The ABCs of APTs

As employees and IT professionals return from the holidays, many are doing so with 2014 New Year’s resolutions in mind. For IT pros, we hope that one of your resolutions is to bolster your organization’s security and defenses in 2014. One of the rising threats that many IT professionals should be concerned about defending against in the new year is advanced persistent threats (APTs).

> Read More

Employ a Targeted Defense Against Targeted Threats

In my last post, I discussed the reality of APT hitting unsuspecting organizations with a predictable pattern. Study after study indicates people are being hit by malicious hackers and the attack goes on for months before anyone is any the wiser. If they ever know.

Some very large companies, with hundreds of business units and locations,

> Read More

The Predictable Pattern of APTs

It used to be that only large, Fortune 500-sized businesses had to worry about targeted threats, or APTs. Today, it’s a whole new ballgame. Sophisticated, malicious hackers use focused resources for small- and medium-sized companies too. Everyone is a target and your risk is multiplied if you do business with important partners and business associates who have valuable intellectual property.

> Read More

Avoiding the User Blame Game

It might not be part of any formal forensics or incident response policy, but odds are at most organizations, whenever a malicious hacking attack hits the mark there’s one step rarely missed: blaming the user.

Users do some boneheaded things sometimes so pointing the finger at them is easy. But the truth is if IT has never developed a systematic way to make sure users know about the risks and company policies meant to reduce those risks online,

> Read More

BYOD or BYOT (Bring Your Own Threat)…The Case for Mobile Devices as Endpoints

Lumension recently conducted a survey of more than 1,600 IT professionals on Linkedin regarding their thoughts on BYOD and mobile security. You can check it out here. There is a lot of interesting information in this survey, with one of the main takeaways was for these respondents’ organizations, BYOD is really all about end-user satisfaction and productivity.

> Read More

Global 2013 Trends in Data Protection Maturity

Protecting sensitive information has become increasingly difficult the last few years – if you haven’t recognized this fact and modified your security approach recently, you’ve got issues.

One reason for this is the explosion of mobile devices on our networks. While convenient for our users and a significant productivity booster for our business,

> Read More

Adobe Hack Translation

Late last week, we received notice hackers, presumably a well-equipped group using an advanced campaign, somehow made their way laterally onto an Adobe build server where company developers package up a final executable for consumers. With access to the build server, attackers were able to sign their own hacking tools with legitimate Adobe certificates.

> Read More

Use the Yahoo Breach to Educate Your Users

Evidently, this is what the hackers wanted – an opportunity to educate.

While the fact that Yahoo did not encrypt customer passwords is yet another instance of embarrassingly low security priorities on behalf of corporate entities, the fact is that Yahoo’s customers who were breached are at fault too. The firm that uncovered the breach reported that some of the most common passwords used for Yahoo Voices included “123456,” “111111” and “000000.”

It’s hard to believe that it is 2012 and we still have to explain why you should not use the same password across multiple accounts and push people to be more creative in what they choose.

> Read More

Closing the Antivirus Protection Gap

With 50% of IT endpoint operating costs now attributable to malware, is reliance on antivirus as the keystone endpoint security measure the best approach? Instinct tells us no but to be sure, Lumension recently did a comparative analysis on the effectiveness of standalone AV and O/S resident patching solution versus newer technologies, including application whitelisting,

> Read More

Security vs. Operations

Time and again, we’ve heard IT teams lament over how security continues to challenge the operational aspects of an organization. And these issues will not likely resolve themselves. While there isn’t a silver bullet that will “fix” this situation, there are best practices that will definitely improve security and increase operational efficiency. For some tips,

> Read More

Security and Operations: Back to the Basics

We’re back with part II in our podcast series on security versus operations with Mike Rothman, president and analyst with Securosis. In this post, Mike and I will discuss getting back to the basics of endpoint security, as small and mid-size organizations should not even consider employing in-depth cyber security measures until they have the basic preventative measures in place.

> Read More

Security and Operations: Guidelines to Striking a Balance

Time and again, we’ve heard IT teams lament over how security continues to challenge the operational aspects of an organization. And these issues will not likely resolve themselves. While there isn’t a silver bullet that will “fix” this situation, there are best practices that will definitely improve security and increase operational efficiency.

Download the podcast.

> Read More

Life After an Attack

Hackers never sleep–as Citigroup can certainly attest to, having their consumer information twice hacked in a span of only three months. While we are counting sheep, the bad guys are of course looking for a way in, lurking and waiting for a vulnerable minute to strike. And all too often, this happens to organizations that have fallen victim before…a little like rubbing salt in an open wound.

> Read More

How to Remove MAC Defender

MacDefender is fake security program that has been targeting Mac OS users. Through a combination of SEO optimization and a socially engineered website, Mac users are tricked into installing the Mac Defender malware. In this video, two members of the Lumension team, Russ Ernst, product management and Chris Merritt, solution marketing have prepared a step-by-step procedure to ensure that MacDefender is removed from any infected machines in your environment using Lumension Patch and Remediation.

> Read More

Will Early Technology Adoption Put You at Risk for Identity Theft?

It was reported yesterday that a group of hackers from Goatse Security compromised AT&T’s server through an open vulnerability to steal over 114,000 iPad 3G owners sensitive personal information which included email addresses and SIM card ICC-IDs.  The attack didn’t effect the iPads themselves, but rather customer information housed on AT&Ts network.  Luckily,

> Read More