By: - Dir. Solutions Marketing

Infosec Haiku

July 1st, 2013

Anata no joho sekyuritei konshu no haiku July 4th – Hurrah! But Cybercrime Does Not Rest Beware of Phishing   ### Notes ### *  Thanks to Ms. Etsuko vdH for the translation. *  Thanks to everyone who’s contributed their haikus … watch this space to see if yours is published. *  Submit Your Own … [...]

By: - IT Security Expert, Author


Procedures and Policies Without Controls Are Meaningless: Lessons for the NSA

June 25th, 2013

Note to security clearance holders: The following post contains no links to secret documents. As the carefully orchestrated stream of leaks from Edward Snowden are published in The Guardian, we have learned first of the massive scale of US (and now UK) data and communication surveillance. Top Secret/NoForn documents were also published that spelled out [...]

By: - Information Security Reporter


Compliance Is Bad for Security

June 18th, 2013

There are two separate approaches to keeping data safe: compliance and security. The first is a legal/regulatory obligation; the second is not. If you ask a compliance author, whether that’s a government legislator or a bureaucratic regulator, what is the purpose of compliance, the reply will be ‘to ensure security.’ If you ask the same [...]

By: - Forensics and Security Expert


Near Real-Time Threat Intelligence in the Cloud

May 30th, 2013

Microsoft announced this week they will host known botnet malware infection information and other threat data in their Azure Cloud. This move will enable near-real-time threat data sharing and inarguably, this is a step in the right direction in our fight against the bad guys. ISPs and CERTs have received threat data via email from Microsoft [...]

By: - Chairman and CEO, Lumension


Big Brother is Listening Too – Are Journalists Sitting Ducks Part II

May 29th, 2013

Since writing “Are Journalists Sitting Ducks?” a few months back in response to the New York Times being targeted by Chinese hackers, several more high profile news organizations have been hacked including The Onion, AP, Financial Times and BBC. It’s apparent this trend is not going away any time soon. To add insult to injury, [...]

By: - Senior Architect


Hiding Under the Covers

May 15th, 2013

“All warfare is based on deception” – Sun Tzu, The Art of War Attackers like stealth.  Once they have compromised a system, one of their primary goals is to remain undetected. Initially, attackers used malware with pseudo Windows service names such as svchosts.exe, winlogin.exe, lsasss.exe, and others. Although these names appear to be innocuous, power [...]

By: - Dir. Solutions Marketing

Market Impact of a Data Breach

May 13th, 2013

In my Changeup post the other day, I mentioned that my colleague Paul Henry had saved an organization an estimated $10M (or roughly 15%) in market cap by showing that an intrusion had no material impact. That got me to thinking: what *is* the typical market impact of a breach? And furthermore, how good are [...]

By: - Dir. Solutions Marketing

Changeup Information Sharing

May 6th, 2013

We were talking with the CIO of a major healthcare company the other day who told us that his day had gone sideways because of the re-emergence of the ChangeUp worm / Trojan. This was news to me. I mean, yes, I’m a little behind in my reading, but I’d not heard much about ChangeUp [...]

By: - Technology Reporter


New School Cyber Crooks Using Old School Malware Tricks

April 29th, 2013

You can teach old crooks new tricks, but many cyber criminals are discovering that the old tricks are working just fine. Indeed, recent security headlines feature old school malware attacks, like the MiniDuke. And old school botnets with creative new names are bum rushing the Internet. At the same time, reflective memory injection (RMI) attacks, which blend [...]

By: - Chairman and CEO, Lumension


CISPA, FISMA Passed the House. Now What?

April 24th, 2013

CISPA, the Cyber Intelligence Sharing and Protection Act, passed the US House of Representatives late last week and will move to the Senate for further debate. If this rings a bell, it should. Last summer, CISPA passed the House before stalling in the face of a Senate filibuster. Of course, it was not the only [...]

By: - Forensics and Security Expert


Embedded Chinese Malware – Theoretical Threat or Practical Issue?

April 4th, 2013

Before we begin discussing the issue of the theoretical or practical reality in the potential threat of the Chinese embedding malware in the computer equipment they manufacture, consider this: Just a few years ago who would have thought that any government (never mind our own) would have created malware to attack another government’s computer systems [...]

By: - Chairman and CEO, Lumension


What Businesses Need to Know About Cyber Security

April 3rd, 2013


What laws are in place for cyber security and are they enough? Are the Chinese the only foreign nation hackers we need to worry about? Who are the real perpetrators? How big of a problem is stolen IP for the U.S. and other countries and what is being done about it?   These questions and [...]

By: - Information Security Reporter


Advanced Volatile Threat – Is an Old Threat the New New Threat?

March 19th, 2013

“In the meantime,” wrote [1] John Prisco, president and CEO of start-up firm Triumfant, “while our attention has been diverted towards APT1-style attacks, a more sophisticated and dangerous attack vector has emerged and will likely become more and more commonplace among cyber criminals: the Advanced Volatile Threat or AVT.” Chillingly he adds, “you’ve been warned.” [...]

By: - Chairman and CEO, Lumension


Time to Think New About Security

February 25th, 2013

For the good guys to get a leg up on increasingly brazen cyber criminals, we must share breach intelligence. The bad guys do it and we are at a significant disadvantage because we don’t. Or at least we don’t at the level we should. I’ve said this many times before but the road to cyber [...]

By: - Information Security Reporter


Metasploit: Is it a Good Thing, or a Bad Thing?

February 21st, 2013

Many years ago I ran the online ‘Security Clinic’ on It offered free advice from a worldwide pool of security experts. Late one evening I received a telephone call at home. It was the Chief Constable of Strathclyde Police. He was worried that the Clinic was pointing people to L0phtCrack to help recover their [...]

IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us