By: - Independent Computer Security Analyst

@gcluley

PayPal XSS flaw could have let hackers steal your unencrypted credit card details

August 26th, 2015

A cross-site scripting (XSS) flaw on PayPal’s website could have been used by hackers to phish for your login credentials, and even steal your unencrypted card details.



By: - Independent Computer Security Analyst

@gcluley

Sysadmins who fail to change default configurations, leave petabytes of data at risk

August 17th, 2015

Sysadmins – if you don’t change the default settings, there’s a danger that you could be exposing your company’s secret data to the rest of the world.



By:

Industrial Control System Owners Unaware of Internet Connectivity

August 17th, 2015

Industrial Control Systems (ICS) are the computer systems and networks used to control industrial plants and infrastructures. The term includes Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), and Programmable Logic Controllers (PLC). These systems are used in many sectors classified as critical by the U.S. and other governments. This includes emergency services, […]



By:

How to Own an Oil Well in 30 Minutes

August 14th, 2015

Industrial Programmable Logic Controllers (PLCs) are devices used to control key manufacturing and infrastructure systems around the world. A PLC is a fully customizable device which can take just about any data in, perform any combination of logical operations on it, and create an almost unlimited number of output scenarios. They’re common on manufacturing lines […]



By: - Independent Computer Security Analyst

@gcluley

Five years after Stuxnet, your USB drive is still being patched

August 12th, 2015

Once again, Microsoft finds itself patching Windows against attacks that can strike at your PC through the USB drive.



By: - Dir. Solutions Marketing

Infosec Haiku

August 8th, 2015

Anata no joho sekyuritei konshu no haiku Mac Users Beware – Thunderstrike and Zero-Day Are Lookin’ For You!   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your Own … if yours […]



By: - Independent Computer Security Analyst

@gcluley

Big news. Google patching millions of Android devices against Stagefright exploit

August 5th, 2015

If you needed any more convincing as to just how big a deal the recently discovered Stagefright vulnerability is on Android devices, just take a look at how Google and Samsung are responding.



By: - Independent Computer Security Analyst

@gcluley

Gaping hole in Android lets hackers break in with just your phone number!

July 27th, 2015

A researcher has found a serious Android vulnerability that requires no interaction at all by the user to hijack their device. In fact, the vulnerability could allow a hacker to infect your mobile phone, while you’re fast asleep.



By: - Independent Computer Security Analyst

@gcluley

Are You Vulnerable to New Java Zero-Day Exploit?

July 13th, 2015

Operation Pawn Storm is up to its dirty tricks again, this time with what is claimed to be the first new Java zero-day vulnerability in two years.



By: - Independent Computer Security Analyst

@gcluley

LinkedIn trumpets the success of its private bug bounty

June 19th, 2015

It’s all very well having a bug bounty program, argues LinkedIn, but how is your organisation going to cope if it is bombarded with hundreds of meaningless and useless reports, that your security team cannot act upon?


By:

You May Already Know Your Next Hacker

June 1st, 2015

Over the last couple of weeks I’ve seen a pattern of companies frustrating an individual to the point where the person gives up trying to communicate with the company and hacks them in a major way instead. I guess you could call it Revenge Hacking. In each case, the company was communicating with the person […]


By:

How Does Your Organization Handle Vulnerability Disclosures?

May 25th, 2015

You’ve probably heard the idiom “No good deed goes unpunished.” It looks like that phrase will survive even the cyber age. There have a been few news stories about how vulnerability disclosures were handled, or mishandled. Some made me laugh, some made me cringe. When IT Security professionals find a vulnerability, they know what to […]


By: - Independent Computer Security Analyst

@gcluley

Logjam vulnerability – what you need to know

May 20th, 2015

Researchers discover a new attack against encrypted communications on the internet.


By:

Buying Exploits for Zero-Day Vulnerabilities

May 18th, 2015

A few weeks ago a story appeared on Slashdot about a new marketplace on the Dark Web called The Real Deal. Since it’s already in the press, hopefully there’s no harm in describing it here. I do risk being banned from the site for discussing it, but I’m optimistic they’ll see it as free publicity rather […]


By: - Independent Computer Security Analyst

@gcluley

Minecraft learns the hard way: It’s not good to ignore vulnerability reports

April 17th, 2015

If a security researcher finds a vulnerability in your software, please don’t ignore them. Instead, be grateful that someone who has found a flaw in your product has chosen to let you know about it, rather than selling it (for probably more cash than you’ll offer them as a bug bounty) to some nefarious ne’er-do-well […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com