What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-11-09 13:50:59 | What Education IT Professionals Can Learn at the 2017 CETPA Annual Conference (lien direct) | The 2017 CETPA Annual Conference will be held from November 14th– 17th at the Pasadena Convention Center. Fortinet is excited to be sponsoring and attending this event. We encourage attendees to visit with our team at booth number 423. Additionally, Fortinet will be participating in multiple events and presentations to inform education IT professionals of best practices for securing their networks in the evolving threat landscape and protecting personal data with increased network visibility. | |||
|
2017-11-09 13:50:59 | How Sutton\'s Law Applies to Cybersecurity Today (lien direct) | In my previous article, I raised a red flag about the diminishing practical returns of “mom and pop†threat research as a proxy for mitigating vulnerabilities and bad consequences. Threat assessment is often both difficult and incomplete, and sometimes best left to those who have timely access to the best possible data (and the even then, left to those with the military and intelligence means to act on it). In that piece, I also begged an obvious question. If chasing threats are not the best allocation of an organization's... | |||
|
2017-11-09 13:50:59 | (Déjà vu) Fortinet Fabric-Ready Partner Spotlight: Q&A with Mykola Konrad Vice President, Product Management at Ribbon Communications (lien direct) | Fortinet spoke with Fabric-Ready Partner, Ribbon Communications to learn what's top of mind for its customers, the key IT challenges they are facing and how Versa Networks' approach to integrated security is helping drive business and customer success. The Fortinet Fabric-Ready Partner Spotlight is a series of blogs that highlights the great work and achievements of Fortinet's Fabric-Ready technical partners. Tell us a bit about Ribbon's business and the types of customers that you serve. Ribbon is a company... | |||
|
2017-11-09 12:50:59 | Partner Insider: NSE Training Certifications, FortiSandbox 2000E Recognized (lien direct) | Although the calendar year is winding down, Fortinet and partners continue to sharpen security practitioner skills through training, along with applying Fortinet products and services to meet current and evolving cyber security challenges. As Fortinet advances on the knowledge and solutions fronts, independent industry observers increasingly recognize Fortinet's industry leadership credentials. Read more below for the latest news, resources, and events for partners. | Guideline | ||
|
2017-11-09 12:50:59 | Potential Malware Campaign Targeting JustSystems Ichitaro Users (lien direct) | Recently, we came across some interesting samples in jtd format, which is the file format used by JustSystems Ichitaro. The following is a quick primer for readers who are unfamiliar with the Japanese market. | |||
|
2017-11-09 12:50:59 | (Déjà vu) Security Research News in Brief - October 2017 Edition (lien direct) | Welcome back to our monthly review of some of the most interesting security research publications. | |||
|
2017-11-08 13:50:59 | Securing Evolving Cloud Networks (lien direct) | The growing need for on-demand network and compute resources is outpacing available internal resources, even in private cloud environments, and is driving organizations to the public cloud. According to IDC, 75% of organizations are currently implementing or considering the implementation of public cloud resources, and they predict that 50% of enterprise workloads will migrate to the public cloud by 2018. This new shared infrastructure approach comes with significant security challenges, including creating and maintaining a consistent... | |||
|
2017-11-08 13:50:59 | Helping Your Customers Minimize Security Sprawl and Achieve Defense in Depth (lien direct) | Today, your customers' IT teams have to be aware of the movement and storage of valuable data across multiple applications, networks, devices, and virtual environments. In order to ensure data security and achieve defense in depth, there are many processes they must carry out, such as: Monitoring the movement of data to ensure that only authorized users are accessing it. Watching out for unusual behavior that might indicate a breach. Staying aware of the latest vulnerabilities, malware strands, and other attack vectors to ensure... | |||
|
2017-11-08 12:50:59 | The Strange Case of Play Policy for Copyright and Security (lien direct) | Recently, the FortiGuard Labs team noticed that one of the most successful applications on the market, “WhatsApp Messenger†developed by “WhatsApp Inc.â€, has been the target of a lot of attention by scammers and criminals alike. | |||
|
2017-11-07 15:45:59 | When It Comes to Intrusion Prevention, FortiGate IPS Stands Alone in the IPS Market (lien direct) | Fortinet takes industry recognition and evaluations seriously, and we were very pleased when in their 4th Next Generation Intrusion Prevention System (NGIPS) Test Report and Security Value Map NSS Labs rated Fortinet FortiGate IPS as “Recommended,†their somewhat understated way of according a product their highest rating. | |||
|
2017-11-07 13:50:59 | 3 Must-Haves for IoT Security: Learn, Segment & Protect (lien direct) | Digital transformation is rapidly reshaping industries, generating explosive productivity growth, and creating entirely new business models. The Internet of Things (IoT) is an important technology pillar in today's digital transformation process, as connected devices are able to collect unprecedented volumes of information, enabling data-driven decision making for better business outcomes and improved quality of life. From consumer to corporate, local to global, we are an increasingly interconnected digital society. IoT networks... | |||
|
2017-11-06 13:50:59 | The Future of Cybersecurity Part I: The Problem of Complexity (lien direct) | It seems like CSOs are always seeing flashing red lights on their security dashboards these days, warning them of another breach or risk of compromise. There are so many security events happening day in and day out that it's difficult to decide what's the top priority. That's a good metaphor for the state of cybersecurity efforts across the globe – we're in a constant state of flashing red. That is, if we even see the attack coming, which we increasingly don't. Recent breach disclosures, once again, show that... | |||
|
2017-11-06 13:50:59 | The Future of Cybersecurity Part II: The Need for Automation (lien direct) | The growing complexity of today's networks and the growing sophistication of today's threats has outpaced the ability of most traditional security devices to keep up. Until now, the approach of far too many IT teams has been to simply throw more money at the problem by adding yet another device into their security wiring closet. Billions have been spent on this approach every year for decades, and we really don't have much to show for it. If cybersecurity is an arms race, the good guys aren't winning. Instead, security... | |||
|
2017-11-06 12:50:59 | T2\'17 InfoSec Conference in snowy Helsinki (lien direct) | The T2 2017 conference took place on October 26 and 27, 2017 at the Radisson Blu seaside hotel in Helsinki, Finland. As in every edition, a CTF (Capture The Flag) competition is organized prior the conference, with the winner receiving a free ticket. This year, a private bug bounty was held by LähiTapiola, a well-known insurance company in Finland, under the supervision of T2 organizers through the HackerOne platform. As there were zero submissions, it was decided to reward Harri Kuosmanen, who was the LähiTapiola HackDay CTF winner. The... | |||
|
2017-11-03 12:50:59 | Financial Services Cybersecurity: Addressing the Horizontal Attack Surface (lien direct) | With industry-specific compliance requirements driving security spending and deployment, it's natural to assume that best practices for securing access to sensitive data are different from vertical to vertical. However, that assumption may be changing. | |||
|
2017-11-02 12:50:59 | Getting a Firsthand Understanding of Healthcare Cybersecurity Challenges (lien direct) | Fortinet recently hosted nine information security and healthcare IT leaders at its Healthcare Advisory Board Meeting in Miami. Over the course of the two-day event, leaders from Fortinet met and collaborated with these members of the healthcare information security community to get a full understanding of the cybersecurity challenges they face every day on the frontlines of protecting critical patient information and proprietary medical research. This is an exciting and challenging time in the healthcare technology industry. Technical innovations... | Guideline | ||
|
2017-11-02 12:50:59 | (Déjà vu) Security Research News in Brief - September 2017 Edition (lien direct) | Welcome back to our monthly review of some of the most interesting security research publications. | |||
|
2017-11-01 12:50:59 | FortiSandbox 2000E Earns Coveted NSS Recommended in Latest Breach Detection System Public Test (lien direct) | Fortinet participated in the NSS Labs 2017 Breach Detection System (BDS) group test and was awarded a Recommended rating for its latest FortiSandbox 2000E appliance introduced in the second half of 2017. | |||
|
2017-10-31 12:55:59 | Executive Insights: A Q&A with Fortinet Channel Chief Jon Bove (lien direct) | Jon Bove recently rejoined Fortinet as vice president of channel sales. We sat down with Jon to get his perspective on his new role and learn about what he envisions for partners going forward with Fortinet. | |||
|
2017-10-30 12:55:59 | How Federal Agencies Can Use FortiMail to Comply with BOD-18-01 (lien direct) | On October 16th, the U.S. Department of Homeland Security (DHS) announced its intention to have all federal agencies revamp their email security protocol. The Binding Operational Directive (BOD-18-01) will require all federal agencies to deploy STARTTLS, Secure Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) within three months of the directive's announcement. While having these email security features enabled is generally considered to be a cybersecurity... | |||
|
2017-10-30 12:55:59 | Best Practices to Help Safeguard Your Organization for the Internet of Things. (lien direct) | Today, the billions of online IoT devices present an even more daunting challenge because they generally don't receive the level of control, visibility, and protection that traditional systems receive. Coupled with widespread automation-based attacks, the potential for damage is even greater. Recent developments, outlined below, reveal why it's time to take IoT security seriously. | |||
|
2017-10-30 12:00:59 | Fortinet A Premier Sponsor of AT&T\'s Inaugural \'The Summit\' Event (lien direct) | Fortinet is a Premier Sponsor of The Summit, the inaugural AT&T Business event that is bringing together 2500 thought leaders, influencers, and customers for three days to be inspired and informed about the future of technology and how it impacts the world. This premiere event is being held from October 30-November 2, 2017 at the Gaylord Texan Resort in Dallas, Texas. | Guideline | ||
|
2017-10-29 16:00:00 | Evasive Sage 2.2 Ransomware Variant Targets More Countries (lien direct) | FortiGuard Labs just recently found new Sage ransomware samples that, while they appear to still be Sage 2.2, now have added tricks focused on anti-analysis and privilege escalation. In this article, we will share our findings of these recent updates. | |||
|
2017-10-27 12:55:59 | Protecting Higher Education Networks with Secure Access Architecture (lien direct) | Colleges and universities have unique wireless network and security needs. They are typically densely-populated and highly-collaborative environments. Students and faculty alike rely on a consistent wireless connection that allows them fast and constant communication with each other across campuses and buildings. They require access to various online resources and publications to conduct research for assignments and lesson plans, as well as access to various applications and software solutions to record, present, and share their findings. Furthermore,... | |||
|
2017-10-27 12:50:59 | Why ICSA Advanced Threat Defense for Email is So Important (lien direct) | Verizon's 2017 Data Breach Investigations Report found that two-thirds (66%) of all installed malware that successfully made its way past established defenses were delivered by email. This is particularly concerning as our weekly FortiGuard Labs Threat Intelligence Brief lists ransomware downloaders –typically delivered via email – as consistently among the top 5 pieces of malware in most weeks. {Update chart and excerpt closer to publication date} The reality is that while brand new attacks like WannaCry and Petya... | Wannacry | ||
|
2017-10-26 13:50:59 | CHIME 17 Event Preview: Understanding Your Patients\' Cybersecurity Concerns (lien direct) | Healthcare and IT are becoming increasingly intertwined as technology enables patient-centric care, more efficient hospital workflows, and greater visibility into effective treatment plans through data analytics. Moreover, as digital transformation initiatives take effect across industries, increased technical capabilities will be necessary to remain competitive. This exciting technical innovation in the healthcare space coincides with a higher volume of health-focused cyberattacks and a cybersecurity skills gap that has made it difficult to... | |||
|
2017-10-26 12:50:59 | Food Services Giant Moves Securely to the Cloud Over a Single Weekend (lien direct) | When one of the world's largest food services companies needed a better way to connect its vast distributed network of operations, it turned to Microsoft Azure and Fortinet to "move the entire organization to Azure on a single weekend morning: no issues, no downtime, no fuss!â€Â The company is a top 5 global food services company that provides food and beverage services for schools, hospitals, and major public venues in dozens of countries. | |||
|
2017-10-25 16:55:59 | The DUHK Vulnerability (lien direct) | There have been some news items floating around the Internet discussing a weakness in the ANSI X9.31 random number generator (RNG) known as DUHK (for Don't Use Hard-coded Keys) that had affected older FortiGate devices. An update was issued more than a year ago when the flaw was first announced to Fortinet. | |||
|
2017-10-25 16:50:59 | Tracking the Bad Rabbit (lien direct) | A new ransomware campaign dubbed “Bad Rabbit†has hit a number of high profile targets in Russia and Eastern Europe. First detected on October 24th, 2017, Bad Rabbit was originally detected in Russia and Ukraine, along with a small number of infections reported in parts of eastern Europe, Turkey, and Germany. However, the attack now appears to be spreading to other regions, including reports from South Korea and the US. | |||
|
2017-10-25 12:50:59 | Threat Information Sharing Can Change the Security Landscape (lien direct) | To further expand and solidify the power of threat information and intelligence sharing, specialists, researchers, and consumers of threat intelligence are gathering at the annual CyberNext DC on October 25, 2017. The Cyber Threat Alliance, the Coalition for Cybersecurity Policy and Law, and the National Security Institute are this year's conference sponsors. Keynotes will be delivered by Ron Johnson, US Senator from Wisconsin and Senate Homeland Security chair, and Michael Daniel, President & CEO of the Cyber Threat Alliance. | |||
|
2017-10-25 11:50:59 | The Analysis of Apache Struts 1 ActionServlet Validator Bypass (CVE-2016-1182) (lien direct) | Apache Struts 1 ValidatorForm is a commonly used component in the JAVA EE Web Application that requires validated form fields input by a user, such as a login form, registration form, or other information form. By configuring the validation rules, Apache Struts can validate many different kinds of fields - username, email, credit card number, etc. However, a bug in Apache Struts 1 can be used to manipulate the property of ValidatorForm so as to modify the validation rules, or even worse, cause a denial of service or execute arbitrary code in the... | |||
|
2017-10-25 11:50:59 | The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899) (lien direct) | Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data. | |||
|
2017-10-24 13:50:59 | Cloud Migration a Challenge to Many (lien direct) | The number one challenge identified by Federal agencies in migrating to the cloud is expanding security measures and policies to cover cloud environments. To date, confidence is hard to find. Only 35% of Federal IT leaders believe that the security of their existing private cloud environments is excellent, and this drops to 21% for public cloud. They have similar concerns for the security of data that has to move between physical and virtual environments. | Guideline | ||
|
2017-10-24 12:50:59 | Fortinet Named to Inaugural Fortune Future 50 List (lien direct) | Fortinet has been listed in the inaugural Fortune Future 50 list, a new ranking of elite companies best positioned for breakout growth. Produced in partnership with BCG, the rankings were determined based on the analysis of 15 years of financial results from 2,300 publicly traded U.S. companies as well as over 70,000 10-K reports. This analysis was conducted using an advanced AI algorithm designed to assess an organization's long-term orientation, their emphasis on things such as adaptation and sustainability, their market potential combined... | |||
|
2017-10-23 12:50:59 | Executive Insights: Managing Risk Demands a Security Fabric Approach (lien direct) | As we become even more integrated and interconnected, we need better ways to manage complexity. One way to accomplish this is through integration and automation for better visibility and control – especially in highly elastic environments. As a result, we're seeing a need to move away from isolated point defense systems like individual firewalls and intrusion detection systems, to a more comprehensive risk-management framework that weaves disparate security devices into a single, holistic security fabric.  | |||
|
2017-10-23 12:50:59 | Off to the Academy – The Fortinet NSE Xperts Academy (lien direct) | We sat down with Richard Armstrong, VP of Solutions Engineering, Fortinet, to learn more about the NSE Xperts Academy taking place this week and the role it has for our valued partners in this industry context. | |||
|
2017-10-20 12:50:59 | You Don\'t Need a Weatherman to Know Which Way the Wind Blows (lien direct) | Over the past month, we have all watched with dismay as the islands of the Caribbean and coasts of Texas and Florida were hit with devastating rains and high-speed winds. In the days leading up to the storms' landfalls, some of the most talented scientific minds deployed astounding levels of technology to assess and communicate the severity of the approaching threats-despite the fact that severe weather is notoriously unpredictable, with inherent uncertainty that makes truly accurate assessment of the threat nearly impossible. In... | Guideline | ||
|
2017-10-20 12:50:59 | Channel Partners: Welcome Back Jon Bove (lien direct) | The strong ties between Fortinet and its channel partner community account for much of the value Fortinet delivers to customers, end users, and the world at large. Seeking to increase the amount of news about partner activity and initiatives, we are launching a bi-weekly blog post series. | |||
|
2017-10-19 16:50:59 | (Déjà vu) Security Research News in Brief - August 2017 Edition (lien direct) | Welcome back to our monthly review of some of the most interesting security research publications. | |||
|
2017-10-19 13:50:59 | Cryptojacking: Digging for your own Treasure (lien direct) | Do you ever feel the Internet is especially slow these days? Or do you ever wonder if maybe it's just your computer that's getting slower? Don't rush to the IT shop to buy a new computer yet … you may have been a victim of a new trick used by malevolent hackers called browser “cryptojacking.†What is cryptojacking? It's a trick used to mine cryptocurrencies on your computer using your CPU resources in the background without your knowledge. All that a cybercriminal has to do is load a script... | |||
|
2017-10-19 13:50:59 | A 14-day Journey through Embedded Open Type Font Fuzzing (lien direct) | One of our daily routines as researchers here at FortiGuard Labs is to write and maintain our internal fuzzers to help us more effectively find potential vulnerabilities on different software products. In this blog post we would like to share how we discovered multiple Embedded Open Type (EOT) font vulnerabilities by using a combination of dumb and intelligent open source fuzzers. | |||
|
2017-10-19 12:50:59 | Implementing Security with Digital Transformation Initiatives (lien direct) | Fortinet's Vice President of Strategic Programs, Jonathan Nguyen-Duy, recently hosted a webinar called “Implementing Security with Digital Transformation Initiatives.â€Â This talk touched on why digital transformation is so crucial across industries, as well as the technological capabilities organizations need to adopt in order to ensure a successful digital transformation.  | |||
|
2017-10-18 12:50:59 | Ensuring Cloud Cybersecurity at the Rate of Cloud Adoption (lien direct) | In an effort to meet consumer demands and business needs, moving business-critical infrastructure and operations over to cloud environments is becoming less of an option and more of a requirement. Recently, we wrote about the digital transformation that will, sooner rather than later, be adopted by our channel partner's clients. This transformation will be focused on enabling business operations and consumers with such things as big data analytics, IoT devices, and new technology that is faster and more agile than ever. The ability to offer... | |||
|
2017-10-17 12:50:59 | How to Achieve Automated, Intelligence-Driven Security (lien direct) | Over the last couple of years, cyberattacks have evolved in both scale and effectiveness, affecting organizations across all industries and geographic regions. Successful cyberattacks are a growing industry-wide problem in spite of billions being spent on cybersecurity solutions. Part of the reason is that new techniques- and in fact a mature supporting cybercrime ecosystem- for penetration and evading detection have reduced the effectiveness of many traditional defenses. The lingering effects of a successful attack often have devastating consequences,... | |||
|
2017-10-16 13:50:59 | WPA2 Has Been Broken. What Now? (lien direct) | On Monday morning it was announced that WPA2, WiFi's most popular encryption standard, had been cracked. A new attack method called KRACK (for Key Reinstallation AttaCK) is now able to break WPA2 encryption, allowing a hacker to read information passing between a device and its wireless access point using a variation of a common – and usually highly detectable – man-in-the-middle attack. If successful, this vulnerability can potentially allow a hacker to spy on your data as well as gain access to unsecured devices sharing the... | |||
|
2017-10-16 12:50:59 | How Vendors Can Partner with Education to Narrow the Skills Gap: A Call to Action (lien direct) | In light of today's huge skills gap, security professionals have an obligation to mentor the next generation. Employees of cybersecurity vendors can help shrink the gap by volunteering their time in the classrooms, from elementary school through college. The knowledge and experience of front-line professionals is invaluable, whether to explain to first-graders what malware is or to steer college students toward the right classes to give them a strong foundation for a cybersecurity career. The problem is bigger than any one vendor or educational | |||
|
2017-10-15 12:50:59 | Join Fortinet at the 2017 Internet2 Tech Exchange Where Industry Experts Will Bring Wisdom to Automation (lien direct) | From October 15th – 18th, the 2017 Internet2 Technology Exchange will take place in San Francisco, CA. The Technology Exchange brings together leaders from the research, education, and technology communities to discuss and find solutions to the technical challenges that threaten the missions of their organizations. The robust Internet2 community comprises 317 US higher education institutions, 81 leading corporations, 64 affiliate and federal affiliate members, 43 regional and state education networks, and more than... | Guideline | ||
|
2017-10-13 12:50:59 | Securing Legacy IT Systems from Modern Application Threats in the Financial Sector (lien direct) | The rhetoric surrounding mainframes and their uses in modern enterprises tends to be largely negative. Mainframes are seen by many as outdated legacy IT systems that are, or will be, obsolete in the near future as businesses increasingly move to the cloud. However, these notions are one-sided. The reality is that mainframe computing remains alive and well within many infrastructure-critical industries, including some of the largest organizations in the world. It's reported that 71 percent of Fortune 500 companies still run much of their... | |||
|
2017-10-13 12:50:59 | Minimizing Cyber Risks as Healthcare Providers Increase Technology Use (lien direct) | The healthcare sector has undergone dramatic changes in the past several years, primarily spurred by the adoption of new medical technology. Beginning with the adoption of electronic health records (EHRs) and continuing on into the increased use of medical applications, online patient portals, connected devices, and wearables, the healthcare sector has been capitalizing on digital advancements to improve overall patient experiences and outcomes. This effort has been well received by patients and physicians alike, as it simplifies communication... | |||
|
2017-10-12 12:54:00 | PDF Phishing Leads to Nanocore RAT, Targets French Nationals (lien direct) | Recently, FortiGuard Labs found a phishing campaign targeting French Nationals. In this campaign, a PDF file with an embedded javascript is used to download the payload from a Google Drive shared link. As it turns out, the downloaded file is an HTA (HTML Application) file, a format that is becoming more and more common as a malware launch point. It is usually used as a downloader for the actual binary payload. However in this campaign,... |
To see everything:
