SANS ISC

• SANS Site Network
  • Current Site
  • Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • IT Audit
  • Computer Forensics
  • Software Security
  • Government OnSite Training

InfoSec News Summary

1 day ago Michaels confirms breach of as many as 2.6M cards

Michaels Stores Inc. says Thursday that about 2.6 million cards used at its namesake stores may have been affected in a security breach but it has received "limited" reports of fraud. The nation's ...

9 hours ago Data Cleansing in Excel

I spent the whole week cleaning up somebody else?s mess.

3 days ago Is RAID Fading Into The Sunset?

With the arrival of faster networks and SSDs, RAID can no longer keep up. Data protection alternatives such as replication and erasure codes are gaining traction.

3 days ago The 2014 Global Threat Intelligence Report

The goal of the NTT Group Global Threat Intelligence Report (GTIR) is to raise awareness for executives and security professionals of how to avoid high-profile information security and data breaches, while understanding the needs for a strategic security program with proven controls that will help organizations balance cost and risk.

Using real-world case studies and findings from over 3 billion analyzed attacks, the 2014 NTT Global Threat Intelligence Report (GTIR) demonstrates strategies to minimize threat impact and compress the threat mitigation timeline. Among key findings of the study:

• The cost for a "minor" SQL injection attack can exceed $196,000;
• Anti-virus applications fail to detect 54 percent of new malware;
• Healthcare has seen a 13 percent increase in botnet activity.

In this session, the report's key architects walk through case studies that bring the findings to life, and they focus on strategies for refining the five critical areas of security: threat avoidance, threat response, threat detection, investigate capabilities and response capabilities.

3 days ago Opened Pandora's box of Cache Poisoning

3 days ago Fingerprint lock in Samsung Galaxy 5 easily defeated by whitehat hackers

Multiple weaknesses put devices and PayPal accounts within reach of attackers.

3 days ago Researchers find Android security issue in app permissions protocol

The permissions issue could allow a malicious app to alter legitimate home screen icons.

3 days ago Former Homeland Security chief: C-Suite needs to get a grip on cyber risks

The former Homeland Security chief outlined two conditions we're going to be dealing with as companies, countries, and individuals: the global scourge of terrorism and the digital "forevermore."

4 hours ago Health care site flagged in Heartbleed review

WASHINGTON (AP) - People who have accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the confounding Heartbleed computer virus.

5 hours ago Now Android fans can play one of the greatest computer games ever on their tablets

Old-school RPG fans still get nostalgic when you bring up Baldur's Gate, the classic Bioware D&D-based adventure that set the standard for computer RPGs when it was released all the way back in 1998. In fact, the Balur's Gate series's popularity has been so enduring that studio Beamdog has overhauled it with improved graphics and features while also adding touch controls to make it easy to play on tablets. Although Beamdog released its Baldur's Gate: Enhanced Edition for the iPad a while ago, the studio has finally gotten around to porting it to Android, and it's now available on the Google Play store for $9.99. Although the iPad version of the overhauled Baldur's Gate received mixed marks for its buggy controls,

8 hours ago DB2 for z/OS is not affected by Heartbleed bug

(Posted Friday, April 17, 2014) As if there could be any doubt, here?s the official word.... IBM DB2 for z/OS is not affected by the OpenSSL Heartbleed vulnerability (CVE-2014-0160) The flash states that ?DB2 for z/OS in all editions and all platforms is NOT vulnerable to the...

9 hours ago Vulnerability in Microsoft Outlook Could Allow Information Disclosure - Version: 1.0

10 hours ago Vulnerability in Windows Ancillary Function Driver Could Allow Information Disclosure - Version: 1.0

11 hours ago Friday Squid Blogging: Squid Jigging

Good news from Malaysia:

The Terengganu International Squid Jigging Festival (TISJF) will be continued and become an annual event as one of the state's main tourism products, said Menteri Besar Datuk Seri Ahmad Said.

He said TISJF will become a signature event intended to enhance the branding of Terengganu as a leading tourism destination in the region.

"Beside introducing squid jigging as a leisure activity, the event also highlights the state's beautiful beaches, lakes and islands and also our arts, culture and heritage," he said.

I assume that Malaysian squid jigging is the same as American squid jigging. But I don't really know.

13 hours ago APAR Friday: Today it's about stats, WLM_REFRESH, and storage management

(Posted on Friday, April 18, 2014) Last year, APAR  PM88804 changed that behavior of REALSTORAGE_MANAGEMENT to solve a CPU usage issue.  That behavior is being reversed and changed back to how it originally acted by APAR PM99575. PM99575: CHANGE THE DISCARDDATA LOGIC ...

13 hours ago Metaphors of Surveillance

There's a new study looking at the metaphors we use to describe surveillance.

Over 62 days between December and February, we combed through 133 articles by 105 different authors and over 60 news outlets. We found that 91 percent of the articles contained metaphors about surveillance. There is rich thematic diversity in the types of metaphors that are used, but there is also a failure of imagination in using literature to describe surveillance.

Over 9 percent of the articles in our study contained metaphors related to the act of collection; 8 percent to literature (more on that later); about 6 percent to nautical themes; and more than 3 percent to authoritarian regimes.

On the one hand, journalists and bloggers have been extremely creative in attempting to describe government surveillance, for example, by using a variety of metaphors related to the act of collection: sweep, harvest, gather, scoop, glean, pluck, trap. These also include nautical metaphors, such as trawling, tentacles, harbor, net, and inundation. These metaphors seem to fit with data and information flows.

The only literature metaphor used is the book 1984.

This is sad. I agree with Daniel Solove that Kafka's The Trial is a much better literary metaphor. This article suggests some other literary metaphors, most notably Philip K. Dick. And this one suggests the Eye of Sauron.

13 hours ago Reddit users discover iOS malware threat

'Unflod Baby Panda' looks to snatch Apple IDs

Users on a mobile phone hacking subreddit are being credited with the discovery of a malware infection targeting iOS users.

14 hours ago Why security professionals need to get more creative with penetration testing (and how to do it)

Security professionals have long been running penetration tests against their firewalls and other security systems to find weaknesses that need to be addressed.

14 hours ago U.S. commercial drone industry struggles to take off

The U.S. commercial drone industry is still struggling to get off the ground more than two years after President Obama signed into law a bill that permits the civilian use of unmanned aerial vehicles (UAV) over the country's airspace.