What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-09-01 18:03:00 | PowerPoint File Armed with CVE-2017-0199 and UAC Bypass (lien direct) | FortiGuard Labs recently discovered a new malicious PowerPoint file named ADVANCED DIPLOMATIC PROTOCOL AND ETIQUETTE SUMMIT.ppsx. Taking a look at the four slides of the PowerPoint Open XML Slide Show (PPSX) file, we can tell that it targets people from UN agencies, Foreign Ministries, International Organizations, and those who interact with international governments. | |||
|
2017-09-01 16:35:00 | Fortinet 361° Security Forum 2017 (lien direct) | Securing Your Digital Transformation On September 5-7, Fortinet will be hosting the 2017 361° Security Forum in Vienna, Austria. Hundreds of Fortinet partners and customers from across EMEA and SAARC will be attending this three-day conference to discuss the impact that the transition to a digital economy and new digital business models are having on organizations around the world. Digital transformation is driving sweeping changes to not only how businesses compete for customers, but to fundamental ways that organizations operate. Data... | |||
|
2017-09-01 12:12:00 | Living Securely in a Digital World (lien direct) | Over the past several months the news has been full of reports about cybercriminals using malware to shut down devices or networks, steal data, or hold it for ransom. During the second quarter of 2017, over 184 billion total exploits were documented, coming from nearly 6,300 unique exploits. This is an increase of 30% over Q1. While most of these attacks targeted large, commercial networks, there has also been a large spike in such activities targeting the devices and data of individual users. Some of these attacks, like having your... | ★★★ | ||
|
2017-08-31 12:55:00 | CIPA Compliance and Cybersecurity: You Can\'t Have One Without the Other (lien direct) | Cybersecurity measures are being adopted and fine-tuned across industries to ensure sensitive data is protected against cybercriminals and evolving attack vectors. However, some industries, such as education, are held more accountable for data protection than others. | |||
|
2017-08-30 12:55:00 | WLAN Security Challenges that Healthcare Organizations Need to Overcome (lien direct) | The healthcare industry is evolving rapidly. Doctors, nurses, and hospital staff need the most up-to-date information and technology at their fingertips at a moment's notice. While technological advances improve efficiency, patient care, and overall experience, they also bring new challenges in terms of network and WLAN security. Wireless local area networks (WLAN) are increasingly operating web-facing applications and supporting critical functions required by both new technology and user demand. This makes the wireless network a high impact... | |||
|
2017-08-29 12:50:00 | Preparing for GDPR: What the Financial Services Industry Should Know (lien direct) | Businesses around the globe are becoming increasingly data driven. This, in large part, has to do with the expectation of customization across the user experience. Financial institutions, for example, have been able to use customer data and customization to offer tailored services to their customers, such as loans or insurance, based on recent purchases or financial history. However, consumers are now being encouraged to re-take control of their own personal data. The new emphasis being placed on individual rights to data is clearly demonstrated... | |||
|
2017-08-29 07:00:00 | Why the Financial Sector Needs to Focus on Automating Threat Intelligence (lien direct) | Threat intelligence is a necessary part of threat detection, yet is often ignored. Learn why financial institutions must focus on building their architecture for automated threat intelligence. | |||
|
2017-08-28 12:05:00 | Seamless Hybrid Cloud Security is Critical for VMware Cloud on AWS (lien direct) | Our FortiGate VM for VMware Cloud on AWS features the identical FortiOS firmware and FortiGuard security services that are delivered for other hypervisors and public clouds. But because the hybrid cloud raises additional security considerations – issues that we've been talking about with customers for more than a year - a major offering like VMware Cloud on AWS really brings those requirements into sharp focus. | |||
|
2017-08-25 13:00:00 | Gartner Peer Insights for Enterprise Firewalls: See What Financial Services Leaders Are Saying About Fortinet (lien direct) | The financial services sector has unique security needs. Financial services firms are considered critical infrastructure by many governments, and therefore are bound by strict government cybersecurity regulations. They house highly personal information of their clients that has to be accurate and accessible at all times, as well as secure from new, sophisticated cyberattacks. Ensuring data security, accuracy, and compliance was simpler when there was a defined network that could only be directly accessed by bank employees. However, consumers... | |||
|
2017-08-24 13:00:00 | What Does a Ransomware Attack in Healthcare Really Cost? (lien direct) | Ransomware attacks are becoming more prolific in the healthcare sector to great cost. Learn how much ransomware really costs healthcare, as well as the best defense strategies. | |||
|
2017-08-23 13:05:00 | Deep Analysis of New Poison Ivy Variant (lien direct) | Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was being spread through a compromised PowerPoint file. We captured a PowerPoint file named Payment_Advice.ppsx, which is in OOXML format. Once the victim opens this file using the MS PowerPoint program, the malicious code contained in the file is executed. It downloads the Poison Ivy malware onto the victim's computer and then launches it. In this blog, I'll show the details of how this happens, what techniques are used by this malware, as well as... | |||
|
2017-08-23 12:55:00 | We Have Seen the Enemy, and It Is Us (lien direct) | Fortinet just released its Global Threat Landscape Report for Q2. Much of the data it provides is just what you'd expect. For example, FortiGuard Labs detected 184 billion total exploit attempts in Q2 from 6,300 unique and active exploits. Not only is this is an increase of 30% over Q1, with the growth of IoT and Shadownet resources we expect these numbers to continue to rise dramatically. In addition, 7 in 10 organizations experienced high or critical exploits during the quarter. By any measure, these are alarming numbers. | |||
|
2017-08-22 15:50:00 | The GDPR: Adding Teeth to Data Privacy (lien direct) | The Fortinet Security Fabric allows organizations to harness the collective power and intelligence of Fortinet's portfolio of security solutions to collect and correlate threat intelligence, actively detect and isolate threats, and automate a coordinated response across the entire network. Such an approach allows organizations to extend visibility deep into their infrastructure, and more importantly, into their data, so they know where it is, who and what have access to it. It also allows them to demonstrate compliance... | |||
|
2017-08-21 12:44:00 | Dissecting Our Q2 Threat Landscape Report (lien direct) | Today we released our Q2 Global Threat Landscape report for 2017. The data in our quarterly threat analysis is drawn from over 3 million network devices and sensors deployed within live production environments around the world. | |||
|
2017-08-18 13:00:00 | Gartner Peer Insights for Enterprise Firewalls: See What Healthcare Leaders Are Saying About Fortinet (lien direct) | The healthcare industry requires technology that can keep pace with the speed at which medicine is evolving in order to provide patients with the best possible care. Additionally, this technology must meet HIPAA compliance standards to secure protected health information (PHI) from the growing number cyberattacks targeting the healthcare industry. This comes at a time when more devices than ever are accessing healthcare providers' networks, including the proliferation of connected medical devices in the Internet of Medical Things (IoMT), and... | |||
|
2017-08-18 12:58:00 | The Role of E-Rate in Protecting the Digital K-12 Learning Environment (lien direct) | The K-12 learning environment has moved beyond the physical walls of the classroom thanks to behavioral shifts and digital connectivity. However, robust and speedy network services that are designed to keep student and faculty data secure come with a price tag. The cost of ongoing connectivity and keeping networks secure is a constant barrier for most school districts, but thankfully, the E-rate program gives them an opportunity to do just that. Take a look at the graphic below to see how the classroom environment has evolved, the threats... | |||
|
2017-08-17 21:37:00 | Locky Launches a More Massive Spam Campaign with New “Lukitus†Variant (lien direct) | It has just been a week since the variation of Locky named Diablo6 appeared. Now it has launched another campaign more massive than the previous. This time, it uses “.lukitusâ€, which means “locking†in Finnish, as the extension for the encrypted files. The FortiGuard Lion Team was the first to discover this variant with the help of Fortinet's advanced  Kadena Threat Intelligence System [1](KTIS) Fig. 1 Encrypted files with .lukitus extension Fig. 2 Familiar Locky ransom note Same Locky, More Spam This... | |||
|
2017-08-17 13:00:00 | Analyzing Android malware using a FortiSandbox (lien direct) | In this blog post we will analyze a couple of Android malware samples in the Android VM of the FortiSandbox. We'll also share a few interesting and useful tricks. Running a sample in the VM To run a given sample in the Android VM, you should log into the FortiSandbox, make sure an Android VM is available, and then "Scan Input" / Submit a New File. Next, if the objective is to run the malware in the sandbox, you must make sure to skip "static scan," "AV scan," and "Cloud Query"... | |||
|
2017-08-16 12:55:00 | Securing Critical Infrastructure Takes a Village…and Automation (lien direct) | Malicious cyber activity targeted at the nation's critical infrastructure – including water systems, transportation, energy, finance, and emergency services – are particularly worrisome because the interruption of those services can have devastating effects on our economy, impact the well being of our citizens, and even cause the loss of life. | |||
|
2017-08-15 14:38:00 | FortiManager 5.6: Centralized Control for Today\'s Networks (lien direct) | The Fortinet Security Fabric now allows organizations to deploy security tools across their entire distributed network, including deep into the data center and core and out to remote devices and the cloud, and then tie them together through a common, management strategy. FortiManager 5.6 provides a single pane of glass management dashboard to present consolidated monitors and controls across a wide range of network and endpoint security products, as well as critical network devices, through an intuitive and customizable dashboard. | |||
|
2017-08-15 14:35:00 | A Quick Look at a New KONNI RAT Variant (lien direct) | Â Â Â KONNI is a remote access Trojan (RAT) that was first reported in May of 2017, but is believed to have been in use for over 3 years. As Part of our daily threat monitoring, FortiGuard Labs came across a new variant of the KONNI RAT and decided to take a deeper look. KONNI is known to be distributed via campaigns that are believed to be targeting North Korea. This new variant isn't different from previous variants, as it is dropped by a DOC file containing text that was drawn from a CNN article entitled 12 things... | |||
|
2017-08-15 00:22:00 | Locky Strikes Another Blow, Diablo6 Variant Starts Spreading Through Spam (lien direct) | A few days ago, while scouring through Fortinet's Kadena Threat Intelligence System (KTIS), we found an emerging spam campaign. Initially, it was the scale that caught our attention, and then it got a lot more interesting when the payload was found out to be a new variant of the infamous Locky. | |||
|
2017-08-14 17:00:00 | The Problem With Performance Testing (lien direct) | Performance testing is used throughout our industry. It helps make decisions. It helps build infrastructure. It helps make sales. But where do we get the data for this performance testing? Should we trust it? How can we use it best? | |||
|
2017-08-14 12:58:00 | How the Healthcare Cloud is Revolutionizing Patient Care (lien direct) | There have been countless ideas about how the cloud could transform the healthcare space and patient care. As healthcare cloud adoption has grown, however, the initial focus has largely been on its ability to store massive amounts of data and expedite the exchange of patient health information. These two capabilities have primarily been harnessed through medical research and electronic medical records (EMRs). The big data analysis and storage capacity that cloud computing provides has made new forms of medical research possible, while EMRs have... | |||
|
2017-08-11 12:58:00 | The Primary Factors Driving Cybersecurity Investments in Education (lien direct) | Today’s schools are technology-rich environments. For example, they have long used internal systems to keep and track a variety of records, including the personal data of their students and faculty. Today, however, that tech infrastructure must be optimized to accommodate the shift to a new digital education model. Teachers are increasingly adopting new digital learning tools, with $9 billion being spent on K-12 digital curriculum tools in 2016. While schools often provide some devices for faculty and students, bring your own device (BYOD)... | |||
|
2017-08-10 16:00:00 | Delivering Fortinet Security to AWS GovCloud Customers (lien direct) | Fortinet and Amazon Web Services are committed to delivering world-class security to new AWS GovCloud workloads. With the continuation of our partnership in the new release of AWS GovCloud, we are now able to further protect mission-critical government workloads with six virtual security products optimized for AWS. | |||
|
2017-08-10 12:58:00 | How Your Own People Pose a Threat to Financial Services Cybersecurity (lien direct) | Because financial services organizations are at an inherently greater risk due to the sensitive nature of the data they store, and the often-monetary motivations of cybercriminals, they are keenly aware of the damage that can result from a data breach. Data shows that the financial services sector was the most frequently targeted industry in 2016, with attacks increasing 29 percent year-over-year. In light of these attacks, along with increased government regulations, financial services firms are ramping up their security measures. In fact, a... | |||
|
2017-08-09 15:06:00 | Fireside Chat with Panasonic Avionics: Talking Security for In-flight Infotainment (lien direct) | Fortinet recently talked with Michael Dierickx, director of security engineering and information security officer, about Panasonic Avionics' security priorities and the tools they use to keep customers' information safe on today's connected aircraft. | |||
|
2017-08-08 15:42:00 | Adding Web Application Firewalls to your Security Strategy (lien direct) | We are pleased to announce that our FortiWeb appliance has once again placed in the “Challenger†quadrant in Gartner's recent Magic Quadrant for Web Application Firewalls 2017 report, as well as improving our position up and to the right over 2016. | |||
|
2017-08-08 12:55:00 | Mid-year 2017 Predictions Update (lien direct) | A look back and forward for our 2017 Cybersecurity Predictions. Threats are compounding at digital speeds, while resolutions, like manufacturers building security safeguards into their products, are proceeding at a snail's pace. We need to start building security into tools and systems on day zero. We need alignment on ways to effectively see and combat new cybercrime. And we need to adopt integrated, collaborative, and automated procedures and technologies end to end to help us see and protect resources. | |||
|
2017-08-07 12:52:00 | Tornado warning: Commingling of public and IoT clouds? (lien direct) | Clouds are tricky things. It's hard to tell where the foundations of a cloud reside. You could point at the physical infrastructure. Some of the best side-channel attacks target hardware. There is the operating system that runs everything. And there is the middleware, billing, hypervisors, drivers and web front ends. The potential attack surface of a cloud service provider (CSP) or consumption market platform is gigantic. | |||
|
2017-08-07 12:50:00 | Rise of the funnel cloud: When good clouds go bad (lien direct) | In the simplest terms, the cloud allows users to store and access data and programs on someone else's hardware, usually over the internet, rather than using their local device or network resources. But it is much more than simply offsite storage. It also includes services that allow users to replicate some or all of their local environment, from running applications to designing complex infrastructures. And it needs to be able to scale to lots of users. Simply put, you do not have a “cloud†unless... | ★★★★ | ||
|
2017-08-05 12:20:00 | Analysis of New GlobeImposter Ransomware Variant (lien direct) | Over the past few days, FortiGuard Labs captured a number of JS (JavaScript) scripts. Based on my analysis, they were being used to spread the new GlobeImposter ransomware variants. | |||
|
2017-08-04 18:31:00 | How the World Wide Web Has Revolutionized Key Industries While Creating a Land of Opportunity for Adversaries (lien direct) | On the anniversary of the World Wide Web release to the public this week, we are taking a closer look at how web use has irrevocably changed and modernized some of the key industries shaping our lives today, and what this change means for our global cybersecurity. | |||
|
2017-08-04 12:58:00 | Partnering with an MSSP for a More Secure Digital Business (lien direct) | In just the past few years, network architectures have begun to evolve from traditional, point-to-point connections between controlled network devices to a highly meshed ecosystem of interconnected networks. This hyper-connected architecture of traditional, private, public cloud, and remote networks and devices is being driven by the need to leverage data as both a competitive advantage and a new profit center. It is both supported by and driving the explosive growth of mobile devices, Internet of Things (IoT) and the cloud. Data... | |||
|
2017-08-03 12:55:00 | How Financial Services Network Security Strategies Have Recently Evolved (lien direct) | Network security has become increasingly complicated for financial services providers due to the popularity of the Internet of Things (IoT) and consumer desire to access valuable data on various mobile devices. | |||
|
2017-08-02 12:58:00 | (Déjà vu) Securing the Internet of Medical Things: What to Do Now (lien direct) | Due to the sensitive information housed within medical records (Social Security numbers, addresses, medical claim data etc.), healthcare has always been one of the most frequently targeted industries by cybercriminals. Hackers who successfully steal this data can profit in a big way, as it has high value in the cybercrime black market. As digital capabilities grow within healthcare, so too do the number of vulnerabilities. This upsurge in capabilities and targets can largely be credited to the rise of the Internet of Medical Things (IoMT),... | |||
|
2017-08-01 12:57:00 | FortiCloud Now Manages FortiGate UTM Appliances (lien direct) | We are proud to announce that full cloud-based management is now available for our FortiGate UTM products through the FortiCloud services. We have seen impressive growth in the adoption of our FortiCloud solution over the past several years that has validated the value of a cloud management model for Fortinet customers. FortiCloud started 10 years ago as a cloud-based solution for log storage and analytics. Over the years, we've improved those analytics and added the ability to mass deploy devices (FortiDeploy), independently... | |||
|
2017-07-31 12:58:00 | Bringing Your Cloud Visibility Back Into Focus (lien direct) | Like data center sprawl, virtualization sprawl occurs when the numbers, locations, and functions of virtual machines distributed across a network grow to the point that they can no longer be managed effectively. As organizations continue to move applications and other core workloads into the cloud, virtualization sprawl can give way to “security sprawl†if not architected properly. In order to achieve the scale, elasticity, and efficiency benefits of the cloud, the data and security elements across all environments must be integrated,... | |||
|
2017-07-30 21:00:00 | NSE Experts Academy CTF (lien direct) | At the end of this past June, Fortinet ran the NSE Experts Academy which featured for the first time a Capture The Flag (CTF) session. We welcomed close to 60 participants, and feedback was extremely positive. We congratulate the top 2 winners, with very close scores, teams YouMayNotWannaCry and ACSN. Our CTF had two specifications: While it included challenges on Fortinet products it was not limited to them - this was not a sales session but a technical one! For instance, while we had challenges on FortiSandbox, FortiCam, and FortiGate,... | Wannacry | ||
|
2017-07-28 12:58:00 | How FortiSIEM Works to Keep Schools Safe (lien direct) | Networks used by educational institutions benefit from being open and promoting a limitless flow of information and ideas. However, much like the student-teacher relationship, the user-network relationship is one that must be built on trust. The extent of personal information and intellectual data that is often housed on these networks requires a reliable cyber security platform. That's where FortiSIEM enters the discussion. As an all-in-one platform, FortiSIEM provides networks with the opportunity to rapidly find and fix security threats,... | |||
|
2017-07-27 21:00:00 | For Cybercrime, Innovation is the Land of Opportunity (lien direct) | The first day here at Black Hat is over. On the expo floor, a number of vendors are promoting that they now provide critical threat intelligence along with the other technologies they provide. Of course, in general, this is a good thing. The biggest challenge organizations have historically faced has been a lack of visibility into their networks, especially cloud and virtualized environments. The challenge, however, is how are organizations supposed to consume, correlate, and make use of all of this information? Dozens of intelligence feeds from... | |||
|
2017-07-27 12:58:00 | Thoughts from Black Hat on Threat Intelligence and Automation (lien direct) | The biggest trend in security today seems to be information sharing. Everyone agrees that sharing threat intelligence is key to detecting and stopping attacks. The challenge isn't that there aren't enough sources for threat intelligence, but that there is simply too much information being generated, and that includes far too much redundancy. What we need an ecosystem to vet and process the information first – an information exchange and clearing house – like the cyber threat alliance (CTA) that Fortinet helped establish back... | |||
|
2017-07-26 12:58:00 | NSS Labs NGFW Report: Fortinet Receives 4th Consecutive Recommended Rating (lien direct) | One of the biggest security challenges organizations face is sorting through solutions from literally hundreds of vendors in the IT market to find the one that is going to provide them with the best protection at a cost they can afford. Each of these vendors claims to solve critical security issues, and they use volumes of white papers and marketing campaigns to promote their solutions. Of course, proper security is essential. As networks continue to expand and become more complex, organizations are increasingly reliant on effective... | |||
|
2017-07-26 12:58:00 | Evolving Towards Intent-Based Security (lien direct) | In this second installment, begun with â€The Evolution of the Firewall,†we will take a look at the direction security is headed. From its humble beginnings, the firewall has evolved through several stages of development. Its latest incarnation, built on the legacy of its first two generations, implements the strategic pillars of Segmentation, Access Control, and Real-time analytics/action to realize intent-based network security. The Three Generations of the Firewall With the advantage of looking backwards in time, it's now... | |||
|
2017-07-24 12:58:00 | The Need for Threat Intelligence (lien direct) | These are challenging times for security leaders. Business pressures require faster processing of more data, and support for more devices than ever before. Critical data that used to be housed in a secured datacenter now moves across an increasingly complex ecosystem of networked environments, including IoT, cloud, mobile devices and workers, and virtualized networks. The rate of change in some environments is so rapid that many organizations simply can't keep up. A recent Forrester survey of 342 security leaders found that the largest... | Guideline | ★★★★★ | |
|
2017-07-21 19:06:05 | The Evolution of the Firewall (lien direct) | As the Internet and Digital Economy have grown up, the humble Firewall has continued to serve as their go-to security appliance. In this first of a two-part series, we will examine how, in spite of the evolution of the Firewall through a number of shapes, functions, and roles, it remains the security foundation for implementing the strategic pillars of Segmentation, Access Control, and Real-time analytics/action now and into the future. Change is a fact of life; what doesn't change usually withers and dies. This is true for both the biological... | |||
|
2017-07-20 12:58:00 | Byline: It\'s Time to Get Serious About Web Application Security (lien direct) | As application-focused threats continue to evolve, both in number and sophistication, a single web application security device is typically not enough to defend the entire, distributed network. Instead, organizations need to consider investing in a multi-pronged web application security approach that can tie different devices together, and leverage and share intelligence across a variety of other security and network devices. It's also increasingly important to have a centralized, unified console, such as a FortiWeb Web Application Firewall. | |||
|
2017-07-19 12:58:00 | Why Top Healthcare Institutions are Moving Toward Integrated Security Solutions (lien direct) | According to a report posted by the Office of the National Coordinator for Health Information Technology, 87 percent of office-based physicians had adopted some form of electronic health record (EHR) as of 2015. This is more than double the 42 percent that had done so when data was collected in 2008. Along with an increase in EHR adoption, we have also witnessed a global healthcare revolution in data collection and research. Access to such data improves the care and quality of life of those individuals these institutions serve. The challenge... | |||
|
2017-07-18 12:58:00 | Black Hat Executive Interviews: Q&A with Phil Quade, Fortinet CISO (lien direct) | Q: You joined Fortinet recently after three decades in cybersecurity roles in government, including most recently the NSA. What has that experience taught you about the nature and scope of the threats that organizations face these days? Some people say that street cops and detectives see an especially negative view of humanity, because, more often than not, they are called to assist with an unlawful or sad situation. Similarly, coming from the foreign intelligence business, you get a first-hand view of what foreign adversaries aspire to... |
To see everything:
Our RSS (filtrered)
