Towerwall's InfoSec Blog

Recent vulnerabilities for which exploits are available compiled by the Qualys Vulnerability Research Team. This is a list of recent vulnerabilities for which exploits are available. System administrators can use this list to help in prioritization of their remediation activities. The Qualys Vulnerability Research Team compiles this information based on various exploit frameworks, exploit databases, exploit kits and monitoring of internet activity.

Implementing security practices in your organization’s employees’ daily work habits, and ensuring the integrity and confidentiality of information security, the goals of the Security Awareness Program are:

Well, it was certainly a night to remember and much to celebrate With over 325+ people coming to celebrate the 118th MetroWest Chamber of Commerce Annual Meeting! It was a great night with much money raised for United Way’s Feed a Family and our hero's - Military Veterans. Watch some of the fun we had:

And it keeps getting worse… A widespread outbreak of a sneaky, file-encrypting piece of ransomware called Cryptolocker has many people talking. One very important question raised by Cryptolocker’s success to date: Should you ever pay a ransom to a cybercriminal? Sophos security expert James Lyne, head of global security research at Sophos, went on cable network CNBC to explain how the criminal gang behind Cryptolocker is demanding a ransom in return for unlocking a victim’s files. In the videofalse

Join us for Sophos' upcoming event:

Earlier this week a colleague pointed out an intriguing phishing sample that he had come across. It was interesting not because of any great sophistication or complexity, but rather that it illustrated the reuse of an old social engineering trick. The brand being targeted in the phish campaign is Poste Italiane, a well-known Italian group that includes financial and payment services in its product portfolio. We see numerous phishing attacks targeting this group each month, with attackers keenfalse

Cyber-attacks take many forms, from cybercrime, to hacktivism, to cyber warfare, and espionage. We’re all used to hearing about phishing attacks and the threat of malware, but organized cyber-attacks perpetrated by groups with political motivations, and sometimes affiliated with foreign governments, are on the rise, and they could represent a much graver threat. Major concerns about the threat of state-sponsored cyber-attacks on U.S. military and infrastructure have been raised repeatedly longfalse

Windows admins will have their hands full with the large number of security updates in this month's Patch Tuesday. There are fixes for 47 vulnerabilities in 13 bulletins for September's Patch Tuesday cycle. Four of this month's bulletins are critical. This year's total for bulletins is up to 79, a considerable increase from 62 at the same time last year. One critical bulletin this month addresses a remote code execution vulnerability in Microsoft Outlook, which can be exploited if users openfalse

Researchers have spotted the first in-the-wild apps to exploit a critical Android vulnerability allowing attackers to inject malicious code into legitimate programs without invalidating their digital signature. The two apps, distributed on unofficial Android marketplaces in China, help people find doctors and make appointments, according to a blog post published Tuesday by researchers from security firm Symantec. By exploiting the recently disclosed "master key" vulnerability—or possibly a false