By: - Independent Computer Security Analyst

@gcluley

Hackers exploit Windows zero-day flaw in targeted PowerPoint attacks

October 22nd, 2014

Be on your guard. Another zero-day vulnerability has been uncovered that affects almost all supported versions of Windows, and it is being actively exploited by hackers in targeted attacks. Microsoft has issued a security advisory about a critical remote code execution flaw in all versions of Windows apart from Windows Server 2003. That would be […]



By: - Dir. Solutions Marketing

BadUSB Update

October 16th, 2014

I have received several inquiries regarding the latest news about the so-called BadUSB vulnerability, so I thought I’d write a quick post on what we know at the moment. What is BadUSB? BadUSB is a vulnerability – not malware – in the design and implementation of firmware used on USB devices which allows it to […]



By: - Dir. Solutions Marketing

Is It the End of the (USB) World as We Know It?

August 4th, 2014

News this past week about a Proof-of-Concept tool called BadUSB which has the IT security press in a lather. Why? Well, we all know that USB sticks are used to spread malware. But this POC by SRLabs security researchers Karsten Nohl and Jakob Lell – which will be demonstrated at Black Hat USA 2014 – […]



By: - Senior Architect

@danteal

Defending Against Java

July 24th, 2013

Java offers enterprises the ability to write code once and run it everywhere.  However, this flexibility comes with a high cost: reduced security on endpoints. It has lately gotten so bad that Java has been nicknamed Just Another Vulnerability Announcement. Oracle has been working to produce updates to Java that addresses these vulnerabilities, but many […]



By: - Forensics and Security Expert

@phenrycissp

The Danger of Open Access to University IP

July 22nd, 2013

When I saw last week’s New York Times story about the problems universities are experiencing with cyber attacks, my first thought was one of surprise. Wasn’t this kind of story published years ago? Hackers are opportunistic and universities pride themselves on providing free and open access to materials. Cyber attacks on research universities have been […]



By: - Senior Architect

@danteal

Hiding Under the Covers

May 15th, 2013

“All warfare is based on deception” – Sun Tzu, The Art of War Attackers like stealth.  Once they have compromised a system, one of their primary goals is to remain undetected. Initially, attackers used malware with pseudo Windows service names such as svchosts.exe, winlogin.exe, lsasss.exe, and others. Although these names appear to be innocuous, power […]



By: - Forensics and Security Expert

@phenrycissp

Eliminating Java Will Not Solve Your Problem

March 6th, 2013

While many are jumping on the ‘Death to Java’ bandwagon and ranting about turning off Java to eliminate risk, it is important to put the issue in the proper context: the reality of the matter is a Java vulnerability is not the end game for a cyber criminal; it is merely a delivery mechanism in […]



By: - Former SVP Global Marketing

@cedwardbrice

Why the Bit9 Hack is Not a Failure of Application Control, Whitelisting

February 19th, 2013

There’s never a dull day in the security industry. Anymore, we rarely have to look beyond the proverbial front page for news on the latest hack. Cyber attacks are increasing in volume and sophistication and no one is immune. Two weeks ago, my preferred grocery store here in Phoenix announced they had been breached. And […]



By: - Former Chairman and CEO, Lumension

@pclawson

The New York Times Breach: Why AV Failed, What They Should Have Done and What We Accomplish by Letting Them Stay Inside

February 1st, 2013

In yet another example in the saga of personalized malware from foreign nations, specifically China, The New York Times reported Wednesday that the Chinese had carried out an extensive malware campaign against the newspaper giant for the past four months. With this news, we see once again stand alone, signature-based defenses are completely ineffective, especially […]



By: - Forensics and Security Expert

@phenrycissp

Ransomware is Back with a Vengeance and Targeting Business

December 27th, 2012

Ransom-ware has matured since it was first seen in 1989 with the PC Cyborg Trojan. Today, it is big business for cyber criminals; and for good reason. A September article reported cyber criminals could earn between $50,000 and $60,000 a day by focusing their efforts on just a couple of countries. The severity of ransom-ware’s […]


By: - Former Chairman and CEO, Lumension

@pclawson

APTs and Acquisition

November 6th, 2012

You’d have to be living under a rock to not have heard about the recent rise in targeted attacks. From oil operators in the Middle East to financial institutions in the U.S., advanced persistent threats, APTs, have grown exponentially. Yes, they are a problem for big, global brands but should smaller organizations concern themselves with […]


By: - Forensics and Security Expert

@phenrycissp

What the Security Features of Apple’s Mountain Lion Mean for the Enterprise

June 14th, 2012

The 2012 Apple World Wide Developers’ Conference saw the release of many new Apple products, including a sneak peek of the long-anticipated OS, Mountain Lion. The new release shows that Apple has taken one step forward in what will be a long security road. While it’s a good start, they are still miles behind Microsoft […]


By: - IT Security Expert

Closing the Antivirus Protection Gap

May 16th, 2012

With 50% of IT endpoint operating costs now attributable to malware, is reliance on antivirus as the keystone endpoint security measure the best approach? Instinct tells us no but to be sure, Lumension recently did a comparative analysis on the effectiveness of standalone AV and O/S resident patching solution versus newer technologies, including application whitelisting, […]


By: - Dir. Solutions Marketing

DNSChanger Trojan: Not All Doom and Gloom

May 9th, 2012

If your server(s) have been infected by the DNSChanger Trojan and you’ve not done anything about it, time is running out. You have until July 9, 2012 to get your systems fixed, or you’ll lose internet access until you do. This insidious little Trojan – variously known as TDSS, Alureon, TidServ, and TDL4 malware – […]


By: - Dir. Solutions Marketing

Application Whitelisting: Key Protection Against Targeted Cyber Attacks

August 1st, 2011

The Australian Department of Defence recently updated their Strategies to Mitigate Targeted Cyber Intrusions guidelines, and I think it warrants a little discussion. The relatively short (only two pages!) document from the Cyber Security Operation Centre (CSOC) – part of the Defence Signals Directorate (DSD) – is based on their experience in operational cyber security, […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com