ISC StormCast for Friday, October 31st 2014 http://isc.sans.edu/podcastdetail.html?id=4217, (Fri, Oct 31st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Organizations are unable to keep up with patching processes and find incident response practices lag in wake of Bash bug.
Security researchers released two new Shellshock-related attack warnings today as they witness criminals increasingly take advantage of the Bash bug in UNIX and Linux systems.… Read the rest
The Obama administration recently issued an executive order requiring that federal agencies migrate to more secure chip-and-PIN based credit cards for all federal employees that are issued payment cards. The move marks a departure from the far more prevalent “chip-and-signature” standard, an approach that has been overwhelmingly adopted by a majority of U.S.… Read the rest
The retail industry’s R-CISC has been up and running for four months now and is looking for more retailers to sign up.
When a threat alert arrived about a new malware threat during a recent industry gathering of retailers, a group of them immediately left the room to check in with their home networks.… Read the rest
Google, like most technology companies in this climate, is fighting for the security and privacy of its users’ data on several fronts. With a mobile application ecosystem that invites trouble and government demands for user content and information continuing to rise, Google decided with Android 5.0, also known as Lollipop, to try to turn the tables in its favor.… Read the rest
Often the start of a problem and its solution is receiving a call from a manger, project manager or other non-technical decision maker. Youll know going in that the problem is absolutely real, but the information going in might be a total red herring.… Read the rest
Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.
This past year, we have seen some pretty scary stuff happen in cyber security. Since Halloween is almost here, I thought I would share some scenarios that keep me up at night.… Read the rest
Noting that Saturday was the 13th anniversary of the passage of the USA PATRIOT Act, the Web giant AOL this week released its latest transparency report, detailing estimations of how many Foreign Intelligence Surveillance Act (FISA) orders and National Security Letters (NSLs) it’s received in the last six months.… Read the rest
There are more than a dozen different multifactor authentication products available, and while they all improve security, they do so in subtly different ways — making them easier or harder to deploy, depending on the particular circumstances of a business. On top of this, there are also wide variations in pricing: The range from the lowest to most expensive products can span an order of magnitude, at the least.… Read the rest
At Google, we are constantly trying to improve the techniques we use to protect our users’ security and privacy. One such project, RAPPOR (Randomized Aggregatable Privacy-Preserving Ordinal Response), provides a new state-of-the-art, privacy-preserving way to learn software statistics that we can use to better safeguard our users’ security, find bugs, and improve the overall user experience.… Read the rest