By: - IT Secured. Success Optimized.

@_lumension

Introducing HEAT Software

March 20th, 2015

Jonathan Temple, President & CEO, HEAT Software. Our recent merger of Lumension and FrontRange marks an important new chapter in the evolution of service and unified endpoint management. The two companies are merging to form HEAT Software and I’m thrilled to be heading the newly formed organization as CEO. I should hasten to add that the […]



By: - Independent Computer Security Analyst

@gcluley

Brace yourself. Mystery OpenSSL high severity vulnerability due to be fixed on Thursday

March 18th, 2015

New versions of OpenSSL, the open-source software widely used to encrypt internet communications using SSL/TLS, are due to be released on Thursday, patching a series of security vulnerabilities. And one of those security vulnerabilities, according to the software’s developers, is considered “highly serious”. Details of the nature of the security flaws are currently non-existent, but […]



By:

To Patch or Not To Patch, Which is Riskier?

March 16th, 2015

Patching systems in an enterprise is a complex and risky activity. It’s extremely time-consuming if you do it right. It’s even more time consuming if you don’t do it right. And in either case, there is fallout to deal with after patching. The patches don’t get applied to some systems, some systems stop working after […]



By: - Sr. Director Solutions and Strategy

@donleatham

Open Source Security – A Change In the Wind?

March 12th, 2015

As we approach the April anniversary of the Heartbleed security defect (CVE-2014-0160), it’s an understatement to say the last year has been rough sledding for OpenSSL. Since OpenSSL is a critical building block for the tools used to initiate and manage most secured transactions on the internet (e.g. SSL and TLS,) there’s a lot riding […]



By: - Director, Product Management

@russbernst

FREAK Fixes From Apple and Microsoft Plus 14 Security Bulletins this Patch Tuesday

March 10th, 2015

Microsoft issued 14 security bulletins today, 5 of which are critical and 9 are important. A total of 44 vulnerabilities in all are addressed; 3 of which are known and being exploited now. If your organization uses Windows, Office, Exchange and/or IE, it will be a very busy patching month for you. Not to mention […]



By: - Independent Computer Security Analyst

@gcluley

Government report and US senator criticises Air Traffic Control network security

March 10th, 2015

New York Senator Charles Schumer held a press conference this weekend, demanding “immediate action” to improve the security of the Federal Aviation Administration’s computer systems. His concern? That terrorists could break into national air traffic control systems run by the FAA, and use them to wreak havoc in the skies above America. The Democratic senator […]



By:

You’re Still Using Clear Text Passwords!?

March 9th, 2015

This week I was doing some poking around in the hacking forums. Someone recently posted a huge password list. These get circulated around from time to time. It’s a long list of words and character sequences people commonly use for passwords. The intent is that you feed the list to a tool like John the […]



By:

Does Open Source Mean Open Season?

March 2nd, 2015

There has long been a debate over whether open source software is generally more secure or less secure than commercial software. Proponents of open source say it’s more secure because more people are looking at the code, increasing the chances that problems will be seen, documented, and corrected. Proponents of commercial software claim that vendors […]



By: - Independent Computer Security Analyst

@gcluley

To infinity and beyond! Unimaginably large bug-hunting prize fund announced by Google

February 26th, 2015

For the past few years, Google has been holding an annual bug-hunting competition – known as Pwnium – to encourage vulnerability researchers to find security holes in Chrome OS and the Chrome browser. Google took advantage of the fact that many of the world’s leading bug hunters were already meeting at the CanSecWest security conference […]



By: - Independent Computer Security Analyst

@gcluley

What’s worse than Superfish? Meet PrivDog, leaving users wide open to attacks

February 24th, 2015

Last week, a storm erupted on the net after it became widely known that Superfish – software that was being pre-installed on Lenovo PCs – could compromise users’ security and privacy. The problem with Superfish was not just that it injected money-making ads into websites, but that it used a self-signed root certificate to intercept […]



By:

Hacking (Protecting) Your POS System

February 23rd, 2015

In the House of Cards series of posts, I walked you through gaining access to a company’s network through an online portal in order to exfiltrate credit card data. It was a lengthy process, but the target company had enough data to make the time investment worthwhile. Most credit card data thefts come from POS […]



By: - Independent Computer Security Analyst

@gcluley

Patching Haste Makes Waste

February 20th, 2015

Sometimes it’s better if software patches don’t come out too quickly. Such was the case when Microsoft issued its regular round of Patch Tuesday updates earlier this month, leaving some unhappy. Some PowerPoint users, for instance, found that a fix designed to make PowerPoint 2013 more stable was actually causing more problems than it aimed to […]



By:

Is Your Organization a House of Cards – Part 6

February 17th, 2015

This is the last in a series of posts describing how a typical credit card data theft occurs, from the hacker’s point of view. If you haven’t read the prior posts, check out parts 1, 2, 3, 4, and 5 to see how we got here. At this point, I have credentials for an online invoicing portal […]



By: - Independent Computer Security Analyst

@gcluley

Android and Windows battle for top position on the malware front, claims report

February 16th, 2015

We all know that malware is a huge problem on the Windows platform. Every day, something like 400,000 new Windows malware variants are dissected by security labs, and most people’s anti-virus software is set to download updates on a pretty much continual basis in an attempt to keep up. It sounds bad because it *is* […]



By: - Director, Product Management

@russbernst

No Love for IT This February Patch Tuesday

February 10th, 2015

The big news for February Patch Tuesday is the criticality in which IT will need to move. Of the 9 updates this month, 3 are critical and 9 are important and 56 CVEs are addressed. Of those, 3 are now publicly known. The Microsoft Windows operating system is again the overwhelming target along with a […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com