By:

Is Your Organization a House of Cards – Part 2

January 19th, 2015

In my last post, I explained I will be walking you through the attack of an airline company in order to obtain credit card data I can sell. Now I have my project defined. The first step is to identify a target. Because I’m looking specifically for an airline, I can’t just start scanning ports […]



By: - Independent Computer Security Analyst

@gcluley

The EFF’s secure messaging scorecard. Which app will you use?

January 15th, 2015

We live in alarming times. Revelations by NSA whistleblower Edward Snowden woke many of us to up the risks posed by covert surveillance, and in just the last few days – following the ghastly events in Paris – UK Prime Minister David Cameron has called for secure communication apps to be made unlawful, or at […]



By:

Is Your Organization a House of Cards?

January 12th, 2015

Some data breaches get a lot of attention in the news. When a large amount of data is taken from a popular retailer or organization, it makes big news in the media, and law enforcement gets interested. They like to be seen investigating the biggest crimes so everyone thinks they are doing their job. On […]



By:

PayPal Accounts Still For Sale After Major Vulnerability Fix

December 26th, 2014

Earlier this month it was announced that PayPal fixed a bug which would allow an attacker to take over practically any PayPal account. The vulnerability was identified and reported through PayPal’s Bug Bounty program by Yasser Ali, an independent IT Security researcher in Egypt. Ali was experimenting with PayPal’s security token mechanism. He found that […]



By: - Independent Computer Security Analyst

@gcluley

German steel works suffered “massive damage” after hack attack

December 23rd, 2014

Hackers who compromised a German steel works inflicted serious damage on one of its blast furnaces, according to a newly released report from the German Federal Office of Information Security. Once again, according to the German report [PDF], the initial infection took place because a member of staff was tricked by a spearphishing email that […]



By:

“Sophisticated” Regin Relies on Age-Old Techniques

December 22nd, 2014

The IT Security industry is saying that Regin is “Top-tier” – “Sophisticated” – “Super-spyware”. When you look at a Regin attack in detail however, you find a lot of techniques in common with plain old-fashioned data-stealing malware. No matter how sophisticated the malware, the same steps are needed to successfully infiltrate the victim’s machines. And familiar defenses […]



By: - Independent Computer Security Analyst

@gcluley

SoakSoak malware hits over 100,000 WordPress websites

December 15th, 2014

Do you run WordPress on your website?  If so, you’re in good company. Around 19% of the world’s websites are thought to run WordPress, which is even more astonishing when you consider that many sites don’t have any content management system at all. And although running your own self-hosted version of WordPress (as opposed to […]



By: - Independent Computer Security Analyst

@gcluley

Hackers target military, embassy and defense workers in Operation Pawn Storm

October 25th, 2014

A group of organised criminal hackers, possibly backed by an unknown country, are targeting government, media and military organisations in the United States, Pakistan, and across Europe, according to new research [PDF] released by researchers at Trend Micro. In an operation dubbed “Pawn Storm”, the hackers have targeted computers belonging to – amongst others – […]



By: - Dir. Solutions Marketing

BadUSB Update

October 16th, 2014

I have received several inquiries regarding the latest news about the so-called BadUSB vulnerability, so I thought I’d write a quick post on what we know at the moment. What is BadUSB? BadUSB is a vulnerability – not malware – in the design and implementation of firmware used on USB devices which allows it to […]



By: - Senior Architect

@danteal

Security Resiliency

October 13th, 2014

Computer security is in the headlines yet again. Last week it was the bash “Shellshock” vulnerability, before that it was the Home Depot credit card breach, and now the news is all about the security breach at JP Morgan. [ed.: And since Dan wrote this post, we’re knee deep in news about the Dairy Queen data breach […]


By: - Dir. Solutions Marketing

Shellshock Exploit Demo, and More

October 1st, 2014

In my  previous post we discussed Shellshock, the GNU Bourne Again Shell (Bash) vulnerability which was made public last week. News continues to pour in as the researchers and vendors (and probably a few blackhats) try to understand the true scope of the problem. So today we’ll discuss a few updates to the situation since we published […]


By: - Dir. Solutions Marketing

Some Common Sense Steps to Avoid Shellshock!

September 29th, 2014

“Something broke” That’s what the IT folks at a major aerospace engineering firm told my friend DS when he couldn’t log onto their intranet last week. That something shut down their entire system for an entire day. What was that something? It was Shellshock, the GNU Bourne Again Shell (Bash) vulnerability which came to light […]


By: - Dir. Solutions Marketing

Information Aversion – The Ostrich Effect

July 30th, 2014

Are we hurting our cause when we describe, in gruesome detail, the potential outcomes of a data breach or other IT security breach? Are we inadvertently pushing real security further off when we chase on the latest whiz bang technology instead of focusing on making steady progress? That’s what came to mind when I recently […]


By: - Independent Computer Security Analyst

@gcluley

Google’s Project Zero – Targeting Zero-Day Vulnerabilities

July 16th, 2014

Google has announced that it is assembling a crack team of researchers, devoted to finding and reporting security holes in widely used software. According to Google security engineer Chris Evans, the group – which has been dubbed “Project Zero” – aims to uncover unpatched security vulnerabilities before they are exploited in targeted internet attacks. “Our […]


By: - Independent Computer Security Analyst

@gcluley

Security Tips for Football World Cup Fans

June 13th, 2014

The FIFA World Cup has kicked off in Brazil, with fans travelling to the country from around the globe in the hope that their country’s football team will make it to the grand final. But if you’re travelling (whether it be to South America watch the world’s greatest soccer tournament, or a couple of days […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com