Interesting commentary by Adrian Lane, Analyst and CTO of Securosis, writing at DarkReading, and targeting the truncated utilization of DAM, the acronym for Database Activity Monitoring. In this case, the widespread lack of proper deployment and implementation of the query blocking mechanisms inherent to nearly all DAM products.
Coupled with the apparent lack of core competency in the DAM arena, clients of the software manufacturers flogging theses products are probably also deficient in at least three other fundamental aspects of DBMS security activity monitoring products:  Education / Training within the scope of the products,  Scrutiny of the Monitoring Log Output, and  probably the key to everything - the ability to read SQL statements.
The National Institute of Standards and Technology's (NIST) National Cybersecurity Center of Excellence (NCCoE) within the mandated scope of the Center's efforts to address industry's needs, has announced its intention to sponsor the first Federally Funded Research and Development Center (FFRDC) dedicated to the Center's work. Outstanding.
via 925Mac, and discovered by Subhransu Behera, comes news of a data security failure in the Mailbox Apple Inc. (NasdaqGS: AAPL) iOS application, recently purchased by Dropbox (also not known for their attention to detail in the security arena). The exploit revealed by Behera requires physical access to the device.
Reported by Bloomberg's Karin Matusek and edited by Anthony Aarons comes this well-wrought screed focusing on the recent targeted Bundesrepublik Deutschland fine of Google Inc. (NasdaqGS: GOOG), due to privacy violation in the European Union. The key issue here - other than the obvious egregious criminal privacy infractions - is the unbelievably low sum the search leviathan has been ordered to cough up. As it were...
'Tor was originally designed, implemented, and deployed as a third-generation onion routing project of the U.S. Naval Research Laboratory. It was originally developed with the US Navy in mind, for the primary purpose of protecting government communications. Today, it is used every day for a wide variety of purposes by normal people, the military, journalists, law enforcement officers, activists, and many others...' - via the Tor Project
Evidently, the Federal Consumer Financial Protection Bureau [The Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 created the CFPB, additionally, President Obama appointed Richard Cordray as the first Director of the CFPB, during the month of January 2012] is requesting records from various (and in this case - sundry) financial organizations, banks, credit bureaus, et cetera) in a bid ot leverage data analytics for contemplated enforcement actions. Further, the financial organizations mentioned, are, how shall we say - pushing back...
News, via the inimitable Brian Krebs, at Krebs On Security, of a nationwide, and apparently large(ish) data security breach at a Starbucks Corporation (NasdaqGS: SBUX) subsidiary - monikered Teavana - Starbucks Corporation reportedly tendered $620 million in cash to purchase Teavana Holdings Inc in late 2012. Starbucks Corporation, is evidently declining to confirm a breach at the recently purchased subsidiary. Notwithstanding this misguided reticence [on part of the corporation] if Brian Krebs is reporting it, there is a strong foundation for the security incident to be true, and accurate.
via AgileBits blogger Jeff, comes this well written explanatory post, detailing the recent news of Hashcat's capability to crack (as it were) 1Password Master Passwords, and the fallout, thereof. Our advice: Craft a well-built, complex master password when utilziing any password managment facility. That is All.