Optimal Security : the Lumension Blog

This Patch Tuesday “week” has been yet another busy period for IT administrators for flaw remediation in the IT departments.

Google Chrome released patches including a memory issues rated severity: High
Apple released patches for 50 flaws in Safari
Apple releases 10 critical QuickTime patches
Apple releases iTunes 8.2 corrects 1 vulnerability
Adobe released fixes for 13 security holes
Microsoft released [...]

There’s no question about it, no matter the differences between line-of-business executives, CIOs and security practitioners, the one thing they all have in common these days is a shared dread of a ten-letter word: compliance.
As regulations of technology practices have mounted over the years, most companies have struggled simply to keep ahead of the latest [...]

The security community is hopeful that this Patch Tuesday will include a fix for the IIS zero-day issue as well as a release of patches for Office for Mac platforms that were only patched for Windows platforms last Patch Tuesday. However, even if the latest issues are resolved on Tuesday, don’t expect to wake up [...]

A vulnerability involving a Direct X component of Microsoft’s Windows QuickTime Parser is facilitating current drive-by hacking incidents.  It is reported that the vulnerability is automatically being activated without user intervention when a user simply browses a website that contains a maliciously crafted QuickTime file and can provide the hacker with complete control over the compromised PC.
Windows [...]

McAfee, one of the largest AV vendors in the security space, recently acquired Solidcore Systems, a company that sells dynamic whitelisting technology, in a $47 million dollar deal that would add whitelisting capabilities to McAfee’s current product portfolio. While this comes as no surprise, this move by McAfee is just the tipping point for the [...]

While Microsoft may believe that its Internet Information Services 6 Web-server software issues are only limited to a data leakage issue and not necessarily a larger immediate threat, Microsoft should consider other aspects of this issue and accelerate a solution to protect the community at large.
The Bigger Picture
At first glance, the issue with IIS 6 [...]

One lesson that continued to be conveyed by security gurus at RSA 2009 was the dynamic nature of today’s threat environment. I took some time away from the flurry of show activity to explain the landscape as it stands today and how Lumension is addressing the most recent threats through its Vulnerability Management Suite. Take [...]

What are some common myths around Compliance and Risk Management?
There are several myths around compliance and risk.
Myth #1: You can solve compliance and risk related issues with technology alone. By that I mean using tools such as vulnerability scanners and configuration management for all your compliance and risk needs.
Fact: The fact behind the myth is [...]

Risk exposure- Adobe JBig2 Issue
The original Adobe JBig2 exploit code was rumored to have been sold as a Zero-day exploit on or around January 1st for $75,000 or more. Beginning on or around January 11th, the exploit was actively used on the public Internet. On February 19th, ShadowServer posted information on the vulnerability and it [...]