Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Information Security News - Internet Security | DShield Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

1 day ago Botnet of >145k cameras reportedly deliver Internet's biggest DDoS ever

ArsTechnica View Synopsis+1
Once unthinkable, 1 terabit attacks may soon be the new normal.

1 day ago D-Link DWR-932 B owner? Trash it, says security bug-hunter

The Register View Synopsis+1
More than 20 vulns in SOHOpeless LTE gateway

If you've got a D-Link DWR-932 B LTE router, you might want to fire it into the sun - or hope that a firmware upgrade lands soon.

1 day ago Yahoo attack not 'state-sponsored,' researchers claim

ZDNet View Synopsis+1
InfoArmor says that not only was customer data sold in the underground, but the damage is far more extensive than reported.

1 day ago Brandis swings his golden hammer, misses mark

ZDNet View Synopsis+1
Criminalising the re-identification of de-identified government data will hinder legitimate researchers and do nothing to improve citizens' privacy.

1 day ago Clinton vows to retaliate against foreign hackers

Yahoo Security View Synopsis+1

Hillary Clinton is vowing anew to respond to foreign hacking the same as any other attack against the United States. When she openly blamed Russia for recent U.S. cyber break-ins, Donald Trump wondered ...

Top News

11 hours ago iPhone exploit bounty surges to an eye-popping $1.5 million

ArsTechnica View Synopsis+1
Zerodium triples price for iOS exploits, doubles Android bounties to $200,000.

10 hours ago Want to make US$1.5m this weekend? Just jailbreak iOS

The Register View Synopsis+1
Zerodium triples iOS exploit bounty to $1.5M, doubles 'droid to $200k

Exploit broker Zerodium has tripled its bug bounty for a remote iOS 10 jailbreak vulnerability to US$1.5 million.

6 hours ago Brandis re-identification law proposal slammed

ZDNet View Synopsis+1
While Health Minister Sussan Ley has apologised for the breach in de-identified medical data, Australia's Attorney-General has come under fire for 'rushing' through legislation.

4 hours ago Samsung slammed by Chinese state TV over Note 7 recall 'discrimination'

Yahoo Security View Synopsis+1

By Sijia Jiang HONG KONG (Reuters) - Chinese state broadcaster CCTV has slammed South Korean tech giant Samsung Electronics Co for what it said was "discrimination" against China consumers in its handling of a global recall of Galaxy Note 7 smartphones to replace batteries. In a commentary piece posted on its website on Thursday evening, CCTV said Samsung's behavior in China after the Sept. 2 recall of 2.5 million phones was "full of arrogance". CCTV said a video apology Samsung issued to U.S. consumers, along with various replacement options and compensation, was in stark contrast to its treatment of those in China, where the company issued a brief statement saying most phones didn't need to be replaced.

4 hours ago Tofsee Malware Distribution Switched From Exploit Kit to Spam

SecurityWeek View Synopsis+1

The RIG exploit kit recently stopped distributing Tofsee and cybercriminals have decided to use the botnet's own spamming capabilities to deliver the malware, Cisco's Talos team reported on Thursday.

2 hours ago Why Cybercrime Is On the Rise; Update on Threat Info Sharing

InfoRiskToday View Synopsis+1
The latest ISMG Security Report leads off with a discussion with DataBreachToday Executive Editor Mathew J. Schwartz on why online cybercrime is growing. Also, the latest status of the U.S. government's cyberthreat information sharing initiative.

23 hours ago Security: It might not be the outside world that's the largest threat to businesses

TechRepublic View Synopsis+1
A new report reveals that one in three businesses experienced an insider attack in the past year. More devices with more access are putting sensitive info in the hands of everyone: Spies included.

15 hours ago PORTKnockOut: Data Exfiltration via Port Knocking over UDP

SANS Reading Room View Synopsis+1
Data Exfiltration is arguably the most important target for a security researcher to identify. The seemingly endless breaches of major corporations are done via channels of various stealth, and an endless array of methods exist to communicate the data to remote endpoints while bypassing Intrusion Detection Systems, Intrusion Prevention Systems, firewalls, and proxies. This research examines a novel way to perform this data exfiltration, utilizing port knocking over User Datagram Protocol. It focuses specifically on the ease at which this can be done, the relatively low signal to noise ratio of the resultant traffic, and the plausible deniability of receiving the exfiltration data. Particular attention is spent on an implemented Proof of Concept, while the complete source code may be found in the Appendix.

Latest News

13 minutes ago Building Automation Products Vulnerable to Remote Attacks

SecurityWeek View Synopsis+1

Building automation products from American Auto-Matrix are affected by a couple of high-severity vulnerabilities that allow remote hackers to compromise the affected system, ICS-CERT warned on Thursday.

1 hour ago You can now earn $1.5 million for hacking the iPhone

ZDNet View Synopsis+1
Private exploit seller Zerodium has tripled the price of iOS rewards -- and Android is on the radar, too.

5 hours ago Security analyst says Yahoo<i>!</i>, Dropbox, LinkedIn, Tumblr all popped by same gang

The Register View Synopsis+1
Says five-strong 'Group E' may have lifted a billion Yahoo! records, sells to states

Five hackers are said to be behind breaches totalling up to a staggering three billion credentials from some of the world's biggest tech companies including the Yahoo! breach that led to the loss of 500 million credentials.

11 hours ago $1.5 million bounty for iPhone exploits is sure to bolster supply of 0days

ArsTechnica View Synopsis+1
Zerodium triples price for iOS exploits, doubles Android bounties to $200,000.