ISC StormCast for Friday, October 31st 2014, (Fri, Oct 31st)

(c) SANS Internet Storm Center. Creative Commons Attribution-Noncommercial 3.0 United States License.

View original:  

ISC StormCast for Friday, October 31st 2014, (Fri, Oct 31st)Read the rest

Shellshock Attacks Stack Up

Organizations are unable to keep up with patching processes and find incident response practices lag in wake of Bash bug.

Security researchers released two new Shellshock-related attack warnings today as they witness criminals increasingly take advantage of the Bash bug in UNIX and Linux systems.… Read the rest

Chip & PIN vs. Chip & Signature

Chip & PIN vs. Chip & Signature


The Obama administration recently issued an executive order requiring that federal agencies migrate to more secure chip-and-PIN based credit cards for all federal employees that are issued payment cards. The move marks a departure from the far more prevalent “chip-and-signature” standard, an approach that has been overwhelmingly adopted by a majority of U.S.… Read the rest

Retailers Now Actively Sharing Cyberthreat Intelligence

The retail industry’s R-CISC has been up and running for four months now and is looking for more retailers to sign up.

When a threat alert arrived about a new malware threat during a recent industry gathering of retailers, a group of them immediately left the room to check in with their home networks.… Read the rest

Android 5.0 Lollipop Upgrades Encryption, Application Control

Google, like most technology companies in this climate, is fighting for the security and privacy of its users’ data on several fronts. With a mobile application ecosystem that invites trouble and government demands for user content and information continuing to rise, Google decided with Android 5.0, also known as Lollipop, to try to turn the tables in its favor.… Read the rest

CSAM Month of False Postives – False Positives from Management, (Thu, Oct 30th)

Often the start of a problem and its solution is receiving a call from a manger, project manager or other non-technical decision maker. Youll know going in that the problem is absolutely real, but the information going in might be a total red herring.… Read the rest

Welcome To My Cyber Security Nightmare

Welcome To My Cyber Security Nightmare

Happy Halloween. Here are three chilling scenarios that will keep even the most hardened infosec warrior awake all night.

This past year, we have seen some pretty scary stuff happen in cyber security. Since Halloween is almost here, I thought I would share some scenarios that keep me up at night.… Read the rest

AOL Releases Transparency Report, Lobbies for USA FREEDOM Act

Noting that Saturday was the 13th anniversary of the passage of the USA PATRIOT Act, the Web giant AOL this week released its latest transparency report, detailing estimations of how many Foreign Intelligence Surveillance Act (FISA) orders and National Security Letters (NSLs) it’s received in the last six months.… Read the rest

The fundamentals of MFA: Procuring multifactor authentication

There are more than a dozen different multifactor authentication products available, and while they all improve security, they do so in subtly different ways — making them easier or harder to deploy, depending on the particular circumstances of a business. On top of this, there are also wide variations in pricing: The range from the lowest to most expensive products can span an order of magnitude, at the least.… Read the rest

Learning statistics with privacy, aided by the flip of a coin

Cross-posted on the Research Blog and the Chromium Blog

At Google, we are constantly trying to improve the techniques we use to protect our users’ security and privacy. One such project, RAPPOR (Randomized Aggregatable Privacy-Preserving Ordinal Response), provides a new state-of-the-art, privacy-preserving way to learn software statistics that we can use to better safeguard our users’ security, find bugs, and improve the overall user experience.… Read the rest