By: - Dir. Solutions Marketing

BadUSB Update

October 16th, 2014

I have received several inquiries regarding the latest news about the so-called BadUSB vulnerability, so I thought I’d write a quick post on what we know at the moment. What is BadUSB? BadUSB is a vulnerability – not malware – in the design and implementation of firmware used on USB devices which allows it to […]

By: - Senior Architect


Security Resiliency

October 13th, 2014

Computer security is in the headlines yet again. Last week it was the bash “Shellshock” vulnerability, before that it was the Home Depot credit card breach, and now the news is all about the security breach at JP Morgan. [ed.: And since Dan wrote this post, we’re knee deep in news about the Dairy Queen data breach […]

By: - Dir. Solutions Marketing

Is It the End of the (USB) World as We Know It?

August 4th, 2014

News this past week about a Proof-of-Concept tool called BadUSB which has the IT security press in a lather. Why? Well, we all know that USB sticks are used to spread malware. But this POC by SRLabs security researchers Karsten Nohl and Jakob Lell – which will be demonstrated at Black Hat USA 2014 – […]

By: - IT Secured. Success Optimized.


Retail POS Cyber Attacks: Why, How and What to Do

March 18th, 2014

Here’s a quick look at how cyber thieves attack retail organizations, some thoughts on why and best practices for defending against them.

By: - Forensics and Security Expert


XP End of Support Options

March 17th, 2014

The end of support for Windows XP has disastrous potential for those who do not prepare for it. Anyone still on the OS can expect an onslaught of malware after April 8th, 2014 – the date Microsoft will no longer ship security patches for XP. Any bad guy out there with an XP exploit will […]

By: - Senior Architect


Hiding Under the Covers

May 15th, 2013

“All warfare is based on deception” – Sun Tzu, The Art of War Attackers like stealth.  Once they have compromised a system, one of their primary goals is to remain undetected. Initially, attackers used malware with pseudo Windows service names such as svchosts.exe, winlogin.exe, lsasss.exe, and others. Although these names appear to be innocuous, power […]

By: - Forensics and Security Expert


Eliminating Java Will Not Solve Your Problem

March 6th, 2013

While many are jumping on the ‘Death to Java’ bandwagon and ranting about turning off Java to eliminate risk, it is important to put the issue in the proper context: the reality of the matter is a Java vulnerability is not the end game for a cyber criminal; it is merely a delivery mechanism in […]

By: - Former SVP Global Marketing


Why the Bit9 Hack is Not a Failure of Application Control, Whitelisting

February 19th, 2013

There’s never a dull day in the security industry. Anymore, we rarely have to look beyond the proverbial front page for news on the latest hack. Cyber attacks are increasing in volume and sophistication and no one is immune. Two weeks ago, my preferred grocery store here in Phoenix announced they had been breached. And […]

By: - Forensics and Security Expert


Ransomware is Back with a Vengeance and Targeting Business

December 27th, 2012

Ransom-ware has matured since it was first seen in 1989 with the PC Cyborg Trojan. Today, it is big business for cyber criminals; and for good reason. A September article reported cyber criminals could earn between $50,000 and $60,000 a day by focusing their efforts on just a couple of countries. The severity of ransom-ware’s […]

By: - Former Chairman and CEO, Lumension


APTs and Acquisition

November 6th, 2012

You’d have to be living under a rock to not have heard about the recent rise in targeted attacks. From oil operators in the Middle East to financial institutions in the U.S., advanced persistent threats, APTs, have grown exponentially. Yes, they are a problem for big, global brands but should smaller organizations concern themselves with […]

By: - Windows Security Subject Matter Expert


Growing Threat From Vendors’ Friendly Fire

October 15th, 2012

After we learned that Flame exploited Microsoft’s Auto Update infrastructure, I pointed out that if attackers were able to compromise Microsoft, a leader in patch management, it couldn’t be long before bad guys exploited the update infrastructures of other vendors who are far behind Microsoft – like Adobe…  And that’s exactly what happened a couple […]

By: - Former Chairman and CEO, Lumension


Going on the Offensive—Standing up against Cyber-Attacks

July 28th, 2011

After the explosive March hack that infiltrated over 24,000 key files, Pentagon officials are ready to change their strategies regarding U.S. cyber security. While the incursion was one of the worst single incidents the U.S. Department of Defense has ever seen and may impact the design of the U.S. weapons system, it’s just one in […]

By: - Sr. Director Solutions and Strategy


Is the PlayStation® Network Meltdown a Security "Black Swan"?

May 3rd, 2011

The intensive and comprehensive nature of Sony’s PlayStation® Network (PSN) meltdown has made a strong impression on me. Loss of massive amounts of sensitive customer data, long-term network unavailability, probable class-action law suits, and an unprecedented avalanche of bad PR – this is not your normal “our network got hacked” situation. It made me wonder, […]

By: - Former Chairman and CEO, Lumension


Playing the Security Game? Think Before Simply Clicking ‘Renew’

April 26th, 2011

If your organization is anything like the companies we’ve been speaking with, then you know first-hand the headache and ongoing challenge that the rising cost of malware has created. In fact, 48 percent of organizations recently reported an increase in their IT operating expenses, according to the 2010 Ponemon Institute study commissioned by Lumension. Significantly, […]

By: - Forensics and Security Expert


2011 Has Potential to be a Really Bad Year

April 20th, 2011

If we look at how 2010 ended there is perhaps good reason for IT security pros to already be nervous in 2011. According to the end of year report from IBM X-Force, at least 44% of all vulnerabilities disclosed in 2010 had no corresponding patch by end of year. Not only do we have to […]

IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us