SANS ISC: Information Security News

• SANS Site Network
  • Current Site
  • Internet Storm Center
  • Other SANS Sites Help
  • Graduate Degree Programs
  • Security Training
  • Security Certification
  • Security Awareness Training
  • Penetration Testing
  • Industrial Control Systems
  • Cyber Defense Foundations
  • DFIR
  • Software Security
  • Government OnSite Training

Information Security News

1 day ago Do developers take full responsibility for security? MongoDB finds only a third do

MongoDB poll suggests organizations haven't got to grips with DevSecOps but are headed in the right direction.

1 day ago Unpatched VPN Servers Hit by Apparent Iranian APT Groups

Backdoored: Fortinet, Palo Alto and Pulse Secure VPN Servers; Citrix GatewaysUnpatched Fortinet, Palo Alto and Pulse Secure VPN servers, as well as Citrix gateways, continue to be targeted by hackers, who are exploiting critical flaws to install backdoors inside corporate networks. Security firm ClearSky warns that apparent Iranian APT attackers are the latest to join the fray.

1 day ago Peripherals With Unsigned Firmware Expose Windows, Linux Computers to Attacks

Peripheral devices with unsigned firmware can expose Windows and Linux machines to attacks, allowing hackers to install stealthy and persistent malware, steal valuable information, or take control of a computer.

1 day ago Python, microservices, and more tech trends for 2020, according to O'Reilly

Interest in Kubernetes is increasing, and DevOps is losing steam, based on O'Reilly survey findings.

54 minutes ago EU Proposes Rules for Artificial Intelligence to Limit Risks

The European Union unveiled proposals Wednesday to regulate artificial intelligence that call for strict rules and safeguards on risky applications of the rapidly developing technology.

2 hours ago Watchdog ponders tougher independent oversight for Australia's encryption laws

There's no sign of mass surveillance, but the Independent National Security Legislation Monitor suggests a UK-style 'double lock' system for authorising access to encrypted communications.

2 hours ago Vulnerable Out of Band Consoles Put Industrial Assets at Risk

Researchers Find Internet-Exposed, Poorly Protected Out of Band Consoles Commonly Used in Maritime and Oil & Gas Industries

3 hours ago Exclusive: Details of 10.6 million MGM hotel guests posted on a hacking forum

MGM Resorts said security incident took place last summer and notified impacted guests last year.

5 hours ago Exclusive: Details of 10.6 million of MGM hotel guests posted on a hacking forum

MGM Resorts said security incident took place last summer and notified impacted guests last year.

7 hours ago Health Data Breach Tally Update: 2020 Trends

Email-Related Incidents Continue to Dominate, But Other Breaches Still Popping UpHacking incidents involving email appear to be the most common type of major health data breach being reported to federal regulators so far in 2020. But the largest breach added to the tally involved a type of incident rarely seen in recent years: the theft of an unencrypted laptop.

7 hours ago Live Webinar: How to Address Fraud Through the Use of Risk Analytics

8 hours ago Preview: 12 Top Keynote Sessions at RSA Conference 2020

Cryptography, Critical Infrastructure, Supply Chain, Bug Bounties and MoreAre you attending the RSA 2020 conference? To help navigate the show, here's a preview of 12 top keynote sessions featuring some of the biggest names in cybersecurity tackling critical subjects, including cryptography, critical infrastructure security, bug bounties and supply chain risks.

11 hours ago Security holes in 2G and 3G networks will pose a risk for next several years

Despite the growth of 5G and 4G, older network technologies beset with certain security flaws will be around for many more years, says enterprise security provider Positive Technologies.

11 hours ago SentinelOne Achieves Unicorn Status After $200 Million Funding Round

Endpoint security firm SentinelOne on Wednesday announced that it has raised $200 million in a Series E funding round, at a valuation of more than $1.1 billion, which gives the company "unicorn" status.