By: - Independent Computer Security Analyst

@gcluley

If lax security leads to a data breach, your insurer may not pay out

May 29th, 2015

When a healthcare provider suffered an embarrassing data breach, it hoped it could recoup some of its losses by claiming on insurance.

But it turns out it wasn’t as simple as that…



By:

How Does Your Organization Handle Vulnerability Disclosures?

May 25th, 2015

You’ve probably heard the idiom “No good deed goes unpunished.” It looks like that phrase will survive even the cyber age. There have a been few news stories about how vulnerability disclosures were handled, or mishandled. Some made me laugh, some made me cringe. When IT Security professionals find a vulnerability, they know what to […]



By: - Independent Computer Security Analyst

@gcluley

Logjam vulnerability – what you need to know

May 20th, 2015

Researchers discover a new attack against encrypted communications on the internet.



By:

Buying Exploits for Zero-Day Vulnerabilities

May 18th, 2015

A few weeks ago a story appeared on Slashdot about a new marketplace on the Dark Web called The Real Deal. Since it’s already in the press, hopefully there’s no harm in describing it here. I do risk being banned from the site for discussing it, but I’m optimistic they’ll see it as free publicity rather […]



By: - Independent Computer Security Analyst

@gcluley

Is your graphics card hiding a rootkit or keylogger?

May 12th, 2015

Why would malicious code want to run entirely on the GPU? And should we be concerned?



By:

Hijacking Websites for Hacktivism (part 4)

May 4th, 2015

This is the next is a series of posts covering website hijacking. See parts 1, 2, and 3 if you’re just joining in. I’ve covered several different types of possible attacks. I’ve settled on attacking public DNS servers to hijack political campaign websites, sending their traffic to my own website which reveals the truth about […]



By: - Independent Computer Security Analyst

@gcluley

SendGrid email service hacked, customers told to reset passwords and DKIM keys

April 27th, 2015

Most of us know about bulk email – it’s the blanket term which can be used in relation to the mountain of legitimate newsletter subscriptions and marketing emails we may have clogging up our inboxes, as well as the unsolicited junk messages, scams and phishing campaigns that spammers abuse us with. What is less well […]



By:

Hijacking Websites for Hacktivism (part 3)

April 27th, 2015

This is the next in a series of posts about my hacktivism campaign. You can read part 1 and part 2 if you missed them. My goal is to publish publicly available information about political candidates on a website I host, then redirect traffic from their campaign websites to mine. I’ve covered a few website […]



By: - Independent Computer Security Analyst

@gcluley

Popular WordPress plugins found vulnerable to XSS attacks

April 21st, 2015

As I’ve explained before on the Optimal Security blog, cross-site scripting (XSS) flaws are a big problem on the net. Vulnerable websites can be exploited via XSS to steal user accounts, change settings or phish passwords from unsuspecting users. In fact, XSS flaws are one of the most commonly encountered security flaws found on websites. […]



By:

Hijacking Websites for Hacktivism (part 2)

April 20th, 2015

In the first post of this series I outlined my plan for the upcoming U.S. election. I’ll find unvarnished information about the candidates from sources like public records, create a website to display that information, and then re-route web traffic from the candidates’ own URL’s to my website. So far we’ve covered setting up the […]


By: - Independent Computer Security Analyst

@gcluley

Minecraft learns the hard way: It’s not good to ignore vulnerability reports

April 17th, 2015

If a security researcher finds a vulnerability in your software, please don’t ignore them. Instead, be grateful that someone who has found a flaw in your product has chosen to let you know about it, rather than selling it (for probably more cash than you’ll offer them as a bug bounty) to some nefarious ne’er-do-well […]


By:

Hijacking Websites for Hacktivism (part 1)

April 13th, 2015

I mentioned in my last post about hacktivism that I had some future plans based on upcoming events. I’m confident enough in my plan that I’m going to share it here with you, of course leaving out a few specific details. If you want to avoid being the victim of a plan like this, then […]


By: - Independent Computer Security Analyst

@gcluley

Hackers break into Linux Australia server, plant malware, steal personal information

April 7th, 2015

Linux Australia has warned its members and conference attendees that their personal information may have fallen into the hands of online criminals, following a breach of the organisation’s servers. In a mailing list posting, Linux Australia Joshua Hesketh confirmed that a malicious hacker attacked the site between 04:00 and 06:00 local time on 22 March […]


By:

Have You Thought About Hacktivism?

April 6th, 2015

I know you are focused on stopping cyber crime, but have you thought about hacktivism at all? It may very well affect your organization in the future – if it hasn’t already. Who Are Hacktivist Targets? A surprising variety of organization types are victims of hacktivism. You might think that your organization is immune, or […]


By: - Independent Computer Security Analyst

@gcluley

XSS flaws expose weaknesses on Amazon and UK newspaper websites

March 31st, 2015

Cross-site scripting (XSS) flaws are amongst the most commonly encountered security flaws found on websites, opening up opportunities for malicious hackers to hijack customer accounts, change users’ settings and phish login credentials. Unfortunately, it only requires a single web developer to make a mistake to open up opportunities which online criminals can exploit to launch […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com