SANS NewsBites

Syndicate content SANS NewsBites
All Stories From Vol: 16 - Issue: 74
Updated: 23 hours 34 min ago

Samba Flaw Could be Exploited to Gain Root Privileges (August 3 & 4, 2014)

Tue, 2014-08-05 15:00

A critical flaw in Samba could be exploited to gain network access with administrative privileges.......

Categories: security

PF Chang's Identifies Restaurants Possibly Affected by Breach (August 4, 2014)

Tue, 2014-08-05 15:00

PF Chang's has identified 33 restaurants from which customer data may have been taken during a breach of point-of-sale systems.......

Categories: security

Researchers Found Security Issues at Healthcare Facilities (August 3, 2014)

Tue, 2014-08-05 15:00

According to research conducted by Norse for a SANS report, between September 2012 and October 2013, identified nearly 50,000 unique malicious events on health care networks and more than 700 unique malicious source IP addresses.......

Categories: security

Jimmy John's Investigating Report of Breach (July 31, 2014)

Tue, 2014-08-05 15:00

Illinois-based sandwich restaurant chain Jimmy John's says it is investigating reports that its systems suffered an intrusion, which led to the compromise of customer payment card information.......

Categories: security

Australian Optometry Firm Loses Defence Dept. Contract After Outsourcing Claims (July 25, 2014)

Tue, 2014-08-05 15:00

Australian optometry company Luxottica lost its contract with the Australian Defence Force (ADF) after the ADF learned that the company had outsourced claims work that included patient data.......

Categories: security

BadUSB Proof-of-Concept Tools Demonstrate Security Risks Inherent in USB Design (July 31, 2014)

Fri, 2014-08-01 15:00

While most people are aware that USB drives carry risks of spreading malware - don't let executable files run if you're not sure of the device's provenance - a more concerning security issue lies at their core.......

Categories: security

US-CERT Issues Warning About Backoff Point-of-Sale Malware (July 31, 2014)

Fri, 2014-08-01 15:00

A joint advisory from the US Department of Homeland Security (DHS) and the Secret Service warns that attackers are exploiting publicly available remote access tools to infect retailers' point-of-sale systems with malware known as Backoff.......

Categories: security

CIA Director Apologizes for Unauthorized Access of Senate Committee Computers (July 31, 2014)

Fri, 2014-08-01 15:00

CIA Director John Brennan has apologized to the Senate Intelligence Committee for improperly accessing Senate computers during the Senate's investigation into Bush-era interrogation practices.......

Categories: security

Judge Says Microsoft Must Turn Over eMails Stored on Server in Ireland (July 31, 2014)

Fri, 2014-08-01 15:00

A US District Judge in New York has ordered Microsoft to turn over email records stored on a company server in Ireland to US authorities.......

Categories: security

Attack on TOR Attempted to Strip Traffic Anonymization (July 30, 2014)

Fri, 2014-08-01 15:00

The TOR Project has issued an advisory about malicious relays being used to launch an attack on the TOR network that persisted for five months and may have revealed identifying information about the network's users.......

Categories: security

DHS Wants Corporate Boards to Make Cyber Security a Priority (July 30, 2014)

Fri, 2014-08-01 15:00

A high-level official at the US Department of Homeland Security (DHS) is urging companies to make cyber security policy a top priority for the board of directors.......

Categories: security

Researcher Finds Vulnerabilities in Antivirus Products (July 29 & 30, 2014)

Fri, 2014-08-01 15:00

A researcher in Singapore examined antivirus products and found remotely exploitable flaws in 14 of them.......

Categories: security

Canadian Government Points Finger at China for National Research Council Breach (July 29 & 30, 2014)

Fri, 2014-08-01 15:00

The Canadian government says that attacks on the country's National Research Council were conducted by "a highly sophisticated Chinese state-sponsored actor.......

Categories: security

House Passes Bills to Address Critical Infrastructure Security (July 29, 2014)

Fri, 2014-08-01 15:00

The US House of Representatives has approved legislation aimed at improving the cyber security of companies that operate elements of the country's critical infrastructure.......

Categories: security

House Bill Would Require Federal CIOs to Sign Off on Web Site Security (July 29, 2014)

Fri, 2014-08-01 15:00

A bill passed by the House of Representatives would require federal websites that retain personally identifiable information to be certified as secure by an agency chief information officer.......

Categories: security

Russian Government Seeking Technology to Break Tor Anonymity (July 25 & 28, 2014)

Tue, 2014-07-29 15:00

The Russian government is offering a 3.......

Categories: security

Court Fines Phony Antivirus Purveyors US $5.1 Million (July 28, 2014)

Tue, 2014-07-29 15:00

A federal court in New York has issued default judgments against 14 companies for selling phony antivirus products.......

Categories: security

Dept. of Commerce IG Report Finds "Significant" Security Issues at NOAA (July 28, 2014)

Tue, 2014-07-29 15:00

According to a report from the US Department of Commerce's office of inspector general, satellite data were stolen from a National Oceanic and Atmospheric Administration (NOAA) contractor's personal computer last year, but there has not been an investigation because the employee refused to allow NOAA to conduct a forensic investigation on the laptop.......

Categories: security

Attackers Exploiting Flaws in Elasticsearch to Use Amazon's Cloud Service for DDoS Attacks (July 28, 2014)

Tue, 2014-07-29 15:00

Attackers have discovered a way to use Amazon cloud services to launch distributed denial-of-service (DDoS) attacks on other websites by exploiting flaws in Elasticsearch, an open-source analytics application.......

Categories: security

Siemens Releases Updates to Fix Flaws in Two SIMATIC Builds (July 25, 2014)

Tue, 2014-07-29 15:00

Siemens has released security updates for two SIMATIC builds to address five vulnerabilities, four of which can be exploited remotely.......

Categories: security