Towerwall's InfoSec Blog

Jan 11 (Reuters) - The U.S. Department of Homeland Security urged computer users to disable Oracle Corp's (ORCL:$34.8625,$-0.0475,-0.14%) Java software, amplifying security experts' prior warnings to hundreds of millions of consumers and businesses that use it to surf the Web.

Bringing mobile devices to work? Not so fast. Like it or not, the line between the workplace and the home is blurring. Work-at-home arrangements are becoming more common and cloud services make it easier to co-ordinate teams online. People are constantly on call, with the ability to check their emails and stay in touch wherever they are. The days of having a personal mobile and a work device are fast disappearing as the BYOD (Bring Your Own Device) trend continues to grow. A recent SkyDoxfalse

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management offering called Aegify SPM. The SPM stands for Security Posture Management, and eGestalt of Santa Clara defines SPM as “the art and science of monitoring and managing business security status by orchestratingfalse

Providing early evidence of tampering can shorten investigation times for breaches and audits. The convenience of mobile devices has led to their rapid proliferation in the workplace. But along with that convenience comes security and compliance issues contributing to the degeneration of trust. Risk management for mobile devices is of rising concern, particularly in highly regulated industries such as healthcare and finance. In order to detect security breaches and guarantee compliance,false

Don’t assume those third-party apps you buy are fully secure. Despite the promise of cloud computing, companies are still buying software. And it is more cost effective to buy an application and plug it into your system than it is to develop anew. How many third-party applications has your company bought off the shelf? How secure are they? Have you conducted any actual testing? Too many organizations are oblivious to the need for stringent security testing. Many third-party apps are purchasedfalse

Everyday there is a new threat with seemingly innocent emails being sent out that look close to an official correspondence from a company, from Paypal, ADP and BBB - to name a few. Cybercriminals are mimicking the online payment processor PayPal in a malicious spam campaign that attempts to dupe customers into downloading malware from links in seemingly authentic emails, according to a Webroot report written by Dancho Danchev. The piece of malware in use here is a backdoor that, oncefalse

Security is not a list of things you do. Security is a way of thinking, a way of looking at things, a way of dealing with the world that says “I don’t know how they’ll do it, but I know they’re going to try to screw me” and then, rather than dissolving into an existential funk, being proactive to prevent the problem. But, you can’t buck statistics. Nobody is going to read an article entitled “Coding for Security.” Everyone wants an article with a number in it: “The 8 Most Common PHP Securityfalse

According to the article in Dark Reading, Study: Phishing Messages Elude Filters, Frequently Hit Untrained Users, many people are still being tripped up by phishing emails. The article summarizes the findings of a survey that was conducted at the Black Hat USA security conference held in July 2012. Of the 250 conference attendees that were polled, 69% said that phishing messages get past spam filters and into users’ inboxes on a weekly basis. Over 25% indicated that top executives and otherfalse

We are proud to announce our Threat Spotlight, sign up for our Twitter feed and get the latest threats and how to protect against them.