By: - Director, Product Management

@russbernst

A Whopping Patch Tuesday

November 6th, 2014

IT pros will be thankful for some holiday time off at the end of this month because November Patch Tuesday will certainly keep them busy. Microsoft is set to release 16 bulletins next week, 5 are critical, 9 important and 2 moderate. We have enjoyed a relatively low number of patches each month in 2014 […]



By: - Independent Computer Security Analyst

@gcluley

Hackers target military, embassy and defense workers in Operation Pawn Storm

October 25th, 2014

A group of organised criminal hackers, possibly backed by an unknown country, are targeting government, media and military organisations in the United States, Pakistan, and across Europe, according to new research [PDF] released by researchers at Trend Micro. In an operation dubbed “Pawn Storm”, the hackers have targeted computers belonging to – amongst others – […]



By: - Independent Computer Security Analyst

@gcluley

Hackers exploit Windows zero-day flaw in targeted PowerPoint attacks

October 22nd, 2014

Be on your guard. Another zero-day vulnerability has been uncovered that affects almost all supported versions of Windows, and it is being actively exploited by hackers in targeted attacks. Microsoft has issued a security advisory about a critical remote code execution flaw in all versions of Windows apart from Windows Server 2003. That would be […]



By: - Independent Computer Security Analyst

@gcluley

Malicious ads run next to popular YouTube videos, laced with the Sweet Orange exploit kit

October 17th, 2014

If you want to watch a video, you go to YouTube.  It’s as simple as that. Although other sites exist which host videos, Google-owned YouTube is the Goliath in the market – and gets the overwhelming bulk of the net’s video-watching traffic. And, of course, that enormous success and high traffic brings with it unwanted […]



By: - Dir. Solutions Marketing

BadUSB Update

October 16th, 2014

I have received several inquiries regarding the latest news about the so-called BadUSB vulnerability, so I thought I’d write a quick post on what we know at the moment. What is BadUSB? BadUSB is a vulnerability – not malware – in the design and implementation of firmware used on USB devices which allows it to […]



By: - Director, Product Management

@russbernst

October Patch Tuesday Fixes Critical Vulns in Windows, IE

October 14th, 2014

Microsoft’s September reorg of the Trustworthy Computing Group definitely didn’t slow down the patches. Today’s October Patch Tuesday addresses 24 CVEs in 8 bulletins; 3 are critical and 5 are important. The TwC cybersecurity group is still hard at work and given the very nature of software, that’s a good thing. The industry needs a […]



By: - Senior Architect

@danteal

Security Resiliency

October 13th, 2014

Computer security is in the headlines yet again. Last week it was the bash “Shellshock” vulnerability, before that it was the Home Depot credit card breach, and now the news is all about the security breach at JP Morgan. [ed.: And since Dan wrote this post, we’re knee deep in news about the Dairy Queen data breach […]



By: - Director, Product Management

@russbernst

TwC Hard at Work After All; 9 Bulletins for Oct Patch Tuesday

October 9th, 2014

September news reports that the Trustworthy Computing Group at Microsoft was disbanding left some wondering about the future of Patch Tuesday. This month’s patch load of 9 total bulletins, 3 critical, 5 important and 1 moderate should eliminate those worries, at least for now. The security group anyway is definitely still hard at work. Given […]



By: - Independent Computer Security Analyst

@gcluley

Unpatchable BadUSB Code Is Now Publicly Available

October 6th, 2014

How sweet would it be to plug and play USB devices without the fear of viruses, malware and other security threats? It’s everyone’s dream to own 100% foolproof USB devices for their file storage and transfer routine: Fascinating to think about it, but it simply isn’t gonna happen with the raft of current USB-related security […]



By: - Dir. Solutions Marketing

Shellshock Exploit Demo, and More

October 1st, 2014

In my  previous post we discussed Shellshock, the GNU Bourne Again Shell (Bash) vulnerability which was made public last week. News continues to pour in as the researchers and vendors (and probably a few blackhats) try to understand the true scope of the problem. So today we’ll discuss a few updates to the situation since we published […]



By: - Dir. Solutions Marketing

Some Common Sense Steps to Avoid Shellshock!

September 29th, 2014

“Something broke” That’s what the IT folks at a major aerospace engineering firm told my friend DS when he couldn’t log onto their intranet last week. That something shut down their entire system for an entire day. What was that something? It was Shellshock, the GNU Bourne Again Shell (Bash) vulnerability which came to light […]



By: - Independent Computer Security Analyst

@gcluley

Critical Updates for Adobe Reader and Acrobat Released – You Can Breathe Again

September 18th, 2014

You can stop holding your breath now, the wait is over. Adobe has released security updates for Acrobat and its PDF Reader software fixing critical vulnerabilities in its Windows and Mac software. Last week, on Patch Tuesday, Adobe explained that although it was releasing security patches for Flash Player and AIR, it was delaying its […]



By: - Independent Computer Security Analyst

@gcluley

Doom-Playing Canon Printer Raises Security Concerns About IoT

September 16th, 2014

If you can hack a wireless printer to play one of the most famous videogames of all time, what else can you do with it? And if printer hardware can be reprogrammed by hackers to perform functions far beyond its intended use, what does it say about other the other devices that make up “the […]



By: - Independent Computer Security Analyst

@gcluley

5 Million Leaked Gmail Passwords Sounds Pretty Scary, But Was It?

September 12th, 2014

When news reports broke earlier this week about a massive leak of Google account passwords, there must have been plenty of users who took a big gulp. Would their email address and password be amongst the alleged five million published on a Russian web forum? Was it possible that Google itself had been hacked, spilling secret […]



By: - Director, Product Management

@russbernst

Microsoft Delivers Light Patch Load for September Patch Tuesday

September 9th, 2014

September delivers a light patch load from Microsoft – just 4 bulletins were released in today’s Patch Tuesday with 1 rated critical and 3 important. In total, September covers off on 42 CVEs with 37 of those found in MS14-052, another cumulative update for IE and your first priority this month. Of the 37 CVEs, just […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com