T-Mobile customers suffer breach because company relied on Experian

The breach highlights the general insufficiency of any corporate security program that fails to carefully consider the risk exposure represented by trusted third parties given access to or custody of sensitive information.

Retiring an email server with sensitive data on it? Learn some lessons from Clinton

Regardless of how well (or poorly) the server was secured while it was operational, the steps taken to secure the data once the server was no longer in use provide a good example of what not to do.

WordPress security essentials

The good news for WordPress users is that there are multiple security plugins available that enhance site security, provide routine (even continuous) monitoring, and help administrators remove and repair whatever changes or damage an intrusion has caused.

Installing Snort on Windows

On March 12, the Sourcefire team announced the release of Snort 2.9.7.2, the latest update to one of the most popular (and open source) network IDS tools. Detailed instructions for installing Snort on either Ubuntu Linux…

Three years in, FedRAMP offers 3 paths to compliance

The FedRAMP PMO rolled out a new logo and announced the addition of four cloud systems to its list of authorized service providers, bringing the total of authorized solutions to 27.

NIST updates security control assessment procedures

On December 12, the National Institute of Standards and Technology (NIST) Computer Security Division announced the final release of Special Publication 800-53A Revision 4, Assessing Security and Privacy Controls in Federal Information Systems and Organizations. This…

Home Depot breach shows vulnerability of external vendors

In September retailer Home Depot announced a large-scale breach of customer credit-card data, affecting as many as 56 million consumers. The attack bears strong similarities to the theft of customer data Target suffered late last year,…