Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Information Security News - SANS Internet Storm Center Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

12 hours ago Tax fraud wave swells after criminals pop ADP payroll data forms

The Register View Synopsis+1
Dox pays lots.

An unknown number of staff at US corporations are at high risk of having their tax returns plundered after criminals siphoned their publicly-disclosed personal details and a unique company URL to obtain their records from payroll provider ADP.

12 hours ago Hacker sells 42.5 million freshly-stolen logins for SEVENTY FIVE CENTS

The Register View Synopsis+1
Researcher who paid a pittance also discloses 34m account leak from Russia's QIP

A hacker has sold hundreds of millions of stolen email credentials - including 42.5 million never before disclosed - for just one dollar to researchers at intelligence firm Hold Security.

12 hours ago Apple Updates Xcode to Patch Git Vulnerabilities

SecurityWeek View Synopsis+1

Apple released an update for its Xcode integrated development environment this week to address a couple of serious vulnerabilities in the Git version control system.

7 hours ago Qualcomm security flaw impacts Android devices, project APIs

ZDNet View Synopsis+1
The issue can result in information leaks and local privilege escalation -- and it may be impossible to patch all vulnerable devices.

5 hours ago Daisy-chained research spells malware worm hell for power plants and other utilities

The Register View Synopsis+1
World's first PLC worm spreads like cancer

BlackHat Asia A world-first proof-of-concept worm - if unleashed - could spell disaster for the world's critical infrastructure, including power utilities by making attacks exponentially more difficult to detect and stop.

Top News

10 hours ago Quick Guide for Buying Your next Camera

IT Toolbox Blogs View Synopsis+1
There are a lot of things to consider before opting for a camera, so let?s look at what your choices are.

8 hours ago Turkey eyes visa-free travel to Europe but hurdles remain

Yahoo Security View Synopsis+1

ISTANBUL (AP) - Visa-free travel to Europe may be finally within Turkey's grasp, but the remaining benchmarks it must meet by June are not easy hurdles to clear. Turkish leaders have explicitly warned the European Union that they will stop cooperating on the migrant crisis if the visa requirement isn't lifted.

8 hours ago Own a Pair of Clipper Chips

Schneier blog View Synopsis+1

The AT&T TSD was an early 1990s telephone encryption device. It was digital. Voice quality was okay. And it was the device that contained the infamous Clipper Chip, the U.S. government's first attempt to put a back door into everyone's communications.

Marcus Ranum is selling a pair on eBay. He has the decryption wrong, though. The TSD-3600-E is the model with the Clipper Chip in it. The TSD-3600-F is the version with the insecure exportable algorithm.

8 hours ago Tax-Return Fraudsters Hit ADP Portal

InfoRiskToday View Synopsis+1
U.S. Bank Confirms Fraudulent Tax Returns Filed in Employees' NamesSome employees at organizations that use outsourced payroll provider ADP have been hit with tax-return fraud. ADP blames customers for failing to secure the unique portal-registration codes it issues.

7 hours ago AT&T: No More Passwords, Pin Codes, And Security Questions

Forbes View Synopsis+1
AT&T promises a future where fingerprints replace passwords.

1 hour ago LAPD hacks iPhone 5s, proves they don't need Apple backdoor

TechRepublic View Synopsis+1
The LAPD recently hacked into an iPhone 5s involved in a very public murder trial. This news could prove a potential roadblock for backdoor legislation.

1 hour ago 5-year-old Android vulnerability exposes texts and call histories

ArsTechnica View Synopsis+1
Fix still isn't available for most users, and many will probably never get it.

Latest News

1 hour ago Taking down the grid

IT Toolbox Blogs View Synopsis+1
One of the nightmares we have in the event of a cyber-war is that our entire electricity grid could be disabled. Do this, and everything grinds to a halt.

1 hour ago Critical Qualcomm security bug leaves many phones open to attack

ArsTechnica View Synopsis+1
Fix still isn't available for most users, and many will probably never get it.

1 hour ago How public cloud providers are making security a non-issue for app developers

TechRepublic View Synopsis+1
Developers would often rather write apps than secure them, but public cloud providers can help them do both.

1 hour ago Another breach, another dollar: Is it time to kill the password?

ZDNet View Synopsis+1
Security experts trade likes and votes to recover 1.17 billion credentials that show password re-use still alive and well

1 hour ago 272 Million Stolen Credentials For Sale? Don't Panic

InfoRiskToday View Synopsis+1
No One Knows If Leaked Account Credentials Even WorkA security firm claims to have obtained from a young Russian hacker a data set that includes 272 million unique credentials for Hotmail, Gmail and Yahoo email addresses, among others. But there's no reason to panic, security experts say.

2 hours ago Stop resetting your passwords, says UK govt's spy network

The Register View Synopsis+1
No, seriously, it's a bad idea. Honestly

The UK government has, on World Password Day, repeated its advice against the common security practice of routinely changing passwords.

2 hours ago Kid from small Russian town trading your email credentials for social media love

ZDNet View Synopsis+1
Security experts trade likes and votes to recover 1.17 billion credentials that show password re-use still alive and well

3 hours ago Expanding Security to Address Real Threats

IT Toolbox Blogs View Synopsis+1

Periodically real-world actors take steps in a direction which fall radically short of the logical end toward which they are heading.  Such is the case with the bill recently submitted by Senators Richard Burr (R-North Carolina) and Dianne Feinstein (D-California) entitled 

3 hours ago Can Pakistan's New Cybersecurity Law Help Combat Cybercrime?

InfoRiskToday View Synopsis+1
Still a Long Way to Go to Ensure a Cybersecure EcosystemThe Pakistan National Assembly has approved the cybercrime bill under the Prevention of Electronic Crimes Act, 2015. It is a positive move, but given the challenges of execution, there is still far to go in ensuring a cybersecure ecosystem.

4 hours ago Pakistan, Indonesia lead in malware attacks: Microsoft report

Yahoo Security View Synopsis+1

Pakistan, Indonesia, the Palestinian territories, Bangladesh, and Nepal attract the highest rates of attempted malware attacks, according to Microsoft Corp. Countries that attracted the fewest include Japan, Finland, Norway and Sweden, Microsoft said in a new study, based on sensors in systems running Microsoft anti-malware software. "We look at north of 10 million attacks on identities every day," said Microsoft manager Alex Weinert, although attacks do not always succeed. Millions occur each year when the attacker has valid credentials, Microsoft said, meaning the attacker knows a user's login and password.

4 hours ago Smaller Healthcare Organizations: The Next Breach Target?

InfoRiskToday View Synopsis+1
Clinics, laboratories, durable medical equipment suppliers and other smaller healthcare entities need to bolster their breach preparedness as cyberattacks against smaller entities in all sectors continue to multiply, says David Finn of Symantec, who discusses findings from a new report.

5 hours ago Craig Wright Says Sorry, He Can't Offer Proof He's Bitcoin Creator Satoshi

Forbes View Synopsis+1
Craig Wright said he would provide proof he was Satoshi Nakamoto. He has backed down from that promise, leaving many wondering whether it really was a huge scam.

6 hours ago PoC Exploits Mainly Distributed via Social Media

SecurityWeek View Synopsis+1

An analysis of proof-of-concept (PoC) exploits shared online over the last year has shown that social media is the main distribution channel for PoCs, according to threat intelligence firm Recorded Future.

PoCs are developed by both researchers and threat actors - in many cases to demonstrate the existence of a software vulnerability and to show that it's exploitable.

6 hours ago AT&T Promises No More Passwords, PIN Codes, And Security Questions

Forbes View Synopsis+1
AT&T promises a future where fingerprints replace passwords.

6 hours ago Hitler's "unbreakable" encryption machine - and the Bletchley Park devices which cracked the code

ZDNet View Synopsis+1
The story of how Bletchley Park codebreakers decrypted top secret Nazi communications

6 hours ago Miscreants tripled output of proof of concept exploits in 2015

The Register View Synopsis+1
Pastebin is for old hats. Cool black hats use Twitter now

Hackers collectively tripled the production of Proof-of-Concept exploits last year, according to a new study out on Thursday.

7 hours ago Preparing Your Network for the IoT Revolution

SecurityWeek View Synopsis+1

26 Connected Devices Per Human by 2020 Changes the Security Equation: How to Make Sure Your Network is Prepared

We seem to be hearing about Internet of Things (IOT) and the security challenges related to it everywhere these days"¦

7 hours ago Qualcomm Software Flaw Exposes Android User Data

SecurityWeek View Synopsis+1

FireEye has disclosed the details of a serious information disclosure vulnerability affecting a Qualcomm software package found in hundreds of Android device models.

7 hours ago AT&T Promises No More Passwords, Pin Codes, And Security Questions

Forbes View Synopsis+1
AT&T promises a future where fingerprints replace passwords.

7 hours ago Pakistan, India lead in malware attacks: Microsoft report

Yahoo Security View Synopsis+1

Pakistan, Indonesia, the Palestinian territories, Bangladesh, and Nepal attract the highest rates of attempted malware attacks, according to Microsoft Corp. Countries that attracted the fewest include Japan, Finland, Norway and Sweden, Microsoft said in a new study, based on sensors in systems running Microsoft anti-malware software. "We look at north of 10 million attacks on identities every day," said Microsoft manager Alex Weinert, although attacks do not always succeed. Millions occur each year when the attacker has valid credentials, Microsoft said, meaning the attacker knows a user's login and password.

8 hours ago The Ten Commandments of the Government Digital Service (i)

IT Toolbox Blogs View Synopsis+1
The Government Digital Service principles The Government Digital Service principles (i) The Government Digital Service principles (ii) The Government Digital Service principles should become part of the culture Government as a platform, foundations Government as a platform, foundations (i) Government as a platform, foundations (ii)

8 hours ago Suck on this: White hats replace Locky malware payload with dummy

The Register View Synopsis+1
I expected a ransom note and all I got was this stupid Locky

Pranksters have infiltrated the control system behind the infamous Locky ransomware and replaced the malware's main payload with a dummy file.