By: - Dir. Solutions Marketing

Beware of the Crapper Hacker

August 5th, 2013

News late last week from Trustwave of a security vulnerability in a new line of Japanese toilets. And while funny in its own way, it does serve as a warning for manufacturers and consumers alike as we move into an even more connected world. As everyone probably knows, Japanese toilets are a modern technological marvel. […]

By: - Dir. Solutions Marketing

Whitehat Lessons from $300M Cyber Crime Spree

July 30th, 2013

By now you’ve read about the new indictment of five hackers from Russia and Ukraine in what is being called the “largest data breach scheme in the US.” You can read the DOJ press release here and/or a redacted copy of the indictment here [PDF]. In what is really a continuation of the Albert Gonzalez […]

By: - Dir. Solutions Marketing

Infosec Haiku

July 28th, 2013

Anata no joho sekyuritei konshu no haiku My bank emails me. Click! I type in my password. Where has my cash gone?   ### Notes ### * This week’s haiku courtesy of Mr. Andy Sands. * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this […]

By: - Chairman and CEO, Lumension


Hacking the Hacker: The Downside to Vigilante Justice

July 2nd, 2013

Imagine you woke up one morning to find all of your possessions gone. Someone broke into your house in the dead of night and stole all of your things. You don’t know how they did it or who it was, but the fact remains: your stuff is gone. You might step outside, see the broken […]

By: - Dir. Solutions Marketing

Infosec Haiku

July 1st, 2013

Anata no joho sekyuritei konshu no haiku July 4th – Hurrah! But Cybercrime Does Not Rest Beware of Phishing   ### Notes ### *  Thanks to Ms. Etsuko vdH for the translation. *  Thanks to everyone who’s contributed their haikus … watch this space to see if yours is published. *  Submit Your Own … […]

By: - IT Security Expert, Author


Procedures and Policies Without Controls Are Meaningless: Lessons for the NSA

June 25th, 2013

Note to security clearance holders: The following post contains no links to secret documents. As the carefully orchestrated stream of leaks from Edward Snowden are published in The Guardian, we have learned first of the massive scale of US (and now UK) data and communication surveillance. Top Secret/NoForn documents were also published that spelled out […]

By: - Information Security Reporter


Compliance Is Bad for Security

June 18th, 2013

There are two separate approaches to keeping data safe: compliance and security. The first is a legal/regulatory obligation; the second is not. If you ask a compliance author, whether that’s a government legislator or a bureaucratic regulator, what is the purpose of compliance, the reply will be ‘to ensure security.’ If you ask the same […]

By: - Forensics and Security Expert


Near Real-Time Threat Intelligence in the Cloud

May 30th, 2013

Microsoft announced this week they will host known botnet malware infection information and other threat data in their Azure Cloud. This move will enable near-real-time threat data sharing and inarguably, this is a step in the right direction in our fight against the bad guys. ISPs and CERTs have received threat data via email from Microsoft […]

By: - Chairman and CEO, Lumension


Big Brother is Listening Too – Are Journalists Sitting Ducks Part II

May 29th, 2013

Since writing “Are Journalists Sitting Ducks?” a few months back in response to the New York Times being targeted by Chinese hackers, several more high profile news organizations have been hacked including The Onion, AP, Financial Times and BBC. It’s apparent this trend is not going away any time soon. To add insult to injury, […]

By: - Senior Architect


Hiding Under the Covers

May 15th, 2013

“All warfare is based on deception” – Sun Tzu, The Art of War Attackers like stealth.  Once they have compromised a system, one of their primary goals is to remain undetected. Initially, attackers used malware with pseudo Windows service names such as svchosts.exe, winlogin.exe, lsasss.exe, and others. Although these names appear to be innocuous, power […]

By: - Dir. Solutions Marketing

Market Impact of a Data Breach

May 13th, 2013

In my Changeup post the other day, I mentioned that my colleague Paul Henry had saved an organization an estimated $10M (or roughly 15%) in market cap by showing that an intrusion had no material impact. That got me to thinking: what *is* the typical market impact of a breach? And furthermore, how good are […]

By: - Dir. Solutions Marketing

Changeup Information Sharing

May 6th, 2013

We were talking with the CIO of a major healthcare company the other day who told us that his day had gone sideways because of the re-emergence of the ChangeUp worm / Trojan. This was news to me. I mean, yes, I’m a little behind in my reading, but I’d not heard much about ChangeUp […]

By: - Technology Reporter


New School Cyber Crooks Using Old School Malware Tricks

April 29th, 2013

You can teach old crooks new tricks, but many cyber criminals are discovering that the old tricks are working just fine. Indeed, recent security headlines feature old school malware attacks, like the MiniDuke. And old school botnets with creative new names are bum rushing the Internet. At the same time, reflective memory injection (RMI) attacks, which blend […]

By: - Chairman and CEO, Lumension


CISPA, FISMA Passed the House. Now What?

April 24th, 2013

CISPA, the Cyber Intelligence Sharing and Protection Act, passed the US House of Representatives late last week and will move to the Senate for further debate. If this rings a bell, it should. Last summer, CISPA passed the House before stalling in the face of a Senate filibuster. Of course, it was not the only […]

By: - Forensics and Security Expert


Embedded Chinese Malware – Theoretical Threat or Practical Issue?

April 4th, 2013

Before we begin discussing the issue of the theoretical or practical reality in the potential threat of the Chinese embedding malware in the computer equipment they manufacture, consider this: Just a few years ago who would have thought that any government (never mind our own) would have created malware to attack another government’s computer systems […]

IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us