What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-02-07 09:00:59 | Fortinet Highlights Agile Security at Mobile World Congress (lien direct) | In this blog post, I'd like to zero in on what we're planning around the Agile Security theme. In two subsequent blog posts, I'll expand on our Advanced Security and Mobile Security-Managed Security Services themes. | |||
|
2018-02-06 13:45:59 | Fostering Collaboration and Intelligence Sharing at Accelerate 2018 (lien direct) | Learn about the keynote sessions being delivered at Fortinet's Accelerate conference, and the key takeaways for IT professionals across verticals. | |||
|
2018-02-05 13:45:59 | Fortinet Security on the Google Cloud Platform: The Future is Multi-Cloud (lien direct) | Fortinet cloud security is now available across all five major cloud providers. We're excited to announce that our flagship FortiGate virtual machine is now available for Google Cloud Platform (GCP) through the Cloud Launcher marketplace. | |||
|
2018-02-05 13:45:59 | Innovation Insights: The Industry\'s Fastest 100 Gbps+ Next-Generation Firewall Appliance (lien direct) | With this latest NGFW innovation in place, Fortinet has once again widened the performance and security gap between our closest competitors and us. And our ongoing commitment to an engineering-driven architectural approach to security ensures that this gap will only continue to widen, ensuring that customers always have access to the cutting edge security tools they need to enable their continued success in the new digital economy. | |||
|
2018-02-04 19:45:59 | Security Against the Invisible Enemy -- Preparing for the Mandatory Notifiable Data Breach Scheme Part 2 (lien direct) | In our last blog we learnt what potential impact the mandatory breach notification and the EU's GDPR will have on the Australian market. But what's next for organisations and what will be the potential challenges? | |||
|
2018-02-02 20:34:59 | Satori Adds Known Exploit Chain to Enslave Wireless IP Cameras (lien direct) | Satori, a Mirai based IoT bot, has been one of the most actively updated exploits in recent months. It is believed that the hacker behind this bot is also the author of other Mirai variants, known as Okiru, and Masuta. FortiGuard Labs researchers recently observed a new Satori version that had added a known exploit chain (one which had been used in the past by the Persirai bot) to enable it to spread to vulnerable devices, particularly, wireless IP cameras that run a vulnerable custom version of the GoAhead web server. | Satori | ||
|
2018-02-02 13:45:59 | The Risks of Shadow IT at Financial Services Firms (lien direct) | The use of Shadow IT is increasing thanks to SaaS. Learn the risks that shadow IT poses to financial services firms, and how to mitigate them. | |||
|
2018-01-31 13:45:59 | Nine Top Priority Cybersecurity Threats Active in the Education Sector Today – and Why Everyone Should Care (lien direct) | Educational institution networks continue to be a favorite playground for cybercriminals. Because of the age and interests of the majority of educational users, these networks tend to incorporate cutting edge technologies and strategies. | |||
|
2018-01-30 18:00:59 | FortiGuard Labs Discovers Vulnerability in Asus Router (lien direct) | Over the last few weeks, ASUS released a series of patches aimed at addressing a number of vulnerabilities discovered in their RT routers running AsusWRT firmware. The models listed at the end of this post are known to be vulnerable. If you are not sure which model or firmware you are using, I recommend double-checking the ASUS support website to get the latest information and updates. | |||
|
2018-01-30 18:00:59 | Meltdown/Spectre Update (lien direct) | In addition to establishing an aggressive and proactive patch-and-replace protocol, it is essential that organizations have layers of security in place designed to detect malicious activity and malware, and to protect vulnerable systems. | |||
|
2018-01-30 13:45:59 | Why the Fortinet Security Fabric Is the "Secret Sauce" for Managed Security Services Providers (lien direct) | To cut to the chase, the technical features of Fortinet solutions are only half the story when it comes to Fortinet Security Fabric's unmatched ability to deliver managed security services. Its secret sauce for managed security services providers (MSSPs) is really about adaptability, integration, and automation, as expressed through six properties of Fortinet-based managed security solutions: Â Security Control Breadth. MSSPs are often required to combine offerings from several different security manufacturers to create an effective... | |||
|
2018-01-29 19:45:59 | Preparing for Mandatory Notifiable Data Breach Legislation Part 1 (lien direct) | Both Australia's Mandatory Notifiable Data Breach legislation and the EU's GDPR are shining a spotlight on state-of-the-art data security technoloies and strategies to help Australian organisations stay strong in an increasingly digitized world. | |||
|
2018-01-29 13:45:59 | For a Moonshot, You Need More Than Just the Moon (lien direct) | At one time, we were challenged to ask not what our country could do for us but what we could do for our country. It is time that the leading organizations in digital technology come together once again to ask the same. | Guideline | ||
|
2018-01-26 13:45:59 | Considerations for Securing Medical Research in the Cloud (lien direct) | While cloud computing enables medical research, it also brings security concerns. Learn the top considerations for securing medical research in the cloud. | |||
|
2018-01-25 19:05:59 | IoT Botnet: More Targets in Okiru\'s Cross-hairs (lien direct) | The first Okiru sample appeared around October 2017 ,and FortiGuard Labs created a write up of its development last December, which included worm capabilities and the embedding of two different exploits. As a follow up, we will now share our findings on the latest Okiru variant that targets ARC processors. | |||
|
2018-01-25 19:05:59 | A Deep Dive Analysis of Microsoft\'s Kernel Virtual Address Shadow Feature (lien direct) | One of the key features of Microsoft's patches is the “Kernel Virtual Address Shadow†(a term coined by Microsoft), or KVAS for short. This feature effectively blocks the Meltdown attack, as it leaves very little kernel memory accessible to user mode code. In this blog post we provide a deep dive analysis of this feature. | |||
|
2018-01-25 13:45:59 | Unified Threat Management for Higher Education (lien direct) | Higher education is embracing new technology and open networks to foster student innovation. Learn how unified threat management can manage cost and thwart threats while improving operational efficiency. | |||
|
2018-01-24 13:45:59 | Align Your Customers\' Business Needs with Security Functionality (lien direct) | Your customers need to align conflicting business and security goals. Learn how Fortinet can provide security and compliance, without hindering business initiatives. | |||
|
2018-01-24 09:00:59 | Raising the Bar on Cybersecurity Awareness at Mobile World Congress (lien direct) | Fortinet will be making its first ever appearance at the 2018 Mobile World Congress (MWC), billed as the world's largest gathering of the Communication Service Providers (CSPs) industry, this coming February 26 through March 1 in Barcelona, Spain. | |||
|
2018-01-23 14:00:59 | Fortinet Takes Insurance Giant icare to the Cloud (lien direct) | The successful rollout of icare's new cloud-based business model can be attributed to Fortinet's proactive account management, our technical expertise and our wide range of security solutions certified for AWS environments. | |||
|
2018-01-22 13:45:59 | 5 Steps to Enable You to Stare Back in the Face of Inevitable Compromise (lien direct) | How to deal with the safe guess that your company has been breached. | |||
|
2018-01-22 13:05:59 | SpriteCoin: Another New CryptoCurrency…or NOT! (lien direct) | Fortinet FortiGuard Labs has come across a ransomware that only accepts Monero – an open source cryptocurrency created in 2014 – for payment, signaling a shift away from the widely used and accepted standard Bitcoin in the ransomware space. Ransomware authors are aware of current trends and events, and appear to be taking advantage of all the hype surrounding the cryptocurrency craze. | |||
|
2018-01-19 13:45:59 | Why Securing Fintech Is Necessary for Financial Startups and Industry Leaders (lien direct) | Financial services firms are partnering with fintech organizations to drive innovation. Learn the role cybersecurity must play in these partnerships. | |||
|
2018-01-18 13:45:59 | Executive Insights: If it is Not Seamless, It is Not Secure (lien direct) | As the number of connected devices on networks and subsequent threats increase at a rate that is practically immeasurable, many organizations are making the mistake of fighting fire with fire. They are meeting complexity with complexity -- a moment-to-moment tactical response that reduces their cybersecurity to an inefficient collection of vendors, protocols and operating systems. | |||
|
2018-01-17 17:00:59 | Into the Implementation of Spectre (lien direct) | In this blog post, we will get into the details of the implementation of Spectre, the exploit that targets the vulnerbilities found in CPUs built by AMD, ARM, and Intel. We assume you are familiar with the concept of the attack, and you can inspect the Proof of Concept source code provided in the Appendix of the paper linked above. You might also find it easier to read this blog post with the source code side by side. | |||
|
2018-01-17 13:45:59 | Prioritizing Your Security – Where Do You Begin? (lien direct) | There is an incredible urgency for organizations, especially those undergoing digital transformation, to reprioritize security hygiene and identify emerging risks. However, as the volume, velocity, and automation of attacks continues to increase, it is also becoming increasingly important to align patching prioritization to what is happening in the wild so you can better focus your limited resources on the most critical and emerging risks. | |||
|
2018-01-16 17:59:59 | ShipServ Uses Fortinet Security Tools to Assist its Move to the Cloud (lien direct) | ShipServ, in a recent move to a more cloud-based IT infrastructure, adopted several Fortinet products to protect the company's networks. I recently talked to Dominic Aslan, ShipServ's vice president of IT operations, about the company's move to the cloud and its use of Fortinet tools. | |||
|
2018-01-16 13:45:59 | Fortinet Certified by ICSA for Advanced Threat Defense (lien direct) | The challenge is that most all email security vendors say the same thing: “99.9% catch rate, no false positives, easy to manage†and so forth, which is why Fortinet is firmly committed to regular participation in independent testing. Consider, for example, the Advanced Threat Defense certification testing conducted by ICSA Labs. | |||
|
2018-01-15 15:00:59 | Growth Opportunities for Partners at Accelerate 2018 (lien direct) | Fortinet is excited to be meeting with our partners at this year's Accelerate conference, which promises to be the largest one yet. Around 2,000 thought leaders, IT and security experts, partners, and customers will convene in Las Vegas from February 26th – March 1st to attend keynotes and breakout sessions, network, and collaborate. | Guideline | ||
|
2018-01-15 15:00:59 | Are You Ready for the Evolution of Ransomware? (lien direct) | A recent Cyber Threat Alliance blog by Michael Daniel discussed the evolution of ransomware and the IoT. Read this post to learn more. | |||
|
2018-01-14 14:00:59 | (Déjà vu) Security Research News in Brief - November 2017 Edition (lien direct) | Welcome back to our monthly review of some of the most interesting security research publications. | |||
|
2018-01-12 13:45:59 | Score an A in Cybersecurity using a 5-Point Checklist (lien direct) | Learn the critical cybersecurity challenges plaguing K-12 schools today and how to mitigate them with this five-point cybersecurity checklist. | |||
|
2018-01-12 11:39:59 | An Analysis of the OpenSSL SSL Handshake Error State Security Bypass (CVE-2017-3737) (lien direct) | OpenSSL is a widely used library for SSL and TLS protocol implementation that secures data using encryption and decryption based on cryptographic functions. However, a Security Bypass vulnerability – recently addressed in a patch by the OpenSSL Project –can be exploited to make vulnerable SSL clients or remote SSL servers send clean application data without encryption. This Security Bypass vulnerability (CVE-2017-3737) is caused by an error when the SSL_read or SSL_write function handles an "error state" during an SSL handshake.... | |||
|
2018-01-12 11:39:59 | Dr. StrangePatch or: How I Learned to Stop Worrying (about Meltdown and Spectre) and Love Security Advisory ADV180002 (lien direct) |  Introduction 2018 truly is starting off with a bang: fundamental CPU flaws dubbed Meltdown and Spectre were found affecting pretty much all modern processors developed since the Pentium Pro (1995). These flaws root in two critical CPU features: Out of Order Execution and Speculative Execution, which are crucial for performance. Since this is an important feature and not a bug, it is inherently hard to fix. Furthermore, for performance reasons, speculative execution is almost always implemented in hardware, so “fixesâ€... | |||
|
2018-01-11 13:45:59 | Do You Want an SD-WAN with Basic Security or Robust Secure SD-WAN (lien direct) | As network leaders assess their SD-WAN options, however, what is often missing from their deliberations is how to adequately address security risks. SD-WAN vendors are increasingly embedding security features into their offerings, but these tend to be basic, Layer 3 network controls and not the robust security functions that these environments require. | Guideline | ||
|
2018-01-10 13:45:59 | Mitigating Vulnerabilities in Your Customer\'s Security Protocol with a Cyber Threat Assessment (lien direct) | While organizations are adopting new technologies and services, cybercriminals are developing sophisticated methods of attack to target new attack vectors, exploit unforeseen vulnerabilities, and gain access to user data and other network resources. With this increased threat landscape and growing sophistication of cyberattacks, visibility into existing security measures, and identifying those places where there may be gaps is especially important. | |||
|
2018-01-09 14:00:59 | Executive Insights: Connected Cars – A View Into Securing Converged Networks (lien direct) | Hyperconverged systems are on the horizon, connecting new and existing environments in ways we may have never imagined. But careful planning can ensure that we make this transition smoothly and securely. It starts with insisting on open standards and integrated and interactive security systems designed to talk to each other, share information, identify and adapt to changes, and respond to events in a coordinated and collaborative fashion. | |||
|
2018-01-08 14:45:59 | Fortinet Security Fabric Earns NSS Recommendation for Breach Prevention (lien direct) | FortiSandbox has already proven itself effective in the 2017 BDS test with a 99% Breach Detection rate, earning a Recommended rating four out of four years. And now, integrated with other Security Fabric components – namely, FortiGate, FortiMail, and FortiClient – it has achieved another NSS Recommended award with this latest 2017 BPS test. | |||
|
2018-01-08 13:45:59 | Executive Insights: Viewing GDPR as an Opportunity to Drive Competitive Advantage and Create Digital Trust (lien direct) | With GDPR scheduled to come into full effect this May, private and public-sector organizations across the world have no time to waste in taking actions to ensure they are ready to comply with these new requirements. The best way forward is through a comprehensive and integrated strategy that is able to see and track personal data, as well as prevent, detect, and remediate data breaches anywhere they may occur. This is a strategic approach that not only enables regulatory compliance, but will allow you to differentiate security as a value-add. | |||
|
2018-01-05 13:45:59 | A Security Fabric for Digital-Age Healthcare: A Preview of HIMSS 2018 (lien direct) | HIMSS 2018 will be held this year on March 5-9th at the Sands Expo Center in Las Vegas. Fortinet is excited to be attending this event yet again to meet with healthcare IT professionals standing on the front lines of digital transformation initiatives at their organizations, and to attend the various workshops, roundtables, and keynotes presented by thought leaders. | Guideline | ||
|
2018-01-04 18:45:59 | Fortinet Advisory on New Spectre and Meltdown Vulnerabilities (lien direct) | Earlier this week, it was announced that researchers uncovered two new side channel attacks that exploit newly discovered vulnerabilities found in most CPU processors, including those from Intel, AMD, and ARM. These vulnerabilities allow malicious userspace processes to read kernel memory, thereby potentially causing sensitive kernel information to leak. These vulnerabilities are known as Meltdown and Spectre. | |||
|
2018-01-04 13:45:59 | How Financial Services Firms Can Protect Against DDoS Attacks (lien direct) | Distributed denial-of-service (DDoS) attacks are becoming increasingly common across the financial services industry. DDoS attacks occur when a portion of the network is targeted, typically at the networking, transport, or application layer, with a flood of requests that overwhelm network bandwidth, causing it to slow or crash completely. | |||
|
2018-01-03 17:45:59 | Prevalent Threats Targeting Cuckoo Sandbox Detection and Our Mitigation (lien direct) | In this blog post, we will discuss the history of sandbox detection. We will then unveil the malware families that KTIS has observed from spear-phishing emails that attempt to bypass the user-mode API hook in order to evade sandbox detection. And finally, we will share the mitigation method we use to harden the Cuckoo sandbox against this bypass technique. | |||
|
2018-01-03 13:45:59 | Addressing Three Major Pain Points of the Cybersecurity Skills Gap (lien direct) | The cybersecurity skills shortage is an issue impacting all industries. As cyberattacks become more frequent and sophisticated, organizations all over the world are struggling to outfit their teams with personnel that are armed with essential cybersecurity backgrounds and technical security skills, in addition to broader IT know-how. | |||
|
2018-01-02 13:45:59 | Cybersecurity Past and Future: What\'s Come This Year and What is Coming (lien direct) | To predict the future, simply look at the past. With that in mind, here's a quick overview of the current state of cybersecurity, along with what lies on the horizon and what organizations can do to secure their networks. | |||
|
2017-12-29 13:45:59 | Executive Insights: 2017 Threat Trends – Looking at Our Threat Reports (lien direct) | 2017 was another landmark year for cybersecurity. In reviewing our quarterly Threat Landscape reports, it is clear that 2017 has been notable primarily for three things: the rapid digital transformation and expansion of the potential attack surface, the increasing sophistication of cyber attacks, and a lapse in basic cybersecurity hygiene, largely being driven by digital transformation coupled with the growing cybersecurity skills gap. | |||
|
2017-12-28 13:45:59 | Using Internal Segmentation to Secure the IoMT (lien direct) | To mitigate the cyber risks associated with Internet of Medical Things (IoMT) devices connecting to healthcare networks, security controls must be put in place to ensure that one compromised medical device does not lead to the compromise of the entire network and the loss of valuable patient data. | Guideline | ||
|
2017-12-27 13:45:59 | Solve Customers\' Past Cybersecurity Challenges with an Eye to Future Trends (lien direct) | Partners: Cybersecurity must always be a critical element of your customers' innovations to ensure that changes in enterprise technology do not leave the organization vulnerable to attacks. However, this is easier said than done. | |||
|
2017-12-26 13:45:59 | Protecting Your Bottom Line from Cyber Risks (lien direct) | As global cyberattacks persist, cybersecurity is becoming a main focus in the C-suite. Gone are the days where it's just a concern for IT teams. These rapid, sophisticated attacks across industries have demonstrated that cybersecurity is the responsibility of the entire organization as they seek to avoid the crippling effects associated with data breaches. | ★★★★ | ||
|
2017-12-22 18:30:00 | Circle of the fraud: more information about Bitcoin Orcus RAT campaign (lien direct) | FortiGuard Labs continues to investigate a series of attacks on Bitcoin users. In our first blog, we provided a deep analysis of malicious samples from the Bitcoin Orcus RAT campaign. In this second part, we recreate the full path of a multistage complex attack, shed some light on some other activities of these criminal actors, and reveal their possible identities. Failed attempt Bitcointalk.org is a popular place to trade for bitcoins. In 2015 there was a simple and straightforward attack on its users. Somebody registered a... |
To see everything:
Our RSS (filtrered)
