Is Apple the New Adobe?
April 13th, 2012
A security weakness in Apple Quicktime Java Extensions was reported to Apple today (along with proof of concept code) by Adam Gowdiak, a resarcher with Security Explorations in Poland. The issue impacts Quicktime 7.7.1 running on Windows XP SP3, Windows 7 HP 64-bit, Windows 7 Pro 32-bit, along with web browsers; Mozilla Firefox 11.0, Internet Explorer [...]
Is BackDoor.Flashback.39 Trojan Going to be Apple’s Conficker?
April 9th, 2012
With 274 of the 600,000 infected Mac’s now being reported as being in Cupertino – Apple’s hometown – maybe they will feel a little of the pain their users are now feeling and get serious about being more candid and perhaps more revelaing in their patch release notifications. Calculating the number of infected Macs this [...]
Microsoft’s Ugly Patch Tuesday
April 12th, 2011
No matter how you look at it, it’s an ugly Patch Tuesday this month. There are 17 bulletins this month and over half of them, 9, are critical and we are seeing 64 patches in total. All but two provide for remote code execution. We are well into a new year and things have not [...]
Popularity is Not Necessarily a Good Thing
October 28th, 2010
While Apple proudly proclaims the swelling number of iPhone sales, let me remind IT Security professionals that in the world of network security, popularity is not necessarily a good thing. One of the most important lessons I have learned throughout my career is it is more often popularity – not necessarily insecurity – that drives [...]
Cyber Security Efforts in the U.S.
October 19th, 2010
Recognizing October as National Cyber security Awareness Month, Lumension Chairman and CEO, Pat Clawson, invited a handful of IT security industry leaders for 30 minutes of frank conversation on what is being done at the government level to reign in national cyber security efforts in the U.S.
Biggest Patch Tuesday Ever: It’s All Trick and No Treat for Administrators This October
October 12th, 2010
Forget ghouls and goblins. The scariest thing about this month is the number of security vulnerabilities. Today, Microsoft released one of the largest patch loads we’ve seen to date – with 16 patches for 49 flaws, 4 of which are critical.
IT Risk and Social Web Leverage
September 21st, 2010
Leverage in all forms is a powerful thing. For both good and bad. The popularity and speed of social websites provide an amazing degree of leverage for both businesses and hackers. The Twitter OnMouseOver JavaScript flaw and the resulting flood of exploitive tweets is a great example of the latter. In a matter of hours, thousands [...]
Jeff Hughes - Product Marketing Executive, Mobile and Security Technologies
Five Irrefutable Laws of Information Security
September 20th, 2010
Last week, Forrester held its annual Security Forum 2010 and discussed, among other topics, the need for consistent controls on our endpoint devices to ensure continuous security and network protection. In his keynote entitled What is the Most Significant Vulnerability We Face Today, Malcolm Harkins, Chief Information Security Officer at Intel Corporation cited an example [...]
Adjust Your Defenses to the Changing Threat Vector
July 30th, 2010
While our budget-constrained defenses remain relatively static, the threat vector continues to change. Historically in network security, attackers seem to regularly stay one step ahead of defenders. I have watched the arms race unfold for more than two decades as attackers worked their way up the OSI stack from network layer attacks like the infamous [...]
July 2010 Patch Tuesday Security Briefing
July 14th, 2010
Microsoft announced that they have released four security bulletins to address five separate current vulnerabilities. Especially concerning this month is the fact that all three bulletins rated “critical” also rate a “1” on Microsoft’s exploitability index (with MS10-042 addressing a vulnerability that is actively being exploited.) Additionally, MS10-043 requires a reboot and affects Windows Server [...]
FREE Scanner
Free eBook &
Over 48% of IT Directors say that mobile devices represent the greatest network security threat.
