Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Information Security News - SANS Internet Storm Center Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

1 day ago Microsoft Master File Table bug exploited to BSOD Windows 7, 8.1

The Register View Synopsis+1
The 1990s called: they want their filepath hack back

Until Microsoft patches this problem, use Chrome: a slip in file-path handling allows attacker to crash Windows 7 and Windows 8.1 with a file call.

1 day ago "‹Victorian student gained unauthorised access to school's IT network

ZDNet View Synopsis+1
A high school student gained access to the personal information of fellow students from Camberwell High School's IT system after stealing a teacher's password.

2 days ago Houdini Worm Gets Posted to Paste Sites

SecurityWeek View Synopsis+1

Recorded Future security researchers recently discovered that the Houdini worm has been posted hundreds of times on paste sites over the past several months.

Top News

10 hours ago One WLAN Vendor's Best Practice is Another's Caution- But Both Should Tell You Why

IT Toolbox Blogs View Synopsis+1

As I continue to evaluate Ubiquiti's latest UniFi product line as a contender for more sophisticated business network environments, I ran across a curious (to me at least) message when getting into actual configuration. It was a worthwhile message, but it also struck me as being a bit at odds with how the market leading networker (who Ubiquiti wants to compete with) positions the same features,

8 hours ago New awareness study reveals what you need for the best security programs

ZDNet View Synopsis+1
Third annual report educates security awareness professionals on how time, the right talent, and good communications make for the best, most effective programs.

2 hours ago Microsoft Patches Several Malware Protection Engine Flaws

SecurityWeek View Synopsis+1

Microsoft Fixes Several Antimalware Engine Vulnerabilities Found by Google Researchers

1 hour ago Popular RADIUS server exploitable with TLS session caching

The Register View Synopsis+1
'Inner authentication' has bad karma, allows strangers to log in without credentials

Sysadmins with FreeRADIUS - the most widely deployed Remote Authentication Dial-In User Service server - in their boxen need to run an upgrade because there's a bug in its TTLS and PEAP implementations.

1 hour ago Russian Company Pins European Bank Attacks on North Korea

InfoRiskToday View Synopsis+1
Group-IB's Findings Add to Growing Body of Circumstantial EvidenceRussian threat intelligence firm Group-IB alleges that North Korea is behind recent attacks against financial institutions in Europe employing fraudulent SWIFT messages. But other experts caution that such conclusions shouldn't be made solely based on technical data.

1 day ago China's Cyber Security Law: The Impossibility Of Compliance?

Forbes View Synopsis+1
China's much-anticipated Cyber Security Law (CSL) will come into effect on 1 June 2017. Deciphering exactly who is captured and what is covered is leaving companies unsure as to how they will comply with this vague and potentially onerous law.

Latest News

43 minutes ago Android alert: This cutesy malware has infected millions of devices

ZDNet View Synopsis+1
Auto-clicking 'Judy' adware was distributed by over 40 apps in Google's official Android market.

1 hour ago Vulnerabilities Patched in Aruba Access Policy Platform

SecurityWeek View Synopsis+1

HPE-owned network access solutions provider Aruba informed customers last week that the company's ClearPass Policy Manager access policy platform is affected by several vulnerabilities.

1 hour ago Cybersecurity During the Era of Donald Trump

InfoRiskToday View Synopsis+1
In this special report of the ISMG Security Report, you'll hear an edited version of an ISMG Fraud and Breach Prevention Summit keynote panel in which current and former federal cybersecurity officials assess the IT security agenda of the Donald Trump administration.

7 hours ago Implementing IGMP Membership Reports

IT Toolbox Blogs View Synopsis+1
Because the standard specifies that the report for each host group should be delayed a random time, igmp_settimers calls function hgrand to compute a delay.

9 hours ago Cybersecurity and the Manchester bombing

IT Toolbox Blogs View Synopsis+1
Governments around the world now have even more impetus to demand backdoors into encryption systems

11 hours ago Popular RADIUS sever exploitable with TLS session caching

The Register View Synopsis+1
'Inner authentication' has bad karma, allows strangers to log in without credentials

Sysadmins with FreeRADIUS in their boxen need to run in an upgrade, because there's a bug in its TTLS and PEAP implementations.

11 hours ago Microsoft patched more Malware Protection Engine bugs last week

The Register View Synopsis+1
Redmond's out-of-band advisory landed after the bugs were fixed

Microsoft has broken out of its usual cycle to patch more Malware Protection Engine bugs notified privately Google Project Zero.