What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-12-08 13:45:59 | Market Segments Feel the Impact of GDPR (lien direct) | At the end of the day, complying with GDPR may very well simply turn out to be the right thing to do to protect the privacy and interests of all of an organization's stakeholder communities. As a society, we simply can't go on shrugging off data breaches that harm millions of people, often on multiple occasions in their lifetime. | |||
|
2017-12-07 16:45:59 | A Peculiar Case of Orcus RAT Targeting Bitcoin Investors (lien direct) | FortiGuards Labs has spotted a new phishing campaign that targets bitcoin investors by offering Gunbot, a relatively new bitcoin trading bot application. However, instead of being a tool designed to ensure more profit, it serves an Orcus RAT malware that result in the loss of investments and more. | |||
|
2017-12-07 13:45:59 | Executive Insights: The Evolution of Threat Intelligence (lien direct) | The entire security arms race between IT professionals and cybercriminals is really about one side constantly trying to outsmart the other. Security isn't just about tools. It's also about the intelligence that powers them. Which is why when we started Fortinet 16 years ago we were every bit as committed to developing security intelligence and research solutions that were as innovative as the technology we were developing. | |||
|
2017-12-07 12:45:59 | Ph0wn: The 1st CTF of Smart Devices is Over! (lien direct) | Ph0wn, a CTF dedicated to smart devices, is over! It was a real success, with ~70 participants for this first editions. 16 teams of (a max of) 5 lined up for the competition. 11 teams managed to score in at least one challenge - we are sorry for the 5 remaining teams, but hope they had fun nevertheless. Of course, we congratulate the top 3 teams, who deserved their drone & raspberry pi gaming kits as prizes. We would also like to extend congratulations to all participants. We enjoyed the team spirit as well as... | |||
|
2017-12-06 13:45:59 | The Importance of Operational Technology (OT) Systems to Maintain a Secure Standard of Living in Today\'s Modern Society (lien direct) | The Operational Technology (OT) networks (such as industrial control and supervisory control and data acquisition systems [ICS/SCADA]) that run today's modern society are a collection of devices designed to work together as an integrated and homogenous system. If one of these systems fails, it can have a catastrophic domino effect. For example, electricity requires telecommunications to transfer information on wheeling power from the electrical grid. | |||
|
2017-12-06 13:45:59 | Securing Customers\' Physical and Virtual Networks with a SIEM Platform (lien direct) | To keep up with this threat landscape, your customers' IT teams require security solutions that can provide real-time visibility into network activity and regulatory compliance, as well as automatically initiate a response to security events, to increase the overall efficiency of IT management teams. In order to effectively manage network security, compliance, and performance, your customers should consider implementing a SIEM (security information and event management) solution that features automation, scalability, and actionable intelligence | |||
|
2017-12-05 13:45:59 | Executive Insights: Changing Cybersecurity Regulations that Global Financial Services Firms Need to Know About (lien direct) | Globally operating financial services firms have to be aware of new cybersecurity regulations and how they affect their business in order to navigate data rules and remain compliant, especially as they conduct business across borders. Compliance is especially crucial as the punishments for noncompliance typically include large fines. Below are some of the most recent implemented or proposed cybersecurity regulations that will affect financial services firms. | |||
|
2017-12-05 13:30:59 | Multiple Plone Cross-Site Scripting Vulnerabilities (lien direct) | Plone is a free and open source content management system, and is ranked among the top 2% of all open source projects worldwide. More than 350 solution providers in more than 100 countries currently support it. The project has been actively developed since 2001, is available in more than 40 languages, and has the best security track record of any major CMS. The users (https://plone.com/about/they-use-plone) include the Federal Bureau of Investigation (FBI), the Central Intelligence Agency (CIA), the Intellectual Property Rights Center, and so on. Earlier... | |||
|
2017-12-04 13:50:59 | Public Cloud Security: Making It a Business Enabler (lien direct) | In general, if a cybercriminal is able to successfully launch an attack at an owner-operated IT infrastructure, they can also launch one at a cloud service provider. In fact, public cloud services have become highly attractive targets for cybercriminals. For them, breaking into a cloud service is like merging onto a superhighway that can deliver their little bundles of evil far and wide, potentially impacting hundreds or thousands of organizations with a single strike. | |||
|
2017-12-04 13:45:59 | Q&A with Bob Fortna President of Fortinet Federal Inc (lien direct) | Bob Fortna joined Fortinet as president of Fortinet Federal Inc. earlier this year. We sat down with Bob to get his perspective on his new role and learn about what he envisions for Fortinet in supporting Federal agencies and partners. Â As the Fortinet Federal Inc. leader, what do you see as the company's role as a Federal agency partner? As prime targets for the most sophisticated adversaries seeking to impact national security, public safety, and civilian services, Federal Government agencies require the most comprehensive... | Guideline | ||
|
2017-12-02 15:50:59 | PowerDNS Recursor HTML/Script Injection Vulnerability – A Walkthrough (lien direct) | PowerDNS Recursor is a high-end, high-performance resolving name server that powers the DNS resolution of at least a hundred million subscribers. The “Recursor†is one of two name server products whose primary goal is to act as resolving DNS server. On Aug. 7, 2017, I reported an XSS (cross-site scripting) vulnerability to PowerDNS and its Security Team. They assigned it the identifier CVE-2017-15092. In this report I will explain how I was able to identify and trigger the vulnerability. | |||
|
2017-12-01 13:45:59 | Symbiotic Security in Healthcare (lien direct) | If healthcare providers can't figure out how to safely adopt IoMT and operate in the digital age, they won't survive. One of the benefits of consolidations, mergers and acquisitions is that the acquiring practice is oftentimes now acting as a SaaS provider for the smaller, acquired practice – including providing cybersecurity. Because networks are more complicated than ever before, security is only as strong as its weakest link. | |||
|
2017-12-01 13:45:59 | E-Rate Program: What You Should Know When Filing (lien direct) | Having secure, reliable access to the internet is no longer an option. It's necessary. This is especially true for schools, as curriculum and resources are increasingly moving online and cyberattacks are becoming more frequent. In fact, data shows that 141 US school districts have reported one or more cyber incidents since 2016. To meet these needs, K-12 schools and districts across the United States are currently in the process of applying for E-rate for Funding Year 2018. The E-rate program from the Universal Service Administration... | |||
|
2017-11-30 15:50:59 | Executive Insights: The Digital Transformation of Security (lien direct) | Securing the entire distributed infrastructure using single set of integrated security protocols and complementary policies require a Security Fabric approach built around interconnected security tools. Such an integrated fabric is able to span the entire network, and then dynamically adapt as network infrastructures adjust to meet changing data and workload needs. And it needs to do all of this at the speed of digital business. | |||
|
2017-11-30 13:50:59 | Fortinet Delivers Advanced Web Application Protection Through New Managed Rules for AWS WAF Service (lien direct) | Fortinet is one of the first companies to participate in the expansion of the AWS WAF program with a set of four packaged rulesets. AWS WAF customers can choose from basic WAF rulesets that provide protection from cross-site scripting, SQL injection, and malicious botnets, while our advanced ruleset offers the latest general application attack types and known vulnerabilities. | |||
|
2017-11-28 13:30:59 | Fortinet Quarterly Threat Landscape Report: The Battle Against Cybercrime Continues to Escalate (lien direct) | Fortinet today announced the findings of its latest Global Threat Landscape Report. The research reveals that high botnet reoccurrence rates and an increase of automated malware demonstrate that cybercriminals are leveraging common exploits combined with automated attack methods at unprecedented speed and scale. | |||
|
2017-11-28 12:45:59 | A Deep Dive Analysis of the FALLCHILL Remote Administration Tool (lien direct) | FortiGuard Labs has been actively monitoring FALLCHILL, validating all its IOCs (indicators of compromise), and providing protection for our customers. In a previous post we provided a high level overview of FALLCHILL. In this research report we dig even further, providing a deep dive analysis of the FALLCHILL Remote Administration Tool (RAT) in order to shed additional light on this threat, and thereby help our customer and the security community at large defend against this threat and similar threats. | |||
|
2017-11-27 14:30:59 | Ph0wn: A CTF Cedicated to Smart Devices (lien direct) | We have organized a Capture The Flag event this week. Codenamed Ph0wn, this CTF is really unique because it is dedicated to smart devices. This CTF is free and takes place this Wednesday, November 29, 2017, starting at 6pm at Campus SophiaTech, Sophia Antipolis, France - where our FortiSmart research team is located. Traditional CTFs include challenges on standard infrastructures: PCs, servers, webservers, etc. And from time to time, some CTFs feature hardware challenges. (We should probably cite Hardwear.io CTF , and RHME3 for automotive.)... | |||
|
2017-11-27 14:00:59 | Cobalt Malware Strikes Using CVE-2017-11882 RTF Vulnerability (lien direct) | Only a few days after FortiGuard Labs published an article about a spam campaign exploiting an RTF document, we found another spam campaign using an even more recent document vulnerability, CVE-2017-11882. | |||
|
2017-11-27 13:40:59 | Achieving Complete Visibility in AWS with FortiSIEM Security Incident and Event Management (lien direct) | One of the biggest challenges facing organizations moving to the cloud is maintaining single pane of glass visibility across the entire distributed network, from the core to the multi-cloud. Partha Bhattacharya, Fortinet's SVP of Product Engineering, has been on the cutting edge of developing SIEM technologies for over 15 years. We recently sat down with him to get his insights onto how organizations can best address this challenge. | |||
|
2017-11-27 13:40:59 | Top 3 Reasons Why Your Business Needs FortiSandbox in AWS (lien direct) | Organizations have the option of adding the first cloud-based sandbox product in AWS marketplace, FortiSandbox, to their cloud security infrastructure, allowing businesses to operate a complete security practice entirely in the cloud. Fortinet's Security Fabric solutions for the cloud offer the ability to leverage security controls that are delivered, updated, and managed entirely through the cloud environment. | |||
|
2017-11-22 17:50:59 | Black Alps 2017 Wrap Up (lien direct) | Black Alps 2017 was an inaugural Cyber Security Conference held last November 13 at Y-Parc, Yverdon-les-Bains, Switzerland. With support from previous cyber security events, such as CyberSec Conference and Application Security Forum - Western Switzerland, there is no doubt that Black Alps 2017 is headed for success. The conference lasted for two days, and aimed to discuss the latest threats, mitigations, and advances in cyber security. | |||
|
2017-11-22 17:50:59 | CVE-2017-11826 Exploited in the Wild with Politically Themed RTF Document (lien direct) | Recently, FortiGuard Labs found an interesting malware campaign using the recently documented vulnerability CVE-2017-11826 that was patched by Microsoft in October of this year. A detailed analysis of this exploit is also included in this article. | |||
|
2017-11-21 13:50:59 | Securing Customers\' Networks as Their Workforce Becomes More Mobile (lien direct) | Across industries, your customers are embracing BYOD and BYOA for the many benefits they have been shown to bring in terms of cost reduction, increased employee productivity and efficiency, as well as increased employee retention. However, there are also inherent risks with allowing devices and applications not managed by your customers' organizations to access their corporate networks and digital resources. | |||
|
2017-11-20 19:59:59 | The Evolution of Security: A Critical Panel Discussion at AT&T\'s The Summit (lien direct) | On Wednesday, November, 1st, Fortinet held a critical panel discussion at The Summit, entitled “Winning the Security Battle for Your Enterprise Requires a New Approach.†| |||
|
2017-11-17 18:40:59 | Cybercriminals Exploiting Microsoft\'s Vulnerable Dynamic Data Exchange Protocol (lien direct) | Visa Payment Systems Intelligence recently announced that cybercriminals are threatening the payments ecosystem by leveraging a vulnerable Microsoft Dynamic Data Exchange protocol in phishing campaigns. This phishing attack relies on the Dynamic Data Exchange (DDE) protocol for infection instead of the usual malicious macros or an exploit kit. FortiGuard Labs has issued three IPS signatures that defend our customers against these attacks. | |||
|
2017-11-17 16:40:59 | Fortinet Solutions Protect Customers from FALLCHILL (lien direct) | FortiGuard Labs has been actively monitoring FALLCHILL and validating all IOCs, whether we discovered them ourselves through one of our millions of sensors deployed around the world, or collected from the hundreds of threat sharing feeds we subscribe to. Our comprehensive threat information-sharing program includes Governments, Certs, and Strategic Partners from around the world. | |||
|
2017-11-17 14:00:59 | Securing Wi-Fi Access for Healthcare (lien direct) | Healthcare professionals are the epitome of a mobile workforce: constantly on the move and highly dependent on fast, accurate information. They need a secure wireless solution that performs flawlessly on the array of devices they rely on every day. Hospitals, clinics and elder care facilities have countless ways to exploit wireless technology for better patient outcomes and improved operational efficiency. From accessing patient records with computers on wheels or handheld tablets to getting telemetry from medical devices, nurse call systems... | |||
|
2017-11-17 13:50:59 | Fortinet to Demonstrate Broadest Portfolio of Cloud Security Solutions at AWS re:Invent in Las Vegas (lien direct) | Fortinet is proud to be a Gold Sponsor of the 6th annual AWS re:Invent conference, being held at the Venetian Hotel in Las Vegas between November 27th and December 1st. re:Invent is the largest gathering of members of the global cloud community in the world, bringing together over 40,000 attendees from over 80 different nations attending over 1,000 different technical sessions, keynote addresses, labs, and special events over the course of the conference. Fortinet will be showcasing our latest cloud-based solutions, including the Fortinet... | |||
|
2017-11-16 17:40:59 | Reaper: The Next Evolution of IoT Botnets (lien direct) | By now, everyone should be aware of two things related to IoT devices. The first is that these devices are being deployed everywhere, with no sign of slowing down. The second is that many of these devices are notoriously insecure. | APT 37 | ||
|
2017-11-16 14:40:59 | Fireside Chat with Gibson Energy: Talking Data Center Consolidation, IoT and Cloud Security (lien direct) | Richard Hannah is Vice President of Information Services and he oversees the entire IT environment at Gibson Energy. The company has doubled in size in recent years, and a major focus of Hannah's has been to modernize and streamline the company's IT infrastructure. | |||
|
2017-11-15 13:50:59 | Executive Insights: Stopping Threats Starts with Getting Back to the Basics (lien direct) | The majority of these breaches have one thing in common. IT teams are failing to practice basic security hygiene. Cybercriminals target known vulnerabilities because they know that most organizations will have failed to patch or replace their vulnerable devices. WannaCry targeted a vulnerability for which a patch had been available for months. Shame on them. But Petya followed a month later and targeted the exact same vulnerability. And millions of devices were still affected. So, shame on us. | Wannacry | ||
|
2017-11-14 13:35:59 | Fortinet FortiGuard Labs 2018 Threat Landscape Predictions (lien direct) | The cybercriminal marketplace is adept at adopting the latest advances in areas such as artificial intelligence to create more effective attacks. We anticipate this trend to accelerate into 2018, enabling the destructive trends mentioned in this blog. | |||
|
2017-11-13 13:50:59 | Getting Ready for the Holidays: Your Safe Online Shopping Guide (lien direct) | The holiday shopping season is also a big event for cybercriminals. Fake web sites, intercepting your financial data, charity scams, email phishing attacks, fake shopping sites, texting and SMS scams, and more are all designed to steal you personal and financial information. So, in addition to checking your credit card balances and making out your shopping lists, you also need to take precautions before doing your holiday shopping online. If done right, it can be a safe and convenient way to buy gifts – if you follow a few simple rules. | |||
|
2017-11-13 13:40:59 | New FortiGate 300E and 500E, the Next Era of NGFW Has Arrived (lien direct) | Organizations require a robust and extensible Next Generation Firewall (NGFW) solution to address this new security landscape. Fortinet is tackling these challenges head on with the release of the FortiGate 300E and 500E NGFW appliances. | |||
|
2017-11-12 17:50:59 | Tax Refund Phishing In Malaysia – How They Bypass The Two Factor Authentication Security System (lien direct) | FortiGuard Labs has been tracking a tax refund phishing scam in Malaysia. Let's get into the details of how this works. | |||
|
2017-11-10 19:40:59 | Interviewing Veterans for Cyber Security Positions - What I Look For as a Civilian Employer (lien direct) | Over the last three years, it has been my privilege to be one of the first civilian interview experiences that candidates in our Veterans program go through. For those of you that do not know, Fortinet runs the top Veterans employment program by any pure play security vendor bar none. | |||
|
2017-11-10 13:50:59 | The FortiVets Program: A Highly Successful Internal Startup (lien direct) | We know from experience that former military personnel often develop into outstanding cybersecurity professionals. With this in mind, we initiated the FortiVets program in 2013 with a charter to recruit and assist veterans seeking to make the transition to a post-service career in cybersecurity. | |||
|
2017-11-09 13:50:59 | What Education IT Professionals Can Learn at the 2017 CETPA Annual Conference (lien direct) | The 2017 CETPA Annual Conference will be held from November 14th– 17th at the Pasadena Convention Center. Fortinet is excited to be sponsoring and attending this event. We encourage attendees to visit with our team at booth number 423. Additionally, Fortinet will be participating in multiple events and presentations to inform education IT professionals of best practices for securing their networks in the evolving threat landscape and protecting personal data with increased network visibility. | |||
|
2017-11-09 13:50:59 | (Déjà vu) Fortinet Fabric-Ready Partner Spotlight: Q&A with Mykola Konrad Vice President, Product Management at Ribbon Communications (lien direct) | Fortinet spoke with Fabric-Ready Partner, Ribbon Communications to learn what's top of mind for its customers, the key IT challenges they are facing and how Versa Networks' approach to integrated security is helping drive business and customer success. The Fortinet Fabric-Ready Partner Spotlight is a series of blogs that highlights the great work and achievements of Fortinet's Fabric-Ready technical partners. Tell us a bit about Ribbon's business and the types of customers that you serve. Ribbon is a company... | |||
|
2017-11-09 13:50:59 | How Sutton\'s Law Applies to Cybersecurity Today (lien direct) | In my previous article, I raised a red flag about the diminishing practical returns of “mom and pop†threat research as a proxy for mitigating vulnerabilities and bad consequences. Threat assessment is often both difficult and incomplete, and sometimes best left to those who have timely access to the best possible data (and the even then, left to those with the military and intelligence means to act on it). In that piece, I also begged an obvious question. If chasing threats are not the best allocation of an organization's... | |||
|
2017-11-09 12:50:59 | Potential Malware Campaign Targeting JustSystems Ichitaro Users (lien direct) | Recently, we came across some interesting samples in jtd format, which is the file format used by JustSystems Ichitaro. The following is a quick primer for readers who are unfamiliar with the Japanese market. | |||
|
2017-11-09 12:50:59 | (Déjà vu) Security Research News in Brief - October 2017 Edition (lien direct) | Welcome back to our monthly review of some of the most interesting security research publications. | |||
|
2017-11-09 12:50:59 | Partner Insider: NSE Training Certifications, FortiSandbox 2000E Recognized (lien direct) | Although the calendar year is winding down, Fortinet and partners continue to sharpen security practitioner skills through training, along with applying Fortinet products and services to meet current and evolving cyber security challenges. As Fortinet advances on the knowledge and solutions fronts, independent industry observers increasingly recognize Fortinet's industry leadership credentials. Read more below for the latest news, resources, and events for partners. | Guideline | ||
|
2017-11-08 13:50:59 | Helping Your Customers Minimize Security Sprawl and Achieve Defense in Depth (lien direct) | Today, your customers' IT teams have to be aware of the movement and storage of valuable data across multiple applications, networks, devices, and virtual environments. In order to ensure data security and achieve defense in depth, there are many processes they must carry out, such as: Monitoring the movement of data to ensure that only authorized users are accessing it. Watching out for unusual behavior that might indicate a breach. Staying aware of the latest vulnerabilities, malware strands, and other attack vectors to ensure... | |||
|
2017-11-08 13:50:59 | Securing Evolving Cloud Networks (lien direct) | The growing need for on-demand network and compute resources is outpacing available internal resources, even in private cloud environments, and is driving organizations to the public cloud. According to IDC, 75% of organizations are currently implementing or considering the implementation of public cloud resources, and they predict that 50% of enterprise workloads will migrate to the public cloud by 2018. This new shared infrastructure approach comes with significant security challenges, including creating and maintaining a consistent... | |||
|
2017-11-08 12:50:59 | The Strange Case of Play Policy for Copyright and Security (lien direct) | Recently, the FortiGuard Labs team noticed that one of the most successful applications on the market, “WhatsApp Messenger†developed by “WhatsApp Inc.â€, has been the target of a lot of attention by scammers and criminals alike. | |||
|
2017-11-07 15:45:59 | When It Comes to Intrusion Prevention, FortiGate IPS Stands Alone in the IPS Market (lien direct) | Fortinet takes industry recognition and evaluations seriously, and we were very pleased when in their 4th Next Generation Intrusion Prevention System (NGIPS) Test Report and Security Value Map NSS Labs rated Fortinet FortiGate IPS as “Recommended,†their somewhat understated way of according a product their highest rating. | |||
|
2017-11-07 13:50:59 | 3 Must-Haves for IoT Security: Learn, Segment & Protect (lien direct) | Digital transformation is rapidly reshaping industries, generating explosive productivity growth, and creating entirely new business models. The Internet of Things (IoT) is an important technology pillar in today's digital transformation process, as connected devices are able to collect unprecedented volumes of information, enabling data-driven decision making for better business outcomes and improved quality of life. From consumer to corporate, local to global, we are an increasingly interconnected digital society. IoT networks... | |||
|
2017-11-06 13:50:59 | The Future of Cybersecurity Part II: The Need for Automation (lien direct) | The growing complexity of today's networks and the growing sophistication of today's threats has outpaced the ability of most traditional security devices to keep up. Until now, the approach of far too many IT teams has been to simply throw more money at the problem by adding yet another device into their security wiring closet. Billions have been spent on this approach every year for decades, and we really don't have much to show for it. If cybersecurity is an arms race, the good guys aren't winning. Instead, security... |
To see everything:
Our RSS (filtrered)
