Optimal Security : the Lumension Blog

As businesses move at a rapid pace to integrate social media as part of their overall corporate strategy to engage, build brand awareness and drive thought leadership, unfortunately, security has taken a back seat leaving businesses wide open to these Web 2.0 threats. The use of Web 2.0 has opened new risk channels for the [...]

We recently sat down with Michael Rasmussen, President and Risk & Compliance Advisor at Corporate Integrity, to discuss how public sector organizations can meet the requirements of FISMA in a cost-efficient but effective manner.
Q. How are public sector organizations adapting to FISMA compliance and why is this critical?
A. Federal agencies are trying to make the [...]

The latest fifth annual US Cost of a Data Breach study by the Ponemon Institute and sponsored by PGP was released this week. [Disclosure: Lumension has a relationship with the good folks at Ponemon.] The key findings of this report are well articulated in the Executive Summary …

US organizations continue to experience an increased cost [...]

Education is still key to IT security. Just look at users’ passwords. The New York Times reported last week on a study that exposed the overwhelming simplicity of users’ password choices.
According to the study, which was conducted by Imperva, 20 percent of Web users choose a very simplistic password that can be easily guessed — [...]

About a hundred years ago (in Internet terms … so, a couple of years back), I learned about RealPlayer the hard way. Despite the warnings from my friend and all-around knowledgeable good guy Tim, I installed it on my lappie so I could play some interesting bit of fluff from the Internet. I then spent [...]

Not sure this is entirely coincidental, but Mozilla released Firefox 3.6 on Jan. 21 – the same day that Microsoft announced their out-of-band patch to the so-called Google Attack / Aurora exploit / IE zero-day. Perhaps fortuitous is a better way of putting it.
My colleagues Don Leatham and Paul Zimski have both weighed in on [...]

There is a new Internet Explorer zero-day vulnerability this week that is at the center of “in-the-wild” attacks targeting large corporations including Google and Adobe.  As the research and vendor communities have been deconstructing the vulnerability, automated attack tools and various methodologies used to carry out the attack, a number of facts and mitigation steps [...]

Today, Microsoft released an out-of-band security patch: Microsoft Security Bulletin MS10-002 – Critical, Cumulative Security Update for Internet Explorer (978207).  MS10-002 address the previously announced flaw in Internet Explorer that has been widely reported as the key attack vector in reported attacks against Google and other companies by entities based in China (MS Security Advisory [...]

Having a security problem on the front page of the Wall Street Journal is never a good thing for the companies involved, but it can be instructive for everyone else. Unfortunately, many will ignore the high-profile coverage of China’s spear phishing attack on Google, Adobe and over thirty other businesses. They will think that this [...]

Paul Henry, Forensics and Security Analyst, provides his insights in this January 2010 Patch Tuesday Security Briefing.