What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-01-26 10:21:07 | 2017 Cybersecurity Predictions for Financial Services: What to Watch For (lien direct) | As technology within the financial services industry continues to evolve, so too does the threat landscape. Fortinet offers cybersecurity predictions for 2017. | |||
|
2017-01-25 09:49:32 | The Analysis of ISC BIND NSEC Record Handling DoS (CVE-2016-9147) (lien direct) | The latest patch for BIND from the Internet Systems Consortium (ISC) fixes a NESC record-related bug. Remote BIND recursive servers may crash when attempting to handle the specifically-crafted query response with NESC record sent by attackers, thereby causing a denial of service (DoS). This potential DoS vulnerability is caused by a RUNTIME CHECK error in Resolver.c when caching the DNS response with NSEC Record. In this post we will examine the BIND source codes and expose the root cause of this vulnerability. The NSEC record (record type... | |||
|
2017-01-23 08:13:52 | The Move to Consolidation and Integration: Simplifying Security in Financial Services (lien direct) | In meeting with large financial institutions, the single biggest thing we keep hearing about is the need to simplify and consolidate their security infrastructure. As Financial Services has evolved from person-to-person transactions to a fully digital business model, the industry's networks have evolved as well, become increasingly complex and more difficult to defend. During this evolution, as new threats have emerged, financial organizations have gone out and purchased a host of different security products, often from different vendors,... | |||
|
2017-01-20 10:04:06 | Linux Gafgyt.B!tr Exploits Netcore Vulnerability (lien direct) | Over the past few months we have seen a lot of malware activity around the Netcore vulnerability, so we decided to take closer look at its exploitation. The following screen shot shows attack traffic captured through Wireshark. Figure 1 Figure 2 shows a quick enumeration of the sample. (There are different versions of the sample for several architectures. We chose to analyze the MIPS one) Figure 2 My analysis shows that this sample is a variant of the Gafgyt family, with some changes which I will discuss in detail later in this... | |||
|
2017-01-18 09:39:55 | Analysis of ISC BIND TKEY Query Response Handling DoS (CVE-2016-9131) (lien direct) | Another TKEY record-related bug in BIND has been fixed with a patch from the Internet Systems Consortium (ISC) that was released just after the New Year. This bug may take down BIND recursive servers by sending a simple query response with TKEY record, thereby causing a denial of service (DoS). This potential DoS vulnerability is caused by an assertion failure in Resolver.c when caching the DNS response with TKEY Record. In this post we will analyze the BIND source codes and expose the root cause of this vulnerability. The TKEY record... | |||
|
2017-01-17 15:01:48 | Fortinet Security Researcher Discovers Two Critical Vulnerabilities in Adobe Flash Player (lien direct) | Fortinet security researcher Kai Lu discovered and reported two critical zero-day vulnerabilities in Adobe Flash Player in November 2016. Adobe identified them as CVE-2017-2926 and CVE-2017-2927 and released a patch to fix them on January 10, 2017. Here is a brief summary of each of these detected vulnerabilities. CVE-2017-2926 This is a memory corruption vulnerability found in Flash Player's engine when processing MP4 files. Specifically, the vulnerability is caused by a MP4 file with a crafted sample size in the MP4 atom... | |||
|
2017-01-16 16:06:46 | Android Locker Malware uses Google Cloud Messaging Service (lien direct) | Last month, we found a new android locker malware that launches ransomware, displays a locker screen on the device, and extorts the user to submit their bankcard info to unblock the device. The interesting twist on this ransomware variant is that it leverages the Google Cloud Messaging (GCM) platform, a push notification service for sending messages to registered clients, as part of its C2 infrastructure. It also uses AES encryption in the communication between the infected device and the C2 server. In this blog we provide a detailed analysis... | |||
|
2017-01-16 11:09:11 | Accelerate 2017 Update General Sessions Overview – Day Two (lien direct) | The second day of Accelerate continued to raise the bar on both content and vision. Here is a quick overview of the general sessions: Opportunities – Phil Quade, Fortinet CISO Phil Quade recently joined Fortinet after three decades of service in the intelligence community, where he most recently served as the head of the Cyber Task Force at the National Security Agency. After examining key trends in the growth of cyber technologies, Phil provided the Accelerate audience with a unique view into where the accelerating transformation of... | |||
|
2017-01-12 09:13:31 | Recognizing Fortinet\'s Partner of the Year Winners (lien direct) | Fortinet just announced the winners of their annual Partner of the Year awards. 2016 continued Fortinet's growth in both revenue and market share, and saw us capture the attention of the security market with our debut of the Fortinet Security Fabric. Our thousands of dedicated partners, who work tirelessly to provide security solutions and services to their customers, has fueled this success. Which is why each year we take the opportunity to thank our entire partner community at our Accelerate conference, and to single out a handful of... | ★★ | ||
|
2017-01-11 09:08:09 | Accelerate 2017 Update General Sessions Overview – Day One (lien direct) | If anyone was unsure of Fortinet's vision for the future of the digital world, or the impact they plan to have on the cybersecurity industry, the first day of Accelerate 2017 left no doubt in anyone's mind. Network Security Evolution– Ken Xie, Fortinet Founder and CEO The morning kicked off with the primary Keynote from Ken Xie, founder and CEO of Fortinet. He started by walking everyone through the transformation of the Internet and networking over the past 40 years, and drove home a couple of critical points: 1. The... | |||
|
2017-01-10 11:57:49 | Innovation Insights: Protecting A Hyperconnected World (lien direct) | People, things, and ideas, connected together by IoT and the cloud, are driving the new digital economy. This new hyperconnected world is not only changing how companies do business, but also how people work, live, and learn. It is changing the world at an unprecedented rate. What does this hyperconnected world look like? It is estimated that by 2020 we will have deployed over 50 billion networked devices and over 20 billion connected IoT endpoints. That is about 4.3 connected devices for every person on the planet. And each of these devices... | |||
|
2017-01-10 07:12:49 | Extending the Security Fabric: FortiOS 5.6 and Intent-Based Network Security (lien direct) | The financial potential of the new digital economy is driving the rapid evolution of today's networks. For decades, the substructure of the network remained relatively unchanged: data traffic was routed from point A to point B over a predictable array of devices, cables, and ports using well established protocols and commands. Over the past couple of years, however, things have begun to change dramatically. Virtualization, Software Defined Networks (SDN), and the cloud have fundamentally changed where data is stored and how it is accessed.... | |||
|
2017-01-10 07:09:44 | Extending the Security Fabric: Refining the Security Operations Center (lien direct) | Monitoring, managing, and protecting the formless scope and scale of today's highly distributed and dynamically changing digital enterprise network is a daunting task for IT and Security Operations Teams. The proliferation of IoT and mobile devices, the convergence of IT and OT, and adoption of cloud-based networking and services is making detection and response to threats increasingly difficult, if not impossible with today's tools. When the network around you is constantly adapting to shifting demands, how do you effectively track... | |||
|
2017-01-08 07:45:54 | Welcome to Accelerate 2017 (lien direct) | Happy New Year! And for those of you heading to Las Vegas, welcome to Accelerate 2017! Every year Fortinet brings together thought leaders, technical experts, and IT professionals to share and learn the latest in network security technology. We're looking forward to welcoming over 1500 partners, users, Fortinet experts, and executives to the Accelerate conference. And for the first time, Fortinet end users have been invited to participate in this annual event. Accelerate always provides a unique opportunity to gain hands-on technical... | Guideline | ||
|
2017-01-06 10:54:59 | The Role of Endpoint Security in Today\'s Healthcare IT Environment (lien direct) | The shift towards deploying and managing a more patient-friendly healthcare environment that includes the myriad of devices being accessed by patients and employees can be very challenging, especially when it comes to endpoint security. | |||
|
2017-01-05 13:12:04 | Analysis of PHPMailer Remote Code Execution Vulnerability (CVE-2016-10033 (lien direct) | PHP is an open source, general-purpose scripting language used for web development that can also be embedded into HTML. It has over 9 million users, and is used by many popular tools, such as WordPress, Drupal, Joomla!, and so on. This week, a high-level security update was released to fix a remote code execution vulnerability (CVE-2016-10033) in PHPMailer, which is an open source PHP library for sending emails from PHP websites. This critical vulnerability is caused by class.phpmailer.php incorrectly processing user requests. As a result, remote... | |||
|
2017-01-05 08:09:42 | IoT is the Weakest Link for Attacking the Cloud (lien direct) | The cloud has seen immense growth over the last couple of years. But the security risks that arise from such a profound change are not to be taken lightly. | |||
|
2017-01-04 07:54:51 | A Multitude of IoT Operating Systems Is Bad News for the Safety of the Internet (lien direct) | Unfortunately, many IoT devices are headless, meaning that they literally cannot be patched, so other security measures will have to be developed. Until then, the Internet will face the havoc resulting from IoT-based shadownets for hire, and major DDoS attacks and Cybersecurity wars will be launched by exploiting IoT vulnerabilities. | |||
|
2017-01-03 10:56:20 | A Guide to Security for Today\'s Cloud Environment (lien direct) | Enterprises have rapidly incorporated cloud computing over the last decade, and that trend only seems to be accelerating. Private cloud infrastructure, including virtualization and software-defined networking (SDN), is in the process of transforming on-premise data centers, which host the majority of enterprise server workloads around the world. Enterprises are also embracing public clouds at an unprecedented rate, with most connecting back to on-premise environments to create a true hybrid cloud environment. For all their advantages, these accelerated... | |||
|
2016-12-29 10:56:58 | The Evolution of the Financial Services CIO Since Y2K (lien direct) | The role of the chief information officer (CIO) has undergone substantial changes in less than two decades, progressing from a rare position within an organization to the heart of the executive boardroom. The pace at which technology has evolved has driven much of this growth, and today's financial organizations now lean on their CIO to keep data safe while also keeping pace with industry advances. Let's take a look back at the evolution of security within the financial services CIO's role and some of changes that have brought... | |||
|
2016-12-28 08:07:34 | (Déjà vu) Byline: Is it Finally Time for Open Security? (lien direct) | One of the distinct advantages of working in the IT industry for over 35 years is all of the direct and indirect experience that brings, as well as the hindsight that comes with that. One of the more personally interesting experiences for me has been watching the growth and ultimate success of the Open Source Software (OSS) movement from a fringe effort (what business would ever run on OSS?) to what has now become a significant component behind the overall success of the Internet. I was initially reminded of the significance of the Open Source... | |||
|
2016-12-27 10:17:59 | Byline: Meeting The Challenge of Securing the Cloud (lien direct) | What if the data and security elements across an organization's various cloud environments were well integrated, cohesive and coherent, like a seamlessly woven fabric? Such an approach would allow companies to see, control, integrate and manage the security of their data across the hybrid cloud, thereby enabling them to take better advantage of the economics and elasticity provided by a highly distributed cloud environment. | |||
|
2016-12-22 09:31:16 | Byline: Four Things To Look For When Choosing A Financial Services Cloud Security Provider (lien direct) | Financial services organizations are shifting applications to the cloud, seeking the efficiencies and cost reductions this move holds. However, with cybercriminals eager to get their hands on financial data, security is paramount – making it more important than ever to vet cloud security providers. | |||
|
2016-12-21 10:45:46 | Byline: 4 Key Areas to Consider When Solving the Cybersecurity Talent Gap (lien direct) | Attack methods and breaching techniques are constantly evolving. Which means that finding the elusive talent to overcome present challenges is only part of the solution. Sure, we know the tried and true breach methods. But what about the attacks we don't yet know? If the method is unknown, then so is the required response. The talent shortfall, therefore, is about much more than just a limited technical pool. | |||
|
2016-12-20 09:09:30 | Making Smart Cities Safe (lien direct) | For years now, we've been hearing about “smart cities.†Cities with the ability to leverage innovative technology, and automation to optimize resources and improve services for their citizens, with the ultimate goal of making our lives better. These smart cities are no longer a distant dream of the future – they are happening now. Unfortunately, without sufficient cybersecurity, their ultra-connected nature can make these dream cities a nightmare, as the recent hack of San Francisco's Municipal Transportation Agency... | |||
|
2016-12-19 09:23:47 | Protect Your Patients with Internal Segmentation Firewalls (lien direct) | Read this post to learn more about internal segmentation firewalls and how they assist the healthcare industry in keeping patient data safe. Â This new reality is largely responsible for driving the development of a new class of security tools, known as internal segmentation firewalls (ISFWs.) ISFWs extend the functionality... | |||
|
2016-12-16 09:58:47 | WooCommerce Tax Rates Cross-Site Scripting Vulnerability (lien direct) | WooCommerce is a free eCommerce plugin for WordPress. It has been downloaded over 1 million times and over 30% of all online stores are now powered by WooCommerce. I recently discovered that WooCommerce is vulnerable to a cross-site scripting (XSS) attack. This XSS vulnerability is caused because the WooCommerce tax rates setting incorrectly processes user-supplied data. Remote attackers are tricking WooCommerce administrators into uploading a malicious CSV file that claims to provide required tax rate data for a particular country or region.. | |||
|
2016-12-16 09:54:02 | Malicious Macro Bypasses UAC to Elevate Privilege for Fareit Malware (lien direct) | To survive, Macro downloaders have to constantly develop new techniques for evading sandbox environments and anti-virus applications. Recently, Fortinet spotted a malicious document macro designed to bypass Microsoft Windows' UAC security and execute Fareit, an information stealing malware, with high system privilege. SPAM This malicious document is distributed by a SPAM email. As part of its social engineering strategy, it is presented in the context of someone being interested in a product. Fig.1 SPAM with the malicious... | |||
|
2016-12-15 08:23:29 | Public and Private Cloud Adoption - What Financial Services Need to Know (lien direct) | Read this post to learn about the benefits and challenges, as well as ways financial organizations can keep their operations secure in the cloud. | |||
|
2016-12-14 08:13:00 | Why Employees Could Be the Biggest Threat to Healthcare Data Security (lien direct) | Read this post to find out why your employees might just be today's biggest threat to healthcare data security. | |||
|
2016-12-13 09:08:10 | Byline: Enhancing Security Through Information Sharing (lien direct) | Internal opportunities for information sharing might seem obvious, but are easily overlooked. Information sharing is essential if we want to get ahead of the escalating cyberthreats today's organizations are facing. We are just beginning to learn that we can no longer afford to build network security solutions based on isolated devices that cannot share threat intelligence or coordinate a response. As networks becomes more complex and distributed, the ability to consistently secure a workload as it moves across the network from an endpoint... | |||
|
2016-12-12 08:09:51 | Byline: Don\'t Neglect Security in M&A Due Diligence (lien direct) | Look at any M&A due diligence checklist and you'll see the same things: financials, customer information, sales, real estate, intellectual property, contracts-and the list goes on. One thing you may not see is information security, and that can be a crucial mistake. Like any other critical component of running a business, security needs to be right at the top of the list for M&A due diligence. When combining two companies, they often have different and sometimes even incompatible systems and data. That can create opportunities... | |||
|
2016-12-09 09:12:30 | Research: A New Christmas Decorated Cerber Ransomware Has Arrived (lien direct) | Introduction A new unversioned Cerber has surfaced! It appears that the author(s) of Cerber is working hard to make more money during Christmas season. This latest version has relatively more changes as compared to the previous versions. The version number has now been removed from the desktop wallpapers of the infected machines, and this new Cerber release no longer has an apparent version number, which might make the tracking of the Cerber family more difficult than before. Another noticeable change is that the modified wallpaper now comes... | |||
|
2016-12-09 07:12:35 | Reading Your Tracker\'s Battery Level With a Standard Bluetooth 4.0 USB Dongle (lien direct) | Quite strangely, there is no easy way to check the battery level of your Fitbit tracker. You can configure your profile to send you notifications when the battery is low, but that's about all. As I was researching Bluetooth Low Energy (BLE), I noticed however that Fitbit trackers do offer the standard Battery Service (0x180f) along with the (standard) Battery Level characteristic (0x2a19). | |||
|
2016-12-08 09:50:08 | Research: Disassembling Linux/Mirai.B!worm (lien direct) | A few days ago, a variant of Mirai hit a German telco, forcing 900,000 customers off the Internet. The FortiGuard team has issued an AV signature for it, named Linux/Mirai.B!worm. Several binaries were found in the wild for different architectures. I'll examine the one for ARM here, as that's the architecture I'm the most familiar with. A look at the strings in the binary reveals the following: | |||
|
2016-12-08 07:37:31 | Fortifying the Smart Cities (lien direct) | San Francisco's muni fare system was recently hacked, and it turns out that intruders installed ransomware on the system, and demanded money to undo the hack. Some might ask why, despite being located amid a hub of the best brains in cyberspace, didn't San Francisco muni foresee this coming? But as the saying goes, hindsight is 20/20. A better question to ask is, why are smart cities around the world so prone to such smart attacks? And, what risks can they reasonably foresee, and how do they plan for them? Global Growth and... | |||
|
2016-12-07 18:21:25 | Research: Furtive Malware Rises Again (lien direct) | Shamoon Timeline The Shamoon virus, also known as Disttrack, surfaced for the first time back in 2012 targeting Middle East Oil companies. It leveraged stolen credentials to gain access, and then exhibited worm-like behavior to spread throughout the entire targeted network. All Shamoon attacks were clearly very carefully planned beforehand, as the attackers had to gain access to legitimate credentials before launching the attack. While most modern malware are focused on monetizing through any way possible, from bitcoin mining to the current... | |||
|
2016-12-07 08:06:47 | Q&A on Using a Real Time Sandbox to Thwart Packed Malware (lien direct) | There have been numerous cases where advanced malware has been linked to significant data breaches. Malware authors employ a variety of techniques to hide their malicious intent, including the use of packing utilities to create “packed malware.†Ladi Adefala, Senior Security Strategist at Fortinet, explains how a real time sandbox can change the game with regard to defending against these sophisticated attacks. What is Packed Malware? Packed malware is one of the most common types of advanced malware, carefully designed to evade... | |||
|
2016-12-06 18:17:16 | Deep Analysis of the Online Banking Botnet TrickBot (lien direct) | Â One month ago we captured a Word document infected with malicious VBA code, which was detected as WM/Agent!tr by the Fortinet AntiVirus service. Its file name is InternalFax.doc, and its MD5 is 4F2139E3961202B1DFEAE288AED5CB8F. Â By our analysis, the Word document was used to download and spread the botnet TrickBot. TrickBot aims at stealing online banking information from browsers when victims are visiting online banks. The targeted banks are from Australia, New Zealand, Germany, United Kingdom, Canada, United States, Israel, and... | |||
|
2016-12-06 08:54:23 | LinkedIn and Baidu Redirecting to Fat-Loss and Brain Improvement Scam (lien direct) | We recently received a URL through Skype that caught our attention. It was a link belonging to LinkedIn, with our Skype ID as a parameter at the end of the URL. https://www.linkedin.com/slink?code=e2nsPHa#jpulusiv=victimskypeid  Usually, people would be wary when they receive links that look somewhat suspicious. But this link is from LinkedIn, the world's largest networking site, so it would easy for anyone receiving this to quickly dismiss any thought of it being harmful. And the convincing personalized Skype ID at the... | |||
|
2016-12-05 18:54:15 | A Closer Look at the Mamba Ransomware that Struck San Francisco Rail System (lien direct) |  Recently, the San Francisco Municipal Transportation Agency, also known as MUNI, was attacked by a new variant of Mamba (a.k.a HDDCryptor) – a disk-encypting ransomware. The incident left their ticketing services with inoperational systems and a note that read, “You Hacked,ALL Data Encrypted,Contact For Key(cryptom27@yandex.com)†Fortinet first discovered Mamba two months ago. Since then, it has been under the radar – until this big attack. We will now take a look at a few irregularities and some new developments... | |||
|
2016-12-05 07:47:26 | Q&A: How Fortinet\'s Security Fabric Creates New Opportunity for Channel Partners (lien direct) | Joe Sykora, Fortinet Vice President of Americas Channels and Sales Operations, gives his perspective on how an integrated security architecture like Fortinet's Security Fabric creates new opportunities for solution providers. Why is the idea of a security fabric so important to network security in this current environment? These days, companies have to deal with a growing list of issues that put tremendous strain on their security capabilities, including the Internet of Things, virtualization, SDN, a growing portfolio of interactive... | |||
|
2016-12-02 14:09:38 | Cerber 5.0.1 Arrives with New Multithreading Method (lien direct) | Introduction A new update of Cerber Ransomware, Cerber 5.0.1, has just arrived, appearing shortly after Cerber 5.0.0. had been released. Cerber 5.0.1 handles multithreading differently when it comes to encrypting files, probably aiming for better performance. It also changes the instruction file name from “README.hta†to “_README_.htaâ€. The intention of this might be to avoid simple AV detection, such as checking instruction file names. The major updates in the new version are described in the following sections. New... | |||
|
2016-12-02 08:38:20 | 3 Ways Recent DDoS and Ransomware Attacks Have Put Healthcare Institutions on Alert (lien direct) | Recent DDoS and ransomware attacks have grabbed the attention of healthcare organizations around the globe. Read more to find out how. | |||
|
2016-12-01 14:21:48 | Manage Your Reputation - Ensure Data Security in Financial Services (lien direct) | Ensuring data security in financial services is critical to maintaining a positive reputation. Read this post to find out more. | |||
|
2016-11-30 16:43:14 | Bladabindi Remains A Constant Threat By Using Dynamic DNS Services (lien direct) | The Fortinet research team has been developing a industrial-grade analysis system that allows us to concentrate information from samples collected from a variety of sources. Using this tool, we recently started to see the recurrence of URLs from the domains hopto.org and myftp.biz. In most cases, each sample was connected to a unique URL in one of the domains, although we also found some samples that connected to the same URL. Figure 1. Examples of the domains and samples collected by the team's FortiGuard analysis system This... | |||
|
2016-11-30 09:39:13 | Security Leads the Way for MSO Evolution to MSP (lien direct) | Like every other service provider segment, MSOs are looking for ways to leverage recent changes in technology and customer buying patterns in order to expand their addressable market and service offerings. MSOs now have an opportunity to claim a larger share of this growing business market by providing a new set of commercial services built on a number of new technologies. With the commercial availability of SD-WAN technology, for example, MSO's now have a path to create competitive offerings that were previously confined to telecommunications... | |||
|
2016-11-29 13:33:23 | Hackathon Sophia Antipolis 2016 (lien direct) | Last Saturday evening I had the honour to chair the selection committee for a Hackathon on Security...and many connected objects. While the meaning of "security" here was very broad (it included physical security for women and for elderly people, health, computer security, etc), it was a captivating experience. The participants came up with many different ideas - with first drafts listed here - especially around social networks, collaboration, and IoT. Let me provide my insight from the perspective of a security... | |||
|
2016-11-29 12:01:52 | Fortinet Joins AWS Public Sector Partner Program to Accelerate Cloud Security for Government and SLED Organizations (lien direct) |  With the breadth of sensitive data and highly regulated workloads that government and state and local education (SLED) institutions manage comes the critical need for a cybersecurity strategy that can adapt and scale with the data, from IoT to the cloud, while adhering to regulations and compliance requirements. To meet these evolving public sector security needs, Fortinet today announced an expansion of its  relationship with AWS through its membership in the AWS Public Sector... | |||
|
2016-11-28 17:46:40 | A New All-in-One Botnet : Proteus (lien direct) | Â Introduction The ART team at Fortinet has discovered a new malware named Proteus, a multifunctional botnet written in .NET that appears to be a proxy, coin miner, e-commerce merchant account checker, and keylogger. This particular botnet is downloaded by the Andromeda botnet. The handful of malicious features densely packed in this new malware also includes the ability to drop other malware. We have compiled its main features in this brief analysis. Data Encryption All C&C communication is encrypted with a symmetrical algorithm.... |
To see everything:
Our RSS (filtrered)
