SANS NewsBites

Syndicate content SANS NewsBites
All Stories From Vol: 16 - Issue: 30
Updated: 2 days 3 hours ago

Attackers Exploited Heartbleed to Access Canada Revenue Agency Data (April 14, 2014)

Tue, 2014-04-15 15:00

Heartbleed has been used to steal tax identification numbers from the Canada Revenue Agency.......

Categories: security

Heartbleed Flaw Caused by "Trivial" Coding Error (April 11, 2014)

Tue, 2014-04-15 15:00

The German developer who wrote the flawed code that caused the Heartbleed flaw in OpenSSL says it comes down to a trivial coding error.......

Categories: security

KKR Adds Cyber-Risk Score to Company Assessments (April 11, 2014)

Tue, 2014-04-15 15:00

Private equity firm KKR recently added a cyber risk score to its assessment of companies in its portfolio.......

Categories: security

US Sought International Help in Stopping DDoS Attacks on Bank Websites in 2012 (April 11, 2014)

Tue, 2014-04-15 15:00

During the spring 2012 distributed denial-of-service (DDoS) attacks on US bank websites, the White House rejected the idea of launching retaliatory attacks against the alleged attackers' network in Iran due to concerns about unintended consequences and escalation.......

Categories: security

NSA Denies it Knew About Heartbleed Vulnerability (April 13, 2014)

Tue, 2014-04-15 15:00

The NSA has denied reports that it knew about the vulnerability in OpenSSL for two years and used it to conduct surveillance.......

Categories: security

Akamai Releases Second Fix for Heartbleed (April 14, 2014)

Tue, 2014-04-15 15:00

Akamai's first attempt to fix Heartbleed was incomplete.......

Categories: security

Android Devices Remain Unpatched Despite Google's Heartbleed Fix (April 14, 2014)

Tue, 2014-04-15 15:00

Although Google released an update for Android to address the Heartbleed flaw last week, millions of Android devices remain unpatched because they cannot run newer versions of the mobile operating system.......

Categories: security

OpenSSL President Says Entities That Use the Technology Should Help Fund It (April 14, 2014)

Tue, 2014-04-15 15:00

Steve Marquess, co-founder and president of the OpenSSL Software Foundation is critical of governments and companies that use the software but do not contribute to the foundation's funding.......

Categories: security

White House Policy Encourages Vulnerability Disclosure, Except When it Doesn't (April 12, 13 & 14, 2014)

Tue, 2014-04-15 15:00

According to a statement from the Office of the Director of National Intelligence, the Obama administration supports NSA disclosure of vulnerabilities in commercial and open source software with the exception of cases in which there is "a clear national security or law enforcement need" to keep them a secret.......

Categories: security

Training Cyber Warriors Takes Time (April 14, 2014)

Tue, 2014-04-15 15:00

To qualify for the US Cyber Command force, service members must obtain credentials at their schools, attend Cyber Command training, and have their knowledge tested to see if they qualify.......

Categories: security

Cloud Security Deadline Approaching for US Government Agencies (April 14, 2014)

Tue, 2014-04-15 15:00

US agencies have until June 5 to make sure that they are in compliance with the government's cloud security standards.......

Categories: security

Target Breach Prompts Formation of Retail ISAC (April 14, 2014)

Tue, 2014-04-15 15:00

The Target breach has prompted the National Retail Federation to establish an industry Information Sharing and Analysis Center (ISAC).......

Categories: security

Paramedic Faces Charges Based on Evidence from Warrantless Database Search (April 14, 2014)

Tue, 2014-04-15 15:00

In the course of investigating the theft of morphine from emergency vehicles, Utah law enforcement officials searched without a warrant a state database that holds records of all controlled substances that pharmacists dispense.......

Categories: security

Three Indicted in Connection with Theft of Apache Helicopter Simulation Software (April 11 & 14, 2014)

Tue, 2014-04-15 15:00

Three men have been indicted for allegedly stealing a top-secret US Army helicopter simulator.......

Categories: security

IRS Will Pay for Extended XP Support While Completing Migration to Windows 7 (April 11, 2014)

Tue, 2014-04-15 15:00

The US Internal Revenue Service (IRS) is still running Windows XP on roughly half of its Windows-based computers.......

Categories: security

Auernheimer Conviction Overturned on Technicality (April 11, 2014)

Tue, 2014-04-15 15:00

The Third US Circuit Court of Appeals has reversed and vacated the conviction of Andrew Auernheimer because the case was tried in an improper venue.......

Categories: security

West Point Wins Cyber Defense Exercise (April 10 & 11, 2014)

Tue, 2014-04-15 15:00

The team from West Point, the US military academy, had taken top honors in this year's Cyber Defense Exercise.......

Categories: security

House Subcommittee Pushes Through Bill to Stop Transfer of ICANN Oversight (April 7 & 10, 2014)

Tue, 2014-04-15 15:00

The US House Energy and Commerce Committee's Technology Subcommittee has approved a bill that would delay the Obama administration's plan to relinquish control of ICANN.......

Categories: security

Patch Available for Heartbleed Flaw (April 10, 2014)

Fri, 2014-04-11 15:00

OpenSSL has released a patch for a critical flaw in its implementation of the Transport Security Layer protocol's "heartbeat" extension that threatens the security of passwords, source code, and encryption keys.......

Categories: security

Governments Take Steps to Address Heartbleed (April 10, 2014)

Fri, 2014-04-11 15:00

Government agencies in the US and Canada are taking steps to help protect people from the risks of the Heartbleed OpenSSL vulnerability.......

Categories: security