Web based attacks are on the rise, and the most exploited vulnerabilities are often not the newest (Symantec Corporation, 2013).
6 days agoImproving Cyberthreat Info SharingInfoRiskToday 0 Comments+1 if you find this useful, interesting or important!
Federal Prosecutor Highlights Key Steps
To improve cyberthreat and cybercrime information sharing, law enforcement officials and business leaders need to develop better working relationships, says federal prosecutor Erez Liebermann.
BETHESDA, Md., Dec. 2, 2013 /PRNewswire-USNewswire/ --Â SANS announces results of its 2013 mobile security policy and management survey in which 576 IT professionals answered questions about the use of employee-owned devices within their organizations (termed bring your own device or BYOD), awareness and concerns over risk, and how they are (or are not) managing this risk. The survey was ...
The new wave of continuous security monitoring solutions bring together views of security-related data that are often in different silos throughout the organization.
According to documents leaked to the Washington Post, the NSA logs nearly five billion mobile phone location records every day.......
We'll challenge NSA-shielding gag orders, thunders Redmond's top legal eagle
Microsoft has detailed a three-pronged plan to encrypt customer data, improve transparency and fight harder in the courts not to have to hand over your data. The new plan is designed to restore customer trust after revelations of government snooping.
SINET conference flags 16 security startups to watch, but they are just the tip of the iceberg, experts say
With Twitter going public last month, investors may be looking for the next Silicon Valley company to assume the mantle of the region's next hot tech firm.
2 days agoHIPAA Disclosures Rule Revamp EndorsedInfoRiskToday 0 Comments+1 if you find this useful, interesting or important!
Federal Advisers Spell Out Revisions
The Department of Health and Human Services should make several revisions in its plans for a revamp of the HIPAA accounting of disclosures rule and conduct pilot tests before implementing a final rule, an advisory panel recommends.
STOCKHOLM - Sweden has provided the US with "unique" intelligence on Russia's leadership, according to new documents leaked by US fugitive Edward Snowden and revealed Thursday by Swedish public broadcaster SVT.
Marketing hype about how 801.11ac will benefit users obscures the true gains we'll see with the new wireless standard.
An international arms control regime is planning to create export controls for some software security tools on the grounds that they might be used for nefarious purposes.
I was lucky to be allowed to present about how to use HTML5 to improve security at the recent OWASP APPSEC USA Conference in New York City. OWASP now made a video of the talk available on YouTube for anybody interested.http://www.youtube.com/watch?v=fzjpUqMwnoI
Abundance of memory
DB2 uses blocks of memory for storing table and index data read from disk. These blocks or areas are called virtual pools. The DBA defines the sizes of these areas in DB2 configuration parameters; then, in table and index definitions, identifies which pools are used by which objects.
With an abundance
Free, unencrypted Wireless Access Points (WAPs) have proliferated and are now found in various locations including restaurants, libraries, schools, hotels, airports, etc.
There are always ways to improve the already outstanding security in the Firefox browser with add-ons.
Banking and financial services holding company JPMorgan Chase is alerting 465,000 prepaid cash cardholders that their personal information may have been compromised by hackers.
JPMorgan Chase & Co. has said they plan to issue breach notifications to nearly 500,000 customers, or two percent of the bank's 25 million UCard users, after hackers breached their network in July. However, because there's no evidence that funds were stolen, the bank will not issue replacement cards.
1 hour agoHere's a hosts file template to block thousands of shock sites, drive by malware and hijack sites.Reddit 0 Comments+1 if you find this useful, interesting or important!
The e-signature market is still in its infancy. According to Adobe, less than 10% of contracts in North America are signed electronically. But given the huge cost advantage and the security that e-signatures offer, it is high time businesses explore this product.
3 hours agoWhat's all the fuss about Bitcoins?IT Toolbox Blogs 0 Comments+1 if you find this useful, interesting or important!
Bitcoins have been hailed as everything between a new international currency and a bubble waiting to burst. You can earn these virtual coins and you can use them to buy real-life items such as cars. But where did they come from? How are they being used? Do you want them? Let?s see whether we can answer any of these questions.
14 hours agoApple Loop: A Mandela Tribute, China Mobile Deal Nears, iBeacon Turned On, No iPhone for President ObamaForbes 0 Comments+1 if you find this useful, interesting or important!
Keeping you in the loop around some of the things that happened around Apple this week.
15 hours agoStealthy Peer-to-peer C&C over SMB pipesReddit 0 Comments+1 if you find this useful, interesting or important!
The cellular giant says any such co-operation with the U.S. government in its mass surveillance operations would almost certainly be classified, despite concerns from shareholders.
The maker of a popular flashlight app for Android phones has agreed to settle charges brought by the Federal Trade Commission that it left consumers in the dark about its data-sharing practices.
Apple is taking a closer look at shoppers in its retail stores, under a new program that will push product-related information to their mobile devices using its iBeacon trackers.
By Michael Martina BEIJING (Reuters) - Australian Foreign Minister Julie Bishop downplayed tensions over China's controversial air defense zone, which has also rankled the United States, Japan and South Korea, after meeting her Chinese counterpart on Saturday. "Australia is concerned that there be peace and stability in our region and we don't want to see any escalation of the tensions," Bishop told reporters following four hours of talks with Chinese Foreign Minister Wang Yi. It is in our interests, and indeed in the interests of a number of countries in our region, that there be peace and stability in the East China Sea, the South China Sea, and the region more generally." Bishop said discussion of the ADIZ only took up a "small proportion" of time in talks with Chinese leaders. "Australia's words and actions on the issue of China's air defense zone have damaged the mutual trust between the two sides," state news organization Xinhua reported Wang as saying.
Thanksgiving is over, and we're already deep into December. It's time for a look back at all the blunders, catastrophes, epic fails and major screw-ups of 2013.
"Internet link" targeting suspect's Yahoo account used to track his Web movements.
By Dan Levine SAN FRANCISCO (Reuters) - A group of 13 defendants who had been charged in a cyber attack on PayPal's website pleaded guilty and admitted to the December 2010 attack over PayPal's suspension of WikiLeaks accounts. Following the release of a large amount of classified documents by WikiLeaks, PayPal suspended its accounts so that the anti-secrecy website could no longer receive donations. In retribution, the group "Anonymous" coordinated and executed denial-of-service attacks against PayPal. EBay's PayPal unit is a service that facilitates the electronic transfer of money between parties.
Nearly two million people have had to change their passwords to social networking sites, email services and even a payroll provider after researchers found their credentials on a server controlled by cyber thieves two weeks ago. And that theft may be just the tip of the iceberg.
Open source framework lets admins homebrew their own tools
Facebook and Etsy have teamed-up to develop and publish as open source a security tool for Apple's Macs, following similar moves by Google.
Microsoft, Law Enforcement, Others Target ZeroAccess
The partial takedown of ZeroAccess, one of the world's largest botnets, is an example of the role that collaboration between business and law enforcement can play in battling cybercrime.
Users looking to find out whether their accounts were compromised in recent major breaches, including Adobe's, can check through haveibeenpwned.com.
Banking fraud scheme funneled 70m rubles to crooks
The Russian government has charged a group of people with organized crime offenses related to the creation and use of the Blackhole malware kit.
Russian prosecutors confirm arrests connected to BlackHole Exploit kit.
An Android vulnerability that allows a rogue app to remove all existing securities activated by a user of the popular mobile operating system was discovered by researchers in Berlin.
The weird squid-like creature floating around Bristol Harbour is a hoax.
As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.
Research paper offers security advice for application developers for cloud environments
1 day agoNew Book: <i>Carry On</i>Schneier blog 0 Comments+1 if you find this useful, interesting or important!
I have a new book. It's Carry On: Sound Advice from Schneier on Security, and it's my second collection of essays. This book covers my writings from March 2008 to June 2013. (My first collection of essays, Schneier on Security, covered my writings from April 2002 to February 2008.)
There's nothing in this book that hasn't been published before, and nothing you can't get free off my website. But if you're looking for my recent writings in a convenient-to-carry hardcover-book format, this is the book for you.
I'm also happy with the cover.
The Kindle and Nook versions are available now, and they're 50% off for some limited amount of time.
Unfortunately, the paper book isn't due in stores -- either online or brick-and-mortar -- until 12/27, which makes it a pretty lousy Christmas gift, though Amazon and B&N both claim it'll be in stock there on December 16. And if you don't mind waiting until after the new year, I will sell you a signed copy of the book here.
Suggestions for a title of my third collection of essays, to be published in five-ish years, are appreciated.
1 day agoInternet Traffic Deliberately Re-routed by Manipulating Border Gateway Protocol (December 3 & 5, 2013)SANS Newsbites 0 Comments+1 if you find this useful, interesting or important!
Earlier this year, researchers noticed that Internet traffic was being deliberately rerouted through Belarus and Iceland.......
Researchers found a server containing login credentials for at least two million user accounts.......
Distributed-denial-of-service attacks are a growing cause of costly data center outages, according to a new study.
1 day agoA Virus Of Biblical DistortionsDark Reading 0 Comments+1 if you find this useful, interesting or important!
Taking a second look at the Stuxnet 'myrtus' text string
As part of my project comparing IaaS services, I tested Google Compute Engine and also compared it to AWS. Here are the results.
1 day agoMobile Security: Contain the ThreatsInfoRiskToday 0 Comments+1 if you find this useful, interesting or important!
Moka5's Ian McWilton on How to Improve Security, User Satisfaction
Mobile security is no longer about managing devices, says Ian McWilton of Moka5. The real trick is to secure corporate assets through containerization solutions that reduce costs and improve user experience.
We also offer the following RSS Feeds:
- ISC Diaries (headline + first sentence)
- ISC Diaries with content (headline + full content)
- Security News Feeds (same as the 'Last 20' list here)
- Security News feed selected and rated by the handlers
We do collect a number of security related news feeds in this page. To suggest additional news sources or suggest other changes, use our contact form. We try hard to keep the feeds RSS, XML, CSS, RFC, IETF, ISO, DIN, TüV, ANSI compliant, but may fail occasionally. Let us know if things don't work for you and we may fix it.