SANS NewsBites

Syndicate content SANS NewsBites
All Stories From Vol: 16 - Issue: 83
Updated: 4 days 3 hours ago

Bash/Shellshock Patches May Not be Enough to Protect Systems (October 15, 2014)

Fri, 2014-10-17 17:00

Simply patching systems against the Bash/Shellshock vulnerability may not be adequate.......

Categories: security

Cyber Security Must be Built Into Battlefield Systems Acquisition Process (October 14, 2014)

Fri, 2014-10-17 17:00

Cyber security needs to be built into the acquisitions process for battlefield components.......

Categories: security

FBI Director Acknowledges Some Warrantless Data Collection, Calls for Updated Wiretapping Laws (October 16, 2014)

Fri, 2014-10-17 17:00

FBI Director James Comey has admitted that in some cases, his agency does collect information without a warrant.......

Categories: security

Drupal Issues Patch for Critical Vulnerability (October 15 & 16, 2014)

Fri, 2014-10-17 17:00

A critical vulnerability in Drupal 7.......

Categories: security

South Korea Considering Issuing New National ID Numbers (October 14 & 16, 2014)

Fri, 2014-10-17 17:00

South Korea is considering reissuing national ID cards for every citizen following a series of breaches that compromised the current national ID numbers of nearly 80 percent of the country's population.......

Categories: security

Universal Plug-and-Play Devices Could be Used in Reflection DDoS Attacks (October 15, 2014)

Fri, 2014-10-17 17:00

Akamai says that misconfigured Universal Plug-and-Play (UPnP) devices could be used to launch DDoS reflection attacks.......

Categories: security

Poodle Vulnerability Breaks SSL 3.0 (October 14 & 15, 2014)

Fri, 2014-10-17 17:00

A vulnerability that has been given the name Poodle could put systems at risk of man-in-the-middle attacks.......

Categories: security

Updates This Week From Microsoft, Adobe, Oracle, Google, and Apple (October 14 & 16, 2014)

Fri, 2014-10-17 17:00

This has been a big week for updates.......

Categories: security

Microsoft's Patch Tuesday (October 14 & 15, 2014)

Fri, 2014-10-17 17:00

Microsoft's set of updates address 24 vulnerabilities in a variety of products, including a flaw in Windows and Windows Server 2008 and 2012 that is actively exploited as part of the Sandworm attack (see below).......

Categories: security

Sandworm (October 13, 2014)

Fri, 2014-10-17 17:00

A malware attack/espionage attack known as Sandworm targeted systems belonging to the North Atlantic Treaty Organization (NATO), government agencies in Poland and Ukraine, and several European industries over the past five years.......

Categories: security

Mozilla Updates Firefox to Version 33 (October 14, 2014)

Fri, 2014-10-17 17:00

The newest version of Mozilla's Firefox browser, Firefox 33, addresses eight security issues.......

Categories: security

FBI Warns US Companies of Cyber Attacks Linked to China (October 15 & 16, 2014)

Fri, 2014-10-17 17:00

The FBI has issued a private warning to US organizations about cyber attacks being launched by groups with links to the Chinese government.......

Categories: security

Dropbox Says Account Credentials Taken from Other Services (October 13, 2014)

Wed, 2014-10-15 15:00

Several Pastebin posts claim to contain hundreds of sets of login credentials for Dropbox.......

Categories: security

US Manufacturing Company Under Attack for Months (October 10, 2014)

Wed, 2014-10-15 15:00

In a quarterly newsletter, the US Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team disclosed that a US manufacturing company experienced a cyber attack that lasted several months.......

Categories: security

White House Considering Options for Cyber Security Legislation (October 9, 2014)

Wed, 2014-10-15 15:00

White House Cybersecurity Coordinator Michael Daniel says that instead of trying to push a single, comprehensive cyber security bill through the legislature, the administration will instead focus on supporting a series of smaller bills that will address the necessary issues.......

Categories: security

Vulnerable Code in CyanogenMod Android Build (October 13, 2014)

Wed, 2014-10-15 15:00

Android users running the CyanogenMod build may find their devices vulnerable to man-in-the-middle (MitM) attacks.......

Categories: security

Kmart Discloses Breach (October 13, 2014)

Wed, 2014-10-15 15:00

Kmart has acknowledged that customers' payment card data were compromised in a breach that affected cash registers at 1,200 stores.......

Categories: security

Dairy Queen Acknowledges Breach (October 10, 2014)

Wed, 2014-10-15 15:00

Dairy Queen has disclosed that a data security breach affected nearly 400 of its stores across the US.......

Categories: security

Oracle to Address 150+ Vulnerabilities (October 12 & 13, 2014)

Wed, 2014-10-15 15:00

This month, Oracle's quarterly security updates will coincide with Microsoft's and Adobe's monthly fixes.......

Categories: security