Threat Level: green Handler on Duty: Tom Webb

SANS ISC Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

1 day ago The most hilarious revelation about the Ashley Madison hack yet

Yahoo Security View Synopsis+1
Was Ashley Madison a website full of married guys who spent their time trying to hook up with bots and/or other guys whom they thought were women? Gizmodo has taken a look at some of the leaked data about the website and has found that the reality is it's "like a science fictional future where every woman on Earth is dead, and some Dilbert-like engineer has replaced them with badly-designed robots." RELATED: Things are getting worse and worse for Ashley Madison Gizmodo took a look at female profiles on the site and discovered that most of them were never used at all after they were created. In fact, the site estimates that roughly 12,000 of the 5.5 million registered female accounts are

1 day ago Malvertising maniac messes MSN, serves corrupted creative

The Register View Synopsis+1
Yahoo! appetiser, HuffPo for mains, and MSN for desert.

A chap who might just me the world's worst malvertising marauder has popped MSN, potentially compromising some of the site's 10 million daily visitors with an exploit kit so capable it p0wns almost half of those who encounter it.

22 hours ago Mozilla Updates Firefox 40 to Patch Two Serious Flaws

SecurityWeek View Synopsis+1

Mozilla updated Firefox to version 40.0.3 on Thursday to address a couple of serious vulnerabilities.

22 hours ago 'Work went on, of course': Why the German parliament took itself offline for three days

ZDNet View Synopsis+1
Following a significant hack attack, the Bundestag's IT systems went dark for an upgrade.

Top News

2 hours ago Supercookies are back, and they're as unappealing as ever

TechRepublic View Synopsis+1
Supercookies are back in force. But if supercookies are so great for consumers, why aren't mobile carriers bragging about using them?

1 day ago Defending All the Targets Is Impossible

Schneier blog View Synopsis+1

In the wake of the recent averted mass shooting on the French railroads, officials are realizing that there are just too many potential targets to defend.

The sheer number of militant suspects combined with a widening field of potential targets have presented European officials with what they concede is a nearly insurmountable surveillance task. The scale of the challenge, security experts fear, may leave the Continent entering a new climate of uncertainty, with added risk attached to seemingly mundane endeavors, like taking a train.

The article talks about the impossibility of instituting airport-like security at train stations, but of course even if were feasible to do that, it would only serve to move the threat to some other crowded space.

1 day ago 5th Circuit: Online bullying prevented fair trial for NOPD officers post-Katrina

SC Magazine View Synopsis+1
Five police officers accused of shooting unarmed civilians post-Katrina say they did not get a fair trial in part because "adverse online comments" by prosecutors created an "air of bullying," an appeals court ruled.

12 hours ago MIT Researchers Create Crash-Tolerant File System Guaranteed Not To Lose Data

Forbes View Synopsis+1
MIT researchers are planning to present a paper at the ACM Symposium on Operating Systems Principles in October, with details of the first computer file system that is mathematically guaranteed not to lose track of data during crashes. A file system is a vital component of a computer that manages and [...]

19 hours ago Windows and competition

IT Toolbox Blogs View Synopsis+1
Security is to the OS world what reliability is to the automobile world.

16 hours ago CEO of Ashley Madison parent company quits

ArsTechnica View Synopsis+1
Noel Biderman steps down less than a week after gigabytes of his e-mail go public.

15 hours ago Ashley Madison CEO Resigns in Wake of Hack, News of Affairs

WIRED View Synopsis+1

Ashley Madison CEO steps down after emails leaked by hackers expose that he engaged in affairs.

The post Ashley Madison CEO Resigns in Wake of Hack, News of Affairs appeared first on WIRED.

13 hours ago Ashley Madison CEO Loses His Job

InfoRiskToday View Synopsis+1
Noel Biderman Steps Down as Head of Parent Company Avid Life MediaNoel Biderman, CEO of Avid Life Media, parent company of the infidelity website Ashley Madison, has stepped down in the wake of a hack attack and subsequent massive data leaks.

11 hours ago Breaking the Ice: Gaining Initial Access

SANS Reading Room View Synopsis+1
While companies are spending an increasing amount of resources on security equipment, attackers are still successful at finding ways to breach networks. This is a compounded problem with many moving parts, due to misinformation within the security industry and companies placing focus on areas of security that yield unimpressive results. A company cannot properly defend and protect against what they do not adequately understand, which tends to be a misunderstanding of their own security defense systems and relevant attacks that cyber criminals commonly use today. These misunderstandings result in attackers bypassing even the most seemingly robust security systems using the simplest methods. The author will outline the common misconceptions within the security industry that ultimately lead to insecure networks. Such misconceptions include a company

11 hours ago Healthcare Cybersecurity Survey - 80% Compromised (August 27, 2015)

SANS Newsbites View Synopsis+1

According to the 2015 Healthcare Cybersecurity Survey, more than 80 percent of healthcare organizations said that their systems have been compromised within the past two years.......

Latest News

8 hours ago Ashley Madison courted several buyers, landed none before attack

Yahoo Security View Synopsis+1

By Allison Martell and Alastair Sharp TORONTO (Reuters) - The owner of adultery website Ashley Madison had already been struggling to sell itself or raise funds for at least three years before the publication of details about its members, according to internal documents and emails also released by hackers as part of their assault on the company in recent weeks. Avid Life Media announced on Friday that CEO Noel Biderman, who founded the website in 2001, had left the company with immediate effect, the latest sign of the wrenching impact on the company of the attack that led to the disclosure of sensitive data about millions of clients.

9 hours ago Exclusive: Russia's Kaspersky threatened to 'rub out' rival, email shows

Yahoo Security View Synopsis+1

By Joseph Menn SAN FRANCISCO (Reuters) - In 2009, Eugene Kaspersky, co-founder of one of the world's top security companies, told some of his lieutenants that they should attack rival antivirus software maker AVG Technologies N.V. by "rubbing them out in the outhouse," one of several previously undisclosed emails shows. As previously reported by Reuters, the plan involved creating fake virus samples and malware identifications to fool competitors into disabling or deleting important files, thereby creating problems for their customers.

9 hours ago United Airlines to revamp scheduling to fight flight delays

Yahoo Security View Synopsis+1

United Airlines plans to change the way it schedules flights and to use new technology to tackle the delays and cancellations that have hurt its competitiveness, company executives told Reuters. The new initiatives aim to narrow the gap in performance between United Continental Holdings Inc and Delta Air Lines Inc , which has the best on-time record of U.S. airlines.

9 hours ago Uber hires researchers who hacked Chrysler Uconnect

ArsTechnica View Synopsis+1
Charlie Miller, Chris Valasek reportedly hired to help secure self-driving cars.

9 hours ago Friday Squid Blogging: Cephalopod Anatomy Class

Schneier blog View Synopsis+1

Beautiful diorama.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

10 hours ago Finland detains Russian citizen accused of computer fraud in U.S.

SC Magazine View Synopsis+1
Finnish authorities nabbed Russian citizen Maxim Senakh, wanted in the U.S. on computer fraud charges for spreading malware.

10 hours ago Mickens on Security

Schneier blog View Synopsis+1

James Mickens, for your amusement. A somewhat random sample:

My point is that security people need to get their priorities straight. The "threat model" section of a security paper resembles the script for a telenovela that was written by a paranoid schizophrenic: there are elaborate narratives and grand conspiracy theories, and there are heroes and villains with fantastic (yet oddly constrained) powers that necessitate a grinding battle of emotional and technical attrition. In the real world, threat models are much simpler (see Figure 1). Basically, you're either dealing with Mossad or not-Mossad. If your adversary is not-Mossad, then you'll probably be fine if you pick a good password and don't respond to emails from If your adversary is the Mossad, YOU'RE GONNA DIE AND THERE'S NOTHING THAT YOU CAN DO ABOUT IT. The Mossad is not intimidated by the fact that you employ https://. If the Mossad wants your data, they're going to use a drone to replace your cellphone with a piece of uranium that's shaped like a cellphone, and when you die of tumors filled with tumors, they're going to hold a press conference and say "It wasn't us" as they wear t-shirts that say "IT WAS DEFINITELY US," and then they're going to buy all of your stuff at your estate sale so that they can directly look at the photos of your vacation instead of reading your insipid emails about them. In summary, https:// and two dollars will get you a bus ticket to nowhere. Also, SANTA CLAUS ISN'T REAL. When it rains, it pours.

10 hours ago Uber Hires the Hackers Who Wirelessly Hijacked a Jeep

WIRED View Synopsis+1

The two researchers will apparently be working on securing Uber's self-driving car of the future.

The post Uber Hires the Hackers Who Wirelessly Hijacked a Jeep appeared first on WIRED.

10 hours ago How Do Mobile Experts Use Mobility and What Does it Mean for Retailers?

IT Toolbox Blogs View Synopsis+1
One hundred percent of mobile experts in our recent survey of 108 mobile experts purchase products online.

10 hours ago Maintaining Security in the Cloud by Using a Cloud Security Checklist

IT Toolbox Blogs View Synopsis+1
Seven areas of security risk have been outlined by the Cloud Security Alliance. This group promotes seven best security practices for cloud computing.

10 hours ago Adobe Flash steadily heading toward demise

SC Magazine View Synopsis+1
Both Amazon and Google took steps to downplay or completely rid its company's entities of Flash ads.

11 hours ago Court overturns judge's decision, sides with NSA's phone metadata collection

SC Magazine View Synopsis+1
The U.S. Court of Appeals for the District of Columbia Circuit overturned a judge's ruling on Friday, ultimately siding with the NSA's of phone metadata collection program.

11 hours ago Chrome Will Block Flash Advertisements (August 28, 2015)

SANS Newsbites View Synopsis+1

As of September 1, 2015, Google's Chrome browser will freeze "non-essential" Flash advertisements by default.......

11 hours ago Defense Contractor Cybersecurity Rules (August 26, 2015)

SANS Newsbites View Synopsis+1

New cybersecurity rules for US government defense contractors are now in effect.......

11 hours ago BitTorrent DRDoS Flaw Fixed (August 27 & 28, 2015)

SANS Newsbites View Synopsis+1

BitTorrent has fixed a vulnerability in its file sharing protocol that could be misused to launch distributed reflective denial-of-service (DRDoS) attacks.......

11 hours ago Associated Press sues FBI for impersonating its site to install spyware

The Register View Synopsis+1
Meanwhile, the EFF learns: in Russia, government malware pwns you!

The Associated Press is suing the FBI over allegations government agents used a fake news story to plant malware on the PCs of suspected criminals.

11 hours ago The Benefits of Endpoint Encryption

Schneier blog View Synopsis+1

An unofficial blog post from FTC chief technologist Ashkan Soltani on the virtues of strong end-user device controls.