By: - Independent Computer Security Analyst

@gcluley

To infinity and beyond! Unimaginably large bug-hunting prize fund announced by Google

February 26th, 2015

For the past few years, Google has been holding an annual bug-hunting competition – known as Pwnium – to encourage vulnerability researchers to find security holes in Chrome OS and the Chrome browser. Google took advantage of the fact that many of the world’s leading bug hunters were already meeting at the CanSecWest security conference […]



By: - Independent Computer Security Analyst

@gcluley

What’s worse than Superfish? Meet PrivDog, leaving users wide open to attacks

February 24th, 2015

Last week, a storm erupted on the net after it became widely known that Superfish – software that was being pre-installed on Lenovo PCs – could compromise users’ security and privacy. The problem with Superfish was not just that it injected money-making ads into websites, but that it used a self-signed root certificate to intercept […]



By:

Hacking (Protecting) Your POS System

February 23rd, 2015

In the House of Cards series of posts, I walked you through gaining access to a company’s network through an online portal in order to exfiltrate credit card data. It was a lengthy process, but the target company had enough data to make the time investment worthwhile. Most credit card data thefts come from POS […]



By: - Dir. Solutions Marketing

Infosec Haiku

February 21st, 2015

Anata no joho sekyuritei konshu no haiku Pre-Installed Malware? Lenovo Superfish Is Adware Run Amok   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, […]



By: - Independent Computer Security Analyst

@gcluley

Patching Haste Makes Waste

February 20th, 2015

Sometimes it’s better if software patches don’t come out too quickly. Such was the case when Microsoft issued its regular round of Patch Tuesday updates earlier this month, leaving some unhappy. Some PowerPoint users, for instance, found that a fix designed to make PowerPoint 2013 more stable was actually causing more problems than it aimed to […]



By:

Is Your Organization a House of Cards – Part 6

February 17th, 2015

This is the last in a series of posts describing how a typical credit card data theft occurs, from the hacker’s point of view. If you haven’t read the prior posts, check out parts 1, 2, 3, 4, and 5 to see how we got here. At this point, I have credentials for an online invoicing portal […]



By: - Independent Computer Security Analyst

@gcluley

Android and Windows battle for top position on the malware front, claims report

February 16th, 2015

We all know that malware is a huge problem on the Windows platform. Every day, something like 400,000 new Windows malware variants are dissected by security labs, and most people’s anti-virus software is set to download updates on a pretty much continual basis in an attempt to keep up. It sounds bad because it *is* […]



By: - Dir. Solutions Marketing

Infosec Haiku

February 14th, 2015

Anata no joho sekyuritei konshu no haiku Surprise! PCI Non-Compliance and Breaches Correlate – Report   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours is published, […]



By: - Director, Product Management

@russbernst

No Love for IT This February Patch Tuesday

February 10th, 2015

The big news for February Patch Tuesday is the criticality in which IT will need to move. Of the 9 updates this month, 3 are critical and 9 are important and 56 CVEs are addressed. Of those, 3 are now publicly known. The Microsoft Windows operating system is again the overwhelming target along with a […]



By:

Is Your Organization a House of Cards – Part 5

February 9th, 2015

This is another in a series of posts (parts 1, 2, 3, 4 ) discussing how I’m infiltrating an airline’s network to gain access to credit card data. I’ve identified a vendor for the airline and am in the process of retrieving saved passwords from the vendor’s Chief Accountant’s browsers. My goal is to find credentials […]



By: - Dir. Solutions Marketing

Infosec Haiku

February 8th, 2015

Anata no joho sekyuritei konshu no haiku Anthem Health Gets Breached 80 million Records Slurped Down by the Bad Guys   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own […]



By:

Is Your Organization a House of Cards – Part 4

February 2nd, 2015

In previous posts (part 1, part 2, part 3) I have been taking you through the steps to steal credit card information from Lychee Air, an airline in China. So far I have managed to break into the network of a catering company who works with Lychee Air. I have downloaded account info for their […]



By: - Dir. Solutions Marketing

Infosec Haiku

February 1st, 2015

Anata no joho sekyuritei konshu no haiku This One Is Not Good: ‘Skeleton Key’ Malware Will Now Unlock Networks   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … […]



By: - Independent Computer Security Analyst

@gcluley

Dirty sex website xHamster exploited in malvertising campaign

January 29th, 2015

For anyone thinks that they can get their sexual kicks surfing the seedier parts of the internet, rather than lurking about your city’s red light district, I’ve got some bad news for you. You can catch an infection in real life, and you can catch one on your computer too. xHamster, one of the world’s […]



By: - Dir. Solutions Marketing

Missing the Forest for the Trees: 2015 Data Protection Maturity Trends

January 28th, 2015

Today, in conjunction with the annual Data Privacy Day, Lumension released the 4th annual Data Protection Maturity Trends report. Based on a survey conducted in late 2014 of more than 700 IT security professionals from around the world, this report examines the issues and concerns facing IT security teams, how effective their data protection efforts […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com