By: - Independent Computer Security Analyst

@gcluley

Gaping hole in Android lets hackers break in with just your phone number!

July 27th, 2015

A researcher has found a serious Android vulnerability that requires no interaction at all by the user to hijack their device. In fact, the vulnerability could allow a hacker to infect your mobile phone, while you’re fast asleep.



By: - Independent Computer Security Analyst

@gcluley

Are You Vulnerable to New Java Zero-Day Exploit?

July 13th, 2015

Operation Pawn Storm is up to its dirty tricks again, this time with what is claimed to be the first new Java zero-day vulnerability in two years.



By: - Independent Computer Security Analyst

@gcluley

LinkedIn trumpets the success of its private bug bounty

June 19th, 2015

It’s all very well having a bug bounty program, argues LinkedIn, but how is your organisation going to cope if it is bombarded with hundreds of meaningless and useless reports, that your security team cannot act upon?



By:

You May Already Know Your Next Hacker

June 1st, 2015

Over the last couple of weeks I’ve seen a pattern of companies frustrating an individual to the point where the person gives up trying to communicate with the company and hacks them in a major way instead. I guess you could call it Revenge Hacking. In each case, the company was communicating with the person […]



By:

How Does Your Organization Handle Vulnerability Disclosures?

May 25th, 2015

You’ve probably heard the idiom “No good deed goes unpunished.” It looks like that phrase will survive even the cyber age. There have a been few news stories about how vulnerability disclosures were handled, or mishandled. Some made me laugh, some made me cringe. When IT Security professionals find a vulnerability, they know what to […]



By: - Independent Computer Security Analyst

@gcluley

Logjam vulnerability – what you need to know

May 20th, 2015

Researchers discover a new attack against encrypted communications on the internet.



By:

Buying Exploits for Zero-Day Vulnerabilities

May 18th, 2015

A few weeks ago a story appeared on Slashdot about a new marketplace on the Dark Web called The Real Deal. Since it’s already in the press, hopefully there’s no harm in describing it here. I do risk being banned from the site for discussing it, but I’m optimistic they’ll see it as free publicity rather […]



By: - Independent Computer Security Analyst

@gcluley

Minecraft learns the hard way: It’s not good to ignore vulnerability reports

April 17th, 2015

If a security researcher finds a vulnerability in your software, please don’t ignore them. Instead, be grateful that someone who has found a flaw in your product has chosen to let you know about it, rather than selling it (for probably more cash than you’ll offer them as a bug bounty) to some nefarious ne’er-do-well […]



By: - Dir. Solutions Marketing

Infosec Haiku

March 28th, 2015

Anata no joho sekyuritei konshu no haiku Twenty Percent of Top Sites Are Running Bad Code. Please Patch Your Site Now!   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit Your […]



By: - Independent Computer Security Analyst

@gcluley

Android users exposed to malware by installer hijacking vulnerability

March 27th, 2015

Security researchers have warned about a widespread vulnerability in Android devices, that could see attackers sneakily modify or entirely replace seemingly benign apps with malware, without users becoming aware. In other words, a user might attempt to install a legitimate version of “Angry Birds” but instead end up with a Flashlight app that’s harbouring malware. […]


By: - Dir. Solutions Marketing

Infosec Haiku

March 7th, 2015

Anata no joho sekyuritei konshu no haiku Has Rick James Returned? No – This FREAK Attack Hits Flaws In All Your Browsers   ### Notes ### * Thanks to Ms. Etsuko vdH for the translation. * Thanks to everyone who’ve contributed their haikus … watch this space to see if yours is published. * Submit […]


By: - Independent Computer Security Analyst

@gcluley

To infinity and beyond! Unimaginably large bug-hunting prize fund announced by Google

February 26th, 2015

For the past few years, Google has been holding an annual bug-hunting competition – known as Pwnium – to encourage vulnerability researchers to find security holes in Chrome OS and the Chrome browser. Google took advantage of the fact that many of the world’s leading bug hunters were already meeting at the CanSecWest security conference […]


By: - Independent Computer Security Analyst

@gcluley

What’s worse than Superfish? Meet PrivDog, leaving users wide open to attacks

February 24th, 2015

Last week, a storm erupted on the net after it became widely known that Superfish – software that was being pre-installed on Lenovo PCs – could compromise users’ security and privacy. The problem with Superfish was not just that it injected money-making ads into websites, but that it used a self-signed root certificate to intercept […]


By: - Independent Computer Security Analyst

@gcluley

Don’t be evil? Google discloses yet another zero-day vulnerability in Microsoft code

January 20th, 2015

For the third time in a month, Google has gone public about a security vulnerability in Microsoft’s code – and not been prepared to wait for the software giant to publish a patch. The security hole, which exists in Microsoft Windows 7 and 8.1 is expected to be patched in Microsoft’s regular monthly security update […]


By: - Independent Computer Security Analyst

@gcluley

Google shows hackers how to exploit Windows 8.1

January 5th, 2015

If I told that you that a bunch of hackers had found a zero-day vulnerability in Microsoft Windows 8.1 you would probably be concerned. Especially if details of the unpatched security bug had not only been made public, but actual working exploit code had also been released on the internet for anyone else to use. […]



IT Secured. Success Optimized.™

Contact Lumension | Privacy Policy

Connect & Follow Us

blog.lumension.com