By: - Independent Computer Security Analyst

@gcluley

Minecraft learns the hard way: It’s not good to ignore vulnerability reports

April 17th, 2015

If a security researcher finds a vulnerability in your software, please don’t ignore them. Instead, be grateful that someone who has found a flaw in your product has chosen to let you know about it, rather than selling it (for probably more cash than you’ll offer them as a bug bounty) to some nefarious ne’er-do-well […]



By: - Dir. Solutions Marketing

Infosec Haiku

March 28th, 2015

Anata no joho sekyuritei konshu no haiku Twenty Percent of Top Sites Are Running Bad Code. Please Patch Your Site Now!   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your […]



By: - Independent Computer Security Analyst

@gcluley

Android users exposed to malware by installer hijacking vulnerability

March 27th, 2015

Security researchers have warned about a widespread vulnerability in Android devices, that could see attackers sneakily modify or entirely replace seemingly benign apps with malware, without users becoming aware. In other words, a user might attempt to install a legitimate version of “Angry Birds” but instead end up with a Flashlight app that’s harbouring malware. […]



By: - Dir. Solutions Marketing

Infosec Haiku

March 7th, 2015

Anata no joho sekyuritei konshu no haiku Has Rick James Returned? No – This FREAK Attack Hits Flaws In All Your Browsers   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit […]



By: - Independent Computer Security Analyst

@gcluley

To infinity and beyond! Unimaginably large bug-hunting prize fund announced by Google

February 26th, 2015

For the past few years, Google has been holding an annual bug-hunting competition – known as Pwnium – to encourage vulnerability researchers to find security holes in Chrome OS and the Chrome browser. Google took advantage of the fact that many of the world’s leading bug hunters were already meeting at the CanSecWest security conference […]



By: - Independent Computer Security Analyst

@gcluley

What’s worse than Superfish? Meet PrivDog, leaving users wide open to attacks

February 24th, 2015

Last week, a storm erupted on the net after it became widely known that Superfish – software that was being pre-installed on Lenovo PCs – could compromise users’ security and privacy. The problem with Superfish was not just that it injected money-making ads into websites, but that it used a self-signed root certificate to intercept […]



By: - Independent Computer Security Analyst

@gcluley

Don’t be evil? Google discloses yet another zero-day vulnerability in Microsoft code

January 20th, 2015

For the third time in a month, Google has gone public about a security vulnerability in Microsoft’s code – and not been prepared to wait for the software giant to publish a patch. The security hole, which exists in Microsoft Windows 7 and 8.1 is expected to be patched in Microsoft’s regular monthly security update […]



By: - Independent Computer Security Analyst

@gcluley

Google shows hackers how to exploit Windows 8.1

January 5th, 2015

If I told that you that a bunch of hackers had found a zero-day vulnerability in Microsoft Windows 8.1 you would probably be concerned. Especially if details of the unpatched security bug had not only been made public, but actual working exploit code had also been released on the internet for anyone else to use. […]



By:

PayPal Accounts Still For Sale After Major Vulnerability Fix

December 26th, 2014

Earlier this month it was announced that PayPal fixed a bug which would allow an attacker to take over practically any PayPal account. The vulnerability was identified and reported through PayPal’s Bug Bounty program by Yasser Ali, an independent IT Security researcher in Egypt. Ali was experimenting with PayPal’s security token mechanism. He found that […]



By: - Director, Product Management

@russbernst

Microsoft Takes on IE Vulns and Enforces 8.1 Update in August Patch Tuesday

August 12th, 2014

The patches released by Microsoft today for August Patch Tuesday include 9 bulletins (2 critical and 7 important) and cover 37 CVEs. IT’s first priority should be the critical, cumulative update for IE. MS14-051 includes 26 CVEs for all supported versions of the browser. All are privately disclosed with the exception of one, CVE-2014-2819, which […]


By: - Independent Computer Security Analyst

@gcluley

7 Out of Top 10 Internet of Things Devices Riddled With Vulnerabilities

July 31st, 2014

It has become the trendy thing to connect more and more household and office devices to the internet. It is becoming increasingly common to find yourself typing a WiFI password not just into your smartphone, but also your smoke alarm, your fridge, your printer, your baby monitor and maybe even your car. However, are the […]


By: - Independent Computer Security Analyst

@gcluley

More Security Flaws Discovered in OpenSSL – Patch Now!

June 6th, 2014

Remember the Heartbleed scare which had you scurrying to change your passwords and worrying about online privacy a few weeks ago? How could you forget it… After all, hundreds of thousands of websites were impacted by that flaw, as well as millions of Android devices put at risk. Well, it looks like that wasn’t the last word […]


By: - Independent Computer Security Analyst

@gcluley

Here’s How to Keep Getting Free Security Updates for Windows XP Until 2019 – And Why You Shouldn’t

May 27th, 2014

Have you heard the news? A way has been found to trick computers into receiving security updates for Windows XP – even though Microsoft stopped officially supporting the operating system back in April. According to a BetaNews report, this could make it possible for users still using creaky old XP to carry on getting security […]


By: - Director, Product Management

@russbernst

Final Patch Tuesday Quietly Ushers Out XP and 2003

April 8th, 2014

2 Critical 2 Important In the final Patch Tuesday for Windows XP and Office 2003, Microsoft released 4 patches today, two critical and two important that cover a total of just 11 CVEs. While an unusually small Patch Tuesday, it isn’t surprising Microsoft included final fixes in XP and Office 2003. For that reason, this […]


By: - Independent Computer Security Analyst

@gcluley

Isn’t It Time Oracle Gave Us Monthly Security Updates for Java?

March 24th, 2014

In some ways, it could be argued that Java is an incredible success. I’m serious. Stop laughing at the back. You see, according to Oracle, Java’s developer, the product is used on over 3 billion different devices worldwide. That *is* impressive. But, for those of us concerned with securing systems and keeping computer data safe, […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com