Threat Level: green Handler on Duty: Chris Mohan

SANS ISC Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

22 hours ago In charge of security? We need to talk...

The Register View Synopsis+1
Reg Roundtable offers secure and anonymous talk and networking

CIO Manifesto If you head up security for your organisation, you probably feel like you're caught between know-it all techies, ignorant directors and unbending compliance regulations.

1 day ago Virtual Currency Startup Fined $700,000 For Violating Bank Secrecy Act

Forbes View Synopsis+1
In its first civil enforcement action against a virtual currency exchange, the Financial Crimes Enforcement Network (FinCEN) levied a $700,000 fine on San Francisco-based Ripple Labs for violating the Bank Secrecy Act. Following an investigation by U.S. Attorney's Office, the IRS, and FinCEN, Ripple Labs has agreed to pay the fine and take steps [...]

23 hours ago Looks like the end for Internet Explorer

IT Toolbox Blogs View Synopsis+1
Seems that there probably won?t be an IE 12. ?Project Spartan? has been renamed ?Microsoft Edge? and will be the default browser for Windows 10. Five ways Edge trumps Internet Explorer

18 hours ago Pro tip: Pin your screen for more secure device sharing

TechRepublic View Synopsis+1
Android Lollipop includes a handy feature that allows you to pin an app to the screen to prevent prying eyes from getting beyond that single app. Jack Wallen walks you through how to make use of this feature.

Top News

9 hours ago Online extortion threat targets Australian and New Zealand organisations

ZDNet View Synopsis+1
An unknown group is demanding payment in Bitcoins to preempt denial-of-service attacks.

8 hours ago IETF updates TLS/SSL best practice guidance

The Register View Synopsis+1
Staunch HEARTBLEED, kick POODLE and make it to lunch on time

Do: start rolling TLS 1.3, support TLS 1.2, and DTLS 1.2. Don't: negotiate sessions using TLS 1, TLS 1.1, SSL 2 or SSL 3.

5 hours ago Better Remote Connectivity (VPN)

IT Toolbox Blogs View Synopsis+1
As I have mentioned before, one of the elements of security with corporate desktops is the fact that they are in the office.  You can usually add an expectation that the people that have access to the building and your office space are likely au...

2 hours ago Alcatel-Lucent resilient, defends Nokia deal

Yahoo Security View Synopsis+1

By Leila Abboud and Gwénaëlle Barzic PARIS (Reuters) - Telecom equipment maker Alcatel-Lucent , which is set to be bought by larger rival Nokia , improved profit margins in the first quarter despite a marked slowdown in its biggest market, the United States. Higher software sales and strong demand for its Internet routing products, which help telecom operators handle heavy broadband traffic from online video, helped Alcatel-Lucent post a better quarter than its soon-to-be buyer Nokia and mobile market leader Ericsson . Both those competitors saw steep drops in their shares after missing profit targets, and Nokia's misstep prompted some Alcatel shareholders to say the takeover deal terms should be renegotiated. Chief Executive Michel Combes on Thursday dismissed the idea, saying there was no need to change the deal since both groups were sticking to their annual targets.

1 hour ago Where is the Android DDoS Armageddon?

SecurityWeek View Synopsis+1

This January, I won a long-standing bet with my colleague, Pete Silva, about the Android Armageddon. Every year since 2010, industry pundits have been predicting an apocalypse of Android malware that would wreak havoc on the Internet, with DDoS attack bots numbering in the tens of millions. With a billion Android devices now connected to the Internet, there is certainly potential for mischief on a massive scale.

18 hours ago Protecting The Data Lifecyle From Network To Cloud

Dark Reading View Synopsis+1
Enterprises are pushing more sensitive and regulated data into the public cloud than ever before. But the journey carries many new risks.

17 hours ago With Lock Research, Another Battle Brews in the War Over Security Holes

WIRED View Synopsis+1

In the latest sign that the war between security researchers and the companies they investigate is heating back up, researchers who uncovered vulnerabilities in a brand of high-security electronic locks marketed to airports, police departments and critical infrastructure facilities have been threatened with two aggressive legal letters from the maker of the locks. The letters […]

The post With Lock Research, Another Battle Brews in the War Over Security Holes appeared first on WIRED.

16 hours ago Actively exploited WordPress bug puts millions of sites at risk

ArsTechnica View Synopsis+1
XSS vulnerability allows attackers to take full control of unpatched sites.

16 hours ago Windows 10: No More Monthly Patches

InfoRiskToday View Synopsis+1
Microsoft Outlines New Features, Including 24/7 UpdatesWith the upcoming release of Windows 10, Microsoft plans to inaugurate 24/7, cloud-based patching, among other new security features. Businesses can tap the anytime patches or define their own patch-release schedules.

15 hours ago IRS adds new unit to fight cybercrime, fraud

SC Magazine View Synopsis+1
The IRS is assembling a team to combat the rising tide of identity theft and fraudulent tax return claims.

11 hours ago Another Example of Cell Phone Metadata Forensic Surveillance

Schneier blog View Synopsis+1

Matthew Cole explains how the Italian police figured out how the CIA kidnapped Abu Omar in Milan. Interesting use of cell phone metadata, showing how valuable it is for intelligence purposes.

1 day ago Every Day Will Be Patch Tuesday (May 4, 2015)

SANS Newsbites View Synopsis+1

At Microsoft Ignite 2015, the company announced that with the introduction of Windows 10, there will be changes in the way it distributes software updates.......

Latest News

39 minutes ago Deal to Curb US Intelligence Elusive as June Deadline Nears

SecurityWeek View Synopsis+1

Many US lawmakers and an array of interest groups want to rein in the government's surveillance programs, aware of public backlash that began with bombshell leaks two years ago.

With a deadline looming less than a month away, however, consensus on how to curb data collection has proven elusive.

1 hour ago Alcatel-Lucent defends Nokia deal as weathers U.S. slowdown

Yahoo Security View Synopsis+1

By Leila Abboud and Gwénaëlle Barzic PARIS (Reuters) - Telecom equipment maker Alcatel-Lucent , which is set to be bought by larger rival Nokia , improved profit margins in the first quarter despite a marked sales slowdown in its biggest market, the United States. Although it reported a net loss, higher software sales, a weak euro, and strong demand for its Internet routing products - which help telecom operators handle heavy broadband traffic from online video - helped the French firm post a better quarter than Nokia and mobile market leader Ericsson . Both those competitors saw steep drops in their shares after missing profit targets, and Nokia's misstep prompted some Alcatel shareholders to say the takeover deal terms should be renegotiated. Alcatel-Lucent Chief Executive Michel Combes dismissed the idea on Thursday, saying there was no need to change the deal since both companies were sticking to their annual targets.

1 hour ago Too much Appley WRISTJOBBERY could be BAD for your HealthKit

The Register View Synopsis+1
Security bods warn of potential wristy fatpipe abuse

Users of Apple's healthcare data app platform - intended to allow developers access to healthcare info collected via its wristy gizmo - could be left wide open to security exploits, infosec bods have warned.

1 hour ago Spooks BUSTED: 27,000 profiles reveal new intel ops, home addresses

The Register View Synopsis+1
Searchable OPSEC built by scouring LInkedIn for folks claiming spook skillz

A trio of transparency boffins have revealed personal details of 27,000 intelligence officers they say are working on surveillance programs. The resulting dump not only names the officers, but in some cases tells you where they live based on data sourced from LinkedIn profiles and other easy-to-access sources.

2 hours ago Apple swats Webkit bugs that bit it on Safari

The Register View Synopsis+1
Webkit history, page loading and everyday browsing holes plugged

Apple has update its Safari browser to quash three Webkit-derived bugs.

3 hours ago "‹Mitnick's tips to combat social engineering

ZDNet View Synopsis+1
Social engineering helped renowned former hacker Kevin Mitnick break into so many computer systems that he ended up on the FBI's most wanted list. Now, the information security expert shares his tips on how to protect against some of the most effective techniques.

10 hours ago Study: Nearly all SAP systems remain unpatched and vulnerable to attacks

SC Magazine View Synopsis+1
Onapsis found that most SAP systems remain vulnerable to attacks that could compromise a company's business data and processes.

10 hours ago Virginia Man Sues Police Over License Plate Database

WIRED View Synopsis+1

Automatic license plate readers have become a hot topic in recent years, akin to the government's warrantless use of GPS trackers on vehicles.

The post Virginia Man Sues Police Over License Plate Database appeared first on WIRED.

11 hours ago Rombertik Strike at MBR Latest in Long Line of Malware Self-Defense Tactics

SecurityWeek View Synopsis+1

Recently, researchers at Cisco Systems identified a new piece of malware armed with sophisticated anti-bugging feature that attempts to overwrite the master boot record if the malware discovers it is being analyzed.

11 hours ago Advisory on CyberLock vulnerabilities draws fire from attorney

SC Magazine View Synopsis+1
After allegedly notifying CyberLock of security flaws in some of its products, IOActive issued an advisory warning of the issues.

11 hours ago Mobile threats on the rise, Q1 2015 report shows

SC Magazine View Synopsis+1
Kaspersky Lab saw 3.3 times as many new malicious mobile programs in Q1 2015 than it did in the final quarter of last year.

11 hours ago LinkedIn serves up resumes of 27,000 US intelligence personnel

ZDNet View Synopsis+1
A new transparency project has mined LinkedIn to create a database of the US intelligence community - complete with codewords.