SANS NewsBites

Syndicate content SANS NewsBites
All Stories From Vol: 16 - Issue: 87
Updated: 15 hours 44 min ago

Attack Targeting Outlook Web App Users (October 24, 2014)

Tue, 2014-10-28 15:00

A cyber espionage operation has been targeting users of Office 365's Outlook Web App.......

Categories: security

Court Orders Shutdown of Company Selling Useless Tech Support (October 24 & 27, 2014)

Tue, 2014-10-28 15:00

A federal court in New York has shut down a company called Pairsys for selling useless tech support, according to a US Federal Trade Commission (FTC) announcement.......

Categories: security

Microsoft Offers "Fix-it" for New Zero-Day in OLE (October 24, 2014)

Tue, 2014-10-28 15:00

Earlier this month, Microsoft issued patches for a number of vulnerabilities, including one in the Microsoft Object Linking and Embedding (OLE) technology that has been dubbed the Sandworm bug.......

Categories: security

Google Now Offering USB Key Security (October 21 & 22, 2014)

Fri, 2014-10-24 19:00

Google is now offering optional enhanced security for users of its many services.......

Categories: security

US Justice Department Reorganizes Division to Focus on Cyber Crime (October 21, 2014)

Fri, 2014-10-24 19:00

The US Department of Justice (DoJ) has announced the reorganization of its National Security Division to devote more resources to fighting cyber crime, particularly "state-sponsored economic espionage and theft of corporate secrets.......

Categories: security

Koler Android Ransomware Now Spreading Through SMS (October 22, 2014)

Fri, 2014-10-24 19:00

A variant of Android ransomware known as Koler is now spreading through SMS.......

Categories: security

Facebook and Yahoo Develop Mechanism to Protect Recycled eMail Addresses from Abuse (October 23, 2014)

Fri, 2014-10-24 19:00

Facebook and Yahoo are taking steps to prevent users of recycled email addresses from taking control of other accounts.......

Categories: security

FTDI Admits Releasing Update That Bricks Cloned Chips (October 22 & 23, 2014)

Fri, 2014-10-24 19:00

Chip maker FTDI has acknowledged releasing a silent update that rendered cloned versions of its products useless.......

Categories: security

DHS ICS-CERT Investigating Medical Device Vulnerabilities (October 22 & 23, 2014)

Fri, 2014-10-24 19:00

An unnamed official at the US Department of Homeland Security (DHS) said that the agency's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is investigating approximately two dozen cases of vulnerabilities in medical devices.......

Categories: security

Apple to Stop Using SSL 3.0 for Push Notifications (October 22 & 23, 2014)

Fri, 2014-10-24 19:00

Apple plans to stop using the Secure Sockets Layer 3.......

Categories: security

Microsoft Warns of Attacks That Use PowerPoint Documents (October 22, 2014)

Fri, 2014-10-24 19:00

Microsoft has issued an advisory warning of attacks that use maliciously crafted PowerPoint documents to exploit an unpatched vulnerability in all currently supported versions of Windows except for Windows Server 2003.......

Categories: security

Apple Issues iCloud Security Advisory (October 22, 2014)

Fri, 2014-10-24 19:00

Apple has issued a security warning about attacks attempting to steal information from iCloud users with fraudulent certificates.......

Categories: security

Virginia Police Departments Sharing Suspects' Phone Metadata (October 22, 2014)

Fri, 2014-10-24 19:00

For nearly two years, several law enforcement agencies in Virginia have been sharing suspects' phone metadata with each other.......

Categories: security

Government Encourages Cooperation in Cyber Security Incidents (October 20, 2014)

Fri, 2014-10-24 19:00

At a recent conference hosted by the Financial Services Roundtable in Washington, DC, law enforcement officials urged organizations to cooperate with federal officials early on during cyber incidents.......

Categories: security

No Repercussions for Failing to Comply with FedRAMP Standards? (October 15, 2014)

Wed, 2014-10-22 17:00

US government agencies that missed a June 5, 2014 deadline for ensuring that their cloud computing systems met a set of baseline security standards appear unlikely to face repercussions.......

Categories: security

Staples Breach (October 20, 2014)

Wed, 2014-10-22 17:00

Staples is the latest retailer to have been identified as having likely experienced a data security breach.......

Categories: security

Eight Industries Now Receiving Classified Cyber Threat Information (October 20, 2014)

Wed, 2014-10-22 17:00

The number of industries participating in the US Department of Homeland Security's Enhanced Cybersecurity Services Initiative has more than doubled since July 2014.......

Categories: security

China Using Phony Apple Certificate to Snoop on iCloud (October 20, 2014)

Wed, 2014-10-22 17:00

A group that monitors Chinese government censorship, GreatFire.......

Categories: security

Apple's New OS X Yosemite Sends Search Data and Location back to Company Servers (October 20, 2014)

Wed, 2014-10-22 17:00

While Apple has made headlines recently for its enhanced encryption in iOS 8, the company's newest Mac operating system, OS X Yosemite, reportedly leaks user information by sending location and search data when users query Spotlight, the operating system's search feature.......

Categories: security

Login Page for Dropbox Phishing Scheme Hosted on Dropbox (October 19 & 20, 2014)

Wed, 2014-10-22 17:00

A phishing scheme tries to get Dropbox users to disclose their account access credentials by sending a message telling recipients that someone has sent them a file that is too large to be sent through regular email so they must sign in to Dropbox to view it.......

Categories: security