By: - Independent Computer Security Analyst

@gcluley

Isn’t It Time Oracle Gave Us Monthly Security Updates for Java?

March 24th, 2014

In some ways, it could be argued that Java is an incredible success. I’m serious. Stop laughing at the back. You see, according to Oracle, Java’s developer, the product is used on over 3 billion different devices worldwide. That *is* impressive. But, for those of us concerned with securing systems and keeping computer data safe, [...]



A Win-Win for Missouri S&T

September 5th, 2013

Missouri University of Science & Technology faces a set of challenges many post-secondary organizations similarly face. On one side of the problem set, we have a whole fleet of student-owned endpoint devices—over 7,000—connecting to the network without any kind of centralized management because the university only has the means to manage campus-owned systems. On the [...]



By: - Forensics and Security Expert

@phenrycissp

Nothing Pretty About Fireworks Delivered From Microsoft This Patch Tuesday

July 9th, 2013

IT admins may have taken the Fourth off to enjoy some fireworks, but they’ll be very busy this week patching their systems. It’s not a pretty Patch Tuesday this month with 7 bulletins, 6 of which are critical. That brings our total of critical bulletins for the year to 22, which is fairly high, considering [...]



By: - Dir. Solutions Marketing

Much Ado About Java

June 12th, 2013

So, have you seen the latest about Java? Seems most organizations are still running (really) old versions. And even the current version has what is technically known as a shit-ton of zero-day vulnerabilities. And so Oracle is changing their vulnerability numbering system to accommodate all of them, in addition to taking other steps surrounding Java [...]



By: - Windows Security Subject Matter Expert

@randyfsmith

Growing Threat From Vendors’ Friendly Fire

October 15th, 2012

After we learned that Flame exploited Microsoft’s Auto Update infrastructure, I pointed out that if attackers were able to compromise Microsoft, a leader in patch management, it couldn’t be long before bad guys exploited the update infrastructures of other vendors who are far behind Microsoft – like Adobe…  And that’s exactly what happened a couple [...]



By: - Dir. Solutions Marketing

DNSChanger Trojan: Not All Doom and Gloom

May 9th, 2012

If your server(s) have been infected by the DNSChanger Trojan and you’ve not done anything about it, time is running out. You have until July 9, 2012 to get your systems fixed, or you’ll lose internet access until you do. This insidious little Trojan – variously known as TDSS, Alureon, TidServ, and TDL4 malware – [...]



By: - Forensics and Security Expert

@phenrycissp

Is BackDoor.Flashback.39 Trojan Going to be Apple’s Conficker?

April 9th, 2012

With 274 of the 600,000 infected Mac’s now being reported as being in Cupertino – Apple’s hometown – maybe they will feel a little of the pain their users are now feeling and get serious about being more candid and perhaps more revelaing in their patch release notifications. Calculating the number of infected Macs this [...]



By: - IT Security Expert

Life After an Attack

September 9th, 2011

Hackers never sleep–as Citigroup can certainly attest to, having their consumer information twice hacked in a span of only three months. While we are counting sheep, the bad guys are of course looking for a way in, lurking and waiting for a vulnerable minute to strike. And all too often, this happens to organizations that [...]



By: - Dir. Solutions Marketing

USBs: Unsafe at Any Speed?

August 12th, 2011

I always enjoy hearing about our venerable events in the popular press – sometimes they’re yuk-inducing, like this bit on Marketplace about their reporter asking about getting WiFi at Black Hat 2011 (see here or listen here for the whole piece). And although I did not attend, I’ve been trying to catch up on some [...]



By: - Forensics and Security Expert

@phenrycissp

April Showers Bring May Flowers, and Patch Tuesday is No Exception

May 10th, 2011

Last month it poured when Microsoft released 17 security bulletins that addressed a total of 64 vulnerabilities. For today’s Patch Tuesday, we have a light load; however, both patches address remote code execution and one is critical.  So both require immediate attention. The critical patch MS11-035 Vulnerability in WINS addresses an issue with all supported [...]


By: - Chairman and CEO, Lumension

@pclawson

Playing the Security Game? Think Before Simply Clicking ‘Renew’

April 26th, 2011

If your organization is anything like the companies we’ve been speaking with, then you know first-hand the headache and ongoing challenge that the rising cost of malware has created. In fact, 48 percent of organizations recently reported an increase in their IT operating expenses, according to the 2010 Ponemon Institute study commissioned by Lumension. Significantly, [...]


By: - Forensics and Security Expert

@phenrycissp

2011 Has Potential to be a Really Bad Year

April 20th, 2011

If we look at how 2010 ended there is perhaps good reason for IT security pros to already be nervous in 2011. According to the end of year report from IBM X-Force, at least 44% of all vulnerabilities disclosed in 2010 had no corresponding patch by end of year. Not only do we have to [...]


By: - Forensics and Security Expert

@phenrycissp

Microsoft Prepares Out Of Band Patch For “Globe Trotting” LNK File Issue

July 30th, 2010

As more malware writers began to incorporate the Microsoft LNK issue (CVE-2010-2568) into their malicious code, Microsoft last week published a workaround and is [...]


By: - Forensics and Security Expert

@phenrycissp

Adjust Your Defenses to the Changing Threat Vector

July 30th, 2010

While our budget-constrained defenses remain relatively static, the threat vector continues to change. Historically in network security, attackers seem to regularly stay one step ahead of defenders. I have watched the arms race unfold for more than two decades as attackers worked their way up the OSI stack from network layer attacks like the infamous [...]


By: - Chairman and CEO, Lumension

@pclawson

Whitelisting: Fill in the Gaps Where Traditional Efforts have Failed

May 27th, 2010

You’ve probably heard about three recent security-related events that attracted lots of attention. In January, Google announced that it suffered a “highly sophisticated” and targeted hacker attack—originating from China— against its corporate network. In April, an ill-fated false-positive antivirus signature was pushed out that accidentally removed a key part of Windows from machines. And a [...]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com