By: - Independent Computer Security Analyst

@gcluley

To infinity and beyond! Unimaginably large bug-hunting prize fund announced by Google

February 26th, 2015

For the past few years, Google has been holding an annual bug-hunting competition – known as Pwnium – to encourage vulnerability researchers to find security holes in Chrome OS and the Chrome browser. Google took advantage of the fact that many of the world’s leading bug hunters were already meeting at the CanSecWest security conference […]



By: - Independent Computer Security Analyst

@gcluley

What’s worse than Superfish? Meet PrivDog, leaving users wide open to attacks

February 24th, 2015

Last week, a storm erupted on the net after it became widely known that Superfish – software that was being pre-installed on Lenovo PCs – could compromise users’ security and privacy. The problem with Superfish was not just that it injected money-making ads into websites, but that it used a self-signed root certificate to intercept […]



By:

Hacking (Protecting) Your POS System

February 23rd, 2015

In the House of Cards series of posts, I walked you through gaining access to a company’s network through an online portal in order to exfiltrate credit card data. It was a lengthy process, but the target company had enough data to make the time investment worthwhile. Most credit card data thefts come from POS […]



By: - Independent Computer Security Analyst

@gcluley

Patching Haste Makes Waste

February 20th, 2015

Sometimes it’s better if software patches don’t come out too quickly. Such was the case when Microsoft issued its regular round of Patch Tuesday updates earlier this month, leaving some unhappy. Some PowerPoint users, for instance, found that a fix designed to make PowerPoint 2013 more stable was actually causing more problems than it aimed to […]



By:

Is Your Organization a House of Cards – Part 6

February 17th, 2015

This is the last in a series of posts describing how a typical credit card data theft occurs, from the hacker’s point of view. If you haven’t read the prior posts, check out parts 1, 2, 3, 4, and 5 to see how we got here. At this point, I have credentials for an online invoicing portal […]



By: - Independent Computer Security Analyst

@gcluley

Android and Windows battle for top position on the malware front, claims report

February 16th, 2015

We all know that malware is a huge problem on the Windows platform. Every day, something like 400,000 new Windows malware variants are dissected by security labs, and most people’s anti-virus software is set to download updates on a pretty much continual basis in an attempt to keep up. It sounds bad because it *is* […]



By: - Director, Product Management

@russbernst

No Love for IT This February Patch Tuesday

February 10th, 2015

The big news for February Patch Tuesday is the criticality in which IT will need to move. Of the 9 updates this month, 3 are critical and 9 are important and 56 CVEs are addressed. Of those, 3 are now publicly known. The Microsoft Windows operating system is again the overwhelming target along with a […]



By:

Is Your Organization a House of Cards – Part 5

February 9th, 2015

This is another in a series of posts (parts 1, 2, 3, 4 ) discussing how I’m infiltrating an airline’s network to gain access to credit card data. I’ve identified a vendor for the airline and am in the process of retrieving saved passwords from the vendor’s Chief Accountant’s browsers. My goal is to find credentials […]



By:

Is Your Organization a House of Cards – Part 4

February 2nd, 2015

In previous posts (part 1, part 2, part 3) I have been taking you through the steps to steal credit card information from Lychee Air, an airline in China. So far I have managed to break into the network of a catering company who works with Lychee Air. I have downloaded account info for their […]



By: - Independent Computer Security Analyst

@gcluley

Dirty sex website xHamster exploited in malvertising campaign

January 29th, 2015

For anyone thinks that they can get their sexual kicks surfing the seedier parts of the internet, rather than lurking about your city’s red light district, I’ve got some bad news for you. You can catch an infection in real life, and you can catch one on your computer too. xHamster, one of the world’s […]



By: - Dir. Solutions Marketing

Missing the Forest for the Trees: 2015 Data Protection Maturity Trends

January 28th, 2015

Today, in conjunction with the annual Data Privacy Day, Lumension released the 4th annual Data Protection Maturity Trends report. Based on a survey conducted in late 2014 of more than 700 IT security professionals from around the world, this report examines the issues and concerns facing IT security teams, how effective their data protection efforts […]



By: - Dir. Solutions Marketing

Ransomware: The Once and Future Storm?

January 27th, 2015

Lumension recently released the sixth annual State of the Endpoint Risk report [PDF], based on research by the Ponemon Institute. I’ve blogged about this report several times this year: you can find those posts here and here. This past week I was honored to present the results of this research alongside Dr. Larry Ponemon, in […]



By:

Is Your Organization a House of Cards – Part 3

January 26th, 2015

In my last 2 posts (part 1, part 2) I explained I will be walking you through the attack of an airline company in order to obtain credit card data I can sell. I’ve identified an airline, Lychee Air, flying out of Hangzhou Airport. I was able to use a not-so-public IP camera to watch […]



By: - Independent Computer Security Analyst

@gcluley

Don’t be evil? Google discloses yet another zero-day vulnerability in Microsoft code

January 20th, 2015

For the third time in a month, Google has gone public about a security vulnerability in Microsoft’s code – and not been prepared to wait for the software giant to publish a patch. The security hole, which exists in Microsoft Windows 7 and 8.1 is expected to be patched in Microsoft’s regular monthly security update […]



By:

Is Your Organization a House of Cards – Part 2

January 19th, 2015

In my last post, I explained I will be walking you through the attack of an airline company in order to obtain credit card data I can sell. Now I have my project defined. The first step is to identify a target. Because I’m looking specifically for an airline, I can’t just start scanning ports […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com