Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: Information Security News - SANS Internet Storm Center Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

19 hours ago 32M employees offered biochip hand implants for work monitoring, payments

ZDNet View Synopsis+1
The chips can be used to login to PCs, use company machines, and make purposes -- but how many will sign up?

16 hours ago John McAfee reportedly lands in hospital after attack

ZDNet View Synopsis+1
The colorful security head says he was in an incident where someone attempted to allegedly "off" him.

15 hours ago Weaponizing Social Media: New Technology Brings New Threats

Forbes View Synopsis+1
Simply collecting every bit of online data to identify threats has proved to be more burdensome than beneficial. Intelligence agencies should utilize social media when it comes to combating terrorism.

17 hours ago Briton Pleads Guilty to Mirai Attacks in German Court

SecurityWeek View Synopsis+1

A British man pleaded guilty last week in a German court to launching a cyberattack that resulted in more than one million customers of telecommunications provider Deutsche Telekom experiencing Internet disruptions.

15 hours ago Petya ransomware: Companies are still dealing with aftermath of global cyberattack

ZDNet View Synopsis+1
Weeks after the ransomware attack that rippled across the globe, companies are still trying to deal with the damage.

Top News

1 hour ago "Perverse" malware infecting hundreds of Macs remained undetected for years

ArsTechnica View Synopsis+1
Surveillance malware dubbed Firefly was easy to spot but flew under the radar anyway.

1 hour ago UDP: Ports and Demultiplexing

IT Toolbox Blogs View Synopsis+1
Because servers communicate with many clients, they cannot permanently assign a destination IP address or UDP protocol port number. Instead, the interface for many-one communication must allow the server to specify information about the destination each time it sends a datagram. Thus, unlike the ideal interface for pairwise communication, the ideal interface for servers does not separate address specification

29 minutes ago Another Queensland police officer charged with computer hacking

ZDNet View Synopsis+1
A 39-year-old senior constable is due to appear in court on August 14 on charges of computer hacking and unauthorised use of information.

29 minutes ago G Suite admins have just one button to secure their sites, but don't

The Register View Synopsis+1
Another day, another cloudy data leak, as admins fail to get one setting right

G Suite business users: go and check your configuration, and make sure you're not publishing enterprise information to the whole world.

13 hours ago iCloud Keychain encryption bug exposes iOS passwords, credit card numbers

TechRepublic View Synopsis+1
A flaw in iCloud's end-to-end security put iOS users' information at risk. Here's how to stay safe.

6 hours ago Inappropriate Access to Patient Records Spanned 14 Years

InfoRiskToday View Synopsis+1
State Hospital Discovered Breach After a Former Patient ComplainedInappropriate access to electronic patient records by a clerk for 14 years at a state-run psychiatric facility in Massachusetts shows just how difficult it can be to detect and prevent long-term breaches involving insiders.

Latest News

3 hours ago Mac malware that went undetected for years, spied on everyday users

ArsTechnica View Synopsis+1
Surveillance malware dubbed Firefly was easy to spot but flew under the radar anyway.

2 hours ago Mac malware that went undetected for years spied on everyday users

ArsTechnica View Synopsis+1
Surveillance malware dubbed Fruitfly was easy to spot but flew under the radar anyway.

4 hours ago Bitdefender: Organisations must empower IT staff to mitigate cyber threats

ZDNet View Synopsis+1
Despite two large cyber attacks making headlines in the first six months of 2017, the security firm is still finding cybersecurity responsibility lies solely with the underfunded IT team.

4 hours ago Focus on the right things to get security results

IT Toolbox Blogs View Synopsis+1

Results. That's what management wants to see, what we strive for in our own security work, and what largely defines us as IT professionals. But what kind of results are you getting? Are you truly managing your information risks? Or, are you merely reacting every time a situation comes up? Perhaps you're able to show return on investment for your security technologies

5 hours ago Pathetic patching leaves over 70,000 Memcached servers still up for grabs

The Register View Synopsis+1
And that's months after patches released and warning emails sent - sort it out!

If you're running the caching service Memcached, and particularly if you're exposing it to the public internet for some reason, please make sure you've patched it. Tens of thousands of vulnerable systems haven't.

6 hours ago Vendor management and looking beyond SMB firewalls, anti-virus, and data backups

IT Toolbox Blogs View Synopsis+1

I just had lunch with a long-time business colleague who specializes in IT consulting and network systems integration for small and medium-sized businesses. From servers to PBXs and everything in between, his company sells, installs, and manages entire network environments for its customers. Companies like my colleague's are the backbone of the enormously large group of businesses

6 hours ago Passwords are not lame and they're not dead. Here's why.

IT Toolbox Blogs View Synopsis+1

Everywhere you turn, it seems that someone is proclaiming that passwords are lame, passwords are dead, and so on - you know the jingle. The argument is that passwords don't work. They're hard to remember. They're easily-cracked. Users complain when they have to be complex. I know you've heard these things and have even thought them yourself from time to time. Much of

7 hours ago Snopes is in danger of closing its doors due to a business dispute

ZDNet View Synopsis+1
The well-known fact-checking site claims it's being held hostage by an outside vendor. But under the surface, there's a fight between contending ownership groups.

7 hours ago China crams spyware on phones in Muslim-majority province

The Register View Synopsis+1
On-the-spot checks by cops to ensure creepy mass surveillance tool is installed

The Chinese government is requiring citizens in Xinjiang province to install spyware on their mobile phones and is enforcing the policy with police spot-checks, according to several online reports.

7 hours ago Crims snatch 5.5 million social security numbers from Kansas govt box

The Register View Synopsis+1
A server where there isn't any trouble. Do you suppose there is such a server, Toto?

Hackers have lifted not only the social security numbers and personal information of half a million jobseekers in Kansas - but also records on five million people from 10 other US states.

9 hours ago One in Ten U.S. Organizations Hit by WannaCry: Study

SecurityWeek View Synopsis+1

A recent survey discovered that the vast majority of organizations in the United States weren't prepared for the WannaCry ransomware attack, but just one in ten ended up being infected by the malware.

10 hours ago Misconfigured Google Groups Expose Sensitive Data

SecurityWeek View Synopsis+1

Researchers at cloud security firm RedLock believe hundreds of organizations may be exposing highly sensitive information by failing to properly configure Google Groups.

10 hours ago Hundreds of companies expose PII, private emails through Google Groups error

ZDNet View Synopsis+1
Oversight, not flaws, has led to some serious data exposure for firms including IBM's Weather Company and SpotX.

10 hours ago Cybercriminals Kept Botnet That Infected 500,000 Computers Hidden For Five Years

Forbes View Synopsis+1
The men and women who help defend your computers and data against digital threats are a vigilant bunch, but criminal hackers still find ways to avoid detection. Sometimes for a very, very long time.

11 hours ago 10 books on cybersecurity that all IT leaders should read

TechRepublic View Synopsis+1
Want to start learning about cybersecurity? Check out TechRepublic's top 10 titles to understand how hackers have stolen millions in private data, how governments wage cyberwar, and how to beef up security systems.

11 hours ago Video: What happens at the government when a cybersecurity threat is identified?

TechRepublic View Synopsis+1
Paul Rosen, former Chief of Staff at Department of Homeland Security and partner at Crowell & Moring, details the lessons companies and regulators should learn from the government's data breaches.