SANS NewsBites

Syndicate content SANS NewsBites
All Stories From Vol: 16 - Issue: 30
Updated: 2 days 22 hours ago

Darlloz Worm Now Mines Cryptocurrencies (March 20, 2014)

Fri, 2014-03-21 15:00

The Darlloz Linux worm, which has been targeting home routers and security cameras, has now been modified to infect computers.......

Categories: security

Malicious Tor App in Apple iOS App Store (March 19 & 20, 2014)

Fri, 2014-03-21 15:00

A phony Tor app has been available in the Apple Store since November, according to the Tor Project, which has been unsuccessful in its attempts to get Apple to remove the possibly malicious app.......

Categories: security

Full Disclosure eMail List Shuts Down (March 19 & 20, 2014)

Fri, 2014-03-21 15:00

The Full Disclosure mailing list has suspended operations "indefinitely.......

Categories: security

Compromised Gaming Site Server Used to Steal Apple ID and Other Sensitive Info (March 19 & 20, 2014)

Fri, 2014-03-21 15:00

An online gaming server was being used to host a phishing-related site that tried to steal Apple IDs, payment card data, and personal information.......

Categories: security

PHP Hijacking Vulnerability Still Being Exploited (March 19, 2014)

Fri, 2014-03-21 15:00

A PHP vulnerability first disclosed nearly two years ago is still going unpatched, despite a report last fall about an easier way to exploit the flaw.......

Categories: security

Man Arrested in Thailand Will be Extradited to Switzerland to Face Cybercrime Charges (March 19, 2014)

Fri, 2014-03-21 15:00

Authorities in Thailand have arrested a man wanted in Switzerland for allegedly breaking into computer systems at banks in that country causing US $4 billion in damage.......

Categories: security

Mozilla Releases Firefox 28 (March 18 & 19, 2014)

Fri, 2014-03-21 15:00

Mozilla has released Firefox 28.......

Categories: security

Operation Windigo Used Unix Servers to Infect Computers with Malware (March 18 & 19, 2014)

Fri, 2014-03-21 15:00

An attack known as Operation Windigo has infected 25,000 Unix and Linux web servers which are being used to infect website visitors with a variety of malware.......

Categories: security

UK Cyber Security Challenge Winner Named (March 17 & 18, 2014)

Fri, 2014-03-21 15:00

A 19-year-old student has been named the winner of the UK's Cyber Security Challenge.......

Categories: security

Judge Says Government's Warrant Request is "Overly Broad" (March 18 & 19, 2014)

Fri, 2014-03-21 15:00

A federal magistrate in the District of Columbia has denied a government request for a warrant to search a certain email address saying the request was too broad.......

Categories: security

Critical Flaws in Industrial Control Systems Used at Thousands of Facilities (March 13 & 14, 2014)

Tue, 2014-03-18 15:00

Critical flaws in Yokogawa Electric Corporation's Centum CS 3000 R3 control system leave those systems vulnerable to malware like Stuxnet.......

Categories: security

DDoS Attacks Hit NATO Websites (March 16 & 17, 2014)

Tue, 2014-03-18 15:00

A distributed denial-of-service (DDoS) attack launched against NATO websites over the weekend is likely to have been a Domain Name Server (DNS) amplification attack or a Network Time Protocol (NTP) reflection attack, according to an expert.......

Categories: security

DOD Changes Security Policy (March 14, 2014)

Tue, 2014-03-18 15:00

The US Defense Department (DOD) has made a change to its security policy, trading its DOD Information Assurance Certification and Accreditation Process (DIACAP) for a risk-based model developed by the National institute of Standards and Technology (NIST).......

Categories: security

NY Waitress Arrested in Connection with Card Skimming Scheme (March 18, 2014)

Tue, 2014-03-18 15:00

A waitress at a Long Island Dave & Busters restaurant has been arrested for allegedly using a skimming device to steal customers' payment card data.......

Categories: security

ColdFusion Botnet Claims More Victims (March 17, 2014)

Tue, 2014-03-18 15:00

Attackers are exploiting unsecured installations of Adobe's ColdFusion web server platform to install data-stealing malware on vulnerable websites.......

Categories: security

Sally Beauty Acknowledges Payment Card Data Were Taken in Breach (March 17, 2014)

Tue, 2014-03-18 15:00

US retailer Sally Beauty has now confirmed that its networks were breached and that the intruders took payment card data.......

Categories: security

US Federal Judge Approves Unusual Class Action Settlement in Breach Case (March 14 & 17, 2014)

Tue, 2014-03-18 15:00

While US courts have usually dismissed class action data breach lawsuits in which there are no demonstrable financial damages, a federal judge in Florida has approved a US $3 million settlement that includes compensation for people whose data were on stolen laptops, even if they did not experience identity fraud as a result.......

Categories: security

Indictments in Online Bank Account Theft Scheme (March 17, 2014)

Tue, 2014-03-18 15:00

A federal grand jury in New Jersey has indicted three men in connection with an attempt to steal US $15 million by breaking into accounts at US financial institutions and the Department of Defense's payroll service.......

Categories: security

IBM Says it Provided No Data to NSA (March 16 & 17, 2014)

Tue, 2014-03-18 15:00

IBM says it is not involved with National Security Agency (NSA) surveillance programs and that it has not provided customer data to government entities, or to any other third parties.......

Categories: security

Employee Arrested in UK Grocery Store Payroll Data Theft (March 14 & 17, 2014)

Tue, 2014-03-18 15:00

Police in West Yorkshire, UK have arrested a man in connection with the theft of employee payroll data from the UK supermarket chain Morrisons.......

Categories: security