SANS ISC: Information Security News - Internet Security | DShield

• SANS Site Network
  • Current Site
  • Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

Information Security News

1 day ago Using dual-mappings to evade automated unpackers

Automated unpackers such as Renovo, Saffron, and Pandora's Bochs attempt to dynamically unpack executables by detecting the execution of code from regions of virtual memory that have been written to. While this is an elegant method of detecting dynamic code execution, it is possible to evade these unpackers by dual-mapping physical pages to two distinct virtual address regions where one region is used as an editable mapping and the second region is used as an executable mapping. In this way, the editable mapping is written to during the unpacking process and the executable mapping is used to execute the unpacked code dynamically. This effectively evades automated unpackers which rely on detecting the execution of code from virtual addresses that have been written to.

1 day ago Farewell 2009, and The Washington Post

This will be the last post for the Security Fix blog. Dec. 31 marks my final day at The Washington Post Company.

Over the last 15 years, I've reported hundreds of stories for washingtonpost.com and the paper edition. I have authored more than 1,300 blog posts since we launched Security Fix back in March 2005. Dozens of investigative reports that first appeared online later were "reverse published" in the newspaper, including eight front-page stories and a Post Magazine cover.

Through it all, you - the reader - have been my most valuable source, most reliable critic, and most persistent muse. Loyal readers are the reason Security Fix has consistently been among the most-visited blogs on washingtonpost.com. Thank you.

I will continue to remain engaged in this increasingly vital news beat. Please stay in touch for updates in the New Year. I can be reached directly at this e-mail address.

1 day ago News: Change in Focus

Change in Focus

1 day ago Yes, you can remotely hack ... building site cranes. Wait, what?

Authentication is simply AWOL for remote RF construction plant, says Trend Micro

Did you know that the construction industry uses radio-frequency remote controllers to operate cranes, drilling rigs and other heavy machinery? Doesn't matter: they're alarmingly vulnerable to being hacked, according to Trend Micro.…

1 day ago Cryptopia cryptocurrency exchange pulled offline due to security breach

Reports suggest that cryptocurrency may have been lost by the exchange.

1 day ago U.S. Charges 8 in Securities Hacking Scheme

US authorities on Tuesday charged eight people in a scheme to trade on and profit from stolen corporate information hacked from a government database, court papers showed.

1 day ago Police can't force you to unlock your phone by iris, face or finger

Police can't force you to unlock your phone by iris, face or finger

1 day ago OCC Issues Volcker Rule Proposal for Public Comment

The Office of the Comptroller of the Currency requested public comment on a proposed regulation implementing the so-called "Volcker Rule" requirements of section 619 of the Dodd-Frank Wall Street Reform and Consumer Protection Act.

9 minutes ago Serious Flaws Found in ControlByWeb Industrial Weather Station

Researchers have discovered two potentially serious vulnerabilities in an industrial-grade weather station made by ControlByWeb, a company that specializes in products that allow organizations to remotely monitor and control electrical devices.

37 minutes ago Live Webinar: An Effective Framework for Improving Cyber Defenses in Your Organization

1 hour ago ERP Security Firm Onapsis Acquires Competitor Virtual Forge

Onapsis, a company specializing in cybersecurity and compliance solutions for enterprise resource planning (ERP) products, on Wednesday announced that it has entered a definitive agreement to acquire competitor Virtual Forge.

2 hours ago Some Android GPS apps are just showing ads on top of Google Maps

Apps have been downloaded over 50 million times. Google has failed to removed them, even if they blatantly break their own license.

2 hours ago This cryptocurrency mining malware now disables security software to help remain undetected

Cryptojacking campaign targets Linux servers that haven't had patches for known vulnerabilities applied.

2 hours ago Windows 10 19H1: Microsoft pushes its services with 'Make Windows even better' prompt

Microsoft wants you to "make Windows even better" by setting up Microsoft Account services on Windows 10 devices.

3 hours ago Flaw in Reservation System Impacts Many Airlines

A vulnerability discovered in a reservation system used by hundreds of airlines around the world could expose the details of millions of their customers, researchers warned this week.

4 hours ago Data Breach Collection Contains 773 Million Unique Emails

2.7 Billion Email/Password Combo List for Credential Stuffing, Troy Hunt WarnsAustralian security expert Troy Hunt says an 87 GB compilation of username and password combinations - drawn from more than 2,000 databases - includes 773 million unique email addresses, for apparent use in credential-stuffing attacks. Takeaway: Use a unique password for every site, or else.