Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Information Security News - Internet Security | DShield Information Security News


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Popular News

23 hours ago Could The US Government's Move To The Commercial Cloud Stop Leaks And Breaches?

Forbes View Synopsis+1
The US Government's growing move to the commercial cloud could dramatically improve its cybersecurity posture, reduce unauthorized leaking and lead to a modern security-first data culture.

23 hours ago US-CERT warns of more North Korean malware

The Register View Synopsis+1
'Typeframe' springs from the same den as 'Hidden Cobra'

The United States Department of Homeland Security's Computer Emergency Response Team (US-CERT) has warned against another malware campaign it says originates from North Korea.

14 hours ago '90s hacker collective man turned infosec VIP: Internet security hasn't improved in 20 years

The Register View Synopsis+1
L0pht luminary Chris Wysopal talks to The Reg

Interview It has been 20 years since Chris Wysopal (AKA Weld Pond) and his colleagues at the Boston-based L0pht* hacker collective famously testified before the US Senate that the internet was hopelessly insecure.

21 hours ago China-Linked APT15 Develops New 'MirageFox' Malware

SecurityWeek View Synopsis+1

A cyber-espionage group believed to be operating out of China has developed a new piece of malware that appears to be based on one of the first tools used by the threat actor.

3 hours ago Not so private eye: Got an Axis network cam? You'll need to patch it, unless you like hackers

The Register View Synopsis+1
According to magic people, VDOO people

Researchers have detailed a string of vulnerabilities that, when exploited in combination, would allow for hundreds of models of internet-linked surveillance cameras to be remotely hijacked.

Top News

2 hours ago Fraudster admits she was OPM dealer: Leaked US govt staff files used to bag cash, car loans

The Register View Synopsis+1
Woman admits she used stolen records to open bank accounts

A woman has fessed up to using people's personal information, leaked online from the US government's Office of Personnel Management mega-hack, to take out loans and open bank accounts.

1 hour ago "‹Attorney-General's Department caught up in PageUp breach

ZDNet View Synopsis+1
The Attorney-General's Department joins Wesfarmers, the National Australia Bank, Telstra, the Reserve Bank of Australia, Australia Post, Medibank, and the ABC as those potentially affected by the PageUp data breach.

50 minutes ago In Trump Rebuke, US Senate Votes to Reimpose Ban on China's ZTE

SecurityWeek View Synopsis+1

The US Senate defied President Donald Trump by voting Monday to overrule his administration's deal with Chinese telecom firm ZTE and reimpose a ban on high-tech chip sales to the company.

Senators added an amendment targeting ZTE into a sweeping, must-pass national defense spending bill that cleared the chamber on an 85-10 vote.

5 hours ago $4.3 Million HIPAA Penalty for 3 Breaches

InfoRiskToday View Synopsis+1
MD Anderson Cancer Center Cited for Unencrypted DevicesA lack of device encryption will cost a Texas-based cancer treatment center $4.3 million in civil monetary penalties from the Department of Health and Human Services.

5 hours ago How to manage your organization's Microsoft Store Group Policy

TechRepublic View Synopsis+1
A Microsoft Store Group Policy can be changed to prevent unauthorized installations and block existing native apps from being launched using AppLocker.

Latest News

8 hours ago Vulnerabilities in these IoT cameras could give attackers full control, warn researchers

ZDNet View Synopsis+1
Researchers at VDOO discover vulnerabilities which, if left unpatched, could allow attackers to take control of the devices or rope cameras into botnets.

46 minutes ago It's time for TLS 1.0 and 1.1 to die (die, die)

The Register View Synopsis+1
IETF floats formal deprecation suggestion, even for failback

As TLS 1.3 inches towards publication into the Internet Engineering Task Force's RFC series, it's a surprise to realise that there are still lingering instances of TLS 1.0 and TLS 1.1.

2 hours ago Yubico snatched my login token vulnerability to claim a $5k Google bug bounty, says bloke

The Register View Synopsis+1
USB gizmo biz apologies amid infosec drama

Yubico has apologized to a security vulnerability researcher who had complained the dongle peddler lifted his work to nab a $5,000 Google bug bounty.

4 hours ago Could The U.S. Government's Move To The Commercial Cloud Stop Leaks And Breaches?

Forbes View Synopsis+1
The US Government's growing move to the commercial cloud could dramatically improve its cybersecurity posture, reduce unauthorized leaking and lead to a modern security-first data culture.

4 hours ago Lenovo Ups Its Collaboration Game With The 'Switzerland' Of UC Devices

Forbes View Synopsis+1
Earlier this month, Lenovo announced what looks like a unique addition to its portfolio of meeting room solutions, the ThinkSmart Hub 700. Lenovo says the ThinkSmart Hub 700 makes pairing simple, with smart hardware with sensors that are able to detect in-room participants. Here are my thoughts.

5 hours ago Google Increases Visibility Into Endpoints Accessing G Suite Data

SecurityWeek View Synopsis+1

A newly added "Endpoint Verification" feature in G Suite provides administrators with increased visibility into the computers that have access to corporate data.

5 hours ago Lenovo Ups Its Collaboration Game With The "Switzerland" Of UC Devices

Forbes View Synopsis+1
Earlier this month, Lenovo announced what looks like a unique addition to its portfolio of meeting room solutions, the ThinkSmart Hub 700. Lenovo says the ThinkSmart Hub 700 makes pairing simple, with smart hardware with sensors that are able to detect in-room participants. Here are my thoughts.

5 hours ago Why cybersecurity must be built into IoT initiatives from the start

TechRepublic View Synopsis+1
IoT increases the risk of cyber attacks. Here's what companies need to do to stay safe, according to John Wechsler, founder of the Indiana IoT Lab.

6 hours ago Cybersecurity Insurance: How Underwriting Is Changing

InfoRiskToday View Synopsis+1
Cybersecurity insurers, faced with growing demand, are looking for new ways to better measure their risks, says Aleksandr Yampolskiy, CEO of SecurityScorecard. So some are moving toward more carefully scrutinizing the cybersecurity postures of their potential clients.

7 hours ago Beware this Android emulator, it's hijacking your GPU to mine cryptocurrency

TechRepublic View Synopsis+1
Users have accused Andy OS Android Emulator of secretly dropping a cryptocurrency miner on your system that runs endlessly.

7 hours ago Buzzword Bingo: Quantum, AI, Blockchain, Crypto

InfoRiskToday View Synopsis+1
Thales e-Security's Jon Geater Separates Hype From UtilityQuantum computing, blockchain, crypto, internet of things: There's a lot of hype around these technology areas, says Jon Geater, CTO of Thales e-Security. So it's essential to pierce the hype and see what's useful and applicable for practitioners.

7 hours ago Compromised GitHub Account Spreads Malicious Syscoin Installers

SecurityWeek View Synopsis+1

Malware-laden Syscoin releases were up for download on an official GitHub repository after hackers managed to compromise an account and replace legitimate Windows installers.

10 hours ago Cyber Attack Aims to Manipulate Mexican Election

SecurityWeek View Synopsis+1

On Wednesday June 13, in the run-up to Mexico's July 1 presidential election, a website operated by the rightist National Action Party (PAN) was taken off-line for several hours by a DDoS attack. The outage occurred at the time of a televised presidential debate, and just following a point at which the PAN candidate held up a placard with the website address claiming it held proof of potential corruption.

10 hours ago The paranoid's guide to traveling to digitally scary places like Russia or China

ZDNet View Synopsis+1
If you're considering traveling to one of the many countries that has a dubious relationship with digital privacy, you'll need to protect yourself. While the standard advice is a VPN, David Gewirtz takes you a few steps deeper into the murky cloak and dagger world of digital tradecraft.

11 hours ago Strip Capita of defence IT contract unless things improve - Brit MPs

The Register View Synopsis+1
Committee calls for more public spending - but not with outsourcer

A Parliamentary committee has called for Capita to be stripped of its military recruiting IT contract unless its performance improves, as part of a wider call for UK defence spending to increase.