Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

14 hours ago It's not just the app store - Google Play Books is crawling with scams too

Yahoo Security View Synopsis+1
As we've observed countless times, there are both pluses and minuses to the way Google handles allowing apps onto Google Play. On the plus side, it's insanely easy to get your app added. On the minus side, it's insanely easy for scammers to get malicious apps onto the store as well. Now Android Police has found that it's not just the app store that's a haven for scams - it's Google Play Books as well. Essentially, Android Police discovered that Play Books is loaded with books that are billed as supposed "guides" for games that promise cracked Android application packages (APKs) but that actually deliver malware and phishing scams. "After becoming aware of this problem, we spotted almost a dozen sellers of

11 hours ago Building Reliable Disk Volumes Part 1

IT Toolbox Blogs View Synopsis+1
RAID and Drive Redundancy. Redundant disk drives allow non-stop operation in case of a drive failure. The acronym RAID stands for Redundant Array of Inexpensive Disks. Six levels of RAID, 0 through 5, were defined in a paper published by the Universi...

1 day ago Google Fixes 51 Vulnerabilities With Release of Chrome 41

SecurityWeek View Synopsis+1

Chrome 41 is available for download. The latest version of Google's Web browser brings new apps and extension APIs, stability and performance improvements, and tens of security fixes.

Top News

23 hours ago Powercat

SANS Reading Room View Synopsis+1
Powercat started as a proof-of-concept tool that I initially developed.

1 day ago D-Link removes fingers from ears, preps mass router patch

The Register View Synopsis+1
Amnesia strikes as hacker discloses remote code exec flaws

Domestic router Daddy D-Link is patching dangerous remote access flaws in several models of its networking gear.

3 hours ago Now Corporate Drones are Spying on Cell Phones

Schneier blog View Synopsis+1

The marketing firm Adnear is using drones to track cell phone users:

The capture does not involve conversations or personally identifiable information, according to director of marketing and research Smriti Kataria. It uses signal strength, cell tower triangulation, and other indicators to determine where the device is, and that information is then used to map the user's travel patterns.

"Let's say someone is walking near a coffee shop," Kataria said by way of example.

The coffee shop may want to offer in-app ads or discount coupons to people who often walk by but don't enter, as well as to frequent patrons when they are elsewhere. Adnear's client would be the coffee shop or other retailers who want to entice passersby.


The system identifies a given user through the device ID, and the location info is used to flesh out the user's physical traffic pattern in his profile. Although anonymous, the user is "identified" as a code. The company says that no name, phone number, router ID, or other personally identifiable information is captured, and there is no photography or video.

Does anyone except this company believe that device ID is not personally identifiable information?

2 hours ago Wireless Charging: A Surprising New Way To Track You

Forbes View Synopsis+1
One of the key vendors of wireless charging in public spaces is positioning itself as an intelligence gathering tool for Starbucks, airports and others. The price for watts will be your data.

49 minutes ago How Secure Are You?

Dark Reading View Synopsis+1
The NIST Cybersecurity Framework can help you understand your risks.

30 minutes ago DNS enhancement catches malware sites by understanding sneaky domain names

ArsTechnica View Synopsis+1
OpenDNS develops filter that can recognize exploit pages before they're served up.

16 hours ago Anthem Refuses Full IT Security Audit

InfoRiskToday View Synopsis+1
Watchdog Agency Says Insurer Won't Allow Vulnerability ScansAnthem Inc. has refused to allow a federal watchdog agency to conduct vulnerability scans of its systems in the wake of its recent massive data breach. The health insurer also refused to allow scans by the same agency in 2013.

14 hours ago Gemalto, Tapit use NFC platform to simplify mobile payments

ZDNet View Synopsis+1
Gemalto and Tapit have teamed up to enable consumers to leverage NFC technology to make 'frictionless' payments on their mobile phones, and have their transactions billed to their mobile phone.

1 day ago How to add and manage VPNs in iOS 8

TechRepublic View Synopsis+1
Through a VPN, you can have a little more security than normal while on the go. Cory Bohon gives you some tips for adding and managing VPN connections.

22 hours ago GAO releases report on FAA security lapses, experts remain unconcerned

SC Magazine View Synopsis+1
The U.S. Government Accountability Office analyzed the Federal Aviation Administration's cyber security protocol and issued recommendations for the agency to improve.

16 hours ago Why Clinton's Private Email Server Was Such a Security Fail

WIRED View Synopsis+1

Hillary Clinton's homebrew email solution potentially left the communications of the top US foreign affairs official vulnerable to state-sponsored hackers.

The post Why Clinton's Private Email Server Was Such a Security Fail appeared first on WIRED.

1 day ago Pharming Attack Targeting Brazilian Home Router Users (February 26, 2015)

SANS Newsbites View Synopsis+1

Attackers are targeting Brazilian Internet users, spying on web traffic by exploiting vulnerabilities in home routers.......

Latest News

4 hours ago Symantec: Corporate divorce starts on April Fool's Day

The Register View Synopsis+1
Unhappy bedfellows split sales team from next month

Symantec is to operate as two separate storage and security organisations from April Fool's Day, as the deadly serious game of long-term survival begins in earnest.

19 minutes ago Which Apps Should You Secure First? Wrong Question.

Dark Reading View Synopsis+1
Instead, develop security instrumentation capability and stop wasting time on '4 terrible tactics' that focus on the trivial.

29 minutes ago The Boy Genius Report Podcast: Episode 2

Yahoo Security View Synopsis+1
This week was a big one for smartphones and devices. We brought you live Mobile World Congress 2015 coverage and boy, were there some hot new phones announced. The Samsung Galaxy S6, Galaxy S6 Edge and HTC One M9 are the top of the tippy tip when it comes to great Android devices. Additionally, MWC was a smartwatchfest with new devices from LG, Huawei, Alcatel (alcawho?), and many others. In this week's podcast, I give my thoughts on the event and announcements, plus pepper in some information on smart home integration and Apple Car by listener request. Remember to email us at with feedback to help make the show better - we're just getting this off the ground and we're thrilled

1 hour ago Inventory Barcoding / Assets Tagging / Stock Taking Simplified

IT Toolbox Blogs View Synopsis+1
Barcoding and initial stock taking for inventory and assets can be time consuming and is prone to errors. The article discusses how to streamline this process using smartphone and QR Inventory mobile application.

1 hour ago 3 Steps to Improving the Efficiency of Your Homegrown ERP System

IT Toolbox Blogs View Synopsis+1

According to some enterprise resource planning (ERP) experts, almost half of all ERP systems are still of the homegrown variety - those ERP systems that are created in house using proprietary code and possibly cobbling together additional applications to build out the system's functionality. If that's the case, then many organizations are using systems that might not be efficient.

1 hour ago Developing Your First Unified Communications Strategy

IT Toolbox Blogs View Synopsis+1

Implementing a unified communications (UC) platform is more than just switching to a new desk phone. Such a change can disrupt normal workflows and bombard users with new collaboration and productivity options. A UC strategy plan is integral to rolling out a UC platform so that end users maintain productivity and the organization gets a return on its investment following a reasonable

1 hour ago Adobe Launches Vulnerability Disclosure Program for Web Applications

SecurityWeek View Synopsis+1

Researchers who identify security issues in Adobe's Web applications can report their findings through the company's newly launched vulnerability disclosure program powered by HackerOne.

1 hour ago PATCH FREAK NOW: Cloud providers faulted for slow response

The Register View Synopsis+1
Pitting 90s technology against modern hackers is "˜no contest'

Hundreds of cloud providers are still vulnerable to the serious FREAK cryptographic vulnerability.

1 hour ago Oracle extends its adware bundling to include Java for Macs

ZDNet View Synopsis+1
For years, Oracle has tormented Windows users by bundling adware with its Java installer for Windows PCs. With the most recent update of Java for the Mac, Oracle has begun including the same adware as part of a default installation, using the same deceptive techniques.

2 hours ago Experimental DNS catches malware sites by understanding sneaky domain names

ArsTechnica View Synopsis+1
OpenDNS develops filter that can recognize exploit pages before they're served up.

2 hours ago Hacking Putin's Eyes: How To Bypass Biometrics The Cheap And Dirty Way With Google Images

Forbes View Synopsis+1
At Mobile World Congress this week a number of eye-scanning authentication tools were shown off, notably by ZTE and Fujitsu. But security researcher Jan Krissler says it's easy to use high-res images of people's eyes grabbed from Google to break iris scanning tech.

2 hours ago Bit9 CEO on Data Breach Defense

InfoRiskToday View Synopsis+1
The CEO of Bit9 speaks from experience: His firm was hacked, sensitive data stolen and customers put at risk. And what's happened since represents his mission to fend off attackers, even as they refine their hacks.

3 hours ago OCC Expands on Third-Party Cyber-Risks

InfoRiskToday View Synopsis+1
Director Offers Review of New Cyber-Resiliency GuidanceKevin Greenfield, director of bank IT for the Office of the Comptroller of the Currency, says FFIEC agencies are working to help financial institutions shore up cybersecurity, and a big focus for regulators is third-party risks.

3 hours ago Tsukuba Banking Trojan Targets Users in Japan

SecurityWeek View Synopsis+1

Researchers at IBM Trusteer have come across a new banking Trojan that is designed to target the customers of Japanese financial institutions.

3 hours ago "ªObama criticises China's mandatory backdoor tech import rules

The Register View Synopsis+1
It's our way or the highway, says the Asian giant

US prez Barack "ªObama has criticised China's new tech rules"¬, urging the country to reverse the policy if it wants a business-as-usual situation with the US to continue.

3 hours ago Adobe launches vulnerability disclosure scheme on HackerOne

ZDNet View Synopsis+1
Adobe, maker of software including Flash and Adobe reader, is catching up to the times and has launched a bug bounty program -- but something may be missing.

3 hours ago 'Building AI is like launching a rocket': Meet the man fighting to stop artificial intelliegence destroying humanity

ZDNet View Synopsis+1
Skype's co-founder wants to keep humankind safe from the existential threats of artificial intelligence.

7 hours ago Experts: Clinton email practices risked data disclosures

Yahoo Security View Synopsis+1

WASHINGTON (AP) - Hillary Rodham Clinton's use of a private email address and private computer server for official State Department business heightened security risks to her communications, such as the inadvertent disclosure of sensitive information and the danger from hackers, several information security experts said.

9 hours ago Huawei, Intel expand tie-up amid China's rising scrutiny of U.S. tech firms

Yahoo Security View Synopsis+1

By Paul Carsten BEIJING (Reuters) - China's Huawei Technologies Co Ltd [HWT.UL] and Intel Corp are expanding an existing alliance to provide cloud computing to global telecoms carriers, as U.S. tech firms vie for Chinese tie-ups to retain access to a tough mainland market. The partnership, announced by Huawei in a statement, comes as U.S and other Western tech firms' scramble to burnish their bona fides with China, which has become increasingly wary of foreign technology. China's government has been openly pushing for the use of more Chinese and less foreign-made technology, both to grow its own tech sector and as a response to former U.S. National Security Agency contractor Edward Snowden's leaks about widespread U.S. cyber surveillance. Other U.S. enterprise tech firms adopting a partnership strategy include IBM Corp, Dell Inc [DI.UL], Cisco Systems Inc, Hewlett-Packard Co and Juniper Networks Inc. The cloud computing industry is a focus area for China, with Premier Li Keqiang saying in his government work report delivered to parliament on Thursday that the government would support its development.