snoops and scammers

ArsTechnica View Synopsis+1
App allows websites to surreptitiously acquire customers' service tag numbers.

9 hours ago Calm at Minneapolis protest site a night after shooting

Yahoo Security View Synopsis+1

MINNEAPOLIS (AP) - A night after a shooting near a Minneapolis protest that left five people injured, hundreds of demonstrators at the same site quietly milled around, sharing coffee, pizza and doughnuts, and stacking up firewood.

9 hours ago NSA Lectures on Communications Security from 1973

Schneier blog View Synopsis+1

Newly declassified: "A History of U.S. Communications Security (Volumes I and II)," the David G. Boak Lectures, National Security Agency (NSA), 1973. (The document was initially declassified in 2008. We just got a whole bunch of additional material declassified. Both versions are in the document, so you can compare and see what was kept secret seven years ago.)

1 day ago A $10 Tool Can Guess (And Steal) Your Next Credit Card Number

WIRED View Synopsis+1

A pattern in AmEx card numbers allows Samy Kamkar's DIY gadget to predict and use new numbers for fraud as fast as the company can generate them.

The post A $10 Tool Can Guess (And Steal) Your Next Credit Card Number appeared first on WIRED.

1 day ago Microsoft lays out its security plan for a mobile-first, cloud-first world

TechRepublic View Synopsis+1
In a world where everyone and everything is interconnected, enterprise data security becomes the top priority. Microsoft has a plan. Do you?

1 day ago On the x86 Representation of Object Oriented Programming Concepts for Reverse Engineers

SANS Reading Room View Synopsis+1
While object oriented programming is generally understood by developers using higher level languages, such as C++, the reverse engineer is required to understand how these concepts manifest themselves within a compiled binary.

1 day ago GAO Report on Critical Infrastructure Threat Assessment and Mitigation (November 20, 2015)

SANS Newsbites View Synopsis+1

According to a study from the US Government Accountability Office (GAO), most federal agencies responsible for oversight of elements of the country's critical infrastructure lack "a consistent way to gauge threats and security progress" for critical infrastructure systems.......

Latest News

10 hours ago Dell is the latest to ship infected hardware

IT Toolbox Blogs View Synopsis+1
Wow! Every computer shipped since August 15th has a serious potential security exposure. Security Bug in Dell PCs Shipped Since 8/15 Dell does a Superfish, ships PCs with easily cloneable root certificates Dell computers shipping with potential...

1 hour ago Why 'Cryptophobia' Is Unjustified

InfoRiskToday View Synopsis+1
5 Factors Demonstrate Why Encryption Backdoors Are Wrong ApproachPoliticians arguing in favor of fighting terrorism by creating backdoor access to encrypted communication are overlooking five key factors that make such an approach undesirable and unfeasible.

1 hour ago Finding security bugs on the road to creating a verifiably secure TLS lib

The Register View Synopsis+1
Microsoft, French bods push for mathematically provable bug-free code

Microsoft and French research organization INRIA have recently jointly published the source code for a more secure implementation of TLS - hopefully increasing the security of millions online in the process.

1 hour ago Getting Back Into the Swing of Things

IT Toolbox Blogs View Synopsis+1
Once the new job is secured, how do you get up to speed and settle in to the new routine? The key is to figure out what is most important to your new manager.

1 hour ago Finding bugs on the road to creating a more secure version of TLS

The Register View Synopsis+1
MS working with French researchers to push better web security

Microsoft and French research organization INRIA have recently jointly published the source code for a more secure implementation of TLS - hopefully increasing the security of millions online in the process.

1 hour ago The Year's Dumbest Comments On Encryption And Surveillance

Forbes View Synopsis+1
The dumbest quotes about encryption and surveillance from the last year or so.

1 hour ago Consumers wise up to protecting their data

SC Magazine View Synopsis+1
Consumers are finally beecoming aware of the value of their data, and show preference to companies that protect it.

1 hour ago FTC to Appeal Ruling that Dismissed LabMD Case

InfoRiskToday View Synopsis+1
Legal Battle In Security Enforcement Case is Far From OverThe Federal Trade Commission's Bureau of Consumer Protection plans to appeal an FTC administrative law judge's initial decision to dismiss the FTC's data security enforcement case against LabMD, a cancer testing laboratory.

2 hours ago BrtMedia video malvertising highlights industry shortcomings

SC Magazine View Synopsis+1
Researchers at Malwarebytes spotted a video malvertising campaign that highlights the ad industry's lack of security.

2 hours ago Lahey Hospital Fined $850,000 in HIPAA Case

InfoRiskToday View Synopsis+1
OCR Investigated Theft of Laptop Used to Operate Medical DeviceFederal regulators have announced an $850,000 HIPAA settlement with Lahey Hospital and Medical Center stemming from the investigation of the theft of laptop that was used to operate a medical device.

2 hours ago Amazon Forces Password Resets after Possible Security Breach

SecurityWeek View Synopsis+1

Online retailer Amazon on Tuesday started sending emails to some of its users, prompting them to reset their passwords, saying that they might have been compromised.

2 hours ago New Dridex Variants Achieve High Infection Rate Using Poisoned Docs

SecurityWeek View Synopsis+1

The infamous Dridex banking Trojan recently surfaced again in spam campaign runs that have managed to achieve a high infection rate, security companies ESET and Trend Micro warn.

3 hours ago Two in a thousand people 'view child sexual abuse images at work'

SC Magazine View Synopsis+1
NetClean's CEO calls on workplaces to be on lookout for child sexual abuse imagery on work computers as the children's commissioner for England publishes her report which says only one in eight cases are reported.

3 hours ago Iranian military spear-phish of State Department employees detected first by Facebook

ArsTechnica View Synopsis+1
Cyber-espionage effort may be tied to the arrest of Iranian American in Tehran.

4 hours ago NCC Group Pays $142 Million to Acquire Fox-IT

SecurityWeek View Synopsis+1

NCC Group, a provider of IT and escrow, assurance and domain services, announced on Tuesday that has agreed to pay roughly $141.5 million (€133.25 million) to acquire Netherlands-based IT security firm Fox-IT.

4 hours ago Hilton confirms hotel credit-card-snaffling sales till malware hit

The Register View Synopsis+1
Check your bank statements if you paid on plastic

Hilton Worldwide has confirmed that malware found its way onto point-of-sale systems that targeted payment card information.

5 hours ago 'Worrying' 9 Per Cent Of Encrypted Web Vulnerable To Private Key Attacks

Forbes View Synopsis+1
Hackers can easily impersonate a large range of web devices because networking vendors, from Cisco to Huawei to D-Link, are leaving encryption keys open to theft.

6 hours ago You light up my life, and my datacap

IT Toolbox Blogs View Synopsis+1

The real bright news I just read today is absolutely amazing. It is without a doubt the next big thing in computing. It is perhaps more secure than the current technology . . . or is it?


You may have already heard about LIFI which is to WIFI that F1 cars are to the shopping basket that granny takes to the local home depo. It has just recently had real life trials and did achieve

9 hours ago Bug bounties: Which companies offer researchers cash?

ZDNet View Synopsis+1
A list of hundreds of companies and what they offer in return for vulnerability reports has been released.

10 hours ago At Least 9 Per Cent Of Encrypted Web Is Vulnerable To Private Key Attacks

Forbes View Synopsis+1
Hackers can easily impersonate a large range of web devices because networking vendors, from Cisco to Huawei to D-Link, are leaving encryption keys open to theft.

10 hours ago Tor Project appeals for help to carry on, expand anti-spying network

ZDNet View Synopsis+1
If you rely on Tor to hide your online activity, you might want to remember few good things in life are free.

10 hours ago Fifth suspect arrested over TalkTalk hack

ZDNet View Synopsis+1
An 18-year-old is being accused of blackmail relating to the devastating cyberattack.