By: - Dir. Solutions Marketing

R.I.P. Windows Server 2003

July 17th, 2015

As you should know by now, Microsoft ended support for Windows Server 2003 on July 14, 2015. But surveys suggest that many organizations may not be ready: 50% of organizations started 2015 with no migration plan – or were unaware that support was ending. 1/3 of organizations hope to complete their migrations sometime after the […]


Hacking (Protecting) Your POS System

February 23rd, 2015

In the House of Cards series of posts, I walked you through gaining access to a company’s network through an online portal in order to exfiltrate credit card data. It was a lengthy process, but the target company had enough data to make the time investment worthwhile. Most credit card data thefts come from POS […]

By: - Independent Computer Security Analyst


Hackers exploit Windows zero-day flaw in targeted PowerPoint attacks

October 22nd, 2014

Be on your guard. Another zero-day vulnerability has been uncovered that affects almost all supported versions of Windows, and it is being actively exploited by hackers in targeted attacks. Microsoft has issued a security advisory about a critical remote code execution flaw in all versions of Windows apart from Windows Server 2003. That would be […]

By: - Dir. Solutions Marketing

BadUSB Update

October 16th, 2014

I have received several inquiries regarding the latest news about the so-called BadUSB vulnerability, so I thought I’d write a quick post on what we know at the moment. What is BadUSB? BadUSB is a vulnerability – not malware – in the design and implementation of firmware used on USB devices which allows it to […]

By: - Dir. Solutions Marketing

Is It the End of the (USB) World as We Know It?

August 4th, 2014

News this past week about a Proof-of-Concept tool called BadUSB which has the IT security press in a lather. Why? Well, we all know that USB sticks are used to spread malware. But this POC by SRLabs security researchers Karsten Nohl and Jakob Lell – which will be demonstrated at Black Hat USA 2014 – […]

By: - Senior Architect


Defending Against Java

July 24th, 2013

Java offers enterprises the ability to write code once and run it everywhere.  However, this flexibility comes with a high cost: reduced security on endpoints. It has lately gotten so bad that Java has been nicknamed Just Another Vulnerability Announcement. Oracle has been working to produce updates to Java that addresses these vulnerabilities, but many […]

By: - Forensics and Security Expert


The Danger of Open Access to University IP

July 22nd, 2013

When I saw last week’s New York Times story about the problems universities are experiencing with cyber attacks, my first thought was one of surprise. Wasn’t this kind of story published years ago? Hackers are opportunistic and universities pride themselves on providing free and open access to materials. Cyber attacks on research universities have been […]

By: - Senior Architect


Hiding Under the Covers

May 15th, 2013

“All warfare is based on deception” – Sun Tzu, The Art of War Attackers like stealth.  Once they have compromised a system, one of their primary goals is to remain undetected. Initially, attackers used malware with pseudo Windows service names such as svchosts.exe, winlogin.exe, lsasss.exe, and others. Although these names appear to be innocuous, power […]

By: - Forensics and Security Expert


Eliminating Java Will Not Solve Your Problem

March 6th, 2013

While many are jumping on the ‘Death to Java’ bandwagon and ranting about turning off Java to eliminate risk, it is important to put the issue in the proper context: the reality of the matter is a Java vulnerability is not the end game for a cyber criminal; it is merely a delivery mechanism in […]

By: - Former SVP Global Marketing


Why the Bit9 Hack is Not a Failure of Application Control, Whitelisting

February 19th, 2013

There’s never a dull day in the security industry. Anymore, we rarely have to look beyond the proverbial front page for news on the latest hack. Cyber attacks are increasing in volume and sophistication and no one is immune. Two weeks ago, my preferred grocery store here in Phoenix announced they had been breached. And […]

By: - Former Chairman and CEO, Lumension


The New York Times Breach: Why AV Failed, What They Should Have Done and What We Accomplish by Letting Them Stay Inside

February 1st, 2013

In yet another example in the saga of personalized malware from foreign nations, specifically China, The New York Times reported Wednesday that the Chinese had carried out an extensive malware campaign against the newspaper giant for the past four months. With this news, we see once again stand alone, signature-based defenses are completely ineffective, especially […]

By: - Forensics and Security Expert


Ransomware is Back with a Vengeance and Targeting Business

December 27th, 2012

Ransom-ware has matured since it was first seen in 1989 with the PC Cyborg Trojan. Today, it is big business for cyber criminals; and for good reason. A September article reported cyber criminals could earn between $50,000 and $60,000 a day by focusing their efforts on just a couple of countries. The severity of ransom-ware’s […]

By: - Former Chairman and CEO, Lumension


APTs and Acquisition

November 6th, 2012

You’d have to be living under a rock to not have heard about the recent rise in targeted attacks. From oil operators in the Middle East to financial institutions in the U.S., advanced persistent threats, APTs, have grown exponentially. Yes, they are a problem for big, global brands but should smaller organizations concern themselves with […]

By: - Forensics and Security Expert


What the Security Features of Apple’s Mountain Lion Mean for the Enterprise

June 14th, 2012

The 2012 Apple World Wide Developers’ Conference saw the release of many new Apple products, including a sneak peek of the long-anticipated OS, Mountain Lion. The new release shows that Apple has taken one step forward in what will be a long security road. While it’s a good start, they are still miles behind Microsoft […]

By: - IT Security Expert

Closing the Antivirus Protection Gap

May 16th, 2012

With 50% of IT endpoint operating costs now attributable to malware, is reliance on antivirus as the keystone endpoint security measure the best approach? Instinct tells us no but to be sure, Lumension recently did a comparative analysis on the effectiveness of standalone AV and O/S resident patching solution versus newer technologies, including application whitelisting, […]

IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us