Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Information Security News - Internet Security | DShield Information Security News

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

11 hours ago There's a new way to take down drones, and it doesn't involve shotguns

ArsTechnica View Synopsis+1
Not a jammer, device lets hackers fly drones and lock out original pilot.

6 hours ago PayPal patches bone-headed two factor authentication bypass

The Register View Synopsis+1
No phone? No worries

Paypal has patched a boneheaded two factor authentication breach that allowed attackers to switch off the critical account control in minutes by changing a zero to a one.

2 hours ago Schneider Electric plugs gaping hole in industrial control kit

The Register View Synopsis+1
Provider Schneider would've had hackers inside 'er

A vulnerability in Schneider Electric's industrial controller management software created a possible mechanism for hackers to plant malicious code on industrial networks.

1 day ago This is not a drill: Hackers pop stock Nexus 6P in five minutes

The Register View Synopsis+1
Keen hackers at Mobile Pwn2Own

The Nexus 6P appears to have been hacked with attackers at the Mobile Pwn2Own contest installing malware without user interaction in less than five minutes.

1 day ago Script Kiddies Likely Behind Dyn DDoS Attacks

SecurityWeek View Synopsis+1

There are several theories and claims as to who might be behind the distributed denial-of-service (DDoS) attacks launched last week against DNS provider Dyn, but researchers believe the attacks were actually launched by script kiddies.

Top News

6 hours ago Network maker Nokia outperforms Ericsson in third quarter

Yahoo Security View Synopsis+1

Nokia on Thursday reported falling quarterly sales and profits for its network gear business, but outperformed rival Ericsson in a weak market thanks to cost cuts after its recent acquisition of Alcatel-Lucent. Finland's Nokia said total third-quarter operating profit decreased 18 percent from a year ago to 556 million euros ($606 million), but was buoyed by a one-off patent licensing payment. Group sales dropped 7 percent from a year ago to 5.95 billion euros, including network equipment sales falling 12 percent to 5.32 billion, which compared with a market consensus of 5.39 billion.

4 hours ago Cisco Patches 9 Flaws in Email Security Appliance

SecurityWeek View Synopsis+1

Cisco announced on Wednesday that it has released software updates for its Email Security Appliances (ESA) to address a total of nine vulnerabilities, including denial-of-service (DoS) and filter bypass issues.

1 hour ago 10 programs to help you break into a cybersecurity career

TechRepublic View Synopsis+1
Eighty-two percent of IT professionals report a shortage of cybersecurity skills at their company. Here are 10 programs spanning all education levels to help you get your start in the field.

1 hour ago How to take down irritating drones without shooting them out of the sky

ZDNet View Synopsis+1
A researcher has demonstrated a way for attackers to hijack drones in the air without damaging them.

1 day ago World Series Scam Alert: How To Protect Yourself

Forbes View Synopsis+1
With emotions running high, you can easily get scammed on World Series tickets. Here's how to protect yourself.

22 hours ago Fixing the IOT Problem

SANS Newsbites View Synopsis+1

Consumers are being blamed for not changing passwords and thereby causing last week's massive DDoS attacks.......

21 hours ago Mirai Aftermath: China's Xiongmai Details Webcam Recall

InfoRiskToday View Synopsis+1
But True Fix Requires a More Resilient Internet, Experts WarnChinese manufacturer Xiongmai will recall up to 10,000 webcams in the wake of the IoT-powered DDoS attacks that pummeled DNS provider Dyn. But information security experts say that only a more resilient internet will blunt future attacks.

1 day ago The Information We Seek

SANS Reading Room View Synopsis+1
Whether you are performing a penetration test, conducting an investigation, or are skilled attackers closing in on a target, information gathering is the foundation that is needed to carry out the assessment. Having the right information paves the way for proper enumeration and simplifies attack strategies against a given target. Throughout this paper, we will walk through some strategies used to identify information on both people and networks. Some people claim that all data can be found using Google's search engine; but can third party tools found in Linux security distributions such as Kali Linux outperform the search engine giant? Maltego and The Harvester yield a wealth of information, but will the results be enough to identify a target? The right tool for the right job is essential when working with any project in life. Let's take a journey through the information gathering process to determine if there is a one size fits all tool, or if a multi-tool approach is needed to gather the essential information on a given target. We will compare and contrast many of the industry tools to determine the proper tool or tools needed to perform an adequate information gathering assessment.

Latest News

1 hour ago Users in Middle East Targeted in "Moonlight" Espionage Campaign

SecurityWeek View Synopsis+1

A threat group believed to be located in Palestine has been targeting users in Palestine and other Middle Eastern countries in a series of unsophisticated attacks whose main goal appears to be espionage.

1 hour ago Former NSA exec: We misjudged potential of insider threats like Snowden

ZDNet View Synopsis+1
Chris Inglis, former deputy director of the NSA, warns that connected systems mean malicious insiders can now do damage more quickly and more easily than ever.

1 hour ago LibTIFF library security flaws lead to remote code execution

ZDNet View Synopsis+1
TIFF image files can pave the way for attackers to remotely control your PC.

4 hours ago Nokia in Q3 loss, sales drop amid networks downturn

Yahoo Security View Synopsis+1
Mobile networks operator Nokia continued to be hit by a downturn in the industry, reporting a loss in the third quarter and a 12-percent drop in sales that saw the company's share price plunge 7 percent. ...

5 hours ago How Google's Project Zero made Apple refactor its kernel

The Register View Synopsis+1
MacOS, iOS task threading was open to hijack

When Apple shipped its security bug-fixes earlier this week, one patch mostly passed under the radar.

6 hours ago Good luck securing 'things' when users assume 'stuff just works'

The Register View Synopsis+1
Making devices secure by design requires more effort than vendors currently allow

At the end of April my home was broken into by a professional who silently and systematically looted my residence of all my portable wealth while I slept.

7 hours ago Hacker's Icarus machine steals drones midflight

The Register View Synopsis+1
Popular RC protocol pwned

PacSec Security researcher Jonathan Andersson has developed a tidy hardware module capable of fully hijacking a variety of popular drones and remote control gear running over the most popular protocol.