Threat Level: green Handler on Duty: Daniel Wesemann

SANS ISC InfoSec News Summary

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

13 hours ago EDI: What is it and why is it fast becoming a must-have in businesses?

IT Toolbox Blogs View Synopsis+1
Learn the basics of EDI (Electronic Data Interchange) and why enterprises are quickly implementing EDI solutions to comply with large retailers.

11 hours ago Government Grade Malware Used in Criminal Attacks (July 17 & 18, 2014)

SANS Newsbites View Synopsis+1

Researchers at Sentinel Labs say that "government grade malware," originally created for espionage purposes, is in the hands of people with malicious intent, who are incorporating the malware's strengths into rootkits and ransomware.......

11 hours ago Court Orders to Block The Pirate Bay are Ineffective (July 19, 2014)

SANS Newsbites View Synopsis+1

Traffic to The Pirate Bay site has doubled since 2011, even though courts in several countries have ordered Internet service providers (ISPs) to block the site and its founders have been sentenced to prison for various offenses.......

11 hours ago Goodwill's goodwill rocked as Feds probe bank card hacking scam

The Register View Synopsis+1
We think we're safe, insists non-profit

American charity Goodwill is being investigated by US federal authorities as the possible ground zero for a major debit and credit card security breach. But the company says it thinks it's in the clear.

Top News

7 hours ago Wireless Security For CRM

IT Toolbox Blogs View Synopsis+1

The most common method for CRM users in the field to connect with their offices is via the internet. Unfortunately one of the most common methods of connecting with the internet from the field is WiFi wireless communication. That's unfortunate because most WiFi connections aren't secure and susceptible to electronic easedropping.


It doesn't have to be that way. With a little

6 hours ago New York to announce arrests made in international hacking case

Yahoo Security View Synopsis+1
New York's district attorney said the city will announce arrests and criminal charges on Wednesday in a major international hacking case that spans from Russia to New York. Manhattan District Attorney Cyrus Vance will make the announcement with the Royal Canadian Mounted Police, the City of London Police and the U.S. Secret Service, according to a release that gave no further details. A spokeswoman for the District Attorney's office declined to comment or reveal more information about the case ahead of the announcement.

5 hours ago Android ransomware demands 12x more cash, targets English-speakers

The Register View Synopsis+1
FBI child-abuse warning shake-down gets more sophisticated

Cybercrooks have further refined a strain of file-infecting ransomware that infects Android smartphones so that it targets English speakers and is more difficult to remove.

1 day ago BRS Labs to Host SCADA Control Systems Event in Conjunction with SANS Security Training

Yahoo News View Synopsis+1
Behavioral Recognition Systems, Inc. , creator of AISight®, the artificial intelligence analytics solution that teaches itself to recognize and alert on unexpected patterns within massive volumes of sensor data, announced today that it is hosting a SCADA control systems event in conjunction with the SANS Industrial Control Systems training this week.

16 hours ago Securing the Nest Thermostat

Schneier blog View Synopsis+1

A group of hackers are using a vulnerability in the Next thermostat to secure it against Nest's remote data collection.

14 hours ago "Password Storage Mistakes"

Appsec Streetfighter Blog View Synopsis+1
Steve Kosten is an instructor with the SANS Institute for DEV541: Secure Coding in Java/JEE. Password Storage MistakesI was visiting a web site recently that I haven't visited in many, many years. I tried a few old passwords I used to use before I started using a password storage system, but no luck. I was defeated. Barred from entry into this site. But wait, they have a "Forgot Password" link; knowing I will soon have entry into the site, I confidently click on that link (after entering what I believe my username is). Boom, a few seconds later, I have an email from this web site that I will not name. Opening the email, there it was. The password I had created from ages ago. Head-slap.The head slap wasn't for me forgetting my password; what were the developers of this site doing storing MY PASSWORD in clear text??!! Where anyone with ...

Latest News

14 minutes ago I was agile before agile was cool!

IT Toolbox Blogs View Synopsis+1
I was just doing some random searching of the internet just for fun. You know, the kind of thing you do when you are bored and have the time to just start a search (either with Bin or Google) and then click on various links as you find them. Well, as I was doing so, I encountered some definitions for "DevOps" which led me to a link to the Manifesto for Agile Software Development. When I went _there_

51 minutes ago Attackers raid SWISS BANKS with DNS and malware bombs

The Register View Synopsis+1
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts

Attackers suspected of residing in Russia are raiding Swiss bank accounts with a multi-faceted attack that intercepts SMS tokens and changes domain name system settings, researchers have warned.

2 hours ago StubHub was victim of cyber fraud ring; arrests to be announced

Yahoo Security View Synopsis+1
By Deepa Seetharaman and Jim Finkle SEATTLE/BOSTON (Reuters) - eBay Inc's StubHub online ticket resale service said it was the victim of a massive international cyber fraud ring, the details of which authorities plan to disclose on Wednesday as they announce arrests in the case. StubHub's head of global communications, Glenn Lehrman, told Reuters late on Tuesday that his firm has been working with law enforcement around the world for the last year on the case. Lehrman said he could not say how much money was involved or how many people were being charged ahead of announcements planned by authorities in several countries on Wednesday. Fraudulent charges were posted after hackers obtained user credentials by hacking into other sites, then used them to log in StubHub, he said.

4 hours ago EFF looses Privacy Badger to munch cookies and scripts

The Register View Synopsis+1
Furry and furious browser-protector aims to improve online privacy

Chrome and Firefox users can get a better handle on who is tracking their browsing, with the EFF releasing its Privacy Badger browser plug-in to public beta.

4 hours ago AP source: Thieves got into 1K StubHub accounts

Yahoo Security View Synopsis+1
NEW YORK (AP) - A law enforcement official and online marketplace StubHub say cyber thieves got into more than 1,000 customers' accounts and fraudulently bought tickets for events.

7 hours ago What Salesforce's Partnership with Microsoft Means for Businesses

IT Toolbox Blogs View Synopsis+1 and Microsoft Corporation, competitors in the cloud and customer relationship management (CRM) markets, have not exactly been on the warmest of terms over the past decade. Salesforce chief executive officer (CEO) Marc Benioff, known for his blunt demeanor, is on the record as recently as January

11 hours ago Second-hand Aloha Point-of-Sale Terminal Contains Sensitive Data (July 18, 2014)

SANS Newsbites View Synopsis+1

A Hewlett Packard malware researcher bought a used Aloha point-of-sale (POS) terminal on eBay for US $200.......

11 hours ago Dark Mail Project Seeks to Hide Metadata from Snoops (July 18, 2014)

SANS Newsbites View Synopsis+1

An email privacy project called Dark Mail aims to hide users' communications metadata, information the NSA has been collecting wholesale for years.......