Threat Level: green Handler on Duty: Russ McRee

SANS ISC: Information Security News - Internet Security | DShield Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

10 hours ago Google to remove Chrome's built-in XSS protection (XSS Auditor)

ZDNet View Synopsis+1
XSS Auditor became too inefficient at blocking XSS attacks, and a chore to maintain.

10 hours ago Amadeus! Amadeus! Pwn me Amadeus! Airline check-in bug may have exposed all y'all boarding passes to spies

The Register View Synopsis+1
Patched IDOR hole would have been child's play to exploit

A now-patched vulnerability in the Amadeus flight reservation system - used by airlines around the planet - could, or may, have been exploited by miscreants to view strangers' boarding passes.…

14 hours ago Symantec Shares Plunge After Reports of Broadcom Deal Stall

SecurityWeek View Synopsis+1

Shares of cybersecurity giant Symantec plunged on Monday following reports that the company's acquisition talks with Broadcom have stalled due to a disagreement over price.

Several major news outlets reported in early July that chipmaker Broadcom had been in advanced talks to acquire Symantec in a deal that could exceed $15 billion.

12 hours ago Singapore's public sector to adopt new measures to tighten data security

ZDNet View Synopsis+1
Following a "stocktake" of the public sector's security practices, Singapore's government agencies will roll out "technical measures" for existing as well as new systems to beef up data security standards, including automated detection of emails containing sensitive information and stronger encryption for files.

Top News

1 day ago New old Windows bug emerges, your 'strong' password is anything but, plus plenty more

The Register View Synopsis+1
What you need to know from infosec land lately

Roundup Here is a brief look at some of the other security stories floating around right now.…

1 day ago New Election Systems Use Vulnerable Software

SecurityWeek View Synopsis+1

WASHINGTON (AP) - Pennsylvania's message was clear: The state was taking a big step to keep its elections from being hacked in 2020. Last April, its top election official told counties they had to update their systems. So far, nearly 60% have taken action, with $14.15 million of mostly federal funds helping counties buy brand-new electoral systems.

1 day ago Payment Fraud: Criminals Enroll Stolen Cards on Apple Pay

InfoRiskToday View Synopsis+1
Fraud Fighters Also See Spikes in ATM Malware, Card Enrollment as a ServiceFraudsters continue to get new tricks up their sleeves. Criminals are increasingly using Apple Pay, setting up mobile call centers to socially engineer victims as well as tricking consumers via fake e-commerce sites that never fulfill orders, fraud-fighting experts warn.

1 day ago Top 5 cybersecurity challenges for CISOs

TechRepublic View Synopsis+1
CISOs must drive business strategy amid an expanded attack surface and increasing security complexity, according to Fortinet.

1 day ago Visa's vision for the future of payments is password-free

ZDNet View Synopsis+1
A combination of technologies and collaboration from everyone involved to enable a password-free payments experience.

Latest News

11 hours ago Home Affairs floats making telcos retain MAC addresses and port numbers

ZDNet View Synopsis+1
Soon it might just be easier for Australia's telcos to keep a copy of every TCP or UDP header for the cops to poke through.

4 hours ago How a Big Rock Revealed a Tesla XSS Vulnerability

InfoRiskToday View Synopsis+1
Bug Hunter Sam Curry's Find Left Tesla Slightly Red FacedSoftware vulnerabilities sometimes have an uncanny knack of revealing themselves, even when a bug hunter is looking someplace else. Sam Curry's probing eventually revealed a cross-site scripting flaw in a Tesla service, which netted him a $10,000 bounty.

4 hours ago Extenbro DNS-Changer Used in Adware Campaign

SecurityWeek View Synopsis+1

A recently observed DNS-changer Trojan is being used in an adware campaign to prevent users from accessing security-related websites, Malwarebytes reveals.

4 hours ago Permission-greedy apps delayed Android 6 upgrade so they could harvest more user data

ZDNet View Synopsis+1
App devs delayed upgrading apps, but lost in the long run due to more negative reviews and less Play Store visibility.

4 hours ago Bulgaria Probes Russia-Linked Leak of Taxpayer Data

SecurityWeek View Synopsis+1

Bulgaria ordered Tuesday a probe into the leak of a trove of taxpayer data in a Russia-linked cyberattack that was disclosed on the same day the former Soviet satellite nation moved to buy US-made F-16 jet fighters.

5 hours ago Thousands of Legacy Lenovo Storage Devices Exposed Millions of Files

SecurityWeek View Synopsis+1

Cybersecurity firms Vertical Structure and WhiteHat Security on Tuesday reported that their researchers discovered a serious vulnerability that gave remote attackers access to millions of files stored on thousands of exposed Lenovo network-attached storage (NAS) devices.

5 hours ago OnDemand Webinar | The Power of AI to Disrupt Security Ops

InfoRiskToday View Synopsis+1
How utilizing AI can and will be realistic for any security organization...Learn about the concept of autonomous security driven by AI, probability theory and advanced algorithms in this exclusive webinar.

6 hours ago Symantec intros CloudSOC Mirror Gateway for enterprise cloud access security

ZDNet View Synopsis+1
The platform uses Symantec Web Isolation technology to deliver Cloud Access Security Broker (CASB) controls for unmanaged devices.

6 hours ago Patch now before you get your NAS kicked: Iomega storage boxes leave millions of files open to the internet

The Register View Synopsis+1
API blunder exposes data, fix incoming from Lenovo

Lenovo is emitting an emergency firmware patch for Iomega NAS devices after the network-attached storage boxes were discovered inadvertently offering millions of files to the internet via an insecure software interface.…

7 hours ago Phishing alert: 80% of companies lack DMARC policies to protect against spoofing

TechRepublic View Synopsis+1
Despite being the industry standard for email authentication to prevent cyberattacks, DMARC policies aren't implemented by most companies , according to 250ok.

10 hours ago Security Flaw Exposed Valid Airline Boarding Passes

InfoRiskToday View Synopsis+1
Amadeus Patches Check-In Software Used by Hundreds of AirlinesA vulnerability in global airline check-in software used by 500 airlines could have been exploited to download other individuals' valid boarding passes, potentially giving them access to restricted airport spaces, warns security expert David Stubley. The flaw in Amadeus travel software has now been fixed.

3 hours ago Maybe double-check that HMRC email? UK taxman remains a fave among the phisherfolk

The Register View Synopsis+1
And Windows XP is alive and not well in the public sector

The UK's National Cyber Security Centre (NCSC) has had another busy year trying to disrupt cybercrime.…