Towerwall's InfoSec Blog

Zeus, also known as Zbot, is a malware family that we have written about many times on Naked Security. We've covered it as plain old Zbot. We've covered the Citadel variant, which appeared when the original Zbot code was leaked online. We've even written about the time it pretended to be a Microsoft fix for CryptoLocker, a completely different strain of malware. Currently, the most widespread Zbot derivative is the Gameover bot, also known as Zeus P2P because of its use of peer-to-peer networkfalse

For today's Patch Tuesday, Microsoft released seven bulletins (a surprise after only announcing five last week) and Adobe released one. There are four critical advisories, to me the most important of which is MS14-010 affecting Internet Explorer versions 6 through 10. This patch fixes 24 vulnerabilities, one of which has been publicly disclosed. Considering that 22 of these vulnerabilities can lead to remote code execution, this fix is priority one. MS14-007 is a flaw in the Direct2D graphicsfalse

10. Malware is on the rise

Please save the date and plan to join us for this timely forum on what you need to know about the latest security issues, threats, and technologies that will help you protect your business!

Recent vulnerabilities for which exploits are available compiled by the Qualys Vulnerability Research Team. This is a list of recent vulnerabilities for which exploits are available. System administrators can use this list to help in prioritization of their remediation activities. The Qualys Vulnerability Research Team compiles this information based on various exploit frameworks, exploit databases, exploit kits and monitoring of internet activity.

3 Keys To Keep Enterprise Clouds Secure Outsourcing has won out over ownership, and the rush to the cloud continues to gather pace. Where security is concerned there are two major trends that threaten to expose your company to unnecessary risk. There’s a lack of planning and due diligence when choosing cloud providers, and there’s a murky grey area when it comes to responsibility. They can both be mitigated by building security planning into your system from the start, instead of trying tofalse

Join us for Sophos' upcoming event:

Windows admins will have their hands full with the large number of security updates in this month's Patch Tuesday. There are fixes for 47 vulnerabilities in 13 bulletins for September's Patch Tuesday cycle. Four of this month's bulletins are critical. This year's total for bulletins is up to 79, a considerable increase from 62 at the same time last year. One critical bulletin this month addresses a remote code execution vulnerability in Microsoft Outlook, which can be exploited if users openfalse

While millions of mobile users are anticipating the launch of the new iPhone (5S and 5C), cybercriminals are already making their move to distribute spam that promise to give away the said devices for free, in the guise of a contest. We saw samples of spammed messages that attempted to spoof an Apple Store email notification. The said message informs recipients that they won the latest iPhone 5S mobile phones and iPad. Figure 1. Fake Apple email To get these prizes, they are asked to go to afalse

Researchers have spotted the first in-the-wild apps to exploit a critical Android vulnerability allowing attackers to inject malicious code into legitimate programs without invalidating their digital signature. The two apps, distributed on unofficial Android marketplaces in China, help people find doctors and make appointments, according to a blog post published Tuesday by researchers from security firm Symantec. By exploiting the recently disclosed "master key" vulnerability—or possibly a false