NIST is pleased to announce the release of Special Publication 800-82, Revision 2, Guide to Industrial Control Systems (ICS) Security. Link to the full news announcement about this Special Publication (SP 800-82 Revision 2) can be found on the CSRC News page at: http://csrc.nist.gov/news_events/#june8b Direct link to the SP 800-82 Revision 2 document (in .PDF) […]
I have several websites, but the most visited by far is IT Security News (http://www.ITSecurityNews.info). I receive a lot of spam in it which is caught by the plugin Akismet of WordPress. But, from time to time, I receive an email directed to info@ or other addresses. The latest one looks like the screenshot below and I […]
Not so many people outside of the IT Security business know which are the top 500 companies in this field. Cybersecurity Ventures has published this top: check it here. I am not allowed to reproduce any parts of it, but I can tell you that the number 1 is FireEye. From the AV world, we […]
I read very often about vulnerabilities and companies that got hacked. Many times, the reason for which they got hacked was because some recommendation issued by some smart people (read: security minded people) are ignored. But why are they ignored? I found some articles where several explanations are given for what is called “information avoidance“. […]
The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another 21 critical bugs in Firefox, Chrome, Safari, IE, Adobe Flash, Adobe reader, and last, but definitely not least, the Windows operating system. For those who don’t know the contest, the name “Pwn2Own” is derived from the fact that contestants must “pwn” […]
No, it doesn’t have a name like Heartbleed or POODLE, it was “just” a denial-of-service. “Just” is by no means something to be ignored, but it is less dangerous with the previous vulnerabilities. All users of OpenSSL 1.0.2 should upgrade immediately to version 1.0.2a. In the advisory published on their website the OpenSSL vulnerability is called […]
UPDATE on the FREAK vulnerability in SSL: it affects not only Android and iOS but all Windows versions too. I wrote about the new SSL vulnerability called FREAK – Factoring RSA Export Keys – affects around 36% of all sites trusted by browsers and around 10% of the Alexa top one million domains, according to […]
After Heartbleed, a new security vulnerability in SSL is making headlines and producing again headaches for security experts. As any good and mind blowing (for most people) vulnerability, it has a nice name – FREAK, a CVE number – CVE-2015-0204 and a dedicated website https://freakattack.com/ . FREAK – Factoring RSA Export Keys – affects around […]
My blog post “What is a security expert?” which I published in the (ISC)2 Blog was mentioned in the (ISC)2 EMEA Newsletter: Germany’s Sorin Mustaca, CSSLP takes an analytic look at what it means to be an information security professional, also on the (ISC)² Blog
Because of the huge success of IT Security News website (www.itsecuritynews.info) which aggregates many portals with security news, I decided to replicate the same in German. The list of contributors is not yet as long as the one in English, but it will grow in time. Check the new website: IT Sicherheitsnews auf Deutsch: […]
You must be logged in to post a comment.