Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

11 hours ago Telstra: We could be the only Australian telco with an approved data retention plan

ZDNet View Synopsis+1
In its annual general meeting held today, Telstra revealed that it has received approval for its data retention plans.

6 hours ago Netgear prodded into patching SOHOpeless broadband router

The Register View Synopsis+1
Disclosure prompts action on months-old authentication bypass

Yet another vulnerability in a SOHO broadband router that flew under the radar is starting to cause trouble in the wild.

5 hours ago Only on AP: Clinton server ran software that risked hacking

Yahoo Security View Synopsis+1

WASHINGTON (AP) - The private email server Hillary Rodham Clinton used while secretary of state was connected to the Internet in ways that made it more vulnerable to hackers.

4 hours ago Cisco IOS Rootkits Can Be Created With Limited Resources: Researchers

SecurityWeek View Synopsis+1

A paper published last week aims to demonstrate that developing rootkits for devices running Cisco IOS doesn't require advanced knowledge or the resources of a nation state.

Top News

1 day ago They're baaaack! Verizon's zombie cookies to track users across massive AOL ad network

IT Toolbox Blogs View Synopsis+1
Verizon and it?s ?Limited? use of personal information They?re baaaack! Verizon's zombie cookies to track users across massive AOL ad network

1 day ago Soviet Spying on US Selectric Typewriters

Schneier blog View Synopsis+1

In the 19980s, the Soviet Union bugged the IBM Selectric typewriters in the U.S. Embassy in Moscow. This NSA document discusses how the US discovered the bugs and what we did about it. Codename is GUNMAN.

Is this the world's first keylogger? Maybe.

1 hour ago Report: The top tech trends impacting the enterprise

TechRepublic View Synopsis+1
A recent Deloitte survey found that security, cloud, and analytics are growing in importance among mid-market businesses. Here are some of the highlights from the report.

19 minutes ago E*Trade, Dow Jones: 7 Breach Lessons

InfoRiskToday View Synopsis+1
Why Fraudsters Target Personally Identifiable InformationNewly discovered breaches at E*Trade Financial and Dow Jones highlight hackers' increasing attempts to steal, sell and utilize personal information. Security experts describe PII's value for fraudsters and scammers and offer lessons learned from these and other incidents.

8 minutes ago Dick Daniels' Path From Interim To Permanent CIO Of Kaiser Permanente

Forbes View Synopsis+1
In early 2015, when Dick Daniels took on the role of Executive Vice President and Chief Information Officer of Kaiser Permanente, he did so on an interim basis. He had been a senior vice president with the company since 2008, and as such, was a known commodity. As he notes [...]

19 hours ago Cops Don't Need a Crypto Backdoor to Get Into Your iPhone

WIRED View Synopsis+1

The White House has denied the FBI's pleas for an encryption backdoor. But don't forget that feds can still sneak in through the window.

The post Cops Don't Need a Crypto Backdoor to Get Into Your iPhone appeared first on WIRED.

1 day ago Devaluing data: Payment card data

SC Magazine View Synopsis+1
Payment card breaches continue to plague retail and online operations here in the United States, while in Europe and many Asian countries the situation is less a concern owing primarily to the use there of chip cards rather than the magnetic stripe technology ingrained into U.S. operations.

Latest News

2 hours ago Researcher messes up Wi-Fi with an rPi and bargain buy radio stick

The Register View Synopsis+1
Putrid Piper picked apart a packet for just $15

KU Leuven Phd student Mathy Vanhoef has smashed conventional wireless security thought by creating continual, targeted and virtually indefensible stealth jamming of WiFi, Bluetooth, and Zigbee networks, and tampering with encrypted traffic, with little more than a $15 dongle.

35 minutes ago Shonky securo-nightmare NHS apps library finally binned

The Register View Synopsis+1
But new incarnation will be released with more 'rigorous standards', we're told

The NHS' security-flawed Apps Library has been shelved, following widespread criticism of the site.

52 minutes ago Cybereason Closes $59 Million Funding Round

SecurityWeek View Synopsis+1

Cybereason, a Cambridge, Mass.-based provider of threat detection solutions, announced on Tuesday that it has closed a $59 million Series C funding round led by SoftBank.

2 hours ago Eastern European Hackers Blamed for America's Thrift Stores Breach

SecurityWeek View Synopsis+1

America's Thrift Stores informed customers on Friday that their payment card details might have been stolen by a piece of malware planted on the company's systems by cybercriminals allegedly located in Eastern Europe.

2 hours ago "‹Android security a 'market for lemons' that leaves 87 percent vulnerable

ZDNet View Synopsis+1
New research finds that some Android device makers need to do a lot more to protect smartphone owners from old security bugs.

4 hours ago AP Exclusive: Clinton server's software had hacking risk

Yahoo Security View Synopsis+1

WASHINGTON (AP) - The private email server running in Hillary Rodham Clinton's home basement when she was secretary of state was connected to the Internet in ways that made it more vulnerable to hackers, according to data and documents reviewed by The Associated Press.

4 hours ago How to Teach Your Team to be Kind

IT Toolbox Blogs View Synopsis+1

Recently we discussed how kindness leads to connection and how connection or affiliation is a motivator for some of your team members.  While NOT everyone on your team is motivated by affiliation, those who are can in turn motivate others by supporting them by recognizing their accomplishments.



6 hours ago Australian data breach notification laws will not be passed in 2015: Brandis

ZDNet View Synopsis+1
The Australian Attorney-General has ruled out the passage of any laws to legislate for data breach notification for this year, with the government only intending to introduce such legislation.

6 hours ago How to protect your connected home and Internet of Things devices

ZDNet View Synopsis+1
ZDNet provides a number of tips to protect the IoT devices installed in your smart home.

7 hours ago Faked NatWest, Halifax bank sites score REAL security certs

The Register View Synopsis+1
Netcraft wonders if CAs are taking verification rules seriously

UK Banks Halifax and NatWest are among organisations targeted by fake sites that have won SSL certificates from certification authorities (CAs).

7 hours ago China professor in U.S. spy case accuses U.S. of discrimination

Yahoo Security View Synopsis+1
A Chinese professor charged in the United States with economic espionage said Chinese scholars and engineers in the United States face discrimination and "absurd" suspicions by the government that they are stealing technologies. Zhang Hao of Tianjin University told the state-backed Global Times in remarks published on Monday that the U.S. government had unfairly accused him and other Chinese nationals who work or attend school in the United States of stealing sensitive technology. Zhang was one of six Chinese nationals charged by the U.S. government in May with economic espionage.

9 hours ago Google Joins Funding Round for Secure Messaging Service Symphony

SecurityWeek View Synopsis+1

Symphony, a financial industry messaging startup, announced Monday that it has raised $100 million in a new round of funding from backers that included Google.

An encrypted messaging platform launched by the year-old company has become a fast-growing rival to a service offered by Bloomberg.

9 hours ago Missing the Mark

IT Toolbox Blogs View Synopsis+1

For the last 3 months, I've been mentally writing the post that would announce that I am back on track with my fitness plan for the year.  It was a matter of great joy to contemplate the title and the image I'd selected.


This is not that post.


In fact, this is the opposite of that post.  This is the post where I formally conceed that I will

10 hours ago Top tips to prevent patient information breach

IT Toolbox Blogs View Synopsis+1

Both medical professionals and patients today are vulnerable to data security breaches. But in the worst case scenarios, it is mishandling of patient data by those same medical professionals that can cause an information breach. For this reason,