Hacking (Protecting) Your POS System

February 23rd, 2015

In the House of Cards series of posts, I walked you through gaining access to a company’s network through an online portal in order to exfiltrate credit card data. It was a lengthy process, but the target company had enough data to make the time investment worthwhile. Most credit card data thefts come from POS […]

By: - Independent Computer Security Analyst


Hackers exploit Windows zero-day flaw in targeted PowerPoint attacks

October 22nd, 2014

Be on your guard. Another zero-day vulnerability has been uncovered that affects almost all supported versions of Windows, and it is being actively exploited by hackers in targeted attacks. Microsoft has issued a security advisory about a critical remote code execution flaw in all versions of Windows apart from Windows Server 2003. That would be […]

By: - Independent Computer Security Analyst


Malicious ads run next to popular YouTube videos, laced with the Sweet Orange exploit kit

October 17th, 2014

If you want to watch a video, you go to YouTube.  It’s as simple as that. Although other sites exist which host videos, Google-owned YouTube is the Goliath in the market – and gets the overwhelming bulk of the net’s video-watching traffic. And, of course, that enormous success and high traffic brings with it unwanted […]

By: - Senior Architect


Security Resiliency

October 13th, 2014

Computer security is in the headlines yet again. Last week it was the bash “Shellshock” vulnerability, before that it was the Home Depot credit card breach, and now the news is all about the security breach at JP Morgan. [ed.: And since Dan wrote this post, we’re knee deep in news about the Dairy Queen data breach […]

By: - Dir. Solutions Marketing

July Java Jamboree

July 15th, 2014

The latest Critical Patch Update (CPU) from Oracle has been released today. Based on the pre-release information, the July 2014 CPU contains 113 new security vulnerability fixes, covering everything from its flagship database and Fusion Middleware to Hyperion and Solaris. [See update below.] Of particular interest to endpoint administrators will be the 20 vulnerabilities in […]

By: - Independent Computer Security Analyst


Java on XP?

July 14th, 2014

Is it still supported, and what should you do about it? Well done to Oracle, which has successfully managed to confuse everyone about what the situation is regarding whether Java (a development platform with a long history of security holes) will continue to be properly supported on Windows XP (an operating system with a long […]

By: - Dir. Solutions Marketing

Much Ado About Java

June 12th, 2013

So, have you seen the latest about Java? Seems most organizations are still running (really) old versions. And even the current version has what is technically known as a shit-ton of zero-day vulnerabilities. And so Oracle is changing their vulnerability numbering system to accommodate all of them, in addition to taking other steps surrounding Java […]

By: - Forensics and Security Expert


Before, During and After Patch Tuesday: A Survival Guide

August 13th, 2012

It’s been said that there are only two types of companies left in the world: those who know they’ve been hacked and those who don’t. We have to hope that there’s still a third group: those who have not been hacked. You can be sure those who belong to the third group are those who […]

By: - Forensics and Security Expert


Keys to the Kingdom

October 28th, 2011

For hackers, social media is the top malware delivery vehicle of choice right now. And why not? Social networking sites are where the people are – and their information is readily available. Sadly, many unsuspecting people fail to realize that by creating a Facebook page, they are literally handing bad guys all the necessary needed […]

By: - Dir. Solutions Marketing

Novel New USB Attack

July 19th, 2010

News about a new attack via USB flash drive, known as Stuxnet.B, is surfacing. The Belarusian antivirus company VirusBlokAda recently discovered it and published a report on it. There are several points about this attack which make it both novel and unique, even though infection / propagation via USB flash drives is very common. To […]

By: - Forensics and Security Expert


May 2010 Patch Tuesday Security Briefing

May 12th, 2010


Microsoft has released two security bulletins this month, MS10-030 and MS10-031 to address two vulnerabilities in Microsoft Windows and Microsoft Office, both rated Critical. As both bulletins are rated as critical, they will both demand a high priority in their deployment across the enterprise. For more information on Microsoft and other vendor patches, please visit […]

By: - Forensics and Security Expert


Light Patch Tuesday as New Antivirus Issue Arises

May 11th, 2010

Microsoft has released two security bulletins this month, MS10-030 and MS10-031 to address two vulnerabilities in Microsoft Windows and Microsoft Office, both rated Critical. As both bulletins are rated as critical, they will both demand a high priority in their deployment across the enterprise. Details: MS10-030 resolving one vulnerability affecting Outlook Express, Windows Mail and […]

By: - Forensics and Security Expert


Will 2010 be the Year of Zero-Day Vulnerabilities for Browsers?

March 23rd, 2010

It certainly seems that in 2010, a month doesn’t go by without hearing about yet another zero-day threat affecting a popular browser software. In the first quarter of 2010, we already have seen new zero-day issues in the most popular browsers in use today: Microsoft reported yet another new zero-day issue with Internet Explorer, and […]

By: - Dir. Solutions Marketing

Kneber BotNet / Zeus Trojan Strikes!

February 18th, 2010

Makes Us Wonder if Web 2.0 / Social Apps are a Boon or a Bane.

By: - Sr. Director Solutions and Strategy


Adobe Joins the Microsoft Patch Party – Every Third Month

May 22nd, 2009

On Wednesday, Brad Arkin, Director of Product Security and Privacy at Adobe, announced that Adobe would be joining in on Microsoft’s Patch Tuesday party by scheduling security update releases on the first Tuesday of every quarter (  I can hear a collective sigh of relief and a communal “It’s about time!” issuing out of […]

IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us