Criminals are evolving with their techniques for hacking and breaching corporate assets, so security managers need to as well. Here are some ways companies are going beyond standard pen testing in order to increase awareness By Maria Korolov Security professionals have long been running penetration tests against their firewalls and other security systems to find … Continue reading Why security professionals need to get more creative with penetration testing (and how to do it)
Personal and business relationships rely on trust to function, but blind trust in the digital world is downright dangerous. We’re asked to trust companies all the time. We trust them with personal details and they promise to keep them safe. It’s the same story in the enterprise. One company will entrust another to backup and … Continue reading Is Blind Trust Making You Unsafe?
Good Afternoon: The IT infrastructure your organization may use for day-to-day business may be vulnerable because of the Heartbleed vulnerability. Sophos a Towerwall partner has prepared a podcast of the Heartbleed vulnerability, which addresses who is likely affected, workarounds and an offer to help determine if you are vulnerable. http://nakedsecurity.sophos.com/2014/04/10/sscc-142-heartbleed-explained-patches-evaluated-apple-chastised-podcast/ If you think you may … Continue reading Towerwall Heartbleed Vulnerability Alert
Cisco Security Notice Cisco WebEx Business Suite HTTP GET Parameters Include Sensitive Information CVE ID: CVE-2014-0708 Release Date: 2014 March 18 19:07 UTC (GMT) Last Updated: 2014 March 19 17:58 UTC (GMT)SummaryA vulnerability in Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to view sensitive information transmitted in GET parameters of URL requests. The vulnerability is due to inclusion of sensitive … Continue reading Towerwall Information/Vulnerability Alert Vol 13.69: Cisco Security Notice
Zeus, also known as Zbot, is a malware family that we have written about many times on Naked Security. We’ve covered it as plain old Zbot. We’ve covered the Citadel variant, which appeared when the original Zbot code was leaked online. We’ve even written about the time it pretended to be a Microsoft fix for CryptoLocker, a completely different … Continue reading Towerwall Information Security/Malware Alert Vol 13.67 – Notorious “Gameover” malware gets itself a kernel-mode rootkit…
Towerwall and Sophos, partnering to protect data integrity in the cloud. Towerwall is now offering Sophos Cloud Endpoint, a new security option for small and medium sized businesses. Sophos Cloud Endpoint offers an integrated, lightweight agent that protects your business, users and their computers. 24/7, anywhere in the cloud. Sophos Cloud Endpoint gives you endpoint … Continue reading Stay Secure in the Cloud with Sophos Cloud Endpoint
For today’s Patch Tuesday, Microsoft released seven bulletins (a surprise after only announcing five last week) and Adobe released one. There are four critical advisories, to me the most important of which is MS14-010 affecting Internet Explorer versions 6 through 10. This patch fixes 24 vulnerabilities, one of which has been publicly disclosed. Considering that … Continue reading Internet Explorer, .NET, IPv6 and Shockwave top the February 2014 Patch Tuesday list
10. Malware is on the rise The threat of malware on mobile platforms is growing steadily as more and more cyber criminals target mobile devices in increasingly sophisticated ways. 9. Byod is a challenge There are obvious benefits to the BYOD (Bring Your Own Device) trend, but it also creates IT challenges and exposes your … Continue reading Top 10 things to know about mobile security
When the healthcare.gov website was launched on Oct. 1 it didn’t take long for technical issues to hit the headlines. Americans trying to register for health care found the website unusable. There were glitches, extremely long loading times, and serious errors, but most worrying of all for anyone entrusting sensitive data to the system was the lack … Continue reading Why wasn’t healthcare.gov security properly tested?
I am excited to announce the launch of our quarterly newsletter, the Data Security Review. Each quarter I will be sharing with you what I am hearing from customers, colleagues and data security experts to keep you aware and protected. As we enter 2014, human risk is on everyone’s mind. Even with the most sophisticated … Continue reading Introducing our Quarterly Newsletter: the Data Security Review