By: - Independent Computer Security Analyst

@gcluley

Logjam vulnerability – what you need to know

May 20th, 2015

Researchers discover a new attack against encrypted communications on the internet.



By:

Buying Exploits for Zero-Day Vulnerabilities

May 18th, 2015

A few weeks ago a story appeared on Slashdot about a new marketplace on the Dark Web called The Real Deal. Since it’s already in the press, hopefully there’s no harm in describing it here. I do risk being banned from the site for discussing it, but I’m optimistic they’ll see it as free publicity rather […]



By: - Director, Product Management

@russbernst

Nope, Patch Tuesday Has Not Gone Away: It’s a Monster May

May 12th, 2015

Rumours of the demise of Patch Tuesday have been squelched for now, with today’s release of 13 security bulletins from Microsoft. It’s May Patch Tuesday and while last week’s announcement of Windows Update for Business (WUB) makes it clear as mud whether or not Microsoft will in fact continue to provide monthly security patches for […]



By: - Independent Computer Security Analyst

@gcluley

Is your graphics card hiding a rootkit or keylogger?

May 12th, 2015

Why would malicious code want to run entirely on the GPU? And should we be concerned?



By:

Is Data Privacy Becoming Extinct?

May 11th, 2015

It seems your digital footprint is getting more and more interesting to more and more parties. There’s been plenty of news this week about the U.K. and France joining the United States in mass monitoring of their citizens’ data. The U.K. “Snooper’s Charter” England is already known for monitoring its populace with its many public […]



By: - Independent Computer Security Analyst

@gcluley

Are we all too reliant on technology?

May 5th, 2015

A couple of news stories that came to my attention in the last week or so, underlined that although modern technology brings many benefits, we may also be depending on it too much. For instance, the Royal Institute of Navigation (RIN) issued a warning that people are at risk of losing their basic map-reading skills […]



By:

Hijacking Websites for Hacktivism (part 4)

May 4th, 2015

This is the next is a series of posts covering website hijacking. See parts 1, 2, and 3 if you’re just joining in. I’ve covered several different types of possible attacks. I’ve settled on attacking public DNS servers to hijack political campaign websites, sending their traffic to my own website which reveals the truth about […]



By: - Independent Computer Security Analyst

@gcluley

SendGrid email service hacked, customers told to reset passwords and DKIM keys

April 27th, 2015

Most of us know about bulk email – it’s the blanket term which can be used in relation to the mountain of legitimate newsletter subscriptions and marketing emails we may have clogging up our inboxes, as well as the unsolicited junk messages, scams and phishing campaigns that spammers abuse us with. What is less well […]



By:

Hijacking Websites for Hacktivism (part 3)

April 27th, 2015

This is the next in a series of posts about my hacktivism campaign. You can read part 1 and part 2 if you missed them. My goal is to publish publicly available information about political candidates on a website I host, then redirect traffic from their campaign websites to mine. I’ve covered a few website […]



By: - Independent Computer Security Analyst

@gcluley

Popular WordPress plugins found vulnerable to XSS attacks

April 21st, 2015

As I’ve explained before on the Optimal Security blog, cross-site scripting (XSS) flaws are a big problem on the net. Vulnerable websites can be exploited via XSS to steal user accounts, change settings or phish passwords from unsuspecting users. In fact, XSS flaws are one of the most commonly encountered security flaws found on websites. […]


By:

Hijacking Websites for Hacktivism (part 2)

April 20th, 2015

In the first post of this series I outlined my plan for the upcoming U.S. election. I’ll find unvarnished information about the candidates from sources like public records, create a website to display that information, and then re-route web traffic from the candidates’ own URL’s to my website. So far we’ve covered setting up the […]


By: - Independent Computer Security Analyst

@gcluley

Minecraft learns the hard way: It’s not good to ignore vulnerability reports

April 17th, 2015

If a security researcher finds a vulnerability in your software, please don’t ignore them. Instead, be grateful that someone who has found a flaw in your product has chosen to let you know about it, rather than selling it (for probably more cash than you’ll offer them as a bug bounty) to some nefarious ne’er-do-well […]


By: - Director, Product Management

@russbernst

Another Big Update for April Patch Tuesday

April 14th, 2015

Another high number of updates have been released by Microsoft this April Patch Tuesday – 11 security bulletins have been distributed in all; 4 of them are critical and 7 important. This is a follow-up to last month’s big Patch Tuesday with 14 bulletins. April will be an important month for your server team, with […]


By:

Hijacking Websites for Hacktivism (part 1)

April 13th, 2015

I mentioned in my last post about hacktivism that I had some future plans based on upcoming events. I’m confident enough in my plan that I’m going to share it here with you, of course leaving out a few specific details. If you want to avoid being the victim of a plan like this, then […]


By: - Independent Computer Security Analyst

@gcluley

Hackers break into Linux Australia server, plant malware, steal personal information

April 7th, 2015

Linux Australia has warned its members and conference attendees that their personal information may have fallen into the hands of online criminals, following a breach of the organisation’s servers. In a mailing list posting, Linux Australia Joshua Hesketh confirmed that a malicious hacker attacked the site between 04:00 and 06:00 local time on 22 March […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com