By: - Dir. Solutions Marketing

BadUSB Update

October 16th, 2014

I have received several inquiries regarding the latest news about the so-called BadUSB vulnerability, so I thought I’d write a quick post on what we know at the moment. What is BadUSB? BadUSB is a vulnerability – not malware – in the design and implementation of firmware used on USB devices which allows it to […]



By: - Director, Product Management

@russbernst

October Patch Tuesday Fixes Critical Vulns in Windows, IE

October 14th, 2014

Microsoft’s September reorg of the Trustworthy Computing Group definitely didn’t slow down the patches. Today’s October Patch Tuesday addresses 24 CVEs in 8 bulletins; 3 are critical and 5 are important. The TwC cybersecurity group is still hard at work and given the very nature of software, that’s a good thing. The industry needs a […]



By: - Senior Architect

@danteal

Security Resiliency

October 13th, 2014

Computer security is in the headlines yet again. Last week it was the bash “Shellshock” vulnerability, before that it was the Home Depot credit card breach, and now the news is all about the security breach at JP Morgan. [ed.: And since Dan wrote this post, we’re knee deep in news about the Dairy Queen data breach […]



By: - Director, Product Management

@russbernst

TwC Hard at Work After All; 9 Bulletins for Oct Patch Tuesday

October 9th, 2014

September news reports that the Trustworthy Computing Group at Microsoft was disbanding left some wondering about the future of Patch Tuesday. This month’s patch load of 9 total bulletins, 3 critical, 5 important and 1 moderate should eliminate those worries, at least for now. The security group anyway is definitely still hard at work. Given […]



By: - Independent Computer Security Analyst

@gcluley

Unpatchable BadUSB Code Is Now Publicly Available

October 6th, 2014

How sweet would it be to plug and play USB devices without the fear of viruses, malware and other security threats? It’s everyone’s dream to own 100% foolproof USB devices for their file storage and transfer routine: Fascinating to think about it, but it simply isn’t gonna happen with the raft of current USB-related security […]



By: - Dir. Solutions Marketing

Shellshock Exploit Demo, and More

October 1st, 2014

In my  previous post we discussed Shellshock, the GNU Bourne Again Shell (Bash) vulnerability which was made public last week. News continues to pour in as the researchers and vendors (and probably a few blackhats) try to understand the true scope of the problem. So today we’ll discuss a few updates to the situation since we published […]



By: - Dir. Solutions Marketing

Some Common Sense Steps to Avoid Shellshock!

September 29th, 2014

“Something broke” That’s what the IT folks at a major aerospace engineering firm told my friend DS when he couldn’t log onto their intranet last week. That something shut down their entire system for an entire day. What was that something? It was Shellshock, the GNU Bourne Again Shell (Bash) vulnerability which came to light […]



By: - Independent Computer Security Analyst

@gcluley

Critical Updates for Adobe Reader and Acrobat Released – You Can Breathe Again

September 18th, 2014

You can stop holding your breath now, the wait is over. Adobe has released security updates for Acrobat and its PDF Reader software fixing critical vulnerabilities in its Windows and Mac software. Last week, on Patch Tuesday, Adobe explained that although it was releasing security patches for Flash Player and AIR, it was delaying its […]



By: - Independent Computer Security Analyst

@gcluley

Doom-Playing Canon Printer Raises Security Concerns About IoT

September 16th, 2014

If you can hack a wireless printer to play one of the most famous videogames of all time, what else can you do with it? And if printer hardware can be reprogrammed by hackers to perform functions far beyond its intended use, what does it say about other the other devices that make up “the […]



By: - Independent Computer Security Analyst

@gcluley

5 Million Leaked Gmail Passwords Sounds Pretty Scary, But Was It?

September 12th, 2014

When news reports broke earlier this week about a massive leak of Google account passwords, there must have been plenty of users who took a big gulp. Would their email address and password be amongst the alleged five million published on a Russian web forum? Was it possible that Google itself had been hacked, spilling secret […]



By: - Director, Product Management

@russbernst

Microsoft Delivers Light Patch Load for September Patch Tuesday

September 9th, 2014

September delivers a light patch load from Microsoft – just 4 bulletins were released in today’s Patch Tuesday with 1 rated critical and 3 important. In total, September covers off on 42 CVEs with 37 of those found in MS14-052, another cumulative update for IE and your first priority this month. Of the 37 CVEs, just […]



By: - Director, Product Management

@russbernst

Just 4 Bulletins Expected for September Patch Tuesday

September 4th, 2014

Microsoft will release 4 bulletins on Patch Tuesday next week; one rated as critical and the remaining three rated important. The light month is good news for otherwise very busy IT departments. The few number of patches expected out next week doesn’t mean you can take a pass on patching this month however. The critical […]



By: - Independent Computer Security Analyst

@gcluley

Fears Grow of Home Depot Data Breach, Exposing Customers’ Payment Details

September 4th, 2014

DIY retail chain Home Depot might be the latest big company to be hit by a serious data breach, after suspicions started to circulate that hackers had broken into its systems and manage to steal credit and debit card data. For understandable reasons, Home Depot is working hard to reassure consumers about the situation – […]



By: - Dir. Solutions Marketing

SC Magazine 2014 Malware Defenses Survey Results (part 3)

August 19th, 2014

The report on the 2014 Malware Defenses survey conducted by SC Magazine is now out. Overall, it shows that organizations are starting to wake up to the risk of targeted (or APT) attacks – but they still have a ways to go on many fronts. In this last of three posts, we will close by […]



By: - Independent Computer Security Analyst

@gcluley

Supervalu Shoppers At Risk After Hackers Steal Credit Card Details – and other stores affected too

August 18th, 2014

Customers who have used their credit cards at a US supermarket chain between June 22nd and July 17th 2014 are being warned to check their bank balances, after it was discovered that criminals had hacked their way into networks and potentially accessed shoppers’ private data. Supervalu has published a security advisory on its website, warning that […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com