Industries: Enterprise

Card image

Towerwall Security/Malware Alert Vol 13.71

Michelle Drolet

GameOver Zeus P2P Malware Original release date: June 02, 2014 Systems Affected Microsoft Windows 95, 98, Me, 2000, XP, Vista, 7, and 8 Microsoft Server 2003, Server 2008, Server 2008 R2, and Server 2012 Overview GameOver Zeus (GOZ), a peer-to-peer (P2P) variant of the Zeus family of bank credential-stealing malware identified in September 2011, [1]

Read more

2 Minute 53 Second Read

Card image

Deciding Between Vulnerability Scanning And Penetration Testing

Michelle Drolet

My clients often confuse scanning and penetration testing. Organisations should be conducting both external vulnerability scans and penetration tests. If you are storing or transmitting data on the Internet, particularly sensitive data such as credit card details, then quarterly scanning is required to validate your PCI compliance. You also need to conduct a penetration test

Read more

4 Minute 1 Second Read

Card image

The Benefits of Cloud-Based Endpoint Security

Michelle Drolet

The cloud computing revolution is well underway and there are lots of benefits to be realized. According to Awesome Cloud research the industry will be worth more than $150 billion this year, compared to $46 billion just six years ago. Mirroring the general trend for SaaS solutions, cloud-based IT security systems can be an ideal fit for

Read more

3 Minute 2 Second Read

Card image

Why security professionals need to get more creative with penetration testing (and how to do it)

Michelle Drolet

Criminals are evolving with their techniques for hacking and breaching corporate assets, so security managers need to as well. Here are some ways companies are going beyond standard pen testing in order to increase awareness By Maria Korolov  Security professionals have long been running penetration tests against their firewalls and other security systems to find

Read more

6 Minute 27 Second Read

Card image

Is Blind Trust Making You Unsafe?

Michelle Drolet

Personal and business relationships rely on trust to function, but blind trust in the digital world is downright dangerous. We’re asked to trust companies all the time. We trust them with personal details and they promise to keep them safe. It’s the same story in the enterprise. One company will entrust another to backup and

Read more

2 Minute 8 Second Read

Card image

Towerwall Heartbleed Vulnerability Alert

Michelle Drolet

Good Afternoon: The IT infrastructure your organization may use for day-to-day business may be vulnerable because of the Heartbleed vulnerability. Sophos a Towerwall partner has prepared a podcast of the Heartbleed vulnerability, which addresses who is likely affected, workarounds and an offer to help determine if you are vulnerable. http://nakedsecurity.sophos.com/2014/04/10/sscc-142-heartbleed-explained-patches-evaluated-apple-chastised-podcast/ If you think you may

Read more

0 Minute 40 Second Read

Card image

Towerwall Information/Vulnerability Alert Vol 13.69: Cisco Security Notice

Michelle Drolet

Cisco Security Notice Cisco WebEx Business Suite HTTP GET Parameters Include Sensitive Information CVE ID: CVE-2014-0708 Release Date: 2014 March 18 19:07  UTC (GMT) Last Updated: 2014 March 19 17:58  UTC (GMT)SummaryA vulnerability in Cisco WebEx Business Suite could allow an unauthenticated, remote attacker to view sensitive information transmitted in GET parameters of URL requests.The vulnerability is due to inclusion of sensitive information in

Read more

2 Minute 5 Second Read

Card image

Patch Tuesday wrap-up, March 2014 – critical fixes from Microsoft and Adobe

Michelle Drolet

by Paul Ducklin on March 12, 2014 We already wrote about Microsoft’s March 2014 patches, noting that, as usually happens, there was an All-Points Bulletin for Internet Explorer coming up. Microsoft doesn’t call them APBs, of course – they are Cumulative Security Updates, with one bulletin covering all the numerous versions, bitnesses and CPU flavors of Redmond’s IE browser.

Read more

1 Minute 51 Second Read

Card image

Towerwall Information Security/Malware Alert Vol 13.67 – Notorious "Gameover" malware gets itself a kernel-mode rootkit…

Michelle Drolet

Zeus, also known as Zbot, is a malware family that we have written about many times on Naked Security. We’ve covered it as plain old Zbot. We’ve covered the Citadel variant, which appeared when the original Zbot code was leaked online. We’ve even written about the time it pretended to be a Microsoft fix for CryptoLocker, a completely different

Read more

4 Minute 43 Second Read

Card image

Internet Explorer, .NET, IPv6 and Shockwave top the February 2014 Patch Tuesday list

Michelle Drolet

For today’s Patch Tuesday, Microsoft released seven bulletins (a surprise after only announcing five last week) and Adobe released one. There are four critical advisories, to me the most important of which is MS14-010 affecting Internet Explorer versions 6 through 10. This patch fixes 24 vulnerabilities, one of which has been publicly disclosed. Considering that

Read more

1 Minute 29 Second Read