Optimal Security : the Lumension Blog

Paul Henry, Forensics and Security Analyst, provides his insights in this March 2010 Patch Tuesday Security Briefing.

Today’s Patch Tuesday release is being overshadowed by a new zero-day vulnerability in Internet Explorer that can allow remote code execution. The exploit reportedly is currently being used in targeted attacks in the wild. It was reported today in an advisory by Microsoft - the same day they released the monthly patches for March 2010.
From [...]

I recently sat down with Anthony Sica, Executive Director of Information Technology at Shiseido America, to get his perspectives on the changing threat landscape and the evolving role of those in charge of Information Technology. For the past six years, Tony has been in charge of infrastructure, end user computing, data centers, and compliance for [...]

As I’ve discussed before, one of the requirements of the HITECH Act is for the Secretary of the Department of Health & Human Services (HHS) to publish a list of all breaches of healthcare data covered by the HIPAA security rule on a yearly basis. The first such publication has been made, covering the period [...]

In light of all of the widely varying commentary on the Advanced Persistent Threat (APT) issue I have been reading about on the Internet, I wanted to weigh in with my opinion on the issue.
APT - the New Menace?
For the past 20 years, we have at best only reacted to the changing Internet threats [...]

So, a couple of weeks ago we were all very concerned about the MS10-015 patch included in the February security update from Microsoft which seemed to cause the dreaded Blue Screen of Death (BSOD) on some machines. As we “went to press” with our blog post, the news was just breaking that the underlying cause [...]

Makes Us Wonder if Web 2.0 / Social Apps are a Boon or a Bane.

Today, Wednesday, February 17, 2010, marks one year since the HITECH Act of 2009 passed. This means that most of the Act’s provisions are now enforceable – particularly, the breach notification and penalties aspect of the Act. While most healthcare organizations are concerned about the “meaningful use” requirement, for us in the IT security space [...]

So, another Patch Tuesday has passed – and it was a big one. But the news late Thursday 02/11 was a bit less nice: it seems that one of the patches included causes that dreaded BSOD on certain Windows XP boxes.
Microsoft is aware of the problem, which involves the MS10-015 bulletin (aka the 17-year-old Windows [...]

Paul Henry, Forensics and Security Analyst, provides his insights in this February 2010 Patch Tuesday Security Briefing.