Threat Level: green Handler on Duty: Guy Bruneau

SANS ISC: Information Security News - Internet Security | DShield Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

1 day ago Fruity hacking group juiced by Microsoft's October patch parade

The Register View Synopsis+1
Get your patching done, people, this Font-borne bug is being actively exploited

Kaspersky Labs researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week.

1 day ago NSA Contractor's Alleged Theft 'Breathtaking'

InfoRiskToday View Synopsis+1
Government Argues Harold T. Martin III Should Stay in Jail Until TrialU.S. government prosecutors want former NSA contractor Harold T. Martin III detained until trial, fearing that the highly classified information he allegedly collected - and knows - might leak and pose a risk to national security.

2 days ago U.S. vote authorities warned to be alert to Russian hacks faking fraud: officials

Yahoo Security View Synopsis+1

U.S. intelligence and law enforcement officials are warning that hackers with ties to Russia's intelligence services could try to undermine the credibility of the presidential election by posting documents online purporting to show evidence of voter fraud. The officials, who spoke on condition of anonymity, said however, that the U.S. election system is so large, diffuse and antiquated that hackers would not be able to change the outcome of the Nov. 8 election.

1 day ago Hacking the US Presidential Election: Evaluating the Threats

InfoRiskToday View Synopsis+1
Experts evaluating the likelihood of a hack to alter votes in this year's American presidential election highlight the latest edition of the ISMG Security Report. Also, U.S. federal regulators propose new cybersecurity rules for big banks.

1 day ago Pentagon to Launch More Bug Bounty Programs

SecurityWeek View Synopsis+1

Following the success of the "Hack the Pentagon" program, the U.S. Department of Defense has decided to continue to test its websites and networks for cybersecurity vulnerabilities using crowdsourced experts.

Top News

1 day ago Cyberattacks on key internet firm disrupt internet services

Yahoo Security View Synopsis+1
Withering cyberattacks on server farms of a key internet firm repeatedly disrupted access to major websites and online services including Twitter, Netflix and PayPal across the United States on Friday. ...

21 hours ago IoT Security Is A Mess That Will Take An Age To Fix

Forbes View Synopsis+1
The IoT security nightmare will take an age to fix, and we may not have that long.

20 hours ago Russian Indicted for Breach of Three Silicon Valley Companies

InfoRiskToday View Synopsis+1
Suspect Said to Have Targeted LinkedIn, Dropbox and FormspringAuthorities say Yevgeniy Aleksandrovich Nikulin stole credentials from a LinkedIn employee and used them to breach the social networking firm in 2012, in which well over 100 million members' passwords were exposed.

12 hours ago Pacemaker maker St Jude faces new security flaw claims from biz short-selling its stock

The Register View Synopsis+1
This is not the way to get vulnerabilities fixed

Security startup MedSec and the financial house backing the biz have published new allegations of security flaws in pacemakers and defibrillators built by St Jude Medical - and again look set to profit from the disclosures in an unorthodox way.

6 hours ago After massive cyberattack, shoddy smart device security comes back to haunt

ZDNet View Synopsis+1
Almost everyone affected by the cyberattack had a part to play - from shipping shoddy devices to a consumer apathy towards security.

1 day ago "Most serious" Linux privilege-escalation bug ever is under active exploit (updated)

ArsTechnica View Synopsis+1
Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.

1 day ago IBM and SBI Securities test bond trading on the blockchain

TechRepublic View Synopsis+1
SBI Securities will adopt the Hyperledger Fabric and work with IBM to test the application of blockchain technology for operational processes and security around bond trading.

1 day ago How To Attract and Retain 'Cyber Ninjas': High Pay Is Not the Top Requirement(October 19, 2016)

SANS Newsbites View Synopsis+1

For seasoned cybersecurity professionals, motivation for sticking with their current jobs doesn't mean big management promotions or higher salaries, a new Center for Strategic and International Studies (CSIS) report finds.......

1 day ago "Continuous Integration: Live Static Analysis with Roslyn"

Appsec Streetfighter Blog View Synopsis+1
Early in 2016, I had a conversation with a colleague about the very, very limited free and open-source .NET security static analysis options. We discussed CAT.NET, which released back in 2009 and hasn't been updated since. Next came FxCop, which has a few security rules looking for SQL Injection and Cross-Site Scripting included in the … Continue reading Continuous Integration: Live Static Analysis with Roslyn

Latest News

6 hours ago Yesterday's massive Internet outage was caused by hijacked DVRs, webcams and more

Yahoo Security View Synopsis+1
Hackers yesterday attacked Dyn, a major DNS service, with an absolutely massive DDoS attack that swiftly took a number of popular services, including Twitter, PayPal and Spotify, offline. While DDoS attacks are nothing new in and of themselves, there are two aspects to yesterday's widespread assault on the Internet that are particularly intriguing. One, the scale and effectiveness of yesterday's DDoS attack was impressive and brutal. All the more so because just when Dyn had seemingly addressed the issue, the actors behind the attack would launch another deluge of garbage requests. Two, the malware behind yesterday's DDoS attack was effectively a botnet comprised of millions of Internet connected devices, from DVRs and routers to CCTV cameras. In other words, yesterday's attack saw our vaunted Internet of Things  turned against us in an unprecedented way. DON'T MISS:  Everything we know about Apple's exciting next-gen MacBook Pro Security researcher Brian Krebs has been monitoring the situation closely and notes that the attack was orchestrated by the Mirai malware. You might recall that Mirai's source code was released  just a few weeks ago. Krebs details how Mirai works and why it's so effective. Mirai scours the Web for IoT devices protected by little more than factory-default usernames and passwords, and then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users. According to researchers at security firm Flashpoint, today's attack was launched at least in part by a Mirai-based botnet. Allison Nixon, director of research at Flashpoint, said the botnet used in today's ongoing attack is built on the backs of hacked IoT devices - mainly compromised digital video recorders (DVRs) and IP cameras made by a Chinese hi-tech company called XiongMai Technologies. The components that XiongMai makes are sold downstream to vendors who then use it in their own products. According to Dyn, the incident was officially resolved as of yesterday evening. Developing...

8 hours ago Hacked Cameras Were Behind Friday's Massive Web Outage

Forbes View Synopsis+1
A coordinated attack on DNS host Dyn caused Twitter, Netflix, Amazon and other websites to go down.

9 hours ago Attacks on the internet keep getting bigger and nastier

Yahoo Security View Synopsis+1
NEW YORK (AP) - Could millions of connected cameras, thermostats and kids' toys bring the internet to its knees? It's beginning to look that way.