What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-10-12 12:50:59 | OT and IT and Security by Design (lien direct) | Because they have traditionally had clear borders and full control of their respective areas, OT and IT people tend to be nearly as territorial as the raccoons. But as the line between IT and OTÂ continues to blur, issues arise that sometimes render these teams unable to work together to implement a common solution, such as security measures, segmentation and monitoring. | |||
|
2017-10-12 12:50:59 | OT and IT: A Fight Over the Control of Digital Ground (lien direct) | This change is also causing OT and IT to fight over the control of digital ground. While OT is growing, it is primarily growing into the spaces usually controlled by IT as it is being bolted onto the same networks that phones, routers and laptops touch. This is creating a whole range of security challenges that neither group has ever had to deal with in the past and affects the delivery of applications and information that reaches all the way into the executive suite. | |||
|
2017-10-11 18:00:59 | Executive Insights: Digital Transformation and Service Providers: A Q&A with Fortinet\'s Matt Pley (lien direct) | This week, Fortinet hosted Fast and Secure in Dallas, Texas. Almost 200 Service Providers, influencers, and decision makers attended this event to discuss the impact that the transition to a digital economy and new digital business models are having on their business. We sat down with Matt Pley, Fortinet's Vice President of Cloud, Carriers, Service Providers, & Strategic Accounts to get his key takeaways from the event. | |||
|
2017-10-10 12:50:59 | Understanding the Explosion of IoT and Its Impact (lien direct) | The Fourth Industrial Revolution is upon us, with the digital transformation of business largely consisting of automation, AI, and rapid technological innovation. Industrial processes and machines are becoming smarter and more modular. A critical enabler of this transformation is the Internet of Things (IoT). Smart, always-connected devices provide real-time contextual information with low overhead to optimize processes and improve how companies and individuals interact, work, and live. Over a million new IoT devices are connected to the Internet... | |||
|
2017-10-09 12:39:59 | Cybersecurity Needs to be Seen as a Strategic Issue, Not Just an IT Investment (lien direct) | Surveying over 1,800 IT decision makers, Fortinet found almost half believe security is still not a top priority discussion for the board. At the same time, they also strongly contend that cybersecurity should become a top management priority, with 77% of respondents indicating that the board should put IT security under greater scrutiny. | |||
|
2017-10-06 12:50:59 | Common Types of Cyberattacks in Education and What We Can Learn from Them (lien direct) | Cybercriminals have increasingly taken notice of schools and universities as profitable targets for cyberattacks. A key reason for this is the types of information schools keep on students, parents, and staff. Typically, upon infiltrating an institution's network, cybercriminals will probe for, find, and exfiltrate valuable user data. This could be anything from health records, financial information, or any other personally identifiable information, such as social security numbers. Cybercriminals typically then take this data and sell it... | |||
|
2017-10-05 12:50:59 | Ransomware: Are You Paying Attention? (lien direct) | If the news about ransomware in recent weeks hasn't gotten your attention, then maybe the fact that its threat magnitude has grown 35X over the past year will jolt you into a state of awareness. Further, ransomware isn't a threat confined to just a few industries or geographical regions; it is a global problem facing organizations-and even individuals-of all shapes and sizes. The Magnitude of the Threat Upwards of 4,000 ransomware attacks happen daily, infecting between 30,000 and 50,000 devices each month. The financial... | |||
|
2017-10-04 12:50:59 | Executive Insights: Threat Intelligence: The Fuel that Powers Cyber Defenses (lien direct) | For anyone reading the news regularly, it's not hard to grasp that cyber threats are getting more sophisticated and damaging by the day. From a security technology provider's perspective, I can add that tackling them is a fast mounting challenge for the millions of businesses that come under attack daily. Modern cybersecurity technologies – assuming you have already put in place the right professionals, policies, and processes − are a must. But organizations deploying them need to look beyond the boxes that sit on... | |||
|
2017-10-02 12:50:59 | National Health IT Week: Enabling Digital Transformation with Integrated Network Security (lien direct) | Over the past ten years, technology has transformed healthcare substantially. From electronic health records that simplify the collection and sharing of patient information, to digital consultation and other services provided remotely, to wearable connected medical devices, healthcare is becoming more accessible, accurate, and patient-focused. National Health IT (NHIT) Week, which will take place from October 2nd- 6th, is a collaborative and partner-driven event that aims to increase awareness of the many ways new health IT initiatives stand... | |||
|
2017-10-02 12:45:00 | Potential Ichitaro Phishing Vulnerability (lien direct) | The FortiGuard Labs team continually tracks phishing and spam campaigns around the world. Sending users macro-enabled documents with a malicious payload is one of the most commonly used malware attack vectors for phishing campaigns. This attack vector has been used by used by such prevalent malware families as Dridex, Fareit, and Hancitor. The key to these sorts of campaigns is luring users into clicking on a malicious file attached to an email message. As a result, malware distributors are always looking for ways to trick users into executing their... | |||
|
2017-09-29 12:50:59 | All Roads Lead to Rome: Critical Infrastructure Security at the Crossroad (lien direct) | Prosperous nations sometimes take for granted the safe and reliable critical infrastructures that underpin our economies, governments, and personal well-being. Similar to how we marvel today at the Roman Empire's aqueducts, the 3rd millennium will likely do the same with today's critical infrastructures. That is, if they don't lead to our downfall. Our Strength, Our Weakness The common understanding of the phrase 'all roads lead to Rome' is that there are many different ways to reach a goal. ... | Guideline | ||
|
2017-09-28 12:50:59 | Redefining Next Generation Firewalls (lien direct) | When the first firewalls were developed and deployed, their primary role was to act as sentinels monitoring traffic moving into, and sometimes out of the network. These devices would look at packets, network addresses, and ports to determine if data should be allowed through or blocked. A good analogy is airline travel. In the first few iterations of the firewall, data was simply checked to see if it had a ticket, and if its credentials were in order it were allowed to board the plane. Then application traffic took off, and first generation firewalls... | |||
|
2017-09-27 12:50:59 | Today\'s Best Practices for Protecting the Distributed Network (lien direct) | In the new digital economy, businesses that are able to adapt will be the most competitive and successful. This will require adopting new technologies, networking systems, and strategies. But many of the emerging technologies and strategies that are being deployed across our networks come with a set of unknowns that are having a huge impact on security. The reason is that traditional approaches to security were never really designed to protect dynamic, borderless, and hyper-connected environments. Many Factors Are in Play For example,... | |||
|
2017-09-26 12:50:00 | Benefits of Using CASBs in Financial Services (lien direct) | The financial services sector is one industry benefiting from cloud adoption, not only from the increased services they can provide consumers, but also through cloud-enabled solutions. Bank employees require access to SaaS solutions and CRMs enabled by the public cloud that simplify daily tasks, such as Fiserv and Salesforce. These solutions use cloud computing and storage to optimize operations, putting adopters at a distinct advantage in several key areas. | |||
|
2017-09-25 12:50:00 | Fortinet a Signature Sponsor at Oracle OpenWorld 2017 (lien direct) | The need for real-time access to critical data is driving today's digital transformation. The volume of data being generated, the proliferation of data mining applications, and consumer expectations about access to information are all increasing the value of data and making effective data management and orchestration increasingly critical. Which makes securing that data more important than ever. Which is why Fortinet is a Signature Sponsor at this year's Oracle OpenWorld 2017 conference, being held October 1-5 at the Moscone... | |||
|
2017-09-22 12:55:00 | Gartner Peer Insights for Enterprise Firewalls: See What Government Leaders are Saying About Fortinet (lien direct) | Government entities provide critical services that ensure stability across the nation for organizations and the population, such as transportation systems, water, energy, and healthcare. In order to provide these services, respond to queries, and react to an ever-changing global landscape effectively and efficiently, government organizations must rely on IT systems and computer networks. However, this technical infrastructure is also under constant attack from cybercriminals who range from amateur hackers and technical hacktivists to hostile... | ★★ | ||
|
2017-09-22 03:20:59 | Locky Unleashes Multiple Spam Waves with a New Variant “ykcol“ (lien direct) | While FortiGuard Labs was preparing for another presentation on our Locky research at the Black Alps cyber security conference this coming November in Switzerland, Fortinet's Kadena Threat Intelligence System (KTIS)1 caught another Locky variant using a new extension – “ykcol†or “locky†spelled backwards. Locky has been stepping up its game over the past few months after going dark during the first half of 2017. Just like the old days, this new variant is distributed through massive volumes of malicious... | |||
|
2017-09-20 18:30:00 | Evasive Malware Campaign Abuses Free Cloud Service, Targets Korean Speakers (lien direct) | Earlier this month, FortiGuard Labs researchers published findings about a malware campaign exploiting a PowerPoint vulnerability. Cybercriminals, however, are equal opportunity exploiters, so just recently an interesting targeted malware campaign was found to be using another document vulnerability. Only this time, it's a Hangul Word Processor (HWP) document leveraging the already known CVE-2015-2545 Encapsulated PostScript (EPS) vulnerability. | |||
|
2017-09-20 14:30:59 | For Cybercriminals, IoT Devices are Big Business, Part One (lien direct) | When people think of cybercrime, they tend to think of geeks in dark rooms staring into computer monitors trying to figure out some new way to infiltrate a network. And historically, that was a pretty accurate assessment. Today, however, cybercrime is a business. Cybercriminals tend to keep business hours (attack surges very often follow standard work hours), attacks are designed to generate revenue, and cost/benefit ratios are often considered when deciding who and how to attack a target. Hacker tools and malware can be custom built and... | |||
|
2017-09-20 14:30:59 | For Cybercriminals, IoT Devices are Big Business, Part Two (lien direct) | In part one of this article, Anthony Giandomenico described how cybercrime has become not only a business, but a big business, designed to generate revenue with predesigned attacks focused on attack vectors that are easy to exploit: IoT devices. Opportunity is also the land of innovation Because cybercriminals are focusing more on attacks that target critical infrastructure based on new, interconnected technologies, they don't have to spend enormous resources and development cycles on figuring out how to break into these systems... | |||
|
2017-09-20 14:00:00 | Fortinet Partner Insider (lien direct) | Network security is a complex subject that requires those in charge to stay on the lookout for the latest industry news and events. Here, you, our channel partners, will find all of the information you need to answer your current and prospective customers' questions moving into the fall. | |||
|
2017-09-20 12:45:00 | Five Cyber Threats Every Security Leader Must Know About (lien direct) | Fortinet recently identified five factors that are driving these changes in the cyberthreat landscape. Each of them makes it increasingly difficult for organizations to protect their networks, data, and communications from malicious actors. | |||
|
2017-09-19 22:30:00 | Rewriting IDAPython Script objc2_xrefs_helper.py for Hopper (lien direct) | Security researchers have identified more and more Mac OS malware attacks over the past two years. In June 2017, Rommel Joven and Wayne Chin Yick Low from Fortinet's Fortiguard Labs found and analyzed a new ransomware targeted at Mac OS.  Most malware for Mac OS was developed in the Objective-C programming language. A good introduction to reverse engineering Cocoa applications can be found here. In that blog post, the researcher released an IDAPython script named objc2_xrefs_helper.py that can only be executed in IDA Pro. As you... | |||
|
2017-09-19 17:30:00 | A Look Into The New Strain Of BankBot (lien direct) | BankBot is a family of Trojan malware targeting Android devices that surfaced in the second half of 2016. The main goal of this malware is to steal banking credentials from the victim's device. It usually impersonates flash player updaters, android system tools, or other legitimate applications. Once installed, it hides itself and then tricks the user into typing his or her credentials into fake bank web pages that have been injected onto the device's screen. | |||
|
2017-09-18 17:49:00 | A Wrap Up of ToorCon 19 at San Diego (lien direct) | ToorCon 19 San Diego was held Monday August 28th to Sunday September 3rd, 2017 at The Westin San Diego. It included three parts. The first was training workshops focused on various aspects of computer security. These took place on Aug 28-31. The second was a Seminar held on Sep 1. The third part was the formal Conference that ran from Sep 1-3. I was honored to be able to present my research, Dig Deep into FlexiSpy for Android at ToorCon 19. FlexiSpy for Android is a spy app with full IM tracking, VoIP call recording, and live call interception.... | |||
|
2017-09-18 16:00:00 | Fortinet Demonstrates Critical Security Capabilities for Hybrid Cloud Networks at Microsoft Ignite 2017 (lien direct) | Fortinet is proud to be a Gold Sponsor of this year's Microsoft Ignite conference, being held September 25-29, 2017 at the Orange County Convention Center in Orlando, Florida. This year's event is completely sold out, with over 23,000 attendees from around the world expected to participate. This year's Fortinet booth (#1907) is situated directly adjacent to the main Central Square showcase that will be featuring many of Microsoft's latest technologies. At this year's Ignite event we are featuring several demo... | |||
|
2017-09-18 15:20:00 | The Apache Struts 2 Vulnerability (lien direct) | It now appears that this crime was enabled through an exploit that targeted a Java vulnerability in Apache Struts 2, which is an open-source web application framework for developing Java web applications that extends the Java Servlet API to assist, encourage, and promote developers to adopt a model–view–controller (MVC) architecture. | |||
|
2017-09-18 12:50:00 | Adapting to the New Normal with an Informed Cybersecurity Strategy (lien direct) | As cyberattacks become more frequent and impactful, security teams and executives across industries are taking notice. With new strains of malware being constantly reported, organizations want to make sure that their security solutions, and the vendors that provide them, are adapting to defend against this new normal. To ensure they have the capability to deal with these constantly evolving attacks, customers are turning to you, their solution providers, to answer their questions and ensure there is a structured strategy in place to deal with... | |||
|
2017-09-18 03:00:00 | Integrating Artificial Intelligence into Cybersecurity: Collaboration is the Key….! (lien direct) | We have seen from the previous two posts on cybersecurity and AI the importance of using advanced technology to stay ahead of cybercriminals. But far too often, a threat transcends the capacity of one particular box, especially when it has been deployed in a discrete place in the network and has been functionally isolated from the rest of the network and other security devices. This is where Fortinet's innovations around collaboration are paramount. Regardless of the physical location of a doiscovered security event, FortiGuard Labs teams... | |||
|
2017-09-15 12:50:00 | How Can SMB Practices Improve Healthcare Cybersecurity? (lien direct) | The healthcare sector has been under increasing attack from cybercriminals with a variety of tactics and motivations. In fact, cyberattacks targeting healthcare providers increased 63 percent in 2016. The increased attention cybercriminals are giving the healthcare space is not surprising. The protected health information and other personally identifiable information (PII) that healthcare practices store about their patients is exactly the type of data that is easily monetized. Once cybercriminals breach healthcare networks and exfiltrate patient... | |||
|
2017-09-15 12:50:00 | Deep Analysis of New Poison Ivy/PlugX Variant - Part II (lien direct) | This is the second part of the FortiGuard Labs analysis of the new Poison Ivy variant, or PlugX, which was an integrated part of Poison Ivy's code. In the first part of this analysis we introduced how this malware was installed onto victim's systems, the techniques it used to perform anti-analysis, how it obtained the C&C server's IP&Port from the PasteBin website, and how it communicated with its C&C server. | |||
|
2017-09-14 23:00:00 | BlueBorne May Affect Billions of Bluetooth Devices (lien direct) | Bluetooth is one of the most widely deployed and used connectivity protocols in the world. Everything from electronic devices to smartphones uses it, as do a growing number of IoT devices. Now, a new Bluetooth exploit, known as BlueBorne, exploits a Bluetooth, making literally billions of devices potentially vulnerable to attack. BlueBorne is a hybrid Trojan-Worm malware that spreads thru the Bluetooth protocol. Because it includes worm-like properties, any infected system is also a potential carrier, and will actively search for vulnerable hosts.... | |||
|
2017-09-14 12:50:00 | Browser Extensions: A New Threat? (lien direct) | Introduction Recently, there have been a series of high profile attacks using browser extensions. Having dealt with this threat vector in the past, we here at FortiGuard Labs decided to conduct a large-scale study of browser extensions. Before diving into the results, we want to make a distinction between two seemingly similar browser technologies: browser plugins and browser extensions. Both are mechanisms that allow an end user to customize their browser to suit their needs, however there are some fine distinctions between them. The former... | |||
|
2017-09-14 12:45:00 | Power, Performance and the Cloud (lien direct) | When considering security solutions for your hybrid cloud environment, here are some critical areas to look at in terms of security performance. | |||
|
2017-09-14 03:00:00 | Addressing Security in an IoT World (lien direct) | Fortinet will be showcasing our IoT security solutions at Telstra Vantageâ„¢ at the Melbourne Convention & Exhibition Centre this coming September 20th-21st in Booth # S08. The Internet of Things (IoT) is not new a concept, yet in recent years IoT has gained mass popularity. Conversations range from how IoT can improve our daily lives to how it can improve efficiency, or innovate and transform businesses - from the services offered to improving the ways a business operates. Unfortunately, today we are being constantly confronted with... | |||
|
2017-09-13 12:50:00 | IoT Security: Trickier Than You Think (lien direct) | In the new digital economy, access to data is critical. Meeting the shifting demands of consumers, monitoring and managing critical network and system components in real time, and creating algorithms to extract meaningful information from the Big Data these devices can generate are all necessary to compete in the new digital marketplace. Part of this digital transformation is the adoption of IoT devices and networks, which continue to be deployed in networks at an unprecedented rate. | |||
|
2017-09-12 14:00:00 | IBM Bluemix Cloud Platform and Fortinet Extend Partnership for Open and Scalable Cloud Security Services (lien direct) | By accelerating application mobility across the hybrid cloud, IBM Cloud for VMware Solutions is blurring the boundaries that often distinguish the operational challenges between private and public clouds. | |||
|
2017-09-11 12:50:00 | The Value of Fortinet Products in Education: Customer Reviews in Gartner Peer Insights (lien direct) | Learn what fellow education IT professionals have to say about their experiences using Fortinet security products. | |||
|
2017-09-11 03:00:00 | Integrating Artifical Intelligence into Cybersecurity: AI and Transparency Level the Playing Field (lien direct) | In our last post we talked about some of the AI tools (AEE, AutoCPRL, etc.) that Fortinet has developed, and how the specialist teams at FortiGuard Labs around the world collaborate to detect, mitigate, and prevent threats of all shapes and sizes. But all of that happens in the background. How do these innovations and techniques translate into actionable tactics and strategies that decision-makers and CISOs can employ toda, to protect their IP, data, and networks from an increasing number of bad actors and adversaries? The key to cyber security... | |||
|
2017-09-08 22:08:00 | Seven Ways to Ensure a Data Breach Does Not Happen to You (lien direct) | While the scale of this data breach is alarming, the attack they suffered is not unique. Far too many organizations have adopted state of the art network designs and yet still rely on isolated second-generation security solutions and strategies to protect them. More than ever, security cannot be an afterthought. It requires planning, people, and processes combined with adaptive security technologies that can dynamically scale to today's digital networks and automatically respond as an integrated system to address the advanced cyberthreats. | |||
|
2017-09-08 12:50:00 | Moving to the Cloud? Top Security Factors to Consider (lien direct) | It seems like everyone is talking about moving to the cloud these days. The efficiencies, productivity, agility, elasticity, and cost savings all make a compelling case for migrating from traditional private networks and data centers to private clouds and other virtualized instances, and eventually into public and hybrid environments. Because of these advantages, government agencies and private enterprises across industries are all looking at ways to effectively embrace cloud-first strategies. I attended a security conference just a few... | |||
|
2017-09-07 12:50:00 | (Déjà vu) Security Research News in Brief - July 2017 Edition (lien direct) | Welcome back to our monthly review of some of the most interesting security research publications. July was very busy with the annual DEFCON and BlackHat US conferences, but also RMLL, the Worldwide Free Software Meeting held this year in France. Past editions: June 2017 May 2017 April 2017 March 2017 Elie Burzstein et al, How We Created the First SHA-1 collision and what it means for hash security video, DEFCON 25 slides and paper With the nickname "Crypto Girl", I obviously had to listen to this... | |||
|
2017-09-07 12:50:00 | Adapting Network Security for DevOps in Financial Services (lien direct) | The financial services sector is expected to continue to deliver new, customer-driven and business-critical capabilities as they continue their transition to a digital business model. For example, customers have come to expect to be able to access and make changes to their financial information online and through mobile web applications. Additionally, consumers now expect more customized services from banks and financial services firms, which means these financial institutions must collect and process data about their users to offer tailored products... | |||
|
2017-09-06 12:50:00 | FortiDDoS Launches Support for FortiGuard Domain Reputation Service for IoT and Botnet Based DDoS Attack Mitigation (lien direct) | The FortiGuard Domain Reputation Service License for FortiDDoS is yet further ammunition to use against the growing threat of the IoT and botnet attacks, which are easier than ever to launch due to proliferation of open source code for such attacks, and growing availability of vulnerable devices. | |||
|
2017-09-06 12:50:00 | Preparing Your Customers for the Digital Transformation with Fortinet (lien direct) | There are countless examples of companies and industries that failed to adapt to technological disruptions at their outset, and as a result have become obsolete. When was the last time you left your home to rent a movie? Fifteen years ago, Blockbuster was a movie rental giant. However, they did not adapt well to the demands of the digital age. Companies like Netflix created online portals and shipped movies to customers, and then moved to online streaming. By the time Blockbuster got on board with this digital shift, it was too late. Today, the... | |||
|
2017-09-06 02:00:00 | A wrap up of HITCON 2017 (lien direct) | The 13th annual Hacks In Taiwan Conference (HITCON) took place August 25th and 26th at Academia Sinica, Taiwan's national academy located in Taipei. Elite cyber security researchers from across the world gather at this annual conference to share their research and exchange ideas about the global threat landscape. Approximately 1000 people registered for the conference and, according to one of the HITCON crewmembers we met, one third of the attendees were undergraduates and fresh graduates. This is a good sign, given... | |||
|
2017-09-05 15:30:00 | Rehashed RAT Used in APT Campaign Against Vietnamese Organizations (lien direct) | Early last week, FortiGuard Labs came across several malicious documents that exploit the vulnerability CVE-2012-0158. To evade suspicion from the victim, these RTF files drop decoy documents containing politically themed texts about a variety of Vietnamese government-related information. | |||
|
2017-09-04 03:00:00 | Integrating Artificial Intelligence into Cybersecurity: Protecting IP, Data, and Networks with AI (lien direct) | In recent years we have seen a surge in the way companies have leveraged technology to drive new revenue streams and create a unique competitive advantage in the marketplace. The companies that have been the most successful are the ones using Artificial Intelligence (AI). AI is already being used by hundreds of companies all over the world. We have seen retailers being able to predict what their customers will order based on their previous order history, automobile manufactures using car data to provide a better driving experience, and even locally... | |||
|
2017-09-01 18:03:00 | PowerPoint File Armed with CVE-2017-0199 and UAC Bypass (lien direct) | FortiGuard Labs recently discovered a new malicious PowerPoint file named ADVANCED DIPLOMATIC PROTOCOL AND ETIQUETTE SUMMIT.ppsx. Taking a look at the four slides of the PowerPoint Open XML Slide Show (PPSX) file, we can tell that it targets people from UN agencies, Foreign Ministries, International Organizations, and those who interact with international governments. | |||
|
2017-09-01 16:35:00 | Fortinet 361° Security Forum 2017 (lien direct) | Securing Your Digital Transformation On September 5-7, Fortinet will be hosting the 2017 361° Security Forum in Vienna, Austria. Hundreds of Fortinet partners and customers from across EMEA and SAARC will be attending this three-day conference to discuss the impact that the transition to a digital economy and new digital business models are having on organizations around the world. Digital transformation is driving sweeping changes to not only how businesses compete for customers, but to fundamental ways that organizations operate. Data... |
To see everything:
