BadUSB Update

I have received several inquiries regarding the latest news about the so-called BadUSB vulnerability, so I thought I’d write a quick post on what we know at the moment.

What is BadUSB?

BadUSB is a vulnerability – not malware – in the design and implementation of firmware used on USB devices which allows it to be updated without being vetted.

> Read More

WinXP and Java: Double the Risk, Double the Fun

Another reason, as if you needed one, to upgrade your WinXP systems: Java 8 – the latest version is 8u5 – has compatibility issues, and Java 7 – the latest version of which is 7u60 – is no longer supported on WinXP.

As Oracle has put it: “Users may still continue to use Java 7 updates on Windows P at their own risk,

> Read More

POS System Pwnage

Perhaps there have been bigger breaches, but the Target breach in late-2013 certainly seems to set off a firestorm. There are literally thousands of new online articles and posts everyday covering the event – the who, what, where, when, and especially the how and “what now” aspects of the case – and we’re certainly not done with it.

> Read More

160 New Viruses Captured Every Minute

Periodically, I take a look at what the good folks at have to say about the amount of malware in their “zoo.” What I’ve been seeing over the past couple of quarters is pretty shocking.

2013 in Review
The amount of new malware seen in 2013 jumped to an average of about 6.9M per month – that’s nearly 160 new malware per minute,

> Read More

Whitehat Lessons from $300M Cyber Crime Spree

By now you’ve read about the new indictment of five hackers from Russia and Ukraine in what is being called the “largest data breach scheme in the US.” You can read the DOJ press release here and/or a redacted copy of the indictment here [PDF]. In what is really a continuation of the Albert Gonzalez saga,

> Read More

Lessons from the Road…Tokyo, London, Sydney: Part II

As I mentioned in my last post, after quite a bit of overseas travel recently, I observed a few trends that apply globally – at its core, what trends are driving technology trends in IT environments, today?

In addition to the platform-centric approach being firmly planted both here and overseas and the efficiency of agents on the endpoint being increasingly under the microscope which I covered in my last post,

> Read More

Whitelisting: Fill in the Gaps Where Traditional Efforts have Failed

You’ve probably heard about three recent security-related events that attracted lots of attention. In January, Google announced that it suffered a “highly sophisticated” and targeted hacker attack—originating from China— against its corporate network. In April, an ill-fated false-positive antivirus signature was pushed out that accidentally removed a key part of Windows from machines. And a year after,

> Read More