SANS NewsBites

Syndicate content SANS NewsBites
All Stories From Vol: 16 - Issue: 60
Updated: 1 day 9 hours ago

Possible Breach of Goodwill Systems (July 21 & 23, 2014)

Fri, 2014-07-25 15:00

Financial institutions in the US have noticed activity suggesting that Goodwill Industries network was breached and customers' payment cards compromised.......

Categories: security

ICS-CERT Warns Heartbleed Still Unpatched in Some Siemens Products (July 18, 2014)

Tue, 2014-07-22 17:00

According to a warning from the Industrial Control System Computer Emergency Response Team (ICS-CERT), some critical Siemens industrial control systems remain unpatched against the Heartbleed flaw in the OpenSSL library.......

Categories: security

Microsoft XML Core Services Vulnerabilities (July 18, 2014)

Tue, 2014-07-22 17:00

According to a Secunia report about vulnerable software, Microsoft XML Core Services 4 poses the greatest security threat to PC users in the US based on its market share and the number of users running unpatched versions.......

Categories: security

Government Grade Malware Used in Criminal Attacks (July 17 & 18, 2014)

Tue, 2014-07-22 17:00

Researchers at Sentinel Labs say that "government grade malware," originally created for espionage purposes, is in the hands of people with malicious intent, who are incorporating the malware's strengths into rootkits and ransomware.......

Categories: security

Court Orders to Block The Pirate Bay are Ineffective (July 19, 2014)

Tue, 2014-07-22 17:00

Traffic to The Pirate Bay site has doubled since 2011, even though courts in several countries have ordered Internet service providers (ISPs) to block the site and its founders have been sentenced to prison for various offenses.......

Categories: security

Second-hand Aloha Point-of-Sale Terminal Contains Sensitive Data (July 18, 2014)

Tue, 2014-07-22 17:00

A Hewlett Packard malware researcher bought a used Aloha point-of-sale (POS) terminal on eBay for US $200.......

Categories: security

Dark Mail Project Seeks to Hide Metadata from Snoops (July 18, 2014)

Tue, 2014-07-22 17:00

An email privacy project called Dark Mail aims to hide users' communications metadata, information the NSA has been collecting wholesale for years.......

Categories: security

Two Sentenced for Apple Phishing Scheme (July 18, 2014)

Tue, 2014-07-22 17:00

A UK court has sentenced two people to prison for their roles in a phishing scheme that targeted Apple customers.......

Categories: security

GAO Says FDIC Cyber Security Still Needs Improvement (July 18, 2014)

Tue, 2014-07-22 17:00

According to a report from the Government Accountability Office (GAO), The Federal Deposit Insurance Corporation's (FDIC's) security posture needs work.......

Categories: security

NASDAQ Attack Attribution Questioned (July 18, 2014)

Tue, 2014-07-22 17:00

Despite claims by some people that the October 2010 attack on NASDAQ servers was launched by a nation state, likely Russia, experts say that assigning attribution is a tricky business.......

Categories: security

Fake Flash Update Steals Credit Card Data (July 18, 2014)

Tue, 2014-07-22 17:00

Malware masquerading as a Flash update infects Android devices to steal payment card information.......

Categories: security

Google's Project Zero Aims to Protect Privacy and Improve Internet Security (July 17, 2014)

Fri, 2014-07-18 21:00

Google Project Zero is aiming to find software vulnerabilities and to protect Internet users' privacy.......

Categories: security

More Details Emerge About 2010 NASDAQ Breach (July 17, 2014)

Fri, 2014-07-18 21:00

A Bloomberg investigation into a 2010 attack on NASDAQ revealed that servers of the exchange were infected with malware that exploited two unpatched vulnerabilities.......

Categories: security

Treasury Secretary Urges Information Sharing (July 17, 2014)

Fri, 2014-07-18 21:00

In a speech at the Delivering Alpha conference in New York, Treasury Secretary Jack Lew described how cyber attacks affect people's lives.......

Categories: security

Australian Government Keeping Voting Source Code Secret (July 17, 2014)

Fri, 2014-07-18 21:00

Australia's government is refusing to share the source code for the software used in the country's elections, claiming that "publication of the software could leave the voting system open to hacking or manipulation.......

Categories: security

Communication Between IT Security Teams and Executives is Inadequate (July 17, 2014)

Fri, 2014-07-18 21:00

According to study conducted by the Ponemon Institute and sponsored by Websense, nearly one third of IT security teams never talk with company executives about security and of those that do, nearly a quarter talk to executives just once a year.......

Categories: security

Remote Code Execution Flaw in Cisco Products (July 17, 2014)

Fri, 2014-07-18 21:00

Cisco has released updates to address a remote code execution vulnerability in the web server used in certain Cisco Wireless Residential Gateway products.......

Categories: security

Oracle's Critical Patch Update Addresses 113 Flaws (July 15, 2014)

Fri, 2014-07-18 21:00

Oracle has released patches for a total of 113 vulnerabilities in a variety of products.......

Categories: security

Aloha Point-Of-Sale Terminal, Sold On eBay, Yields Security Surprises (July 18, 2014)

Fri, 2014-07-18 21:00

An HP researcher's findings highlight ongoing problems with POS software and Hardware.......

Categories: security

vBulletin Flaw (July 17, 2014)

Fri, 2014-07-18 21:00

Developers have released an emergency patch for an SQL injection vulnerability in the vBulletin Internet forum software.......

Categories: security