Information Security News
We are having issues with our website at this time, and are looking into the cause. Thanx for the feedback and supporting the ISC.
Update: The layout is back to normal.
We have also heard from Android users about issues with SSL on our website. It appears that the Certificate Authority used to sign our SSL Certificate is not recognized by Android. We don't have a fix for this right now (short of getting a new certificate). This is a well known issue with Android and will hopefully be addressed by Google in future Android patches.
tony d0t carothers --gmail
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Hackers penetrated network servers belonging to Opera Software, stole at least one digital certificate, and then used it to distribute malware that incorrectly appeared to be published by the browser maker.
The attack was uncovered, halted, and contained on June 19, according to a short advisory that Opera published Wednesday morning. While administrators have cleaned the system and have yet to find any evidence of any user data being compromised, the breach still had some troubling consequences.
"The attackers were able to obtain at least one old and expired Opera code signing certificate, which they have used to sign some malware," Wednesday's advisory stated. "This has allowed them to distribute malicious software which incorrectly appears to have been published by Opera Software or appears to be the Opera browser. It is possible that a few thousand Windows users, who were using Opera between June 19 from 1.00 and 1.36 UTC, may automatically have received and installed the malicious software."
Ever since the National Security Agency's secret surveillance program came to light three weeks ago, implicated companies have issued carefully worded statements denying that government snoops have direct or wholesale access to e-mail and other sensitive customer data. The most strenuous denial came 10 days ago, when Apple said it took pains to protect personal information stored on its servers, in many cases by not collecting it in the first place.
"For example, conversations which take place over iMessage and FaceTime are protected by end-to-end encryption so no one but the sender and receiver can see or read them," company officials wrote. "Apple cannot decrypt that data. Similarly, we do not store data related to customers’ location, Map searches or Siri requests in any identifiable form."
Some cryptographers and civil liberties advocates have chafed at the claim that even Apple is unable to bypass the end-to-end encryption protecting them. After all, Apple controls the password-based authentication system that locks and unlocks customer data. More subtly, but no less important, cryptographic protections are highly nuanced things that involve huge numbers of moving parts. Choices about the types of keys that are used, the ways they're distributed, and the specific data that is and isn't encrypted have a huge effect on precisely what data is and isn't protected and under what circumstances.
Cisco has today released four vulnerability advisories:
Affecting Cisco ASA Next-Generation Firewall, Cisco Email Security Appliance, Cisco Content Security Management Appliance, and Cisco Web Security Appliance..
Adrien de Beaupré
My SANS Teaching Schedule
Australia's banks quietly swatting trojan
Australia's banks work around the clock to swat malware that steals from customers' accounts. Photo: Simon Rankin. Australia's banks have been quietly working with a Russian security and forensics firm to swat a nasty banking trojan crafted in the ...
by WIRED UK
For the past two years, a tight-lipped and little talked about unit within the Metropolitan Police has been conducting blanket surveillance of British citizens' public social media conversations. Following an unintentional leak and a detailed investigation, we are finally able to see some of the capabilities of this 17-man team—some of which are truly alarming.
The PRISM scandal engulfing US and UK intelligence agencies has blown the debate wide open over what privacy means in the digital age and whether the Internet risks becoming a kind of Stasi 2.0. The extent of the UK's involvement in this type of mass surveillance—which already appears exhaustive—shows just what a potential intelligence goldmine social media data can be.
But the monitoring of our online trail goes beyond the eavesdroppers in GCHQ.
Posted by InfoSec News on Jun 26http://www.darkreading.com/attacks-breaches/south-korean-universities-targeted-by-ch/240157240
Posted by InfoSec News on Jun 26http://www.calgaryherald.com/news/Poor+data+breach+tracking+reporting+concerns+federal/8571560/story.html
Posted by InfoSec News on Jun 26http://www.eweek.com/security/black-hat-2013-set-to-shine-security-light-on-vulnerabilities/
Posted by InfoSec News on Jun 26https://www.infoworld.com/d/consumerization-of-it/byod-blues-what-do-when-employees-leave-220993