Secunia CSI7
About us
Careers
Memberships
Newsroom
Contact us
Blog
News
Articles

Secunia

The Secunia Blog is used to communicate our opinions about vulnerabilities, security, ethics, and our responses to articles, research advisories, and other blog entries regarding Secunia and vulnerabilities.

January
Human and tech flaws caused data hemorrhage from Dept of Energy. Let’s learn from their mistakes in 2014.
14:30 CET on the 7th January 2014. Entry written by Marcelo Pereira, Business Developer.

2013 November
In memory of a zero-day – MS13-051
14:00 CET on the 1st November 2013. Entry written by Hossein Lotfi, Security specialist, Secunia research..

2013 October
Why Microsoft XML Core Services is the most exposed program on private PCs for 11 months running
15:15 CET on the 31st October 2013. Entry written by Secunia Research.

How – and why - Secunia became an established Microsoft solution provider
12:00 CET on the 21st October 2013. Entry written by Morten R. Stengaard, CTO.

Introducing the Secunia PSI in Arabic
9:30 CET on the 16th October 2013. Entry written by Morten R. Stengaard, CTO.

Preparing to launch Secunia’s new Partner Program
13:30 CET on the 11th October 2013. Entry written by Peter Colsted, Secunia CEO. .

Why do we continue to fail with our patch management initiatives?
14:30 CET on the 10th October 2013. Entry written by Marcelo Pereira, Business Developer.

2013 September
Announcement: Community and PSI down for maintenance
15:00 CET on the 26th September 2013. Entry written by The Secunia PSI Team.
Update, 12.15 p.m. CET on September 27th 2013: The Forum and the PSI are now up and running again, and will be working better than ever. As always, feel free to comment, and to create new threads for any specific issues you might experience.

4 Things to Know About Patching
16:30 CET on the 5th September 2013. Entry written by Derek E. Brink, CISSP is vice president and research fellow for IT Security and IT GRC at Aberdeen Group, a Harte-Hanks Company.
Guest Blog

Complete, flexible, unique – the Corporate Software Inspector 7.0 is here
14:00 CET on the 4th September 2013. Entry written by Morten R. Stengaard, CTO.

Vulnerabilities Everywhere
14:15 CET on the 3rd September 2013. Entry written by Pierluigi Paganini founder of the security blog "Security Affairs," Editor-in-Chief at CyberDefense magazine and author of the books "The Deep Dark Web" and "Digital Virtual Currency and Bitcoin"..
Guest Blog

2013 August
We are discontinuing the SVCRP
11:20 CET on the 16th August 2013. Entry written by Kasper Lindgaard, Head of Research.

2013 July
Shooting the messenger
14:33 CET on the 9th July 2013. Entry written by Secunia Research.

How to run Secunia CSI scanning without installing the CSI agent
9:15 CET on the 1st July 2013. Entry written by Kent Agerlund, Senior consultant and Configuration Manager MVP at Coretech.
Guest Blog

2013 June
Secunia PSI 3.0 in Dutch: Wij willen u helpen beveiligd te blijven!
15:00 CET on the 5th June 2013. Entry written by Maria Eriksen-Jensen, VP of Business Development and Marketing.

2013 May
Comment on disclosed vulnerability
8:50 CET on the 29th May 2013. Entry written by Morten R. Stengaard, CTO.

2013 April
Thank you to a CSO and a VP of Development who have added great value to Secunia
12:00 CET on the 30th April 2013. Entry written by Niels Henrik Rasmussen, interim CEO.

2013 March
Coretech invites you to a Copenhagen seminar on System Center products
13:50 CET on the 22nd March 2013. Entry written by Morten Stengaard, Director, Product Management & Quality Assurance.

New name, new face but the same solid content!
16:00 CET on the 14th March 2013. Entry written by Maria Eriksen-Jensen, VP of Business Development and Marketing.

We’ve said it for years: Patch!
16:00 CET on the 14th March 2013. Entry written by Morten Stengaard, Director, Product Management & Quality Assurance.

2013 February
Secunia PSI for Android is now available in technology preview
14:00 CET on the 27th February 2013. Entry written by Morten Stengaard, Director, Product Management & Quality Assurance.

Secunia SmallBusiness launches in public beta
14:00 CET on the 25th February 2013. Entry written by Morten Stengaard, Director, Product Management & Quality Assurance.

The calm before the storm – getting ready for the RSA conference 2013
12:00 CET on the 22nd February 2013. Entry written by Maria Eriksen-Jensen, VP of Business Development and Marketing.

SVCRP Winners 2012
13:30 CET on the 13th February 2013. Entry written by Kasper Lindgaard, Research Manager.

2013 January
Here we are!
14:30 CET on the 11th January 2013. Entry written by Neil Butchart, VP North America.

2012 November
Kent Agerlund takes a first look at the Secunia CSI integration with Configuration Manager 2012
15:45 CET on the 30th November 2012. Entry written by Kent Agerlund, Senior consultant and Configuration Manager MVP at Coretech..
Guest blog

Department of Energy PCs are riddled with Vulnerabilities because they do not Patch
14:15 CET on the 20th November 2012. Entry written by Morten Stengaard, Director, Product Management & Quality Assurance.

US – watch out!
8:45 CET on the 8th November 2012. Entry written by Thomas Zeihlund, CEO.
Secunia moves even closer to US customers, analysts, compliance stakeholders – and end users, too.

Third generation integration between the Secunia CSI and Microsoft System Center Configuration Manager
14:00 CET on the 1st November 2012. Entry written by Morten Stengaard, Director, Product Management & Quality Assurance.

2012 October
Our Intelligence is your Power - Secunia VIM 4.0
14:00 CET on the 30th October 2012. Entry written by Morten Stengaard, Director, Product Management & Quality Assurance.

What a birthday!
15:30 CET on the 23rd October 2012. Entry written by Maria Eriksen-Jensen, VP of Business Development and Marketing.

Here’s why other people don’t update their software (Not you, of course. You know that security updates are important, right?!)
16:40 CET on the 19th October 2012. Entry written by Maria Eriksen-Jensen, VP of Business Development and Marketing.

Join Secunia’s webinar on 14th November on going beyond Patch Management
17:30 CET on the 12th October 2012. Entry written by Pernille Stausbøll, Marketing Coordinator.

For the sixth time Secunia’s appointed fast running Gazelle in Danish business life
17:00 CET on the 11th October 2012. Entry written by Maria Eriksen-Jensen, VP of Business Development and Marketing.

Secunia participates at OTA’s Online Trust Forum
17:30 CET on the 4th October 2012. Entry written by Maria Eriksen-Jensen, VP of Business Development and Marketing.

Continuing our ResearchCast series
11:00 CET on the 4th October 2012. Entry written by Chaitanya Sharma, Security Specialist.

Secunia is committed to spreading Cyber Security Awareness
10:20 CET on the 3rd October 2012. Entry written by Maria Eriksen-Jensen, VP of Business Development and Marketing .
Generating awareness is a key factor in our mission to protect PCs worldwide.

2012 September
WSUS signing certificate
16:00 CET on the 4th September 2012. Entry written by Secunia.

2012 August
Don't miss Secunia's webinar on taking Patch Management to the Next level
16:00 CET on the 31st August 2012. Entry written by Pernille Stausbøll, Marketing Coordinator.

Complete Patch Management with Secunia CSI 6.0
10:00 CET on the 30th August 2012. Entry written by Morten Stengaard, Director, Product Management & Quality Assurance.

Secunia CSI 6.0 is now available in beta
12:30 CET on the 1st August 2012. Entry written by Morten Stengaard, Director, Product Management & Quality Assurance.

2012 July
Don't miss Secunia’s webinar
10:50 CET on the 10th July 2012. Entry written by Pernille Stausbøll, Marketing Coordinator.

0-days, Interesting Vulnerabilities, Prizes, and More!
16:00 CET on the 5th July 2012. Entry written by Chaitanya Sharma, Security Specialist.

2012 June
The new Secunia PSI 3.0 speaks your language
9:00 CET on the 28th June 2012. Entry written by Morten R. Stengaard.

2012 April
Secunia CSI commended @ SC Awards Europe 2012
9:49 CET on the 25th April 2012. Entry written by Morten R. Stengaard.

Secunia CSI supports Microsoft CM 2012
9:05 CET on the 18th April 2012. Entry written by Morten R. Stengaard.

And now, presenting our next ResearchCast
13:57 CET on the 4th April 2012. Entry written by Chaitanya Sharma, Security Specialist.

2012 March
Coordinating Vulnerability Disclosures with Apple
10:20 CET on the 9th March 2012. Entry written by Carsten Eiram.

2012 February
The new Secunia PSI 3.0 (Beta) has arrived!
15:00 CET on the 27th February 2012. Entry written by Morten R. Stengaard.

The final countdown to RSA!
14:57 CET on the 23rd February 2012. Entry written by Maria Eriksen-Jensen.

SC Awards: Secunia CSI a finalist again
13:05 CET on the 21st February 2012. Entry written by Maria Eriksen-Jensen.

Discover the facts - Secunia Yearly Report 2011
14:00 CET on the 14th February 2012. Entry written by Stefan Frei.

Secunia Research Launches First Quarterly ResearchCast
15:40 CET on the 13th February 2012. Entry written by Carsten Eiram.
Secunia Research Launches First Quarterly ResearchCast

SC Magazine: 5-Star Rating for Secunia CSI!
9:05 CET on the 2nd February 2012. Entry written by Morten R. Stengaard.
SC Magazine awards Secunia CSI their highest rating – 5 stars!

2012 January
SVCRP Status Update and Winners
10:15 CET on the 27th January 2012. Entry written by Carsten Eiram.

CIO: Secunia’s new vulnerability disclosure deadline
13:30 CET on the 20th January 2012. Entry written by Secunia.

Frost & Sullivan: Vulnerability Research Q3 2011
11:35 CET on the 17th January 2012. Entry written by Secunia.

Secunia Research Sets Half Year Coordination Deadline
16:29 CET on the 13th January 2012. Entry written by Carsten Eiram.
Secunia Research has per 2012 changed the disclosure policy for vulnerabilities being coordinated - both internally discovered and coordinated on behalf of researchers via SVCRP.

Ovum Technology Audit: Secunia CSI 5.0
11:15 CET on the 3rd January 2012. Entry written by Morten R. Stengaard.

2011 November
Blog from Niels Henrik Rasmussen - Change of management at Secunia
8:30 CET on the 22nd November 2011. Entry written by Niels Henrik Rasmussen .

New Aberdeen Group Report: Patch Management
11:00 CET on the 10th November 2011. Entry written by Maria Eriksen Jensen.

Tech Awards Circle: Secunia Wins Double Gold
9:37 CET on the 10th November 2011. Entry written by Thomas Zeihlund.

Answers To A Researcher's Questions About SVCRP
9:16 CET on the 10th November 2011. Entry written by Carsten Eiram.

Insecure Library Loading - One Down, Many More To Go...
15:47 CET on the 9th November 2011. Entry written by Dmitriy Pletnev.

Microsoft Patch Tuesday Roundup - November
15:45 CET on the 9th November 2011. Entry written by Secunia.

DEFCON 19: Is it 0-day or 0-care?
12:52 CET on the 4th November 2011. Entry written by Secunia.

Carsten Eiram discusses SVCRP
12:02 CET on the 2nd November 2011. Entry written by Carsten Eiram.

2011 October
Secunia Vendor Replacement Program
11:00 CET on the 27th October 2011. Entry written by Secunia.

Working in Secunia Sales, Development, & Support
12:30 CET on the 14th October 2011. Entry written by Peter Dissing.

Secunia PSI: Country-specific statistics
10:05 CET on the 13th October 2011. Entry written by Stefan Frei.

Microsoft Patch Tuesday Roundup
16:40 CET on the 12th October 2011. Entry written by Secunia.

Report/video: Reduce end-point security risk
14:26 CET on the 12th October 2011. Entry written by Secunia.

Take a tour of Secunia
11:40 CET on the 12th October 2011. Entry written by Thomas Zeihlund.

Does Secunia's Public Vulnerability Database Provide Any Value?
12:53 CET on the 7th October 2011. Entry written by Carsten Eiram.

Secunia ranked in Top 3 of best run IT companies in Denmark
12:52 CET on the 3rd October 2011. Entry written by Secunia.

2011 September
New Ovum Technology Report: Secunia VIM
14:29 CET on the 26th September 2011. Entry written by Morten R. Stengaard.

Can we get 20 people in nine days?
15:15 CET on the 21st September 2011. Entry written by Thomas Zeihlund .

2011 August
CSI: A unique solution for unique businesses
15:00 CET on the 31st August 2011. Entry written by Morten R. Stengaard.

Secunia cares
10:00 CET on the 31st August 2011. Entry written by Thomas Zeihlund.

Real-World Problems of CVE Assignment
11:10 CET on the 23rd August 2011. Entry written by Carsten Eiram.

New Secunia CSI 5.0 Beta available
12:45 CET on the 3rd August 2011. Entry written by Morten Rinder Stengaard.

2011 July
Latest and Greatest is not Always Safest
11:58 CET on the 26th July 2011. Entry written by Dmitriy Pletnev.
Security Specialists in Secunia Research analyse numerous vulnerabilities on a daily basis. Additionally, we review software changes released as service packs, updates, or patches for many applications in order to identify and report any security-related issues.

Secunia's Half Year Report for 2011
12:06 CET on the 14th July 2011. Entry written by Stefan Frei.
A comparison of different patching strategies under the assumption of limited resources demonstrates that an intelligent patching strategy is an effective approach for reducing vulnerability risks.

New Aberdeen Group Risk Management Report
12:00 CET on the 7th July 2011. Entry written by Maria Eriksen Jensen.

2011 June
New white paper: Securing a moving target
12:15 CET on the 29th June 2011. Entry written by Stefan Frei.

Microsoft Security Intelligence Report
15:30 CET on the 21st June 2011. Entry written by Maria Eriksen Jensen.
– Key 2010 findings

Frost & Sullivan 2011 Report: Secunia Vulnerability Research
14:24 CET on the 10th June 2011. Entry written by Maria Eriksen Jensen.

2011 May
Leave - Interim CEO
8:45 CET on the 26th May 2011. Entry written by Niels Henrik Rasmussen.

Secunia trailblazed through 2010 with continued hyper growth
11:50 CET on the 10th May 2011. Entry written by Niels Henrik Rasmussen.
- Impressive growth for the eighth consecutive year

2011 April
Microsoft adds CVE-2010-4701 to MS11-024
8:50 CET on the 28th April 2011. Entry written by Carsten Eiram.

Secunia CSI 4.1 Highly Commended in the category ’Best SME Security Solution’
14:58 CET on the 20th April 2011. Entry written by Niels Henrik Rasmussen.
Once again the Secunia Corporate Software Inspector (CSI) 4.1 is ‘highly commended’ by SC Awards Europe - this time in the category ‘Best SME Security solution’ 2011

The (In)Security State of SCADA Software Systems
13:39 CET on the 19th April 2011. Entry written by Secunia Research.

Adobe Flash Player 0-day Exploit Analysis (CVE-2011-0611)
16:25 CET on the 14th April 2011. Entry written by Secunia Research.

Flash 0-days
12:50 CET on the 12th April 2011. Entry written by Thomas Kristensen.

Secunia takes customer engagement to the next level with the release of the Secunia VIM 3.1
12:05 CET on the 12th April 2011. Entry written by Morten Rinder Stengaard.

Cybercriminals Do Not Need Administrative Users
13:15 CET on the 11th April 2011. Entry written by Stefan Frei.

Secunia Security Factsheets for Q1 2011
15:02 CET on the 1st April 2011. Entry written by Stefan Frei.

2011 March
Secunia & OTA: Avoid becoming a cybercriminal’s April Fool’s Day joke
11:37 CET on the 31st March 2011. Entry written by Maria Eriksen Jensen.

Secunia talks about joining Microsoft SCA
12:18 CET on the 22nd March 2011. Entry written by Secunia.

New Secunia Microsoft Patch Tuesday webinar - March 2011
15:30 CET on the 10th March 2011. Entry written by Secunia.

Interesting reading from World Economic Forum
11:11 CET on the 4th March 2011. Entry written by Maria Eriksen Jensen.

2011 February
Secunia recognises Comcast’s efforts in raising awareness of online safety
13:12 CET on the 21st February 2011. Entry written by Maria Eriksen Jensen.

SC Awards: Secunia CSI a proud finalist for the second year running
10:40 CET on the 18th February 2011. Entry written by Maria Eriksen Jensen.

Secunia & Perimeter E-Security partner to deliver vulnerability threat intelligence
16:46 CET on the 17th February 2011. Entry written by Secunia.

Deloitte Reports: Cybercrime & Security
16:42 CET on the 16th February 2011. Entry written by Maria Eriksen Jensen.

U.S. tax break: Up to $2 million of corporate software deductible
9:01 CET on the 14th February 2011. Entry written by Secunia.

New Secunia webinar: Microsoft Patch Tuesday
9:04 CET on the 10th February 2011. Entry written by Secunia.

Secunia Research Page Improvements
14:15 CET on the 3rd February 2011. Entry written by Carsten Eiram.

2011 January
Competition: create the most popular Secunia PSI app
15:40 CET on the 26th January 2011. Entry written by Secunia.

Tune into Secunia’s review of MS Patch Tuesday every 2nd Wednesday of the month
8:56 CET on the 20th January 2011. Entry written by Stefan Frei.

Secunia Yearly Report 2010 - Reducing the window of opportunity
11:50 CET on the 18th January 2011. Entry written by Niels Henrik Rasmussen.

Spread the word
16:50 CET on the 12th January 2011. Entry written by Maria Eriksen Jensen.

Secunia Security Factsheets Q4 2010
8:30 CET on the 6th January 2011. Entry written by Stefan Frei.

Scan & Patch regularly: Top security tips from PC users
14:21 CET on the 5th January 2011. Entry written by Maria Eriksen Jensen.
Thank you to everyone who took part in our recent survey and competition – What are your top 3 pieces of advice for securing your network during the holidays? We're pleased to say that we received a huge amount of interesting tips from you.

2010 December
Launch yourself as a top IT performer in 2011
10:25 CET on the 29th December 2010. Entry written by Maria Eriksen Jensen.
The new Research Brief report by Aberdeen Group, "Managing Vulnerabilities and Threats (No, Anti-Virus is Not Enough), presents interesting findings.

Thank you for testing the Secunia PSI 2.0 Beta
11:55 CET on the 22nd December 2010. Entry written by Jakob Balle.

Automatic updates make a big difference – Get the free Secunia PSI 2.0 today
12:10 CET on the 20th December 2010. Entry written by Jakob Balle.

How do you secure your IT infrastructure during the Holiday Season?
12:45 CET on the 9th December 2010. Entry written by Maria Eriksen Jensen.

Secunia takes the next step within Vulnerability Intelligence
12:15 CET on the 7th December 2010. Entry written by Stefan Frei.

Fundamental end-point security failures: attend the webinar by Frost & Sullivan and Secunia
11:25 CET on the 2nd December 2010. Entry written by Secunia.

2010 November
Updated: Redirection of DNS traffic
10:15 CET on the 25th November 2010. Entry written by Thomas Kristensen.

Manage Vulnerabilities with the Secunia Vulnerability Intelligence Manager (VIM) 3.0
12:30 CET on the 15th November 2010. Entry written by Jakob Balle.

2010 October
Public Beta of Secunia Vulnerability Intelligence Manager (VIM)
12:07 CET on the 20th October 2010. Entry written by Jakob Balle.
Invitation to participate in the Public Beta test of the Secunia Vulnerability Intelligence Manager.

A strategic and financial investor and a new strong board in Secunia
7:01 CET on the 19th October 2010. Entry written by Niels Henrik Rasmussen.

e-Crime Mid Year Meeting London
9:28 CET on the 6th October 2010. Entry written by Secunia.
The e-Crime Mid Year meeting came to an end. Following are some key highlights.

2010 September
Patch Verification Process and Silently Fixed Vulnerabilities
13:15 CET on the 30th September 2010. Entry written by Dmitriy Pletnev.

Presenting at e-Crime Mid Year Meeting 2010, London
11:15 CET on the 28th September 2010. Entry written by Stefan Frei.

Secunia PSI Wins OTA 2010 Excellence Award for Desktop Security
16:48 CET on the 27th September 2010. Entry written by Jakob Balle.

Microsoft Raises Exploitability Index Rating Based On Secunia Research Analysis
16:17 CET on the 23rd September 2010. Entry written by Thomas Kristensen.

Easy patching with Secunia CSI for the most recent 0-day in Adobe Flash Player
8:59 CET on the 22nd September 2010. Entry written by Rickard Johansson.

Secunia Wins Computerworld's 2010 Best Basis Software Company Prize
18:21 CET on the 21st September 2010. Entry written by Madhav Kakani.

Secunia appoints Jacob Bratting Pedersen as Chief Operating Officer
12:55 CET on the 20th September 2010. Entry written by Secunia.

Secunia has outshone competitors - Frost & Sullivan 2010
8:40 CET on the 15th September 2010. Entry written by Niels Henrik Rasmussen.

Why do you spend time verifying vulnerability reports?
10:26 CET on the 8th September 2010. Entry written by Stefan Cornelius.

Secunia PSI 2.0 Auto Updates: A flying start and interesting numbers!
17:21 CET on the 2nd September 2010. Entry written by Jakob Balle.
Yesterday we released the first public beta of the new Secunia PSI 2.0 Beta, which includes Automatic Update as well as a brand new user interface. Here, 24 hours later, we have the first extremely interesting numbers for you.

Secunia CSI 4.1 - enhanced reporting, new features, and integration with Secunia PSI
19:15 CET on the 1st September 2010. Entry written by Jakob Balle.
Less than six months ago we released the Secunia CSI 4.0 integrated with Microsoft WSUS and SCCM for third party patch management. The feedback and response have been astonishing and today we are ready with a significant update to the Secunia CSI, bringing it enhanced reporting capabilities, additional features, improved functionality, and integration with the Secunia PSI.

Auto Update your Programs - Secunia PSI 2.0 Public Beta
12:00 CET on the 1st September 2010. Entry written by Jakob Balle.
The long awaited Auto Update functionality for Secunia PSI 2.0 is now available in beta. The beta also features a new user interface and an improved presentation of the scan result.

2010 August
Microsoft Windows Insecure Library Loading
11:27 CET on the 24th August 2010. Entry written by Carsten Eiram.
For the past week, there has been quite a stir about a new class of vulnerabilities or rather a new, remote vector for exploiting an old class of vulnerabilities: Insecure library loading.

An alarming trend for end-user security
9:10 CET on the 24th August 2010. Entry written by Stefan Frei.

Secunia receives 'Frost & Sullivan's Global 2010 Customer Value Enhancement Award'
12:18 CET on the 17th August 2010. Entry written by Niels Henrik Rasmussen.

Bundling of Flash Player and a bit of irony
9:32 CET on the 12th August 2010. Entry written by Carsten Eiram.
One problem with bundling of Flash Player is that users cannot easily address these vulnerabilities simply by installing a new Flash Player version.

OVUM 2010 Technology Audit Report of Secunia Corporate Software Inspector (CSI)
10:45 CET on the 11th August 2010. Entry written by Maria Eriksen Jensen.

2010 July
No Security Without Updating
11:00 CET on the 12th July 2010. Entry written by Thomas Kristensen.
As an organisation you may build strong perimeters, educate users, enforce effective policies, deploy signature based security software, harden your systems, and do any other trick in the book, however, one single vulnerability in a common piece of software may prove all your efforts futile!

DEP / ASLR Neglected in Popular Programs
18:45 CET on the 1st July 2010. Entry written by Carsten Eiram.
Two security mechanisms that are really being promoted when it comes to later versions of Windows are DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization).

Strong growth in the 7th consecutive year – and a great first half of 2010
16:35 CET on the 1st July 2010. Entry written by Niels Henrik Rasmussen.
2009 was yet a year of ground-breaking financial results. Revenues went up by more than 50 percent. For the 7th consecutive year, Secunia experienced a double-digit revenue growth, positive net results and made strong investments in R&D, developing the Secunia business, in spite of the financial crisis that shook the markets.

2010 June
Microsoft Windows helpctr.exe Unofficial Hotfix Inadequate
18:57 CET on the 10th June 2010. Entry written by Alin Rad Pop.
An interesting vulnerability in Microsoft Windows was disclosed yesterday via a post to Full-Disclosure. The vulnerability allows bypassing checks normally performed when helpctr.exe receives the "-FromHCP" command-line parameter when opening an HCP URI.

Microsoft Patch Tuesday: Prioritisation
13:25 CET on the 9th June 2010. Entry written by Thomas Kristensen.
Our first choice, though, would be to address MS10-035, which covers multiple vulnerabilities in all versions of IE and secondly MS10-033, covering vulnerabilities exploitable e.g. via Media Player.

2010 May
Designing security without security in mind...
15:56 CET on the 6th May 2010. Entry written by Carsten Eiram.
Normally, we spend our time buried in deeply technical analyses of vulnerabilities, but that doesn't prevent us from enjoying the simple things in life like when a vendor designs a security feature completely without considering the "security" aspect of it.

2010 April
SC Award: Highly Commended in Best Security Management
11:00 CET on the 28th April 2010. Entry written by Niels Henrik Rasmussen.
It is with great pride, that we last night were awarded "Highly Commended" in the category of "Best Security Management" at the SC Awards Europe.

Vulnerabilities vs. attack vectors...
15:50 CET on the 21st April 2010. Entry written by Carsten Eiram.
During our daily work analysing vulnerabilities in-depth, we come across cases on a regular basis where a single vulnerability with multiple attack vectors is being reported as separate vulnerabilities.

MMS in Vegas: Planes, Trains & Automobiles...
16:45 CET on the 20th April 2010. Entry written by Niels Henrik Rasmussen.
Remember the movie ?

Oracle Java Critical Vulnerability Affects Most Users
13:56 CET on the 12th April 2010. Entry written by Alin Rad Pop.

2010 March
Secunia CSI 4.0 - integrated with Microsoft WSUS & SCCM for 3rd party patch management
9:30 CET on the 22nd March 2010. Entry written by Jakob Balle.
The Public Beta of the Secunia Corporate Software Inspector (CSI) 4.0 has ended. The final version of the Secunia CSI 4.0 is now available to our customers.

Mozilla To Fix Vulnerability Claimed To Be Fake...
17:17 CET on the 19th March 2010. Entry written by Carsten Eiram.
Some people were very eager to claim that this vulnerability report was fake - both on the Mozilla blog and our own forum - but Mozilla has now fixed this vulnerability in their Beta build and it will also be included in the upcoming version 3.6.2.

RSA 2010 – good news for online security
15:00 CET on the 11th March 2010. Entry written by Niels Henrik Rasmussen.

An Interesting Microsoft Tuesday
16:24 CET on the 10th March 2010. Entry written by Carsten Eiram.
Microsoft only issued two security bulletins and an advisory, but the Microsoft Tuesday release was far from uneventful and boring.

Confusion about Opera vulnerability
16:55 CET on the 8th March 2010. Entry written by Carsten Eiram.
There has lately been some confusion about a vulnerability reported in the Opera browser and rightly so based on the different statements having been issued.

Patching redefined – Free & Automatic Updating for every single PC user
0:42 CET on the 3rd March 2010. Entry written by Thomas Kristensen.
Unpatched programs are a primary source of IT insecurity.

2010 February
OS Dependant PowerPoint Viewer Vulnerabilities
11:16 CET on the 26th February 2010. Entry written by Carsten Eiram.

Adobe Reader and The Unspecified Vulnerability
14:53 CET on the 19th February 2010. Entry written by Alin Rad Pop.
Ancient vulnerabilities fixed in Adobe Reader.

Serving insecure software
16:48 CET on the 17th February 2010. Entry written by Thomas Kristensen.
History repeats itself...

Public Beta of CSI and WSUS Integration
13:32 CET on the 16th February 2010. Entry written by Jakob Balle.
Today we invite everybody to test the Secunia Corporate Software Inspector (CSI) integrated with Microsoft WSUS for 3rd party Patch Management.

2010 January
Secunia integrated with Microsoft WSUS
14:06 CET on the 18th January 2010. Entry written by Jakob Balle.
Today the first customers are invited to beta test the: Secunia Corporate Software Inspector (CSI) - integrated with Microsoft WSUS for 3rd party Patch Management

2009 December
Microsoft IIS Multiple Extensions Security Bypass Clarifications
12:33 CET on the 30th December 2009. Entry written by Alin Rad Pop.
The vulnerability described in SA37831 has recently raised some questions due to Microsoft avoiding to acknowledge it as a security risk.

2,000,000 Secunia PSI users
16:15 CET on the 16th December 2009. Entry written by Mikkel Winther.
Yesterday the Secunia PSI was installed on system number 2,000,000.

heise online and Secunia introduces Online Vulnerability scanning for German users
9:30 CET on the 7th December 2009. Entry written by Mikkel Winther.
heise online has partnered with Secunia to offer Vulnerability Scanning to German Internet users. The "Heise Update Check" is the German version of the Secunia Online Software Inspector (OSI). The OSI was translated and adapted to German by heise online.

2009 November
Announcement of partnership with CERT.PT
16:15 CET on the 24th November 2009. Entry written by Mikkel Winther.
Secunia is proud to announce the partnership with the Portuguese CERT, www.cert.pt.

Microsoft Windows SMB Response Denial of Service Clarifications
13:00 CET on the 18th November 2009. Entry written by Alin Rad Pop.
A PoC was published recently on Full-Disclosure, completely hanging an up-to-date Windows 7 or Windows Server 2008 R2 system when an SMB connection is established to a malicious server.

2009 October
Secunia CSI 3.0 - Final
16:00 CET on the 29th October 2009. Entry written by Jakob Balle.
The Public Beta of the Secunia Corporate Software Inspector (CSI) 3.0 has ended in accordance with our previously announced release schedule, and the final version of the Secunia CSI 3.0 is now available for download.

Congratulations Mozilla
14:32 CET on the 16th October 2009. Entry written by Thomas Kristensen.
It is fantastic to see a software vendor launching a service to help and promote updating third party software.

Secunia CSI 3.0 - Public Beta
11:33 CET on the 1st October 2009. Entry written by Jakob Balle.
The Secunia Corporate Software Inspector (CSI) is a revolutionary scanning tool, with an unprecedented level of accuracy and software coverage. This makes the identification of unpatched and vulnerable programs faster and more reliable than ever before.

2009 September
Microsoft IIS FTP Server NLST Buffer Overflow Clarifications
17:19 CET on the 2nd September 2009. Entry written by Carsten Eiram.
Working exploit code was recently published for a stack-based buffer overflow vulnerability in the FTP server component of Microsoft IIS when handling "NLST" commands. The reason for me writing this blog is to discuss a workaround that many sources, including Microsoft, suggest to prevent exploitation: To remove write permissions for anonymous and untrusted users. I'd like to clarify why this mitigates code execution to a large extent (but not completely) and also why this does not prevent the vulnerability from being exploited to cause a DoS (Denial of Service).

2009 August
Secunia PSI now available in 42 languages!
16:55 CET on the 25th August 2009. Entry written by Mikkel Winther.
The Secunia PSI is now available in 42 different languages.

Monthly Binary Analysis Update (July)
9:59 CET on the 12th August 2009. Entry written by Carsten Eiram.
While July may have been a quiet month in terms of the number of BAs released (19 in total), it certainly offered quite a few 0-day vulnerabilities (three) for us to analyse. I will be focusing on these for this month's blog posting.

2009 July
Adobe 0-Day: Are you affected?
10:45 CET on the 24th July 2009. Entry written by Jakob Balle.
As highlighted on multiple news sites around the world, the report of a zero-day vulnerability in some very popular Adobe software (Reader and Flash Player) has been published. It is very likely that you have Adobe Flash Player and Adobe Reader installed, as statistics from our Secunia PSI shows, however, rather than relying on chance, why not scan your PC with the free Secunia PSI and verify if you are vulnerable or not?

Adobe Insecure / Unpatched Version From Official Site
10:34 CET on the 21st July 2009. Entry written by Mikkel Winther.
There has recently existed some confusion amongst the users of the Secunia PSI as they puzzled as to why the latest downloaded Adobe Reader version from Adobe.com is reported as insecure by Secunia PSI. We have looked into this and are happy to learn that the Secunia PSI is correct, but surprised to discover that Adobe ships insecure software to their users!

Monthly Binary Analysis Update (June)
13:53 CET on the 14th July 2009. Entry written by Carsten Eiram.
It's again that time of the month where I have to write a terribly interesting blog about the most important vulnerabilities reported last month and analysed by the Secunia Binary Analysis team.

2009 June
The Dirty Dozen
12:21 CET on the 25th June 2009. Entry written by Jakob Balle.
And it only takes one "dirty" program to compromise your PC - but the bad guys got a dozen shots on average!

Secunia PSI: US PCs Have 2,720,800,000 Vulnerable Programs Installed!
16:37 CET on the 24th June 2009. Entry written by Mikkel Winther.
Secunia PSI 1.5 released with new features and interesting statistics

Secunia PSI now also in French, Hungarian, Portuguese, and Norwegian
10:25 CET on the 10th June 2009. Entry written by Mikkel Winther.
Interested in translating the Secunia PSI to Chinese, Indian, Turkish, Arabic, Finnish, Korean, Bulgarian, Albanian, Punjabi, Georgian, Malaysian, Nepalese, Slovenia, Czech, Thai, Swedish, Japanese, Icelandic, Italian, Romanian, Serbian, Faroese, or any other language?

Monthly Binary Analysis Update (May)
13:43 CET on the 9th June 2009. Entry written by Carsten Eiram.
Strap yourself in people for it's time to blog a bit about the most interesting of the 27 analyses issued by the Secunia Binary Analysis Team in May.

2009 May
Improve Your Security with the Secunia PSI
11:14 CET on the 28th May 2009. Entry written by Jakob Balle.
We are proud to announce a new BETA release for the Secunia PSI. This release offers new functionality that will significantly impact how you browse the Internet and how you view and use your Secunia System Score.

Monthly Binary Analysis Update (April)
15:59 CET on the 12th May 2009. Entry written by Carsten Eiram.
April yielded 25 issued BA reports with another 0-day vulnerability in Microsoft Office, 8 Microsoft security bulletins, and more vulnerabilities reported in various PDF viewers' JBIG2 implementations, all accompanied by other daringly sexy vulnerabilities.

RSA, Kleenex, and New PSI Initiatives
12:30 CET on the 6th May 2009. Entry written by Mikkel Winther.
As some might have noticed Secunia was present at the RSA Conference in San Francisco April 20-24th.

2009 April
Monthly Binary Analysis Update (March)
16:53 CET on the 20th April 2009. Entry written by Carsten Eiram.
March is over with 20 binary analyses issued and due to yet another busy month, I'm again late on issuing this blog.

Secunia Research and BA / Advisories Teams
14:21 CET on the 3rd April 2009. Entry written by Carsten Eiram.
I often receive questions about how the different teams in my department work, their responsibilities etc. and thought that I'd blog about it. That way I can just provide people asking these questions with a link in the future - a great example of Secunia efficiency.

2009 March
Monthly Binary Analysis Update (February)
16:37 CET on the 11th March 2009. Entry written by Carsten Eiram.
February is (long) gone and it's therefore time to re-cap on our Binary Analysis feats in the recent month.

Critical Vulnerability Fixed in Adobe Flash Player
16:19 CET on the 10th March 2009. Entry written by Carsten Eiram.
Recently, Adobe released a patch, which fixes multiple vulnerabilities for Adobe Flash Player. It turns out that at least one of them is quite nasty and does indeed allow remote code execution in a very reliable manner.

2009 February
Secunia 2008 Report
12:01 CET on the 25th February 2009. Entry written by Secunia.
Secunia is pleased to announce the release of the annual Secunia report for 2008.

Adobe Reader/Acrobat 0-day Clarification
16:05 CET on the 24th February 2009. Entry written by Carsten Eiram.
By now, most people should hopefully be aware of the 0-day vulnerability currently being actively exploited in Adobe Reader/Acrobat.

Fighting Vulnerabilities
14:00 CET on the 13th February 2009. Entry written by Niels Henrik Rasmussen.
Since the inauguration of Secunia in 2002, we have offered a variety of free community services to aid you in staying secure online.

Monthly Binary Analysis Update (January)
13:01 CET on the 12th February 2009. Entry written by Carsten Eiram.
The first month of 2009 is behind us and we started the year out nicely by issuing 29 BAs.

2009 January
The best new Windows program of 2008
9:30 CET on the 14th January 2009. Entry written by Mikkel Winther.
Secunia Personal Software Inspector has been chosen as one of the best new Windows programs in 2008.

Monthly Binary Analysis Update (December)
15:23 CET on the 9th January 2009. Entry written by Carsten Eiram.
A new month and year has begun and it is therefore time for me to wrap up the old year with a December update on our binary analysis shenanigans.

2008 December
Secunia PSI: ¡Habla español!
12:24 CET on the 17th December 2008. Entry written by Jakob Balle.
The Secunia PSI 1.0 - now available in Spanish!

Internet Explorer Data Binding 0-Day Clarifications
12:25 CET on the 12th December 2008. Entry written by Carsten Eiram.
As everyone using Internet Explorer hopefully are aware of, then there's a new 0-day circulating. There has been a lot of confusion as to both the problem cause and the browser versions affected, but in this blog, I should be able to sort it all out.

1.91% of all PCs are fully patched!
9:19 CET on the 3rd December 2008. Entry written by Jakob Balle.
Do you know how many PCs have 1 or more insecure programs installed?

Monthly Binary Analysis Update (November)
12:31 CET on the 2nd December 2008. Entry written by Carsten Eiram.
Another month has passed and it's again time for our new initiative with me ranting a bit about the monthly achievements of the Secunia Binary Analysis team.

2008 November
Secunia PSI 1.0 (Final) has been released
9:00 CET on the 25th November 2008. Entry written by Niels Henrik Rasmussen.
Today it finally arrived: The first official version of the Secunia PSI v1.0!

ISS X-Force vs. Trend Micro
15:34 CET on the 14th November 2008. Entry written by Carsten Eiram.
IBM ISS X-Force recently reported multiple vulnerabilities in Trend Micro ServerProtect. As Trend Micro claims to have fixed the vulnerabilities, which X-Force disagrees with, X-Force issued a blog as well to clarify some issues.

Monthly Binary Analysis Update
12:24 CET on the 3rd November 2008. Entry written by Carsten Eiram.
This month has been quite interesting for the Secunia BA team with a Microsoft Tuesday weighing in at the heavy end of the scale, nicely accompanied by other critical vulnerabilities in e.g. Sun Java System Web Proxy Server, CUPS, Trend Micro OfficeScan, Adobe PageMaker, and OpenOffice to name a few.

2008 October
Secunia PSI makes patching insecure programs easy for all
13:57 CET on the 29th October 2008. Entry written by Jakob Balle.
Its been 4 months since we issued Secunia Personal Software Inspector (PSI) Release Candidate 3 (RC3), we are happy to announce, that as of today, Secunia PSI Release Candidate 4 (RC4) is ready for prime time.

Danish successes in promoting IT security
15:15 CET on the 27th October 2008. Entry written by Mikkel Winther.
Secunia participated in a nation-wide campaign focused on updating software on private users PC's in October 2008, in collaboration with The National IT and Telecom Agency, The Danish Bankers Association, Nordea, Danske Bank, TDC and others.

Recap On The Internet Security Suite Test
16:05 CET on the 17th October 2008. Entry written by Thomas Kristensen.
The test of the 12 Internet Security Suites published earlier this week has generated a lot of reactions, however, it appears that some have misinterpreted the purpose of the test.

Symantec beats the competition...
16:00 CET on the 13th October 2008. Entry written by Thomas Kristensen.
With a mind-blowing detection rate, almost 10 times higher than the nearest competitor, Symantec has beaten eleven other Internet Security Suites by offering a superior detection rate of exploits.

Secunia is part of a nation-wide campaign for promoting patching
11:12 CET on the 6th October 2008. Entry written by Mikkel Winther.
In collaboration with The National IT and Telecom Agency, The Danish Bankers Association, TDC and others, Secunia is participating in a nation-wide campaign focused on updating software on private users PC's in October 2008.

2008 September
One Stop Exploit Shop
17:08 CET on the 8th September 2008. Entry written by Thomas Kristensen.
As of today it will be possible for respectable security outfits and certain corporate business units to buy Secunia Binary Analyses, PoCs, and exploits on a "pay as you go" basis through our online shop.

A new face - The same reliable intelligence
15:59 CET on the 5th September 2008. Entry written by Niels Henrik Rasmussen, CEO.
6 years ago the first user visited Secunia... Now we have more than 5 million annual visitors and 70.000 daily users of the Software Inspector solutions.

2008 May
Secunia PSI reaches 500,000 users
11:05 CET on the 30th May 2008. Entry written by Thomas Kristensen.
As of today, the number of PSI users hits the 500,000 user mark. That's half a million users, who are informed when a new security patch is available for some of the more than 42 million monitored software installations.

Secunia NSI 2.0 Final Release - try it for free
13:43 CET on the 2nd May 2008. Entry written by Thomas Kristensen.
Secunia has released the Secunia NSI 2.0

2008 April
Free Public Beta test of Secunia NSI version 2
12:36 CET on the 11th April 2008. Entry written by Jakob Balle.
Get free instant access to try the new version of the Secunia NSI ? the corporate edition of the popular Secunia PSI.

2008 February
When does poor design become a vulnerability?
15:19 CET on the 28th February 2008. Entry written by Thomas Kristensen.
Lately there has been discussion about some SIP vendors not validating authentication certificates in their PEAP implementation, which can lead to a hacker gaining access to your computer if you inadvertently connect to a malicious server.

A rough 24 hours for Windows users - 81.01% affected
13:22 CET on the 7th February 2008. Entry written by Thomas Kristensen.
The last 24 hours have been rough for Windows users. Sun, Adobe, Apple, and Skype have issued security updates - all four vendors correcting security holes that could lead to system compromise.

2008 January
Secunia PSI Reaches Milestone
10:43 CET on the 18th January 2008. Entry written by Jakob Balle.
Late yesterday evening the Secunia PSI reached an important milestone - a quarter of a million users!

Interesting Statistics from the Secunia PSI
14:58 CET on the 9th January 2008. Entry written by Jakob Balle.
95 out of every 100 computers that are connected to the Internet have insecure software installed.

2007 December
Your security: 1 in 5 applications are not patched!
14:53 CET on the 21st December 2007. Entry written by Jakob Balle.
More than 20% of all applications installed on users PC's have known security flaws but the user have yet to install the patch provided by the vendor of product

Secunia PSI - Release Candidate 1
16:24 CET on the 18th December 2007. Entry written by Jakob Balle.
We are proud to announce the availability of the Secunia PSI Release Candidate 1 (RC-1). Read more about the background and details for this release.

Vendors still use the "legal" weapon
12:58 CET on the 6th December 2007. Entry written by Thomas Kristensen.
In these days, one would have believed that vendors have learned the lesson not to threaten with legal actions to withhold and suppress significant information about vulnerabilities in their products.

2007 October
25% of computers have vulnerable IrfanView installed
17:30 CET on the 18th October 2007. Entry written by Ina Ragragio.
The vulnerability is easily exploitable, as it only requires that a user is tricked into opening a specially crafted palette (.PAL) file.

2007 September
Secunia PSI BETA status after 2 months
15:48 CET on the 24th September 2007. Entry written by Jakob Balle.
Despite the facts that the Secunia PSI is a whole new type of IT-security solution for Windows users and it being in BETA testing - the Secunia PSI has achieved the remarkable result of being installed on more than 1 computer every minute on average since its release.

2007 July
Secunia PSI Public BETA Test
21:41 CET on the 31st July 2007. Entry written by Jakob Balle.
More than 30,000 users have already installed and tested the Secunia PSI BETA - Over 2,400,000 applications have been detected and categorised as Insecure, End-of-Life, or Up-To-Date.

2007 May
28% of all detected applications are insecure
13:36 CET on the 16th May 2007. Entry written by Jakob Balle.
Since its release in December of last year, the free, online Secunia Software Inspector has conducted over 350,000 inspections. These inspections have identified 4.9 million popular applications, and out of those, 1.4 million applications were found to be lacking critical security patches from the vendors.

The Secunia Research Team reports another IE vulnerability
12:09 CET on the 9th May 2007. Entry written by Ina Ragragio.
The Secunia Research Team doesn't just analyse and test vulnerability reports made by third party researchers. They also conduct research on their own, which is why they're able to identify a rather large quantity of vulnerabilities through in-house research.

2007 April
Network Software Inspector - BETA Program
11:52 CET on the 24th April 2007. Entry written by Thomas Kristensen.
Last December, Secunia released the Software Inspector, a revolutionary tool that changed the way users all across the globe identified missing security updates.

2007 March
New Internet Explorer 7 Spoofing Vulnerability
10:36 CET on the 16th March 2007. Entry written by Ina Ragragio.
There's a new spoofing vulnerability in Internet Explorer 7, one that could again be exploited by web criminals to perform phishing attacks.

2007 January
Quicktime - Update me and stay vulnerable!
17:08 CET on the 25th January 2007. Entry written by Thomas Kristensen.
But now the patch is out, all is forgiven and everyone is happy, because now they can secure their system. Right? WRONG!

Secunia Research finds vulnerability in ActiveX control
10:07 CET on the 24th January 2007. Entry written by Ina Ragragio.
The vulnerable component, NCTAudioFile2.dll, was originally developed by NCT Company Ltd. and is known to be present in more than 70 products from 28 different software companies.

2006 December
Release of Secunia End-of-Year Report
15:31 CET on the 22nd December 2006. Entry written by Ina Ragragio.
A 19-page report on some of the more interesting stories from this year, such as the Microsoft 0-day attacks, and the release of our Software Inspector, and some vulnerability statistics from our very own advisory database.

Followup on the Secunia Software Inspector Release
16:27 CET on the 11th December 2006. Entry written by Jakob Balle.
We just want to update you on the successful release of the Secunia Software Inspector. During a little more than half a week the Secunia Software Inspector has detected more than 400,000 applications on users systems, tagging one third of them as being insecure!

Secunia Launches the Software Inspector
13:00 CET on the 6th December 2006. Entry written by Jakob Balle.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.

2006 October
Standing up and taking responsibility!
10:40 CET on the 31st October 2006. Entry written by Thomas Kristensen, CTO.
Two years, a new release of IE, and still no fix for the "Window Injection" issue. Users are at risk and Microsoft calls it a non-issue.

Welcome to the Secunia "Security Watchdog" Blog
9:17 CET on the 31st October 2006. Entry written by Secunia.
Secunia is proud to announce the availability of the Secunia "Security Watchdog" blog. The Secunia "Security Watchdog" Blog will contain our response and opinions when vendors, researchers, articles, or a research paper calls for it.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability