By: - Independent Computer Security Analyst


Dirty sex website xHamster exploited in malvertising campaign

January 29th, 2015

For anyone thinks that they can get their sexual kicks surfing the seedier parts of the internet, rather than lurking about your city’s red light district, I’ve got some bad news for you. You can catch an infection in real life, and you can catch one on your computer too. xHamster, one of the world’s […]

By: - Dir. Solutions Marketing

Missing the Forest for the Trees: 2015 Data Protection Maturity Trends

January 28th, 2015

Today, in conjunction with the annual Data Privacy Day, Lumension released the 4th annual Data Protection Maturity Trends report. Based on a survey conducted in late 2014 of more than 700 IT security professionals from around the world, this report examines the issues and concerns facing IT security teams, how effective their data protection efforts […]

By: - Dir. Solutions Marketing

Ransomware: The Once and Future Storm?

January 27th, 2015

Lumension recently released the sixth annual State of the Endpoint Risk report [PDF], based on research by the Ponemon Institute. I’ve blogged about this report several times this year: you can find those posts here and here. This past week I was honored to present the results of this research alongside Dr. Larry Ponemon, in […]


Is Your Organization a House of Cards – Part 3

January 26th, 2015

In my last 2 posts (part 1, part 2) I explained I will be walking you through the attack of an airline company in order to obtain credit card data I can sell. I’ve identified an airline, Lychee Air, flying out of Hangzhou Airport. I was able to use a not-so-public IP camera to watch […]

By: - Independent Computer Security Analyst


Don’t be evil? Google discloses yet another zero-day vulnerability in Microsoft code

January 20th, 2015

For the third time in a month, Google has gone public about a security vulnerability in Microsoft’s code – and not been prepared to wait for the software giant to publish a patch. The security hole, which exists in Microsoft Windows 7 and 8.1 is expected to be patched in Microsoft’s regular monthly security update […]


Is Your Organization a House of Cards – Part 2

January 19th, 2015

In my last post, I explained I will be walking you through the attack of an airline company in order to obtain credit card data I can sell. Now I have my project defined. The first step is to identify a target. Because I’m looking specifically for an airline, I can’t just start scanning ports […]

By: - Independent Computer Security Analyst


The EFF’s secure messaging scorecard. Which app will you use?

January 15th, 2015

We live in alarming times. Revelations by NSA whistleblower Edward Snowden woke many of us to up the risks posed by covert surveillance, and in just the last few days – following the ghastly events in Paris – UK Prime Minister David Cameron has called for secure communication apps to be made unlawful, or at […]

By: - Dir. Solutions Marketing

State of the Endpoint Identifies Risky Users as Top Threat

January 14th, 2015

For years, security pros have complained joked about over-zealous users who click on everything. With today’s release of the sixth annual State of the Endpoint study by Ponemon Institute, and commissioned by Lumension, the joke is reality for many and unfortunately it isn’t all that funny. Negligent and/or careless employees who do not follow security […]

By: - Director, Product Management


January is Update Your Microsoft Windows Month

January 13th, 2015

There are 8 total security bulletins for the first Patch Tuesday of 2015; 1 is rated critical and 7 are important. All of them impact Windows or Windows components; there are no specific Microsoft application updates. The good news is that there are just 8 CVEs to patch this month so it’s a 1 and […]


Is Your Organization a House of Cards?

January 12th, 2015

Some data breaches get a lot of attention in the news. When a large amount of data is taken from a popular retailer or organization, it makes big news in the media, and law enforcement gets interested. They like to be seen investigating the biggest crimes so everyone thinks they are doing their job. On […]

By: - Independent Computer Security Analyst


Google shows hackers how to exploit Windows 8.1

January 5th, 2015

If I told that you that a bunch of hackers had found a zero-day vulnerability in Microsoft Windows 8.1 you would probably be concerned. Especially if details of the unpatched security bug had not only been made public, but actual working exploit code had also been released on the internet for anyone else to use. […]


PayPal Accounts Still For Sale After Major Vulnerability Fix

December 26th, 2014

Earlier this month it was announced that PayPal fixed a bug which would allow an attacker to take over practically any PayPal account. The vulnerability was identified and reported through PayPal’s Bug Bounty program by Yasser Ali, an independent IT Security researcher in Egypt. Ali was experimenting with PayPal’s security token mechanism. He found that […]

By: - Independent Computer Security Analyst


German steel works suffered “massive damage” after hack attack

December 23rd, 2014

Hackers who compromised a German steel works inflicted serious damage on one of its blast furnaces, according to a newly released report from the German Federal Office of Information Security. Once again, according to the German report [PDF], the initial infection took place because a member of staff was tricked by a spearphishing email that […]


“Sophisticated” Regin Relies on Age-Old Techniques

December 22nd, 2014

The IT Security industry is saying that Regin is “Top-tier” – “Sophisticated” – “Super-spyware”. When you look at a Regin attack in detail however, you find a lot of techniques in common with plain old-fashioned data-stealing malware. No matter how sophisticated the malware, the same steps are needed to successfully infiltrate the victim’s machines. And familiar defenses […]

By: - Dir. Solutions Marketing

IT Security Budgets, Destructive Malware and Software Vulns – A 2015 Sneak Peek

December 17th, 2014

Even non-security news outlets and bloggers have been writing about 2014 as the year of the mega breach. And for good reason, when you consider cyber criminals’ attacks on Target, JP Morgan, Home Depot and most recently of course, Sony Pictures. Regardless of your opinion on how Sony has handled the breach to-date, no one […]

IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us