SANS ISC: Information Security News

• SANS Site Network
  • Current Site
  • SANS Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

Information Security News

1 day ago Chinese COVID-19 disinformation campaigns commenced as early as January: Stanford

This culminated in a Chinese government official accusing the US military of starting the outbreak on social media.

1 day ago SMBGhost Vulnerability Allows Privilege Escalation on Windows Systems

Researchers have published proof-of-concept (PoC) exploits to demonstrate that the Windows vulnerability tracked as SMBGhost and CVE-2020-0796 can be exploited for local privilege escalation.

1 day ago Another Marriott Data Breach Affects Millions

Wide Variety of Personal Information ExposedMarriott acknowledged Tuesday that a recent data breach exposed the personal records of millions of hotel guests. It's the second major breach reported by the hotel giant in two years.

1 day ago Holy Water watering hole attack targets visitors of certain websites with malware

This campaign tries to trick users into accepting a fake Adobe Flash update, which then installs malware to give the attacker full remote access, says Kaspersky.

2 hours ago Aussie law enforcement integrity body wants International Production Orders Bill

It doesn't really use the current method for obtaining foreign assistance in law enforcement prosecution, but it would use the new one.

2 hours ago Australian Privacy Foundation labels CLOUD Act-readying Bill as 'deeply flawed'

The foundation also called the Telecommunications International Production Orders Bill a 'manifestation of a drip by drip erosion of privacy protection in the absence of a justiciable constitutionally-enshrined right to privacy in accord with international human rights frameworks'.

3 hours ago Hacking forum gets hacked for the second time in a year

Forum where hackers sold and bought hacked accounts gets hacked itself.

4 hours ago Live Webinar | Explainable Threat Intelligence to Securely Accelerate Trusted Digital Business Processes

7 hours ago How Humans "LEAD" the Way to More Effective Use of Threat Intelligence

When the theme, Human Element, was announced for RSA Conference 2020 (RSAC), I was gratified. It's a topic I never tire of because not only do I believe that there is no "silver bullet" technology, I believe it's the humans who really lead the way to greater security efficiency and effectiveness.

7 hours ago Microsoft to hospitals: 11 tips on how to combat ransomware

Hospitals are under cyberattack even as they struggle to combat the coronavirus. Microsoft is offering hospitals security tips to try to help.

8 hours ago Zoom's Security and Privacy Woes Violated GDPR, Expert Says

Zoom Security Risks, Privacy and GDPR Compliance

Home working and learning has led to a boom in videoconferencing, with Zoom a major beneficiary. But concerns over privacy and security raise important questions: is Zoom safe, and is it even GDPR compliant?

8 hours ago Washington Governor Signs Facial Recognition Law

Privacy Advocates Criticize Measure That Microsoft SupportedWashington's governor has signed a new law that regulates the use of facial recognition technology. But some privacy advocates say the measure, which was backed by Microsoft, doesn't do enough to protect individuals' rights.

9 hours ago Researcher Finds New Class of Windows Vulnerabilities

A security researcher has discovered over 25 different potential vulnerabilities in Windows, including some that could lead to elevation of privileges.

9 hours ago COVID-19 Crisis Triggers More HIPAA Policy Changes

Business Associates Cleared to Make 'Good Faith' Disclosures of PHIIn the latest move to relax certain HIPAA requirements during the COVID-19 crisis, federal regulators Thursday paved the way for business associates to share protected health information for public health-related activities during the pandemic.

11 hours ago Survey: 37% of workers unaware of ransomware, putting businesses at risk

Almost 40% of employees surveyed admitted to not knowing what ransomware is, and many of them have already been victims, according to security provider Kaspersky.