Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Information Security News - Internet Security | DShield Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

1 day ago Botnet of >145k cameras reportedly deliver Internet's biggest DDoS ever

ArsTechnica View Synopsis+1
Once unthinkable, 1 terabit attacks may soon be the new normal.

1 day ago D-Link DWR-932 B owner? Trash it, says security bug-hunter

The Register View Synopsis+1
More than 20 vulns in SOHOpeless LTE gateway

If you've got a D-Link DWR-932 B LTE router, you might want to fire it into the sun - or hope that a firmware upgrade lands soon.

1 day ago Clinton vows to retaliate against foreign hackers

Yahoo Security View Synopsis+1

Hillary Clinton is vowing anew to respond to foreign hacking the same as any other attack against the United States. When she openly blamed Russia for recent U.S. cyber break-ins, Donald Trump wondered ...

1 day ago Yahoo attack not 'state-sponsored,' researchers claim

ZDNet View Synopsis+1
InfoArmor says that not only was customer data sold in the underground, but the damage is far more extensive than reported.

1 day ago Brandis swings his golden hammer, misses mark

ZDNet View Synopsis+1
Criminalising the re-identification of de-identified government data will hinder legitimate researchers and do nothing to improve citizens' privacy.

Top News

13 hours ago iPhone exploit bounty surges to an eye-popping $1.5 million

ArsTechnica View Synopsis+1
Zerodium triples price for iOS exploits, doubles Android bounties to $200,000.

12 hours ago Want to make US$1.5m this weekend? Just jailbreak iOS

The Register View Synopsis+1
Zerodium triples iOS exploit bounty to $1.5M, doubles 'droid to $200k

Exploit broker Zerodium has tripled its bug bounty for a remote iOS 10 jailbreak vulnerability to US$1.5 million.

8 hours ago Brandis re-identification law proposal slammed

ZDNet View Synopsis+1
While Health Minister Sussan Ley has apologised for the breach in de-identified medical data, Australia's Attorney-General has come under fire for 'rushing' through legislation.

6 hours ago Samsung slammed by Chinese state TV over Note 7 recall 'discrimination'

Yahoo Security View Synopsis+1

By Sijia Jiang HONG KONG (Reuters) - Chinese state broadcaster CCTV has slammed South Korean tech giant Samsung Electronics Co for what it said was "discrimination" against China consumers in its handling of a global recall of Galaxy Note 7 smartphones to replace batteries. In a commentary piece posted on its website on Thursday evening, CCTV said Samsung's behavior in China after the Sept. 2 recall of 2.5 million phones was "full of arrogance". CCTV said a video apology Samsung issued to U.S. consumers, along with various replacement options and compensation, was in stark contrast to its treatment of those in China, where the company issued a brief statement saying most phones didn't need to be replaced.

5 hours ago Tofsee Malware Distribution Switched From Exploit Kit to Spam

SecurityWeek View Synopsis+1

The RIG exploit kit recently stopped distributing Tofsee and cybercriminals have decided to use the botnet's own spamming capabilities to deliver the malware, Cisco's Talos team reported on Thursday.

4 hours ago Why Cybercrime Is On the Rise; Update on Threat Info Sharing

InfoRiskToday View Synopsis+1
The latest ISMG Security Report leads off with a discussion with DataBreachToday Executive Editor Mathew J. Schwartz on why online cybercrime is growing. Also, the latest status of the U.S. government's cyberthreat information sharing initiative.

7 minutes ago Who Is At Fault For A Security Breach?

Forbes View Synopsis+1
Changing roles as security goes the way of the cloud revolution

1 day ago Security: It might not be the outside world that's the largest threat to businesses

TechRepublic View Synopsis+1
A new report reveals that one in three businesses experienced an insider attack in the past year. More devices with more access are putting sensitive info in the hands of everyone: Spies included.

17 hours ago PORTKnockOut: Data Exfiltration via Port Knocking over UDP

SANS Reading Room View Synopsis+1
Data Exfiltration is arguably the most important target for a security researcher to identify. The seemingly endless breaches of major corporations are done via channels of various stealth, and an endless array of methods exist to communicate the data to remote endpoints while bypassing Intrusion Detection Systems, Intrusion Prevention Systems, firewalls, and proxies. This research examines a novel way to perform this data exfiltration, utilizing port knocking over User Datagram Protocol. It focuses specifically on the ease at which this can be done, the relatively low signal to noise ratio of the resultant traffic, and the plausible deniability of receiving the exfiltration data. Particular attention is spent on an implemented Proof of Concept, while the complete source code may be found in the Appendix.

Latest News

7 minutes ago Cisco Forgets to Remove Testing Interface From Security Appliance

SecurityWeek View Synopsis+1

Cisco inadvertently introduced a critical vulnerability in its email security appliances by forgetting to remove an internal testing interface from software releases made available to customers.

7 minutes ago Fancy Bear's Sloppy Mac Malware

InfoRiskToday View Synopsis+1
Russian Hacking Group's Latest Malware? Not So FancyA new kind of malware for Mac OS X has been linked to Fancy Bear, the Russian group suspected of hacking the DNC and the World Anti-Doping Agency. But the malware only poses a low risk to users, experts say.

7 minutes ago Sensitive US health and drug data left exposed by dozens of FDA security flaws

ZDNet View Synopsis+1
The US Food and Drug Administration hasn't had an OPM-style breach, but it's left plenty of doors wide open, says government watchdog GAO.

26 minutes ago Cracking iOS 10 security will net you $1.5 million

Yahoo Security View Synopsis+1
The iPhone is one of the most secure devices you can purchase these days, but Apple's security is far from being hack-proof. iOS 10 has already been jailbroken, although the jailbreak isn't yet available to the masses. That means there are vulnerabilities in the code that hackers can use to get access to the phone. And a company that sells such exploits has raised its bug bounty for iPhone zero-day attacks - the kind of vulnerabilities that Apple hasn't yet discovered - to $1.5 million. DON'T MISS:  Yup, now the iPhone 7 is exploding Zerodium is the exploit broker that's willing to pay $500,000 more than last year's $1 million bounty for similar hacks. As Wired reports , the money will go to anyone who can perform a remote jailbreak of an iPhone running iOS 10. In 2015, Zerodium was offering $500,000 for iOS 9 bugs. Comparatively, Android and Windows Phone bugs paid for up to $100,000. This year, Android 7.0 Nougat vulnerabilities can net a hacker up to $200,000, but iOS 10 is still the most lucrative option. "We've increased the price due to the increased security for both iOS 10 and Android 7," company founder Chaouki Bekrar told Wired . "We would like to attract more researchers all year long." Bekrar, who also founded French hacking firm Vupen, said that Zerodium's clients are mostly North American governments and corporations, and government agencies in allied countries. Vupen also develops its own software intrusion techniques for private clients, mostly governments.

37 minutes ago NHS trusts "˜complacent' on cloud app security risks

The Register View Synopsis+1
Do we block unsanctioned ones? Well half of us think we do...

Almost half of NHS Trusts make no attempt to monitor cloud app usage, according to the results of a Freedom of Information request.

1 hour ago The Latest: Federal officials warn of hacking attempts

Yahoo Security View Synopsis+1

WASHINGTON (AP) - The Latest on the U.S. presidential race (all times EDT):

1 hour ago Building Automation Products Vulnerable to Remote Attacks

SecurityWeek View Synopsis+1

Building automation products from American Auto-Matrix are affected by a couple of high-severity vulnerabilities that allow remote hackers to compromise the affected system, ICS-CERT warned on Thursday.

3 hours ago You can now earn $1.5 million for hacking the iPhone

ZDNet View Synopsis+1
Private exploit seller Zerodium has tripled the price of iOS rewards -- and Android is on the radar, too.

7 hours ago Security analyst says Yahoo<i>!</i>, Dropbox, LinkedIn, Tumblr all popped by same gang

The Register View Synopsis+1
Says five-strong 'Group E' may have lifted a billion Yahoo! records, sells to states

Five hackers are said to be behind breaches totalling up to a staggering three billion credentials from some of the world's biggest tech companies including the Yahoo! breach that led to the loss of 500 million credentials.