Make NIST.org your morning IT Security wakeup call. Important security news is automatically added day and night, so you can see at a glance what threats you'll be facing. You'll find this information in the sidebars and in the Newsfeed section. Less time sensitive articles are posted below where topics are looked at more in-depth.
News articles are updated multiple times per day and the IT Security newsfeeds are automatically updated hourly (see main menu). Subscribe to this site's RSS Newsfeed to stay up to date on what's really important.
Be sure to Page Down to see current IT Security News on he sidebars or visit our Newsfeeds page for several more IT Security News sources. Now featuring security news headlines from eEye's Zero-day Tracker, GovExec.com, SecurityFocus, and Ha.ckers.org. Headlines link to the full stories.
Announcing: New Small Screen Security News - 'nist.org/m' [...more]
If you use a Blackberry, Treo, Windows Mobile device, or any other handheld with an Internet connection we encourage you to try our new Small Screen page. This page contains NIST.org headlines, SANS.org Internet Storm Center's RSS feed, and FIRST.org's IT Security News from around the Web. The news headlines from this site are linked to handheld friendly pages. So now by the time you get to work you will already be well informed! Simply go to 'nist.org/m' (we figured you didn't want to type too much before your morning coffee) on your handheld device. This page is currently in Beta so any and all comments or suggestions are welcome (please include what type of device you use).
Registration to NIST.org is Free and removes this Welcome message, as well as some of the advertising [...more]
Registration to NIST.org removes this Welcome message, as well as some of the advertising. Transforming the site in to a very lean, at a glance, IT security news source. It also allows you to post questions and comments. Members can also sign up for our free vulnerability or security compliance newsletters. Registration is free and your information will not be shared with anyone.
NIST.org was established to provide Information Technology (IT) security compliance information regarding FISMA, NIST FIPS, A-130, HSPD-12, C&A, NIST 800 Pubs, IPv6, POA&M, etc. If you don't know what these terms mean you will also find a lot of information concerning IT security, the compliance cornerstone for most of these regulations / laws. IT Security and Compliance
The Government community has a lot of dispersed compliance knowledge; when shared can benefit the entire community. Please visit the forums to ask any questions you may have and if you have any suggestions for improvements please send them to me. This site was established in December of 2005. I need your participation, knowledge, and questions to make it a success (links to nist.org welcome). Feel free to take excerpts from any article here and share with your employees, but please provide a link back to the entire article. No other permission is necessary.
Compliance related news articles are listed below. On the left side you find links to our discussion forum (where else could you go to discuss these issues?), embedded RSS News Feeds from several related websites, and Links to other websites that may have compliance information. On the right side are links to a growing number of compliance and security related whitepapers. Scroll down to see current virus threats from Symantec, security news and vulnerability alerts from US-CERT. In the near future we will be coming out with a free security alert newsletter. To stay up to date on IT compliance and security issues you are encouraged to utilize the NIST.org RSS Newsfeed or stop by daily.
Free Online Antivirus, Spyware, and Firewall Scanners Review
You might be doing everything right with your anti-virus and spyware malware protection. But no product is perfect and a "second opinion" is always valuable. We get a lot of questions on what to do about viruses, spyware, intrusions, etc. There are so many Anti-Spyware scams, fake products, and Trojans out there that we've put together this (non-affliate) list of free help sites. Starting off with a review of free online virus and spyware scanning tools. (updated 3/31/09)
DRAFT Special Publication 800-37 Revision 1 Available
Final Public DRAFT Special Publication 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach is now available.
News Blog: "Mass Panic! The iPhone Has a Vulnerability"
This can't be good - Researchers at the Black Hat security conference on Thursday showed an iPhone security flaw which exploits a weakness in SMS text messaging to take control of the device. From ComputerWorld
The Mozilla Firefox browser has its first ever Zeroday exploit. The bug is rated as 'highly critical' by several security organizations. Successful exploit can lead to a hacker having full control over the target computer. (FIXED. See below)
"FBI Probes Hacker's $10 Million Ransom Demand for Stolen Virginia Medical Records"
A hacker has allegedly stolen 8.3 million patient records from a Virginia government Web site that tracks prescription drug abuse. The hacker also is claiming that all of the backup copies on their system have been destroyed. They're demanding a $10 million ransom to return the data and agree not to sell it on the open market (where, according to some experts, it may actually command a fee higher than $10 million).
Conflicker Worm - April Fools Day Likely To Make Fools Out Of Us Either Way
The "Conflicker" worm is set to trigger on April 1st. This one is certainly getting a lot of press. If it goes off and causes a lot of harm everyone will look like fools for not taking it seriously. But if everyone spends tons of additional time and effort on detection and prevention and nothing happens you'll still look foolish. We've included links to basic prevention and removal information below.
ESET NOD32 False Positive for Kryptik.JX Causing Problems
The ESET antivirus program NOD32 triggered a false alarm on a couple of important Windows files and quarantined them. The fix is pretty easy, simply restore them quarantine. Instructions below.
New Report Shows 92 Percent of Critical Microsoft Vulnerabilities are Mitigated by Eliminating Admin Rights
A new study by BeyondTrust found that 92% of critical Microsoft vulnerabilities could have been stopped or mitigated by stopping the practice of giving users "Administrator" rights.
Federal Employees At Risk Again From Monster.com Compromise
USAJOBS.GOV is reporting that government employee data was (again) lost by illegal access at Monster.com where the data is hosted. Monster.com users are also affected. There is a high likelihood of phishing attempts from this compromise.
Microsoft Windows Does Not Disable AutoRun Properly - Technical Cyber Security Alert TA09-020A
Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft's guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability. Technical Cyber Security Alert TA09-020A by: US-CERT
Internet Explorer XML Exploit Allows Remote Code Execution
Released the day after patch Tuesday this Extremely Critical IE exploit is completely different than the IE vulnerability fixed in the Dec 9th patch. This one allows remote code execution if the user visits a web page containing a specially crafted XML document.
Microsoft Has Released An Extremely Urgent Out of Band Windows Update
Microsoft unexpectedly released a critical Out of Band Windows update that affects Windows 2000, Windows XP and Windows 2003 systems. Exploits have been reported in the wild. Windows Vista can be exploited as well but requires authentication.
If You Haven't Patched Your DNS Server Yet You're Simply Negligent
The recent DNS cache poisoning vulnerability is being exploited and everyone is vulnerable to it. If you haven't upgraded your DNS servers yet you're putting everyone at risk.
Firefox 3.0 Vulnerabilities, 2.0.x Also Vulnerable
Within hours after its release TippingPoint received a vulnerability that affects Firefox 3.0 and previous 2.0.x versions. The vulnerability allows and attacker to execute arbitrary code on the victims computer.
The well respected Antivirus firm Kaspersky Lab is calling for a massive group effort to break the encryption used by the latest Ransomware. They're asking competitors, governments, and cryptographers to join the effort. But even a massive worldwide computer grid won't win this war.
WordPress Sites Need To Upgrade, The Rest Of Us Need To Watch This Too.
A major security vulnerability has been discovered in the popular WordPress blogging software. The vulnerability may allow an attacker to bypass security restrictions. Being able to bypass security restrictions would allow someone the ability to post malicious code that could attack visitors to that site.
SQL Injections Continue – 100s of Thousands of URL's Infected
No one is sure of the number of server databases are infected but the guess is over 100,000. The Google searches are over 500,000 hits but many servers have more than one URL showing the infection.
Symantec Raises Threat Level Due To In The Wild Image File Exploits
Symantec has raised the Threatcon to Level 2 due to detection of an in the wild exploit of MS08-021 which allows remote code execution. FrSIRT ranks this as "Critical".
Free Online Antivirus, Spyware, and Firewall Scanners Review
