Towerwall's InfoSec Blog

Many companies have embraced the BYOD trend. They may even have developed applications that enable employees to have 24/7 access to business data and tools. The benefits can be counted in productivity boosts and flexibility, but there is a real and present danger that is being ignored all too often. How many of these enterprise apps have undergone security penetration testing? Could the mobile apps your business uses be jeopardising your data security or even regulatory compliance?

Islamist Element in Attacks. A pro-Islamic, anti-American hacking campaign appears to have jumped the gun and started early with hundreds of sites being compromised today. Set to take place on May 7 this month - thought to be US time - and targeting government sites in the US, Israel and India, the campaign is called #OpUSA. It is coordinated mainly through Twitter and postings on sites like Pastebin, with an unknown amount of participants. However, lists of compromised sites are alreadyfalse

As the app revolution has gathered pace and smartphones and tablets have become ubiquitous, the importance of testing app security has grown. Many companies have embraced the BYOD trend. They may even have developed applications that enable employees to have 24/7 access to business data and tools. The benefits can be counted in productivity boosts and flexibility, but there is a real and present danger that is being ignored all too often. How many of these enterprise apps have undergonefalse

It appears that BYOD, “Bring Your Own Device” to work, is beyond just being a growing trend if not currently a sanctioned practice within the corporate walls. It may seem that bowing to this desire on the parts of employees would have a lot to offer, not the least of which is a reduction in costs for employee-issued hardware. Unfortunately that is not entirely the case.

Jan 11 (Reuters) - The U.S. Department of Homeland Security urged computer users to disable Oracle Corp's (ORCL:$34.8625,$-0.0475,-0.14%) Java software, amplifying security experts' prior warnings to hundreds of millions of consumers and businesses that use it to surf the Web.

Don’t assume those third-party apps you buy are fully secure. Despite the promise of cloud computing, companies are still buying software. And it is more cost effective to buy an application and plug it into your system than it is to develop anew. How many third-party applications has your company bought off the shelf? How secure are they? Have you conducted any actual testing? Too many organizations are oblivious to the need for stringent security testing. Many third-party apps are purchasedfalse

Security is not a list of things you do. Security is a way of thinking, a way of looking at things, a way of dealing with the world that says “I don’t know how they’ll do it, but I know they’re going to try to screw me” and then, rather than dissolving into an existential funk, being proactive to prevent the problem. But, you can’t buck statistics. Nobody is going to read an article entitled “Coding for Security.” Everyone wants an article with a number in it: “The 8 Most Common PHP Securityfalse

According to the article in Dark Reading, Study: Phishing Messages Elude Filters, Frequently Hit Untrained Users, many people are still being tripped up by phishing emails. The article summarizes the findings of a survey that was conducted at the Black Hat USA security conference held in July 2012. Of the 250 conference attendees that were polled, 69% said that phishing messages get past spam filters and into users’ inboxes on a weekly basis. Over 25% indicated that top executives and otherfalse

We are proud to announce our Threat Spotlight, sign up for our Twitter feed and get the latest threats and how to protect against them.

After the last zero day exploit on Java we reported some weeks ago it appears that a new 0day has been found in Internet Explorer by the same authors that created the Java one. Yesterday, Eric Romang reported the findings of a new exploit code on the same server that the Java 0day was found some weeks ago. The new vulnerability appears to affect Internet Explorer 7 and 8 and seems to be exploitable at least on Windows XP. The exploit code found in the server works as follow: - The filefalse