Make NIST.org your morning IT Security wakeup call. Important security news is automatically added day and night, so you can see at a glance what threats you'll be facing. You'll find this information in the sidebars and in the Newsfeed section. Less time sensitive articles are posted below where topics are looked at more in-depth.
News articles are updated multiple times per day and the IT Security newsfeeds are automatically updated hourly (see main menu). Subscribe to this site's RSS Newsfeed to stay up to date on what's really important.
Be sure to Page Down to see current IT Security News on he sidebars or visit our Newsfeeds page for several more IT Security News sources. Now featuring security news headlines from eEye's Zero-day Tracker, GovExec.com, SecurityFocus, and Ha.ckers.org. Headlines link to the full stories.
Announcing: New Small Screen Security News - 'nist.org/m' [...more]
If you use a Blackberry, Treo, Windows Mobile device, or any other handheld with an Internet connection we encourage you to try our new Small Screen page. This page contains NIST.org headlines, SANS.org Internet Storm Center's RSS feed, and FIRST.org's IT Security News from around the Web. The news headlines from this site are linked to handheld friendly pages. So now by the time you get to work you will already be well informed! Simply go to 'nist.org/m' (we figured you didn't want to type too much before your morning coffee) on your handheld device. This page is currently in Beta so any and all comments or suggestions are welcome (please include what type of device you use).
Registration to NIST.org is Free and removes this Welcome message, as well as some of the advertising [...more]
Registration to NIST.org removes this Welcome message, as well as some of the advertising. Transforming the site in to a very lean, at a glance, IT security news source. It also allows you to post questions and comments. Members can also sign up for our free vulnerability or security compliance newsletters. Registration is free and your information will not be shared with anyone.
NIST.org was established to provide Information Technology (IT) security compliance information regarding FISMA, NIST FIPS, A-130, HSPD-12, C&A, NIST 800 Pubs, IPv6, POA&M, etc. If you don't know what these terms mean you will also find a lot of information concerning IT security, the compliance cornerstone for most of these regulations / laws. IT Security and Compliance
The Government community has a lot of dispersed compliance knowledge; when shared can benefit the entire community. Please visit the forums to ask any questions you may have and if you have any suggestions for improvements please send them to me. This site was established in December of 2005. I need your participation, knowledge, and questions to make it a success (links to nist.org welcome). Feel free to take excerpts from any article here and share with your employees, but please provide a link back to the entire article. No other permission is necessary.
Compliance related news articles are listed below. On the left side you find links to our discussion forum (where else could you go to discuss these issues?), embedded RSS News Feeds from several related websites, and Links to other websites that may have compliance information. On the right side are links to a growing number of compliance and security related whitepapers. Scroll down to see current virus threats from Symantec, security news and vulnerability alerts from US-CERT. In the near future we will be coming out with a free security alert newsletter. To stay up to date on IT compliance and security issues you are encouraged to utilize the NIST.org RSS Newsfeed or stop by daily.
Free Online Antivirus, Spyware, and Firewall Scanners Review
You might be doing everything right with your anti-virus and spyware malware protection. But no product is perfect and a "second opinion" is always valuable. We get a lot of questions on what to do about viruses, spyware, intrusions, etc. There are so many Anti-Spyware scams, fake products, and Trojans out there that we've put together this (non-affliate) list of free help sites. Starting off with a review of free online virus and spyware scanning tools. (updated 3/31/09)No Longer Supported
Posted by NIST.org on Monday 25 January 2010 - 20:38:27 | |
DRAFT Special Publication 800-37 Revision 1 Available
Final Public DRAFT Special Publication 800-37 Revision 1, Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach is now available.No Longer Supported
Posted by NIST.org on Tuesday 17 November 2009 - 20:41:18 | |
News Blog: "Mass Panic! The iPhone Has a Vulnerability"
This can't be good - Researchers at the Black Hat security conference on Thursday showed an iPhone security flaw which exploits a weakness in SMS text messaging to take control of the device. From ComputerWorld
Posted by NIST.org on Thursday 30 July 2009 - 21:09:54 | |
First ZeroDay Exploit Hits Firefox
The Mozilla Firefox browser has its first ever Zeroday exploit. The bug is rated as 'highly critical' by several security organizations. Successful exploit can lead to a hacker having full control over the target computer. (FIXED. See below) No Longer Supported
Posted by NIST.org on Monday 20 July 2009 - 05:11:54 | |
"FBI Probes Hacker's $10 Million Ransom Demand for Stolen Virginia Medical Records"
A hacker has allegedly stolen 8.3 million patient records from a Virginia government Web site that tracks prescription drug abuse. The hacker also is claiming that all of the backup copies on their system have been destroyed. They're demanding a $10 million ransom to return the data and agree not to sell it on the open market (where, according to some experts, it may actually command a fee higher than $10 million).
Posted by NIST.org on Thursday 09 April 2009 - 22:51:20 | |
Conflicker Worm - April Fools Day Likely To Make Fools Out Of Us Either Way
The "Conflicker" worm is set to trigger on April 1st. This one is certainly getting a lot of press. If it goes off and causes a lot of harm everyone will look like fools for not taking it seriously. But if everyone spends tons of additional time and effort on detection and prevention and nothing happens you'll still look foolish. We've included links to basic prevention and removal information below.No Longer Supported
Posted by NIST.org on Monday 30 March 2009 - 21:21:27 | |
ESET NOD32 False Positive for Kryptik.JX Causing Problems
The ESET antivirus program NOD32 triggered a false alarm on a couple of important Windows files and quarantined them. The fix is pretty easy, simply restore them quarantine. Instructions below. No Longer Supported
Posted by NIST.org on Monday 09 March 2009 - 05:12:29 | |
New Report Shows 92 Percent of Critical Microsoft Vulnerabilities are Mitigated by Eliminating Admin Rights
A new study by BeyondTrust found that 92% of critical Microsoft vulnerabilities could have been stopped or mitigated by stopping the practice of giving users "Administrator" rights.No Longer Supported
Posted by NIST.org on Tuesday 03 February 2009 - 21:25:55 | |
Federal Employees At Risk Again From Monster.com Compromise
USAJOBS.GOV is reporting that government employee data was (again) lost by illegal access at Monster.com where the data is hosted. Monster.com users are also affected. There is a high likelihood of phishing attempts from this compromise.No Longer Supported
Posted by NIST.org on Sunday 25 January 2009 - 17:57:36 | |
Microsoft Windows Does Not Disable AutoRun Properly - Technical Cyber Security Alert TA09-020A
Disabling AutoRun on Microsoft Windows systems can help prevent the spread of malicious code. However, Microsoft's guidelines for disabling AutoRun are not fully effective, which could be considered a vulnerability. Technical Cyber Security Alert TA09-020A by: US-CERTNo Longer Supported
Posted by NIST.org on Wednesday 21 January 2009 - 05:16:25 | |
Internet Explorer XML Exploit Allows Remote Code Execution
Released the day after patch Tuesday this Extremely Critical IE exploit is completely different than the IE vulnerability fixed in the Dec 9th patch. This one allows remote code execution if the user visits a web page containing a specially crafted XML document.No Longer Supported
Posted by NIST.org on Sunday 14 December 2008 - 22:17:44 | |
Microsoft Has Released An Extremely Urgent Out of Band Windows Update
Microsoft unexpectedly released a critical Out of Band Windows update that affects Windows 2000, Windows XP and Windows 2003 systems. Exploits have been reported in the wild. Windows Vista can be exploited as well but requires authentication.No Longer Supported
Posted by NIST.org on Thursday 23 October 2008 - 21:33:11 | |
If You Haven't Patched Your DNS Server Yet You're Simply Negligent
The recent DNS cache poisoning vulnerability is being exploited and everyone is vulnerable to it. If you haven't upgraded your DNS servers yet you're putting everyone at risk.No Longer Supported
Posted by NIST.org on Wednesday 06 August 2008 - 21:14:30 | |
Firefox 3.0 Vulnerabilities, 2.0.x Also Vulnerable
Within hours after its release TippingPoint received a vulnerability that affects Firefox 3.0 and previous 2.0.x versions. The vulnerability allows and attacker to execute arbitrary code on the victims computer.No Longer Supported
Posted by NIST.org on Saturday 21 June 2008 - 10:27:49 | |
Ransomware Will Win The War
The well respected Antivirus firm Kaspersky Lab is calling for a massive group effort to break the encryption used by the latest Ransomware. They're asking competitors, governments, and cryptographers to join the effort. But even a massive worldwide computer grid won't win this war.No Longer Supported
Posted by NIST.org on Monday 16 June 2008 - 05:57:58 | |
WordPress Sites Need To Upgrade, The Rest Of Us Need To Watch This Too.
A major security vulnerability has been discovered in the popular WordPress blogging software. The vulnerability may allow an attacker to bypass security restrictions. Being able to bypass security restrictions would allow someone the ability to post malicious code that could attack visitors to that site.No Longer Supported
Posted by NIST.org on Thursday 01 May 2008 - 05:09:19 | |
SQL Injections Continue – 100s of Thousands of URL's Infected
No one is sure of the number of server databases are infected but the guess is over 100,000. The Google searches are over 500,000 hits but many servers have more than one URL showing the infection.No Longer Supported
Posted by NIST.org on Monday 28 April 2008 - 06:06:25 | |
Symantec Raises Threat Level Due To In The Wild Image File Exploits
Symantec has raised the Threatcon to Level 2 due to detection of an in the wild exploit of MS08-021 which allows remote code execution. FrSIRT ranks this as "Critical".No Longer Supported
Free Online Antivirus, Spyware, and Firewall Scanners Review
