SANS NewsBites

Syndicate content SANS NewsBites
All Stories From Vol: 16 - Issue: 32
Updated: 21 hours 44 min ago

Senate Committee Questions Target CFO and Univ. Of Maryland President About Breaches (March 27, 2014)

Fri, 2014-03-28 17:00

Target CFO John Mulligan answered questions from members of the Senate Commerce, Science, and Transportation Committee about action the company could have taken to prevent the massive data breach late last year.......

Categories: security

Cisco Patches Six DoS Flaws in IOS Software (March 27, 2014)

Fri, 2014-03-28 17:00

Cisco has issued patches for a half-dozen flaws that could be exploited to create denial-of-service (DoS) conditions on vulnerable systems.......

Categories: security

Full Disclosure 2.0 (March 26 & 27, 2014)

Fri, 2014-03-28 17:00

The Full Disclosure vulnerability mailing list, which last week announced its "indefinite" suspension, has reemerged under new management.......

Categories: security

Devices with Embedded XP Pose Risk for Government Agencies (March 25, 2014)

Fri, 2014-03-28 17:00

Microsoft will issue its last security update for the aging operating system on Tuesday, April 8.......

Categories: security

Law Enforcement Agencies Being Secretive About Stingray Use (March 25, 2014)

Fri, 2014-03-28 17:00

Law enforcement agencies in US cities are being less than forthcoming about their use of international mobile subscriber identity (IMSI) catchers, or technology that mimics cell phone towers, to intercept communications.......

Categories: security

ATM Malware Variant Uses Text Messages to Dispense Cash (March 25, 2014)

Fri, 2014-03-28 17:00

Symantec says that a group of thieves has figured out a way to get ATMs to dispense cash by sending the machines text messages.......

Categories: security

IRS Says That for Tax Purposes Bitcoin is Property (March 25, 2014)

Fri, 2014-03-28 17:00

The US Internal Revenue Service (IRS) has issued guidelines describing its classification of Bitcoin and other cryptocurrencies as property and not as currency.......

Categories: security

Coming Clean About Becoming Cyberwarriors (March 21, 2014)

Wed, 2014-03-26 15:00

The idea that people without technical backgrounds can become cybersecurity experts merely by obtaining a certification is doing a disservice to the people and to the cybersecurity industry.......

Categories: security

STEM is Not the Answer to Boosting Number of Skilled Cybersecurity Workers (March 24, 2014)

Wed, 2014-03-26 15:00

Richard Stiennon expresses his frustration with the focus on encouraging students to obtain science, technology, engineering, and math (STEM) degrees and his disappointment at the dearth of vocational/technical programs.......

Categories: security

Identifying Cyber Talent: Measuring Aptitude and Mastery (March 25, 2014)

Wed, 2014-03-26 15:00

In assessments being undertaken with four very large employers of cyber talent, the SANS Institute is evaluating multiple testing regimens designed to identify people likely to succeed in developing the most sought after skills.......

Categories: security

Most US Government Agencies Have Upgraded from Windows XP (March 24, 2014)

Wed, 2014-03-26 15:00

The majority of US government agencies running Windows XP on their systems have upgraded or are in the process of upgrading to newer platforms.......

Categories: security

Attackers Exploiting Unpatched Flaw in Microsoft Word (March 24, 2014)

Wed, 2014-03-26 15:00

Attackers are exploiting a flaw in Microsoft Word to try to take control of vulnerable computers.......

Categories: security

Android Memory Corruption Flaw Could be Exploited to "Brick" Devices (March 23, 24, & 25, 2014)

Wed, 2014-03-26 15:00

Vulnerabilities in the Android mobile platform could be exploited to make devices running the operating system useless.......

Categories: security

Vulnerabilities Grant Elevate Malicious Apps' Permissions When Android Updates (March 23, 2014)

Wed, 2014-03-26 15:00

In a separate story, a half-dozen flaws recently found in Android puts all devices running the mobile operating system at risk of privilege elevation attacks.......

Categories: security

NSA Infiltrated Huawei Networks, Installed Backdoors (March 22 & 23, 2014)

Wed, 2014-03-26 15:00

According to reports from The New York Times and Der Spiegel, the US National Security Agency (NSA) broke into servers at China's Huawei Technologies to spy on company communications, gather information about the company's products, and establish backdoors on the systems.......

Categories: security

Google Makes Gmail Transport Encryption Mandatory (March 22, 2014)

Wed, 2014-03-26 15:00

Gmail users no longer have the option of turning off HTTPS encryption.......

Categories: security

California DMV Investigating Possible Data Breach (March 22, 2014)

Wed, 2014-03-26 15:00

Evidence suggests that the California Department of Motor Vehicles experienced a data security breach.......

Categories: security

AT&T Says it Will Lower Internet Bills if FCC Abandons Net Neutrality (March 24, 2014)

Wed, 2014-03-26 15:00

In a filing in the federal Communications Commission's (FCC's) "Protecting and promoting the Open Internet" proceeding, AT&T has promised to lower its customers Internet bills if the Federal Communications Commission (FCC) allows Internet service providers (ISPs) to charge companies like Netflix for faster content delivery.......

Categories: security

Netflix Will (Reluctantly) Pay ISPs to Maintain Quality of Content Delivery (March 21, 2014)

Wed, 2014-03-26 15:00

Netflix chief Reed Hastings says the company will pay premiums to Internet service providers (ISPs) to ensure that its customers receive good service, but is less than pleased with the arrangement.......

Categories: security

Bitcoin Software Update Addresses Transaction Malleability Issues (March 20 & 21, 2014)

Wed, 2014-03-26 15:00

An updated version of Bitcoin software now available aims to prevent the "transaction malleability" attacks that preyed on several exchanges in recent months.......

Categories: security