security

Citadel Trojan Now Targeting Password Managers (November 19 & 20, 2014)

SANS NewsBites - Fri, 2014-11-21 22:09

The Citadel Trojan, which in the past has been used to steal bank account access credentials and was used in targeted attacks against Middle Eastern petro-chemical companies, has recently been used in attacks against password managers.......

Categories: security

Senate NSA Bill Blocked in Procedural Vote (November 18, 2014)

SANS NewsBites - Fri, 2014-11-21 22:09

By a narrow margin, the US Senate has blocked a bill aimed at curtailing NSA data gathering practices from reaching the floor.......

Categories: security

Webcam Streaming Site Found Underscores Need to Reexamine Security (November 20, 2014)

SANS NewsBites - Fri, 2014-11-21 22:09

The UK Information Commissioner's Office is urging people who use webcams to reset passwords and login information.......

Categories: security

NATO Cyber Defense Exercise (November 20, 2014)

SANS NewsBites - Fri, 2014-11-21 22:09

On November 18, NATO launched Cyber Coalition 2014, a multinational cyber defense training exercise to test the Alliance's "ability to defend its networks from the various challenges that exist when operating in the contested cyber domain.......

Categories: security

NotCompatible Android Malware Botnet (November 20, 2014)

SANS NewsBites - Fri, 2014-11-21 22:09

A new variant of Android malware known as NotCompatible has been detected sneaking onto companies' networks and stealing data.......

Categories: security

WhatsApp Adopts End-to-End Encryption (November 18, 19, & 20, 2014)

SANS NewsBites - Fri, 2014-11-21 22:09

WhatsApp has upped its encryption game to offer better protection for messages sent from Android devices running the app.......

Categories: security

US Legislators Critical of USPS Breach Response (November 19, 2014)

SANS NewsBites - Fri, 2014-11-21 22:09

The intruders who breached security of US Postal Service (USPS) computer systems may have copied employees' compensation information.......

Categories: security

UK Banks Invite Intrusion Testing (November 19, 2014)

SANS NewsBites - Fri, 2014-11-21 22:09

Banks in the UK are inviting attackers to probe their systems as part of a security test.......

Categories: security

Amnesty International Releases Free Anti-Spyware Tool (November 19, 2014)

SANS NewsBites - Fri, 2014-11-21 22:09

Amnesty International has released a tool that can detect spyware that governments use against activists and dissidents.......

Categories: security

Chrome 39 Removes SSL 3.0 Fallback (November 19, 2014)

SANS NewsBites - Fri, 2014-11-21 22:09

Google has updated its Chrome browser to version 39; the newest stable version of Chrome includes fixes for 42 security issues.......

Categories: security

Microsoft Issues Emergency Patch for Flaw in Kerberos Authentication Protocol (November 18 & 19, 2014)

SANS NewsBites - Fri, 2014-11-21 22:09

Microsoft has released an out-of-cycle update (MS14-068) to address a critical flaw in the Kerberos authentication protocol that is being actively exploited.......

Categories: security

Friday Squid Blogging: Cephalopod Cognition

Schneier on Security - Fri, 2014-11-21 17:09
Tales of cephalopod behavior, including octopuses, squid, cuttlefish and nautiluses. Cephalopod Cognition, published by Cambridge University Press, is currently available in hardcover, and the paperback edition will be available next week....
Categories: security

Mandriva: 2014:224: krb5

LinuxSecurity.com - Fri, 2014-11-21 07:42
LinuxSecurity.com: Updated krb5 packages fix security vulnerability: The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows remote [More...]
Categories: linux, news, security

Mandriva: 2014:223: wireshark

LinuxSecurity.com - Fri, 2014-11-21 07:39
LinuxSecurity.com: Updated wireshark packages fix security vulnerabilities: SigComp UDVM buffer overflow (CVE-2014-8710). AMQP crash (CVE-2014-8711). [More...]
Categories: linux, news, security

Hands on with Caine Linux: Pentesting and UEFI compatible

LinuxSecurity.com - Fri, 2014-11-21 04:20
LinuxSecurity.com: Wow, do I have mixed feelings about Caine Linux. First and foremost, it is a Linux-based forensic analysis system which is UEFI-compatible. However, while it is reasonably easy to boot as a Live DVD or USB system, I found it to be rather difficult to install, and quite complicated to use.
Categories: linux, news, security

NotCompable sets new standards for mobile botnet sophistication

LinuxSecurity.com - Fri, 2014-11-21 04:19
LinuxSecurity.com: The NotCompatible mobile malware has reached a new level of sophistication, according to a new report from San Francisco-based mobile security company Lookout, Inc.
Categories: linux, news, security

Most Targeted Attacks Exploit Privileged Accounts

LinuxSecurity.com - Fri, 2014-11-21 04:18
LinuxSecurity.com: We all like to write and talk about flashy zero-day vulnerabilities. However, a new threat report cautions enterprises not to flatter themselves, because the majority of criminals are not using valuable zero-days exploits to penetrate corporate networks: they're phishing privileged account credentials from executives and IT staffs, or simply guessing passwords for automated service accounts and, in turn, exploiting that access to gather valuable information.
Categories: linux, news, security

Google Releases Open Source Tool for Testing Web App Security Scanners

LinuxSecurity.com - Fri, 2014-11-21 04:15
LinuxSecurity.com: Google today released to open source tool called Firing Range, which is designed as a test bed for Web application security scanners that provides coverage for a wide variety of cross-site scripting (XSS) and other vulnerabilities on a massive scale. - See more at: http://threatpost.com/google-releases-open-source-xss-web-app-scanner/109445#sthash.UOEx6TLH.dpuf
Categories: linux, news, security

Pre-Snowden Debate About NSA Call-Records Collection Program

Schneier on Security - Thu, 2014-11-20 15:42
Reuters is reporting that in 2009, several senior NSA officials objected to the NSA call-records collection program. The now-retired NSA official, a longtime code-breaker who rose to top management, had just learned in 2009 about the top secret program that was created shortly after the Sept. 11, 2001, attacks. He says he argued to then-NSA Director Keith Alexander that storing...
Categories: security

Citadel Malware Steals Password Manager Master Passwords

Schneier on Security - Thu, 2014-11-20 10:51
Citadel is the first piece of malware I know of that specifically steals master passwords from password managers. Note that my own Password Safe is a target....
Categories: security

Pages