Make NIST.org your morning IT Security wakeup call. Important security news is automatically added day and night, so you can see at a glance what threats you'll be facing. You'll find this information in the sidebars and in the Newsfeed section. Less time sensitive articles are posted below where topics are looked at more in-depth.
News articles are updated multiple times per day and the IT Security newsfeeds are automatically updated hourly (see main menu). Subscribe to this site's RSS Newsfeed to stay up to date on what's really important.
Be sure to Page Down to see current IT Security News on he sidebars or visit our Newsfeeds page for several more IT Security News sources. Now featuring security news headlines from eEye's Zero-day Tracker, GovExec.com, SecurityFocus, and Ha.ckers.org. Headlines link to the full stories.
Announcing: New Small Screen Security News - 'nist.org/m' [...more]
If you use a Blackberry, Treo, Windows Mobile device, or any other handheld with an Internet connection we encourage you to try our new Small Screen page. This page contains NIST.org headlines, SANS.org Internet Storm Center's RSS feed, and FIRST.org's IT Security News from around the Web. The news headlines from this site are linked to handheld friendly pages. So now by the time you get to work you will already be well informed! Simply go to 'nist.org/m' (we figured you didn't want to type too much before your morning coffee) on your handheld device. This page is currently in Beta so any and all comments or suggestions are welcome (please include what type of device you use).
Registration to NIST.org is Free and removes this Welcome message, as well as some of the advertising [...more]
Registration to NIST.org removes this Welcome message, as well as some of the advertising. Transforming the site in to a very lean, at a glance, IT security news source. It also allows you to post questions and comments. Members can also sign up for our free vulnerability or security compliance newsletters. Registration is free and your information will not be shared with anyone.
NIST.org was established to provide Information Technology (IT) security compliance information regarding FISMA, NIST FIPS, A-130, HSPD-12, C&A, NIST 800 Pubs, IPv6, POA&M, etc. If you don't know what these terms mean you will also find a lot of information concerning IT security, the compliance cornerstone for most of these regulations / laws. IT Security and Compliance
The Government community has a lot of dispersed compliance knowledge; when shared can benefit the entire community. Please visit the forums to ask any questions you may have and if you have any suggestions for improvements please send them to me. This site was established in December of 2005. I need your participation, knowledge, and questions to make it a success (links to nist.org welcome). Feel free to take excerpts from any article here and share with your employees, but please provide a link back to the entire article. No other permission is necessary.
Compliance related news articles are listed below. On the left side you find links to our discussion forum (where else could you go to discuss these issues?), embedded RSS News Feeds from several related websites, and Links to other websites that may have compliance information. On the right side are links to a growing number of compliance and security related whitepapers. Scroll down to see current virus threats from Symantec, security news and vulnerability alerts from US-CERT. In the near future we will be coming out with a free security alert newsletter. To stay up to date on IT compliance and security issues you are encouraged to utilize the NIST.org RSS Newsfeed or stop by daily.
Internet Explorer XML Exploit Allows Remote Code Execution
Released the day after patch Tuesday this Extremely Critical IE exploit is completely different than the IE vulnerability fixed in the Dec 9th patch. This one allows remote code execution if the user visits a web page containing a specially crafted XML document.
Microsoft Has Released An Extremely Urgent Out of Band Windows Update
Microsoft unexpectedly released a critical Out of Band Windows update that affects Windows 2000, Windows XP and Windows 2003 systems. Exploits have been reported in the wild. Windows Vista can be exploited as well but requires authentication.
If You Haven't Patched Your DNS Server Yet You're Simply Negligent
The recent DNS cache poisoning vulnerability is being exploited and everyone is vulnerable to it. If you haven't upgraded your DNS servers yet you're putting everyone at risk.
Firefox 3.0 Vulnerabilities, 2.0.x Also Vulnerable
Within hours after its release TippingPoint received a vulnerability that affects Firefox 3.0 and previous 2.0.x versions. The vulnerability allows and attacker to execute arbitrary code on the victims computer.
The well respected Antivirus firm Kaspersky Lab is calling for a massive group effort to break the encryption used by the latest Ransomware. They're asking competitors, governments, and cryptographers to join the effort. But even a massive worldwide computer grid won't win this war.
WordPress Sites Need To Upgrade, The Rest Of Us Need To Watch This Too.
A major security vulnerability has been discovered in the popular WordPress blogging software. The vulnerability may allow an attacker to bypass security restrictions. Being able to bypass security restrictions would allow someone the ability to post malicious code that could attack visitors to that site.
SQL Injections Continue – 100s of Thousands of URL's Infected
No one is sure of the number of server databases are infected but the guess is over 100,000. The Google searches are over 500,000 hits but many servers have more than one URL showing the infection.
Symantec Raises Threat Level Due To In The Wild Image File Exploits
Symantec has raised the Threatcon to Level 2 due to detection of an in the wild exploit of MS08-021 which allows remote code execution. FrSIRT ranks this as "Critical".
If you don't have the time or interest to read about the latest IT security news the SANS.org podcast or some of the other security podcasts might help you keep up.
Vulnerabilities have been discovered in an ActiveX control that ships with several Symantec products, including Norton AntiVirus, Norton Internet Security, Norton 360, and Norton SystemWorks.
MS Excel "Extremely Critical" Vulnerability Allows Remote Code Execution
Microsoft has posted information about a new "Extremely Critical" zeroday vulnerability in MS Excel. This vulnerability effects most versions of Excel on both Windows and Mac OS X.
Highly Critical and Extremely Critical Vulnerabilities in Lotus Notes and Apple Quicktime
Lotus Notes R6.5.x through R8.x contains a Highly Critical vulnerability with its Lotus 123 viewer. Successful exploitation allows execution of arbitrary code. Apple Quicktime contains an Extremely Critical vulnerability that can be exploited via an email attachment or by visiting a malicious website.
New Phishing Scam Hitting Hard, No Clicks Required
A new method is being used to phish for credit card numbers that is fooling a lot more people. In this scam the user never has to figure out if a link is good or not because they never have to click on anything. Its all very familiar to them because they've done it before.
RealNetworks has released a fix for an Extremely Critical vulnerability. Successful exploitation, through a playlist file, allows execution of arbitrary code.
Transient Electromagnetic Devices (TEDs) Can Threaten Our IT Infrastructure
Many people recognize an old term – electromagnetic pulse or EMP. The ElectroMagnetic Pulse (EMP) effect was first observed during the early testing of high altitude airburst nuclear weapons. In the past EMP's generally required the use of a nuclear detonation. Today a destructive EMP can be produced without the use of a nuclear device. The development of Transient Electromagnetic Devices (TEDs) now makes the threat of an EMP attack much more likely.
Critical Vulnerability in Acrobat and Acrobat Reader can lead to Remote Code Execution
FrSIRT is reporting a Critical vulnerability in several Acrobat products that can be exploited to run arbitrary code. Basically opening a specially crafted PDF file can lead to an attacker running executable code of their choice on your computer. All versions 8.1 and prior are affected.
Unless you have lots of IT staff on-hand or really good monitoring you might not know for weeks that your public webserver has been compromised. Servers aren't always defaced or brought down. One thing that can help is to monitor your abuse@yourdomain.com email.
