Optimal Security : the Lumension Blog

As expected, we have a large release from Microsoft covering 15 bulletins, 9 of which are critical. This will be a disruptive Patch Tuesday given the broad range of products impacted and the required restarts. Initial priorities should always be the 9 critical vulnerabilities followed by the remaining balance of important and moderate patches. 
August Critical [...]

As more malware writers began to incorporate the Microsoft LNK issue (CVE-2010-2568) into their malicious code, Microsoft last week published a workaround and is [...]

While our budget-constrained defenses remain relatively static, the threat vector continues to change. Historically in network security, attackers seem to regularly stay one step ahead of defenders. I have watched the arms race unfold for more than two decades as attackers worked their way up the OSI stack from network layer attacks like the infamous [...]

Before getting flamed as an Apple basher, first let me state that I like Apple products. I am not foolishly going to disregard the risks of the environment we live / work in today however. In my business and personal life I own 3 Apple laptops, 4 Apple desktops, 2 iPads and 2 iPhones. Along [...]

Paul Henry, Forensics and Security Analyst, provides his insights in this July 2010 Patch Tuesday Security Briefing.

As we ended 2009 and entered 2010, many predicted that 2010 was poised to go down in history as “the year of insider threats”. It was not a risky prediction to make considering our economic peril and our industries continued unwavering albeit misplaced focus on the gateway rather then endpoint security.
The Worldwide State of the [...]

Reflecting on recent headlines that Google was going to drop Windows usage for desktops and move to Linux or OS X (Apple) reminded me of advice I received very early on in my security career – no operating system is the holy grail and you are always better off working with one you are more [...]

Paul Henry, Forensics and Security Analyst, provides his insights in this June 2010 Patch Tuesday Security Briefing.

Identity theft is not the only concern associated with the decline in privacy at Facebook. The increased publicly available personal information on Facebook will undoubtedly fuel enterprise spear phishing attacks. Why hack the enterprises’ perimeter security when you can simply trick an insider into opening a file that installs malware?
The erosion [...]

Paul Henry, Forensics and Security Analyst, provides his insights in this May 2010 Patch Tuesday Security Briefing.