SANS ISC: Information Security News

• SANS Site Network
  • Current Site
  • Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

Information Security News

1 day ago Google removes WhatsGap from app store

The search engine giant claims the 'sensitive content' on WhatsGap violated the company's content policy.

1 day ago Top Euro court tells cops, spies that yelling 'national security' isn't enough to force ISPs to hand over massive piles of people's private data

Decision is preliminary and unenforced, though a good start

Analysis In a massive win for privacy rights, a preliminary ruling from the European Court of Justice (ECJ) has made clear that national security concerns do not override citizens' data privacy. Thus, ISPs should not be forced to hand over personal information without clear justification.…

1 day ago Senators Field Legislation to Build Huawei 5G Alternatives

Proposed Fund Would Drive More Than $1 Billion Into Western-Based AlternativesOne gaping hole in the U.S. government's push to counter Chinese-built 5G telecommunications gear remains the lack of alternatives. But a bipartisan group of senators is seeking a $1 billion fund to create trusted, Western-built options.

1 day ago PoC Exploits Released for Crypto Vulnerability Found by NSA

Several proof-of-concept (PoC) exploits have already been created - and some of them have been made public - for CVE-2020-0601, the crypto-related Windows vulnerability that Microsoft patched recently after being notified by the U.S. National Security Agency.

1 day ago How to add a host to Observium

Now that you have the Observium network monitoring platform installed, it's time to add a host.

48 minutes ago Microsoft warns about Internet Explorer zero-day, but no patch yet

IE zero-day connected to last week's Firefox zero-day.

3 hours ago 'Friendly' hackers are seemingly fixing the Citrix server hole - and leaving a nasty present behind

Congratulations, you've won a secret backdoor

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw to compromise VPN gateways are now patching the servers to keep others out.…

3 hours ago FBI Takes Down Site Selling Subscriptions to Stolen Data

WeLeakInfo Website Taken Down in International Law Enforcement Operation

3 hours ago Microsoft Introduces Free Source Code Analyzer

Microsoft this week announced a new source code analyzer designed to identify interesting characteristics of code. 

3 hours ago Attacker Installs Backdoor, Blocks Others From Exploiting Citrix ADC Vulnerability

A threat group targeting the recently disclosed critical vulnerability in Citrix Application Delivery Controller (ADC) is installing their own backdoor while cleaning up other malware infections and blocking others from exploiting the vulnerability, FireEye has discovered.

3 hours ago 'Nice guy' hackers are seemingly fixing the Citrix server hole, but leaving a nasty present behind

Leave the backdoor. Take the exploit.

Hackers exploiting the high-profile Citrix CVE-2019-19781 flaw are now patching the servers to keep others out.…

3 hours ago Visa's plan against Magecart attacks: Devalue and disrupt

Visa is actively going after Magecart groups, but also deploying new technologies to safeguard payment card data.

4 hours ago 'WeLeakInfo' Website Shut Down

Site Provided Access to 12 Billion Personal Records, Police AllegeLaw enforcement agencies in five countries have shut down WeLeakInfo.com, which allegedly provided cybercriminals with access to over 12 billion personal records culled from 10,000 data breaches.

4 hours ago Why baby boomers are looking to IoT and analytics to stay safe

IoT security is becoming a top-of-mind priority in the personal care industry. Essence group believes it has the solution and had it on display at CES 2020.

4 hours ago Why blockchain-based cybersecurity may be the answer for vulnerable IoT networks

CES 2020: A "hacked" robot was on display to demonstrate how SigmaDots serverless architecture is poised to fend off IoT security threats.

5 hours ago Live Webinar | Changing the Equation: Ensuring Faster Payments Do NOT Equate to Faster Fraud

6 hours ago OnDemand Webinar | The Ripple Effect - An Examination of Multi-Party Security Incidents

How Another Firm's Breach Could Impact Your Organization.Recommendations for protecting your organization from ripple events.

7 hours ago New phishing attack hijacks email conversations: How companies can protect employees

By inserting themselves into business emails among employees, cybercriminals can trick victims into wiring money or sharing payment information, says security firm Barracuda Networks.

7 hours ago Singapore public sector called out for recurring IT lapses

Country's government agencies must resolve repeated lapses and plug weaknesses in IT controls, especially given the speed at which new IT systems are implemented, says government committee responsible for assessing how public funds are used.

9 hours ago Stolen creds site WeLeakInfo busted by multinational cop op for data reselling

One Irishman and one Dutchman both nicked

Two men have been arrested after Britain's National Crime Agency and its international pals claimed the takedown of breached credentials-reselling website WeLeakInfo.…