Threat Level: green Handler on Duty: Rick Wanner

SANS ISC Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

1 day ago Massive SIM card hack might have been too sophisticated to be caught in time

Yahoo Security View Synopsis+1
A new Snowden leak a few days ago revealed that the NSA and GCHQ conducted a complex hack operation that focused on obtaining the secure encryption keys that protect mobile communications in devices with SIM cards. A subsequent report revealed that the goal of spy agencies might have been a lot bigger, as they may have been hunting for other security keys that would let them deploy spyware on any mobile device with a SIM card inside, and users would have no idea that anything had happened. FROM EARLIER: Gemalto confirms hack, but denies massive SIM keys theft Gemalto acknowledged the hack, but downplayed it, saying it couldn't have resulted in a mass-theft of SIM card keys. The company also said that

2 days ago Mozilla Firefox 36 Patches Critical Security Issues

SecurityWeek View Synopsis+1

Mozilla patched multiple critical security vulnerabilities in the latest version of its Firefox browser.

1 day ago China drops leading tech brands for certain state purchases

Yahoo Security View Synopsis+1

By Paul Carsten BEIJING (Reuters) - China has dropped some of the world's leading technology brands from its approved state purchase lists, while approving thousands more locally made products, in what some say is a response to revelations of widespread Western cybersurveillance. Others put the shift down to a protectionist impulse to shield China's domestic technology industry from competition. The lists cover smaller-scale direct purchases of technology equipment, and central government bodies can only buy items not on the list as part of a competitive tender process. Chief casualty was U.S. network equipment maker Cisco Systems Inc, which in 2012 counted 60 products on the Central Government Procurement Center's (CGPC) list, but had none left by late 2014, a Reuters analysis of official data shows.

1 day ago TalkTalk admits massive data breach

The Register View Synopsis+1
Noticed an increase in scamming late last year

TalkTalk has admitted to a major breach of user information, which may have led to some customers handing over bank information to hackers.

Top News

1 hour ago NEWS ALERT: Uber says info on 50K drivers exposed, files suit

SC Magazine View Synopsis+1
The car service says a database was breached in May 2014 by an unauthorized third party.

1 day ago Attackers Use Phishing Emails, Exploits to Hijack Routers

SecurityWeek View Synopsis+1

Cybercriminals have been hijacking the Internet connections of users in Brazil by modifying Domain Name System (DNS) settings in their routers, researchers at Proofpoint reported on Thursday.

7 hours ago Security Assumptions and the Real World

IT Toolbox Blogs View Synopsis+1
Seeing a locked gate or door is not enough to accept safety. All of us must begin asking questions, looking beyond what we want to see: controls that make us feel safe: like a properly configured firewall that does nothing to stop the implementation of advanced malware?

6 hours ago 50,000 Uber driver names, license plate numbers exposed in a data breach

ArsTechnica View Synopsis+1
Breach was discovered last year, database was accessed in May.

22 hours ago Congress Averts DHS Partial Shutdown

InfoRiskToday View Synopsis+1
Lamakers Fund the Department for Seven DaysCongress, at the 11th hour, passed a bill to fund the Department of Homeland Security for the next seven days, averting for now a partial shutdown that would have curtailed some cybersecurity programs.

20 hours ago Uber Suffers Data Breach Affecting 50,000

Forbes View Synopsis+1
On Friday February 27th the popular car service, Uber, made it known that they had suffered a data breach on May 13th 2014. The breach itself wasn't discovered until September 17, 2014 and the notification only went out just a few hours ago. I'm fairly certain that it is Friday [...]

1 day ago Zero Day Weekly: Superfish attacks, FBI GameoverZeus bounty, Komodia in Lavasoft

ZDNet View Synopsis+1
A collection of notable security news items for the week ending February 27, 2015. Covers enterprise, controversies, application and mobile security, malware, reports and more.

1 day ago How To Sabotage Encryption Software (And Not Get Caught)

WIRED View Synopsis+1

When crypto researchers set out to discover the best way to undermine encryption software, they did so believing it would help them eradicate backdoors in the future. Here's what they found.

The post How To Sabotage Encryption Software (And Not Get Caught) appeared first on WIRED.

1 day ago Debian security initiative for reproducible builds reaches milestone

TechRepublic View Synopsis+1
A Debian initiative for reproducible builds sheds light on the least transparent part of the open source development process. Find out what's been completed in this security project.

1 day ago FCC Passes Net Neutrality Rules (February 26, 2015)

SANS Newsbites View Synopsis+1

The US Federal Communications Commission (FCC) has passed net neutrality rules, which include reclassifying broadband as a telecommunications service; prohibiting broadband providers from throttling or speeding up connections for a fee; and prohibiting providers from making paid prioritization deals.......

1 day ago <i>Data and Goliath</i> Book Tour

Schneier blog View Synopsis+1

Over the next two weeks, I am speaking about my new book -- Data and Goliath, if you've missed it -- in New York, Boston, Washington, DC, Seattle, San Francisco, and Minneapolis. Stop by to get your book signed, or just to say hello.

1 day ago Cyber Intelligence: Defining What You Know

Dark Reading View Synopsis+1
Too often management settles for security data about things that are assumed rather than things you can prove or that you know are definitely wrong.

Latest News

5 hours ago Selecting Reliable Disk Systems

IT Toolbox Blogs View Synopsis+1
Over the last few years disk drives have become more reliable. Still, they do occasionally fail, and you need to be prepared for that eventuality. You have numerous choices of interfaces, drive capacities and fault-tolerant configurations.   W...

8 hours ago TalkTalk 'fesses up to MEGA data breach

The Register View Synopsis+1
Noticed an increase in scamming late last year

TalkTalk has admitted to a major breach of sensitive user information, which may have led to some customers handing over bank data to hackers.

9 hours ago TalkTalk 'fesses up to MASSIVE data breach

The Register View Synopsis+1
Noticed an increase in scamming late last year

TalkTalk has admitted to a major breach of sensitive user information, which may have led to some customers handing over bank information to hackers.