Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Information Security News - SANS Internet Storm Center Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

19 hours ago New phishing campaign uses 20-year-old Microsoft mess as bait

The Register View Synopsis+1
Necurs botnet spreads ransomware carried in Office documents

The ever-vigilant folk at the Internet Storm Centre (SANS) have spotted yet another campaign trying to drop the Locky ransomware using compromised Word files.

15 hours ago Google slides text message 2FA a little closer to the door

The Register View Synopsis+1
A Prompt response to insecurity

Text messages aren't a great way to implement two-factor authentication, but it's a technique that's stubbornly persistent. Now Google has decided to push things along by pushing its alternative into production.

10 hours ago Nearly 100 Whole Foods Locations Affected by Card Breach

SecurityWeek View Synopsis+1

Amazon-owned Whole Foods Market informed customers last week that a recent hacker attack aimed at its payment systems affected nearly 100 locations across the United States.

10 hours ago The Ten Cybersecurity Commandments

SecurityWeek View Synopsis+1

Cybersecurity Awareness Month is, once again, upon us. At its core is an issue that can have a massive impact on organizations in every industry, public and private, large and small: successful cyberattacks and how to prevent them from happening in the first place.

10 hours ago Wowee. Look at this server. Definitely keep critical data in there. Yup

The Register View Synopsis+1
Tech laces networks with decoys to contain breaches

Israel-based Illusive Networks claims that its approach of planting poison-pill servers in a network can detect incoming attacks faster than any other method.

Top News

9 hours ago The Next IoT Botnet Has Improved on Mirai

InfoRiskToday View Synopsis+1
Called Reaper or IoTroop, Botnet Exploits VulnerabilitiesSecurity companies are warning that a global attack using compromised IoT devices may be coming soon. Check Point says one million organizations are running a device infected with IoTroop, which is botnet code that perhaps is related Mirai but spreads in a much different way.

7 hours ago Google: This surge in Chrome HTTPS traffic shows how much safer you now are online

ZDNet View Synopsis+1
Google's HTTPS-everywhere push is showing results in page loads on Chrome.

7 hours ago Malware campaign targets security researchers with bogus cyber conference document

TechRepublic View Synopsis+1
Hackers Group 74 are using fake messages from the Cyber Conflict US conference to infect cybersecurity experts with malware, according to a new report from Cisco Talos.

6 hours ago Massive Number Of IoT Cameras Are Hackable -- And So The Next Web Crisis Looms

Forbes View Synopsis+1
Millions of connected devices are thought to be vulnerable to simple hacks, including hundreds of thousands of CCTV cameras.

5 hours ago How Buying an Electric Vehicle can have an Impact on your Insurance

IT Toolbox Blogs View Synopsis+1
There is no doubt that the decision to settle for an electric vehicle (EV) compared to a gas guzzler is more of a lifestyle than economics. However, an electric model can cost you more when it comes to auto insurance, and this is attributed to the high maintenance and running costs.

Latest News

8 hours ago Fancy Bear Invites DC Conference-Goers to Install Malware

InfoRiskToday View Synopsis+1
Hackers Go Phishing for Cybersecurity Conference Attendees With Decoy DocumentWant to infect systems used by a large swath of cybersecurity professionals in one go? Then use a malicious decoy document to target potential attendees of a NATO and U.S. Army conference on "The Future of Cyber Conflict" being held in Washington.

8 hours ago Websites Increasingly Use HTTPS: Google

SecurityWeek View Synopsis+1

Over 60% of Sites Loaded via Chrome Use HTTPS, Says Google

The number of websites that protect traffic using HTTPS has increased considerably in the past months, according to data shared by Google last week.

30 minutes ago Congressional Committee Wants Nuance to Share NotPetya Details

InfoRiskToday View Synopsis+1
Wants Transcription Company to Help Identify Lessons LearnedA House committee is requesting a briefing with medical transcription services vendor Nuance Communications to learn details about the impact the NotPetya malware attack in June has had on the company.

1 hour ago ROCA 'round the lock: Gemalto says IDPrime .NET access cards bitten by TPM RSA key gremlin

The Register View Synopsis+1
Here's what to do if you have an affected badge

Some Gemalto smartcards can be potentially cloned and used by highly skilled crooks due to a cryptography blunder dubbed ROCA.

1 hour ago EU ePrivacy Regulation Edges Closer to Fruition

SecurityWeek View Synopsis+1

The proposed European Union ePrivacy Regulation is on the verge of entering Trilogue. Trilogue is the series of informal discussions involving the European Parliament, the Council of Europe (that is, representatives from each member state), and the European Commission. It is Trilogue that defines the final shape of the legislation.

1 hour ago The Benefits of Remote Access CCTV for your Home

IT Toolbox Blogs View Synopsis+1

There is a good reason why people are in so much debt these days. They can't help spending money on possessions that end up gathering dust. All this recklessness is definitely good for burglars. Homes have become a lot more appealing to break into.

 

It's why remote access CCTV cameras have become

1 hour ago 2 Ways VoIP Makes Communication More Flexible

IT Toolbox Blogs View Synopsis+1

Flexible has quickly become a buzzword that many businesses use to describe themselves. It makes sense because both the marketplace and new technologies create change at such a rapid pace that businesses need to adapt.

For businesses to become flexible, they need to ensure that the tools they rely on to get things done are flexible, as well, that that includes their communications

1 hour ago 5 Reasons Why VoIP Disaster Recovery Is Critical for Your Business

IT Toolbox Blogs View Synopsis+1

Hurricanes, earthquakes, and other natural and man-made disasters create situations that demand a solid business continuity (BC)/disaster recovery (DR) plan in case of serious interruptions to your organization's business. This article focuses on BC/DR for your voice over IP (VoIP)/unified communications (UC) business phone system.

The year 2017 has been a busy year for hurricanes

2 hours ago Russian Spies Lure Targets With NATO Cybersecurity Conference

SecurityWeek View Synopsis+1

A cyber espionage group linked to Russia has been trying to deliver malware to targeted individuals using documents referencing a NATO cybersecurity conference, Cisco's Talos research team reported on Monday.

4 hours ago A Massive Number Of IoT Cameras Are Hackable -- And Now The Next Web Crisis Looms

Forbes View Synopsis+1
Millions of connected devices are thought to be vulnerable to simple hacks, including hundreds of thousands of CCTV cameras.

4 hours ago The DDoS Attack Against Dyn One Year Later

Forbes View Synopsis+1
On October 21, 2016, one year ago this past weekend, the customers of a company called Dyn found themselves knocked off the Internet for all intents and purposes. A massive distributed denial of service attack (DDoS) was underway and it had managed to rendered thousands of websites useless.

5 hours ago Proactive Defense Against Phishing

InfoRiskToday View Synopsis+1
When it comes to warding off phishing attacks, too many organizations are reliant on internal awareness campaigns. But a more proactive defense and controls are needed, says John "Lex" Robinson of PhishMe.

5 hours ago Mastercard open sources blockchain API to help make payments more secure and transparent

TechRepublic View Synopsis+1
Businesses can now tap Mastercard's blockchain technology for B2B payments and trade finance transactions.

5 hours ago 'We've nothing to hide': Kaspersky Lab offers to open up source code

The Register View Synopsis+1
Response to US fretting over alleged ties to Russian snoops

Russian cybersecurity software flinger Kaspersky Lab has offered to open up its source code for third-party review.

5 hours ago 7 tips for critical infrastructure network defenders from the FBI and DHS

TechRepublic View Synopsis+1
Here's what infrastructure managers need to know about an alert from Homeland Security and the FBI. The alert includes best practices from the NIST Cybersecurity Framework for hardening networks.

6 hours ago DHS, FBI warn of cyberattacks targeting energy infrastructure, government entities

TechRepublic View Synopsis+1
A joint alert issued by both the Department of Homeland Security and the Federal Bureau of Investigation noted the danger of potential cyberthreats against critical sectors.

6 hours ago Hackers are attacking power companies, stealing critical data: Here's how they are doing it

ZDNet View Synopsis+1
Attackers are particularly interested in industrial control systems -- and they're still at it right now.

6 hours ago Arm announces PSA security architecture for IoT devices

ZDNet View Synopsis+1
Arm hopes the adoption of its new PSA system will help protect trillions of connected devices in the future.

6 hours ago Samsung SDS, BioCatch integrate behavioral biometrics to Nexsign

ZDNet View Synopsis+1
Samsung SDS America and BioCatch have partnered up to add behavioral biometrics to the Nexsign authentication platform.

8 hours ago Phone crypto shut FBI out of 7,000 devices, complains chief g-man

The Register View Synopsis+1
But he gets it, there's a balance to be struck, yada yada

The FBI has been locked out of almost 7,000 seized mobile phones thanks to encryption, director Christopher Wray has said.

9 hours ago Using Neuroscience To Disrupt Social Engineering

Forbes View Synopsis+1
There are a number of ways to disrupt social engineering, but they require breaking the habit loop we develop in our brains.