By: - Independent Computer Security Analyst

@gcluley

SoakSoak malware hits over 100,000 WordPress websites

December 15th, 2014

Do you run WordPress on your website?  If so, you’re in good company. Around 19% of the world’s websites are thought to run WordPress, which is even more astonishing when you consider that many sites don’t have any content management system at all. And although running your own self-hosted version of WordPress (as opposed to […]



By: - Independent Computer Security Analyst

@gcluley

Hackers target military, embassy and defense workers in Operation Pawn Storm

October 25th, 2014

A group of organised criminal hackers, possibly backed by an unknown country, are targeting government, media and military organisations in the United States, Pakistan, and across Europe, according to new research [PDF] released by researchers at Trend Micro. In an operation dubbed “Pawn Storm”, the hackers have targeted computers belonging to – amongst others – […]



By: - Dir. Solutions Marketing

BadUSB Update

October 16th, 2014

I have received several inquiries regarding the latest news about the so-called BadUSB vulnerability, so I thought I’d write a quick post on what we know at the moment. What is BadUSB? BadUSB is a vulnerability – not malware – in the design and implementation of firmware used on USB devices which allows it to […]



By: - Senior Architect

@danteal

Security Resiliency

October 13th, 2014

Computer security is in the headlines yet again. Last week it was the bash “Shellshock” vulnerability, before that it was the Home Depot credit card breach, and now the news is all about the security breach at JP Morgan. [ed.: And since Dan wrote this post, we’re knee deep in news about the Dairy Queen data breach […]



By: - Dir. Solutions Marketing

Shellshock Exploit Demo, and More

October 1st, 2014

In my  previous post we discussed Shellshock, the GNU Bourne Again Shell (Bash) vulnerability which was made public last week. News continues to pour in as the researchers and vendors (and probably a few blackhats) try to understand the true scope of the problem. So today we’ll discuss a few updates to the situation since we published […]



By: - Dir. Solutions Marketing

Some Common Sense Steps to Avoid Shellshock!

September 29th, 2014

“Something broke” That’s what the IT folks at a major aerospace engineering firm told my friend DS when he couldn’t log onto their intranet last week. That something shut down their entire system for an entire day. What was that something? It was Shellshock, the GNU Bourne Again Shell (Bash) vulnerability which came to light […]



By: - Dir. Solutions Marketing

Information Aversion – The Ostrich Effect

July 30th, 2014

Are we hurting our cause when we describe, in gruesome detail, the potential outcomes of a data breach or other IT security breach? Are we inadvertently pushing real security further off when we chase on the latest whiz bang technology instead of focusing on making steady progress? That’s what came to mind when I recently […]



By: - Independent Computer Security Analyst

@gcluley

Google’s Project Zero – Targeting Zero-Day Vulnerabilities

July 16th, 2014

Google has announced that it is assembling a crack team of researchers, devoted to finding and reporting security holes in widely used software. According to Google security engineer Chris Evans, the group – which has been dubbed “Project Zero” – aims to uncover unpatched security vulnerabilities before they are exploited in targeted internet attacks. “Our […]



By: - Independent Computer Security Analyst

@gcluley

Security Tips for Football World Cup Fans

June 13th, 2014

The FIFA World Cup has kicked off in Brazil, with fans travelling to the country from around the globe in the hope that their country’s football team will make it to the grand final. But if you’re travelling (whether it be to South America watch the world’s greatest soccer tournament, or a couple of days […]



By: - Senior Architect

@danteal

People Are Your Last Line of Defense

April 29th, 2014

The increasing numbers of attacks profiled in news reports over the last several months demonstrate that we live in an unsecure world.  The Target breach in particular shows how important a complete cyber security program is to an enterprise network environment.  Target’s security systems generated events from the attack, but the events were not followed […]


By: - Independent Computer Security Analyst

@gcluley

Who Does China Blame for a Third of All Cyber Attacks Against It? The USA

March 31st, 2014

A few years ago, in what we call the BS era (“Before Snowden”), there were frequent accusations levelled against China for attempting to hack into foreign country’s computer systems and steal information. And, to be fair, there was often good reason to suspect that some attacks were conducted with the endorsement of the Beijing authorities. […]


By: - Technology Reporter

@jleclaire

The Real Infosec Employee Shortage

March 19th, 2014

When a company like HP offers up a $250,000 grant to attract IT security workers to the field, you know there’s a backstory. In this case, HP’s Scholarship for Women Studying Information Security (SWSIS) program hopes to prime the pump of IT security workers entering the market. The shortage is real—and critical. The IT security […]


By: - IT Secured. Success Optimized.

@_lumension

Retail POS Cyber Attacks: Why, How and What to Do

March 18th, 2014

Here’s a quick look at how cyber thieves attack retail organizations, some thoughts on why and best practices for defending against them.


By: - IT Security Expert, Author

@stiennon

We Thought We Understood How to Defend Against Targeted Attacks

March 12th, 2014

The lesson to be learned from the content of Snowden’s documents released to date is that the NSA has built a global capability to execute on a plan of information dominance for intelligence gathering. Ostensibly to collect enough communications meta data and content to deter, disrupt, and destroy terrorists and their plans, the NSA’s capabilities […]


By: - Dir. Solutions Marketing

POS System Pwnage

March 5th, 2014

Perhaps there have been bigger breaches, but the Target breach in late-2013 certainly seems to set off a firestorm. There are literally thousands of new online articles and posts everyday covering the event – the who, what, where, when, and especially the how and “what now” aspects of the case – and we’re certainly not […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com