SANS NewsBites

Syndicate content SANS NewsBites
All Stories From Vol: 16 - Issue: 84
Updated: 20 hours 30 min ago

No Repercussions for Failing to Comply with FedRAMP Standards? (October 15, 2014)

Wed, 2014-10-22 17:00

US government agencies that missed a June 5, 2014 deadline for ensuring that their cloud computing systems met a set of baseline security standards appear unlikely to face repercussions.......

Categories: security

Staples Breach (October 20, 2014)

Wed, 2014-10-22 17:00

Staples is the latest retailer to have been identified as having likely experienced a data security breach.......

Categories: security

Eight Industries Now Receiving Classified Cyber Threat Information (October 20, 2014)

Wed, 2014-10-22 17:00

The number of industries participating in the US Department of Homeland Security's Enhanced Cybersecurity Services Initiative has more than doubled since July 2014.......

Categories: security

China Using Phony Apple Certificate to Snoop on iCloud (October 20, 2014)

Wed, 2014-10-22 17:00

A group that monitors Chinese government censorship, GreatFire.......

Categories: security

Apple's New OS X Yosemite Sends Search Data and Location back to Company Servers (October 20, 2014)

Wed, 2014-10-22 17:00

While Apple has made headlines recently for its enhanced encryption in iOS 8, the company's newest Mac operating system, OS X Yosemite, reportedly leaks user information by sending location and search data when users query Spotlight, the operating system's search feature.......

Categories: security

Login Page for Dropbox Phishing Scheme Hosted on Dropbox (October 19 & 20, 2014)

Wed, 2014-10-22 17:00

A phishing scheme tries to get Dropbox users to disclose their account access credentials by sending a message telling recipients that someone has sent them a file that is too large to be sent through regular email so they must sign in to Dropbox to view it.......

Categories: security

Microsoft Pulls a Patch After Reports of "Unexpected Behavior" (October 18 & 20, 2014)

Wed, 2014-10-22 17:00

Microsoft has pulled a recently released fix that is reportedly causing "unexpected behavior.......

Categories: security

Florida Supreme Court Says Warrant Required for Cell Phone Tracking (October 17 & 20, 2014)

Wed, 2014-10-22 17:00

Florida's Supreme Court has ruled that law enforcement must obtain a warrant before collecting cell phone location data.......

Categories: security

Washington, DC Police and Stingray (October 20, 2014)

Wed, 2014-10-22 17:00

Documents obtained through a Freedom of Information Act (FOIA) request show that police in Washington, DC have had a StingRay cellular surveillance device since 2003, but it remained unused until 2009, when officers were trained in its use.......

Categories: security

Sandworm Targets SCADA Systems (October 17, 2014)

Wed, 2014-10-22 17:00

The Sandworm attack campaign has been found to be targeting Supervisory Control and Data Acquisition (SCADA) systems.......

Categories: security

Bash/Shellshock Patches May Not be Enough to Protect Systems (October 15, 2014)

Fri, 2014-10-17 17:00

Simply patching systems against the Bash/Shellshock vulnerability may not be adequate.......

Categories: security

Cyber Security Must be Built Into Battlefield Systems Acquisition Process (October 14, 2014)

Fri, 2014-10-17 17:00

Cyber security needs to be built into the acquisitions process for battlefield components.......

Categories: security

FBI Director Acknowledges Some Warrantless Data Collection, Calls for Updated Wiretapping Laws (October 16, 2014)

Fri, 2014-10-17 17:00

FBI Director James Comey has admitted that in some cases, his agency does collect information without a warrant.......

Categories: security

Drupal Issues Patch for Critical Vulnerability (October 15 & 16, 2014)

Fri, 2014-10-17 17:00

A critical vulnerability in Drupal 7.......

Categories: security

South Korea Considering Issuing New National ID Numbers (October 14 & 16, 2014)

Fri, 2014-10-17 17:00

South Korea is considering reissuing national ID cards for every citizen following a series of breaches that compromised the current national ID numbers of nearly 80 percent of the country's population.......

Categories: security

Universal Plug-and-Play Devices Could be Used in Reflection DDoS Attacks (October 15, 2014)

Fri, 2014-10-17 17:00

Akamai says that misconfigured Universal Plug-and-Play (UPnP) devices could be used to launch DDoS reflection attacks.......

Categories: security

Poodle Vulnerability Breaks SSL 3.0 (October 14 & 15, 2014)

Fri, 2014-10-17 17:00

A vulnerability that has been given the name Poodle could put systems at risk of man-in-the-middle attacks.......

Categories: security

Updates This Week From Microsoft, Adobe, Oracle, Google, and Apple (October 14 & 16, 2014)

Fri, 2014-10-17 17:00

This has been a big week for updates.......

Categories: security

Microsoft's Patch Tuesday (October 14 & 15, 2014)

Fri, 2014-10-17 17:00

Microsoft's set of updates address 24 vulnerabilities in a variety of products, including a flaw in Windows and Windows Server 2008 and 2012 that is actively exploited as part of the Sandworm attack (see below).......

Categories: security