Optimal Security : the Lumension Blog

Secunia http://secunia.com/blog/44/ just announced they have found the underlying exploit in the current Adobe PDF issue does not require that JavaScript be enabled in order to get the exploit to work. While current versions can be prevented from executing by disabling JavaScript, it is expected that future versions will not.
Hence, the reliance on simply disabling [...]

Whether the economy is doing well or not, business leaders are always looking for the technological edge to bump up productivity and get more out of their workers. But new innovations always introduce new risks. The hallmark of a good C-level executive is the ability to balance the benefit of innovation with solid risk mitigation.

Sadly, [...]

An Adobe vulnerability CVE-2009-0658 is actively being used in the wild as “Trojan.Pidief.E.” in targeted attacks and Adobe does currently not plan to release a patch until March 11th at best.
The Adobe vulnerability is a variation of a buffer overflow commonly referred to as a “Heap Spray” in JBIG2 compression routines in PDF files and [...]

Considering that over 90 percent of cyber attacks exploit known security flaws, vulnerability management has never had greater importance than today when it comes to managing risks.  It remains the single most effective security defense a company can undertake to manage its greatest amount of risk with the lowest possible cost.
While the current economic conditions [...]

It’s hard to know what to think about the security travails at one of our premier research institutes, the Los Alamos National Laboratory (LANL) in New Mexico. Now operated by Los Alamos National Security, LLC (LANS, which is a consortium made up of UC Berkeley, Bechtel and others) for the National Nuclear Security Administration (NNSA), [...]

According to this by Maryland-based blogger/attorney Judd Legum, the state Office of Legislative Information Services there banned access to Facebook and MySpace last week. And not for the usual time-wasting or inappropriate usage reasons. Nope, it was the “significant increase in viruses and malware … [which they] have determined … are originating from pages hosted [...]

We’ve hardly stepped into 2009, yet it has already become clear that we’re in for another rocky year when it comes to headline data breaches, botnets, and social networking threats. Just look at our Annual Report and Threat Predictions for 2009. It is enough to make a security guy like myself shake his head because [...]

Here’s another entry in one of my fundamental observations about computer security: in the end, it comes down to applying human intelligence.
A friend who works in the banking industry pointed this lovely advert out to me …

Needless to say, this made it onto the pages of failblog.com, entitled “Scam Fail” (see here). Bwa-ha-ha-ha-ha-haaaa.
But before we [...]

OK … this is getting a bit much. On Tuesday (02/03), Lenny Zeltser reported on SANS that some enterprising soul has been going around parking lots in Grand Forks, ND and leaving fliers on windshields purporting to be a parking violation. These fliers include a booby-trapped website address which included pictures of parked cars and [...]

It is an annual occurrence – malicious hackers trying to use the social engineering aspects of Valentine’s Day to lure victims into opening what may seem like  heartwarming messages only to be bombarded with malware. Last year, the associated risks prompted the FBI to issue a press release warning of malware associated with Valentine’s Day [...]