- The software flaw that could beam out passwords by DNS read more
- Equifax data breach defense: the latest updates read more
- PCI Issues Security Awareness Guidance read more
- OWASP Testing Guide V4 released September 17th. 2014 read more
- Want to Limit PCI DSS Scope? Use Tokenization read more
- HIPAA Audits: A Revised Game Plan read more
- Draft NIST Special Publication 800-57 Part 3 Revision ... read more
- Adobe fixes critical Flash flaw read more
- Cisco Releases Security Advisory read more
- NIST Releases Preliminary Cybersecurity Framework read more
- CONTRACTORS ASK GSA TO FREEZE CYBER-RELATED REGULATIONS read more
- Google Concedes That Drive-by Prying Violated Privacy read more
- SCADA & Security of Critical Infrastructures read more
- Protecting yourself from Social Engineering Attacks read more
- HIPAA/HITECH Final Rule out this month.... read more
- Mobile Attacks Pose Increasing Threat read more
- 94% of Hospitals Report Data Breaches read more
- Feds Charge Collection Agency Worker in Identity Theft ... read more
- NIST Special Publication 800-38F just released read more
- Obama issues insider threat guidance for gov't agencies read more
NEWS:
Latest News
Latest News
The software flaw that could beam out passwords by DNS
The software flaw that could beam out passwords by DNS
The software flaw that could beam out passwords by DNSEquifax data breach defense: the latest updates
Equifax data breach defense: the latest updates
Equifax data breach defense: the latest updatesPCI Issues Security Awareness Guidance
Experts Say More Focus on Employee Training is Needed
PCI Guidance on Security AwarenessOWASP Testing Guide V4 released September 17th. 2014
OWASP Testing Guide V4 released September 17th. 2014
OWASP Testing Guide V4Want to Limit PCI DSS Scope? Use Tokenization
Want to Limit PCI DSS Scope? Use Tokenization
Want to Limit PCI DSS Scope? Use TokenizationHIPAA Audits: A Revised Game Plan
More On-Site Audits Planned, But All Audits on Hold for Now
HIPAA Audits: A Revised Game PlanDraft NIST Special Publication 800-57 Part 3 Revision 1 - Recommendation for Key Management Part 3: Application-Specific Key Management Guidance
NIST would like to request comments on a Draft Revision of Special Publication (SP) 800-57 Part 3, Recommendation for Key Management: Application-Specific Key Management Guidance.
Draft NIST Special Publication 800-57 Part 3 Revision 1 - Recommendation for Key Management Part 3: Application-Specific Key Management GuidanceAdobe fixes critical Flash flaw
Adobe released an emergency update for its Flash Player plugin for Windows, OS X and Linux to fix a zero-day vulnerability. The fix addresses CVE-2014-0497 a integer underflow vulnerability that can be used to achieve remote code execution. Adobe reports that the vulnerability has been in use in the wild, meaning attackers are already aware of the flaw and actively exploiting it.
Security updates available for Adobe Flash Player
Adobe emphasizes that both Windows and OS X users should consider it priority 1, while Linux users can treat it as priority 3. This suggests the attacks they have seen may be targeting both Mac and Windows users.
Flash Player is embedded into Google Chrome and Microsoft Internet Explorer 11 on Windows 8 and 8.1, so you will need to check for Chrome updates or Windows Updates for these browsers. If you are a Linux user Flash is usually distributed by your distribution's package manager where you normally receive updates.Cisco Releases Security Advisory
Cisco has released a security advisory to address multiple vulnerabilities in Cisco IOS XE Software for 1000 Series Aggregation Services Routers (ASR).
Advisory ID: cisco-sa-20131030-asr1000NIST Releases Preliminary Cybersecurity Framework
The U.S. Department of Commerce's National Institute of Standards and Technology (NIST) today released its Preliminary Cybersecurity Framework (PDF) to help critical infrastructure owners and operators reduce cybersecurity risks in industries such as power generation, transportation and telecommunications. In the coming days, NIST will open a 45-day public comment period on the Preliminary Framework and plans to release the official framework in February 2014, as called for in Executive Order 13636—Improving Critical Infrastructure Cybersecurity.
NIST Releases Preliminary Cybersecurity FrameworkCONTRACTORS ASK GSA TO FREEZE CYBER-RELATED REGULATIONS
Federal suppliers are urging officials to stop computer security rulemakings for contractors until the government issues blanket cyber guidelines for all key industries in the fall.
CONTRACTORS ASK GSA TO FREEZE CYBER-RELATED REGULATIONSGoogle Concedes That Drive-by Prying Violated Privacy
Google Concedes That Drive-by Prying Violated Privacy
read moreSCADA & Security of Critical Infrastructures
SCADA & Security of Critical Infrastructures
read moreProtecting yourself from Social Engineering Attacks
Protecting yourself from Social Engineering Attacks
Learn moreHIPAA/HITECH Final Rule out this month....
The long-awaited expansion of the Health Insurance Portability and Accountability Act of 1996, unveiled Thursday afternoon by the U.S. Department of Health & Human Services, comprises four final rules, according to HHS "which have been combined to reduce the impact and number of times certain compliance activities need to be undertaken by regulated entities."
Learn MoreMobile Attacks Pose Increasing Threat
Malware, Out-of-Band Compromises Get Banks' Attention
Learn More94% of Hospitals Report Data Breaches
94% of Hospitals Report Data Breaches
Learn MoreFeds Charge Collection Agency Worker in Identity Theft Scheme
A federal grand jury returned indictments for a former debt collection agency employee and her accomplice in a scheme that saw her steal personal information on debtors to defraud the U.S. government, according to the Justice Department
Learn MoreNIST Special Publication 800-38F just released
Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping
Learn MoreObama issues insider threat guidance for gov't agencies
The memo describes new standards, which have not been publicly released, to which the agencies must minimally adhere. They include best practices around gathering, analyzing and responding to threat data; monitoring users who access classified information and offering security awareness training to workers.
Learn More