Towerwall's InfoSec Blog

Security researchers from the Vulnerability Lab have identified a serious security hole that could affect a number of companies which rely on Barracuda products. They’ve discovered a high severity validation filter and exception handling bypass vulnerability in Barracuda’s appliances. According to the experts, the input filter that’s designed to block out persistent input attacks is flawed, exposing all security appliances.

It appears that BYOD, “Bring Your Own Device” to work, is beyond just being a growing trend if not currently a sanctioned practice within the corporate walls. It may seem that bowing to this desire on the parts of employees would have a lot to offer, not the least of which is a reduction in costs for employee-issued hardware. Unfortunately that is not entirely the case.

Jan 11 (Reuters) - The U.S. Department of Homeland Security urged computer users to disable Oracle Corp's (ORCL:$34.8625,$-0.0475,-0.14%) Java software, amplifying security experts' prior warnings to hundreds of millions of consumers and businesses that use it to surf the Web.

As the year draws to a close, it's time for us to take a step back, absorb the lessons of 2012, and look at what 2013 and beyond will bring for users, the security industry, and even cybercriminals. We know this time of year is incredibly busy and as a trusted advisor, you expect Towerwall to stay on the cutting edge of security information and share our findings. To help you understand the impacts of threats to your business, we would like to share Trend Micro's 2013 forecast report, "Securityfalse

Two security firms, the established Rapid7 vulnerability manager and eGestalt, a cloud-based compliance management provider, have signed an OEM deal that will do something for the IT security industry that hasn’t been done before: a combination security and compliance posture management offering called Aegify SPM. The SPM stands for Security Posture Management, and eGestalt of Santa Clara defines SPM as “the art and science of monitoring and managing business security status by orchestratingfalse

Everyday there is a new threat with seemingly innocent emails being sent out that look close to an official correspondence from a company, from Paypal, ADP and BBB - to name a few. Cybercriminals are mimicking the online payment processor PayPal in a malicious spam campaign that attempts to dupe customers into downloading malware from links in seemingly authentic emails, according to a Webroot report written by Dancho Danchev. The piece of malware in use here is a backdoor that, oncefalse

Security is not a list of things you do. Security is a way of thinking, a way of looking at things, a way of dealing with the world that says “I don’t know how they’ll do it, but I know they’re going to try to screw me” and then, rather than dissolving into an existential funk, being proactive to prevent the problem. But, you can’t buck statistics. Nobody is going to read an article entitled “Coding for Security.” Everyone wants an article with a number in it: “The 8 Most Common PHP Securityfalse

According to the article in Dark Reading, Study: Phishing Messages Elude Filters, Frequently Hit Untrained Users, many people are still being tripped up by phishing emails. The article summarizes the findings of a survey that was conducted at the Black Hat USA security conference held in July 2012. Of the 250 conference attendees that were polled, 69% said that phishing messages get past spam filters and into users’ inboxes on a weekly basis. Over 25% indicated that top executives and otherfalse