What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-11-06 13:50:59 | The Future of Cybersecurity Part I: The Problem of Complexity (lien direct) | It seems like CSOs are always seeing flashing red lights on their security dashboards these days, warning them of another breach or risk of compromise. There are so many security events happening day in and day out that it's difficult to decide what's the top priority. That's a good metaphor for the state of cybersecurity efforts across the globe – we're in a constant state of flashing red. That is, if we even see the attack coming, which we increasingly don't. Recent breach disclosures, once again, show that... | |||
|
2017-11-06 12:50:59 | T2\'17 InfoSec Conference in snowy Helsinki (lien direct) | The T2 2017 conference took place on October 26 and 27, 2017 at the Radisson Blu seaside hotel in Helsinki, Finland. As in every edition, a CTF (Capture The Flag) competition is organized prior the conference, with the winner receiving a free ticket. This year, a private bug bounty was held by LähiTapiola, a well-known insurance company in Finland, under the supervision of T2 organizers through the HackerOne platform. As there were zero submissions, it was decided to reward Harri Kuosmanen, who was the LähiTapiola HackDay CTF winner. The... | |||
|
2017-11-03 12:50:59 | Financial Services Cybersecurity: Addressing the Horizontal Attack Surface (lien direct) | With industry-specific compliance requirements driving security spending and deployment, it's natural to assume that best practices for securing access to sensitive data are different from vertical to vertical. However, that assumption may be changing. | |||
|
2017-11-02 12:50:59 | Getting a Firsthand Understanding of Healthcare Cybersecurity Challenges (lien direct) | Fortinet recently hosted nine information security and healthcare IT leaders at its Healthcare Advisory Board Meeting in Miami. Over the course of the two-day event, leaders from Fortinet met and collaborated with these members of the healthcare information security community to get a full understanding of the cybersecurity challenges they face every day on the frontlines of protecting critical patient information and proprietary medical research. This is an exciting and challenging time in the healthcare technology industry. Technical innovations... | Guideline | ||
|
2017-11-02 12:50:59 | (Déjà vu) Security Research News in Brief - September 2017 Edition (lien direct) | Welcome back to our monthly review of some of the most interesting security research publications. | |||
|
2017-11-01 12:50:59 | FortiSandbox 2000E Earns Coveted NSS Recommended in Latest Breach Detection System Public Test (lien direct) | Fortinet participated in the NSS Labs 2017 Breach Detection System (BDS) group test and was awarded a Recommended rating for its latest FortiSandbox 2000E appliance introduced in the second half of 2017. | |||
|
2017-10-31 12:55:59 | Executive Insights: A Q&A with Fortinet Channel Chief Jon Bove (lien direct) | Jon Bove recently rejoined Fortinet as vice president of channel sales. We sat down with Jon to get his perspective on his new role and learn about what he envisions for partners going forward with Fortinet. | |||
|
2017-10-30 12:55:59 | Best Practices to Help Safeguard Your Organization for the Internet of Things. (lien direct) | Today, the billions of online IoT devices present an even more daunting challenge because they generally don't receive the level of control, visibility, and protection that traditional systems receive. Coupled with widespread automation-based attacks, the potential for damage is even greater. Recent developments, outlined below, reveal why it's time to take IoT security seriously. | |||
|
2017-10-30 12:55:59 | How Federal Agencies Can Use FortiMail to Comply with BOD-18-01 (lien direct) | On October 16th, the U.S. Department of Homeland Security (DHS) announced its intention to have all federal agencies revamp their email security protocol. The Binding Operational Directive (BOD-18-01) will require all federal agencies to deploy STARTTLS, Secure Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) within three months of the directive's announcement. While having these email security features enabled is generally considered to be a cybersecurity... | |||
|
2017-10-30 12:00:59 | Fortinet A Premier Sponsor of AT&T\'s Inaugural \'The Summit\' Event (lien direct) | Fortinet is a Premier Sponsor of The Summit, the inaugural AT&T Business event that is bringing together 2500 thought leaders, influencers, and customers for three days to be inspired and informed about the future of technology and how it impacts the world. This premiere event is being held from October 30-November 2, 2017 at the Gaylord Texan Resort in Dallas, Texas. | Guideline | ||
|
2017-10-29 16:00:00 | Evasive Sage 2.2 Ransomware Variant Targets More Countries (lien direct) | FortiGuard Labs just recently found new Sage ransomware samples that, while they appear to still be Sage 2.2, now have added tricks focused on anti-analysis and privilege escalation. In this article, we will share our findings of these recent updates. | |||
|
2017-10-27 12:55:59 | Protecting Higher Education Networks with Secure Access Architecture (lien direct) | Colleges and universities have unique wireless network and security needs. They are typically densely-populated and highly-collaborative environments. Students and faculty alike rely on a consistent wireless connection that allows them fast and constant communication with each other across campuses and buildings. They require access to various online resources and publications to conduct research for assignments and lesson plans, as well as access to various applications and software solutions to record, present, and share their findings. Furthermore,... | |||
|
2017-10-27 12:50:59 | Why ICSA Advanced Threat Defense for Email is So Important (lien direct) | Verizon's 2017 Data Breach Investigations Report found that two-thirds (66%) of all installed malware that successfully made its way past established defenses were delivered by email. This is particularly concerning as our weekly FortiGuard Labs Threat Intelligence Brief lists ransomware downloaders –typically delivered via email – as consistently among the top 5 pieces of malware in most weeks. {Update chart and excerpt closer to publication date} The reality is that while brand new attacks like WannaCry and Petya... | Wannacry | ||
|
2017-10-26 13:50:59 | CHIME 17 Event Preview: Understanding Your Patients\' Cybersecurity Concerns (lien direct) | Healthcare and IT are becoming increasingly intertwined as technology enables patient-centric care, more efficient hospital workflows, and greater visibility into effective treatment plans through data analytics. Moreover, as digital transformation initiatives take effect across industries, increased technical capabilities will be necessary to remain competitive. This exciting technical innovation in the healthcare space coincides with a higher volume of health-focused cyberattacks and a cybersecurity skills gap that has made it difficult to... | |||
|
2017-10-26 12:50:59 | Food Services Giant Moves Securely to the Cloud Over a Single Weekend (lien direct) | When one of the world's largest food services companies needed a better way to connect its vast distributed network of operations, it turned to Microsoft Azure and Fortinet to "move the entire organization to Azure on a single weekend morning: no issues, no downtime, no fuss!â€Â The company is a top 5 global food services company that provides food and beverage services for schools, hospitals, and major public venues in dozens of countries. | |||
|
2017-10-25 16:55:59 | The DUHK Vulnerability (lien direct) | There have been some news items floating around the Internet discussing a weakness in the ANSI X9.31 random number generator (RNG) known as DUHK (for Don't Use Hard-coded Keys) that had affected older FortiGate devices. An update was issued more than a year ago when the flaw was first announced to Fortinet. | |||
|
2017-10-25 16:50:59 | Tracking the Bad Rabbit (lien direct) | A new ransomware campaign dubbed “Bad Rabbit†has hit a number of high profile targets in Russia and Eastern Europe. First detected on October 24th, 2017, Bad Rabbit was originally detected in Russia and Ukraine, along with a small number of infections reported in parts of eastern Europe, Turkey, and Germany. However, the attack now appears to be spreading to other regions, including reports from South Korea and the US. | |||
|
2017-10-25 12:50:59 | Threat Information Sharing Can Change the Security Landscape (lien direct) | To further expand and solidify the power of threat information and intelligence sharing, specialists, researchers, and consumers of threat intelligence are gathering at the annual CyberNext DC on October 25, 2017. The Cyber Threat Alliance, the Coalition for Cybersecurity Policy and Law, and the National Security Institute are this year's conference sponsors. Keynotes will be delivered by Ron Johnson, US Senator from Wisconsin and Senate Homeland Security chair, and Michael Daniel, President & CEO of the Cyber Threat Alliance. | |||
|
2017-10-25 11:50:59 | The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899) (lien direct) | Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data. | |||
|
2017-10-25 11:50:59 | The Analysis of Apache Struts 1 ActionServlet Validator Bypass (CVE-2016-1182) (lien direct) | Apache Struts 1 ValidatorForm is a commonly used component in the JAVA EE Web Application that requires validated form fields input by a user, such as a login form, registration form, or other information form. By configuring the validation rules, Apache Struts can validate many different kinds of fields - username, email, credit card number, etc. However, a bug in Apache Struts 1 can be used to manipulate the property of ValidatorForm so as to modify the validation rules, or even worse, cause a denial of service or execute arbitrary code in the... | |||
|
2017-10-24 13:50:59 | Cloud Migration a Challenge to Many (lien direct) | The number one challenge identified by Federal agencies in migrating to the cloud is expanding security measures and policies to cover cloud environments. To date, confidence is hard to find. Only 35% of Federal IT leaders believe that the security of their existing private cloud environments is excellent, and this drops to 21% for public cloud. They have similar concerns for the security of data that has to move between physical and virtual environments. | Guideline | ||
|
2017-10-24 12:50:59 | Fortinet Named to Inaugural Fortune Future 50 List (lien direct) | Fortinet has been listed in the inaugural Fortune Future 50 list, a new ranking of elite companies best positioned for breakout growth. Produced in partnership with BCG, the rankings were determined based on the analysis of 15 years of financial results from 2,300 publicly traded U.S. companies as well as over 70,000 10-K reports. This analysis was conducted using an advanced AI algorithm designed to assess an organization's long-term orientation, their emphasis on things such as adaptation and sustainability, their market potential combined... | |||
|
2017-10-23 12:50:59 | Off to the Academy – The Fortinet NSE Xperts Academy (lien direct) | We sat down with Richard Armstrong, VP of Solutions Engineering, Fortinet, to learn more about the NSE Xperts Academy taking place this week and the role it has for our valued partners in this industry context. | |||
|
2017-10-23 12:50:59 | Executive Insights: Managing Risk Demands a Security Fabric Approach (lien direct) | As we become even more integrated and interconnected, we need better ways to manage complexity. One way to accomplish this is through integration and automation for better visibility and control – especially in highly elastic environments. As a result, we're seeing a need to move away from isolated point defense systems like individual firewalls and intrusion detection systems, to a more comprehensive risk-management framework that weaves disparate security devices into a single, holistic security fabric.  | |||
|
2017-10-20 12:50:59 | Channel Partners: Welcome Back Jon Bove (lien direct) | The strong ties between Fortinet and its channel partner community account for much of the value Fortinet delivers to customers, end users, and the world at large. Seeking to increase the amount of news about partner activity and initiatives, we are launching a bi-weekly blog post series. | |||
|
2017-10-20 12:50:59 | You Don\'t Need a Weatherman to Know Which Way the Wind Blows (lien direct) | Over the past month, we have all watched with dismay as the islands of the Caribbean and coasts of Texas and Florida were hit with devastating rains and high-speed winds. In the days leading up to the storms' landfalls, some of the most talented scientific minds deployed astounding levels of technology to assess and communicate the severity of the approaching threats-despite the fact that severe weather is notoriously unpredictable, with inherent uncertainty that makes truly accurate assessment of the threat nearly impossible. In... | Guideline | ||
|
2017-10-19 16:50:59 | (Déjà vu) Security Research News in Brief - August 2017 Edition (lien direct) | Welcome back to our monthly review of some of the most interesting security research publications. | |||
|
2017-10-19 13:50:59 | Cryptojacking: Digging for your own Treasure (lien direct) | Do you ever feel the Internet is especially slow these days? Or do you ever wonder if maybe it's just your computer that's getting slower? Don't rush to the IT shop to buy a new computer yet … you may have been a victim of a new trick used by malevolent hackers called browser “cryptojacking.†What is cryptojacking? It's a trick used to mine cryptocurrencies on your computer using your CPU resources in the background without your knowledge. All that a cybercriminal has to do is load a script... | |||
|
2017-10-19 13:50:59 | A 14-day Journey through Embedded Open Type Font Fuzzing (lien direct) | One of our daily routines as researchers here at FortiGuard Labs is to write and maintain our internal fuzzers to help us more effectively find potential vulnerabilities on different software products. In this blog post we would like to share how we discovered multiple Embedded Open Type (EOT) font vulnerabilities by using a combination of dumb and intelligent open source fuzzers. | |||
|
2017-10-19 12:50:59 | Implementing Security with Digital Transformation Initiatives (lien direct) | Fortinet's Vice President of Strategic Programs, Jonathan Nguyen-Duy, recently hosted a webinar called “Implementing Security with Digital Transformation Initiatives.â€Â This talk touched on why digital transformation is so crucial across industries, as well as the technological capabilities organizations need to adopt in order to ensure a successful digital transformation.  | |||
|
2017-10-18 12:50:59 | Ensuring Cloud Cybersecurity at the Rate of Cloud Adoption (lien direct) | In an effort to meet consumer demands and business needs, moving business-critical infrastructure and operations over to cloud environments is becoming less of an option and more of a requirement. Recently, we wrote about the digital transformation that will, sooner rather than later, be adopted by our channel partner's clients. This transformation will be focused on enabling business operations and consumers with such things as big data analytics, IoT devices, and new technology that is faster and more agile than ever. The ability to offer... | |||
|
2017-10-17 12:50:59 | How to Achieve Automated, Intelligence-Driven Security (lien direct) | Over the last couple of years, cyberattacks have evolved in both scale and effectiveness, affecting organizations across all industries and geographic regions. Successful cyberattacks are a growing industry-wide problem in spite of billions being spent on cybersecurity solutions. Part of the reason is that new techniques- and in fact a mature supporting cybercrime ecosystem- for penetration and evading detection have reduced the effectiveness of many traditional defenses. The lingering effects of a successful attack often have devastating consequences,... | |||
|
2017-10-16 13:50:59 | WPA2 Has Been Broken. What Now? (lien direct) | On Monday morning it was announced that WPA2, WiFi's most popular encryption standard, had been cracked. A new attack method called KRACK (for Key Reinstallation AttaCK) is now able to break WPA2 encryption, allowing a hacker to read information passing between a device and its wireless access point using a variation of a common – and usually highly detectable – man-in-the-middle attack. If successful, this vulnerability can potentially allow a hacker to spy on your data as well as gain access to unsecured devices sharing the... | |||
|
2017-10-16 12:50:59 | How Vendors Can Partner with Education to Narrow the Skills Gap: A Call to Action (lien direct) | In light of today's huge skills gap, security professionals have an obligation to mentor the next generation. Employees of cybersecurity vendors can help shrink the gap by volunteering their time in the classrooms, from elementary school through college. The knowledge and experience of front-line professionals is invaluable, whether to explain to first-graders what malware is or to steer college students toward the right classes to give them a strong foundation for a cybersecurity career. The problem is bigger than any one vendor or educational | |||
|
2017-10-15 12:50:59 | Join Fortinet at the 2017 Internet2 Tech Exchange Where Industry Experts Will Bring Wisdom to Automation (lien direct) | From October 15th – 18th, the 2017 Internet2 Technology Exchange will take place in San Francisco, CA. The Technology Exchange brings together leaders from the research, education, and technology communities to discuss and find solutions to the technical challenges that threaten the missions of their organizations. The robust Internet2 community comprises 317 US higher education institutions, 81 leading corporations, 64 affiliate and federal affiliate members, 43 regional and state education networks, and more than... | Guideline | ||
|
2017-10-13 12:50:59 | Securing Legacy IT Systems from Modern Application Threats in the Financial Sector (lien direct) | The rhetoric surrounding mainframes and their uses in modern enterprises tends to be largely negative. Mainframes are seen by many as outdated legacy IT systems that are, or will be, obsolete in the near future as businesses increasingly move to the cloud. However, these notions are one-sided. The reality is that mainframe computing remains alive and well within many infrastructure-critical industries, including some of the largest organizations in the world. It's reported that 71 percent of Fortune 500 companies still run much of their... | |||
|
2017-10-13 12:50:59 | Minimizing Cyber Risks as Healthcare Providers Increase Technology Use (lien direct) | The healthcare sector has undergone dramatic changes in the past several years, primarily spurred by the adoption of new medical technology. Beginning with the adoption of electronic health records (EHRs) and continuing on into the increased use of medical applications, online patient portals, connected devices, and wearables, the healthcare sector has been capitalizing on digital advancements to improve overall patient experiences and outcomes. This effort has been well received by patients and physicians alike, as it simplifies communication... | |||
|
2017-10-12 12:54:00 | PDF Phishing Leads to Nanocore RAT, Targets French Nationals (lien direct) | Recently, FortiGuard Labs found a phishing campaign targeting French Nationals. In this campaign, a PDF file with an embedded javascript is used to download the payload from a Google Drive shared link. As it turns out, the downloaded file is an HTA (HTML Application) file, a format that is becoming more and more common as a malware launch point. It is usually used as a downloader for the actual binary payload. However in this campaign,... | |||
|
2017-10-12 12:50:59 | OT and IT and Security by Design (lien direct) | Because they have traditionally had clear borders and full control of their respective areas, OT and IT people tend to be nearly as territorial as the raccoons. But as the line between IT and OTÂ continues to blur, issues arise that sometimes render these teams unable to work together to implement a common solution, such as security measures, segmentation and monitoring. | |||
|
2017-10-12 12:50:59 | OT and IT: A Fight Over the Control of Digital Ground (lien direct) | This change is also causing OT and IT to fight over the control of digital ground. While OT is growing, it is primarily growing into the spaces usually controlled by IT as it is being bolted onto the same networks that phones, routers and laptops touch. This is creating a whole range of security challenges that neither group has ever had to deal with in the past and affects the delivery of applications and information that reaches all the way into the executive suite. | |||
|
2017-10-11 18:00:59 | Executive Insights: Digital Transformation and Service Providers: A Q&A with Fortinet\'s Matt Pley (lien direct) | This week, Fortinet hosted Fast and Secure in Dallas, Texas. Almost 200 Service Providers, influencers, and decision makers attended this event to discuss the impact that the transition to a digital economy and new digital business models are having on their business. We sat down with Matt Pley, Fortinet's Vice President of Cloud, Carriers, Service Providers, & Strategic Accounts to get his key takeaways from the event. | |||
|
2017-10-10 12:50:59 | Understanding the Explosion of IoT and Its Impact (lien direct) | The Fourth Industrial Revolution is upon us, with the digital transformation of business largely consisting of automation, AI, and rapid technological innovation. Industrial processes and machines are becoming smarter and more modular. A critical enabler of this transformation is the Internet of Things (IoT). Smart, always-connected devices provide real-time contextual information with low overhead to optimize processes and improve how companies and individuals interact, work, and live. Over a million new IoT devices are connected to the Internet... | |||
|
2017-10-09 12:39:59 | Cybersecurity Needs to be Seen as a Strategic Issue, Not Just an IT Investment (lien direct) | Surveying over 1,800 IT decision makers, Fortinet found almost half believe security is still not a top priority discussion for the board. At the same time, they also strongly contend that cybersecurity should become a top management priority, with 77% of respondents indicating that the board should put IT security under greater scrutiny. | |||
|
2017-10-06 12:50:59 | Common Types of Cyberattacks in Education and What We Can Learn from Them (lien direct) | Cybercriminals have increasingly taken notice of schools and universities as profitable targets for cyberattacks. A key reason for this is the types of information schools keep on students, parents, and staff. Typically, upon infiltrating an institution's network, cybercriminals will probe for, find, and exfiltrate valuable user data. This could be anything from health records, financial information, or any other personally identifiable information, such as social security numbers. Cybercriminals typically then take this data and sell it... | |||
|
2017-10-05 12:50:59 | Ransomware: Are You Paying Attention? (lien direct) | If the news about ransomware in recent weeks hasn't gotten your attention, then maybe the fact that its threat magnitude has grown 35X over the past year will jolt you into a state of awareness. Further, ransomware isn't a threat confined to just a few industries or geographical regions; it is a global problem facing organizations-and even individuals-of all shapes and sizes. The Magnitude of the Threat Upwards of 4,000 ransomware attacks happen daily, infecting between 30,000 and 50,000 devices each month. The financial... | |||
|
2017-10-04 12:50:59 | Executive Insights: Threat Intelligence: The Fuel that Powers Cyber Defenses (lien direct) | For anyone reading the news regularly, it's not hard to grasp that cyber threats are getting more sophisticated and damaging by the day. From a security technology provider's perspective, I can add that tackling them is a fast mounting challenge for the millions of businesses that come under attack daily. Modern cybersecurity technologies – assuming you have already put in place the right professionals, policies, and processes − are a must. But organizations deploying them need to look beyond the boxes that sit on... | |||
|
2017-10-02 12:50:59 | National Health IT Week: Enabling Digital Transformation with Integrated Network Security (lien direct) | Over the past ten years, technology has transformed healthcare substantially. From electronic health records that simplify the collection and sharing of patient information, to digital consultation and other services provided remotely, to wearable connected medical devices, healthcare is becoming more accessible, accurate, and patient-focused. National Health IT (NHIT) Week, which will take place from October 2nd- 6th, is a collaborative and partner-driven event that aims to increase awareness of the many ways new health IT initiatives stand... | |||
|
2017-10-02 12:45:00 | Potential Ichitaro Phishing Vulnerability (lien direct) | The FortiGuard Labs team continually tracks phishing and spam campaigns around the world. Sending users macro-enabled documents with a malicious payload is one of the most commonly used malware attack vectors for phishing campaigns. This attack vector has been used by used by such prevalent malware families as Dridex, Fareit, and Hancitor. The key to these sorts of campaigns is luring users into clicking on a malicious file attached to an email message. As a result, malware distributors are always looking for ways to trick users into executing their... | |||
|
2017-09-29 12:50:59 | All Roads Lead to Rome: Critical Infrastructure Security at the Crossroad (lien direct) | Prosperous nations sometimes take for granted the safe and reliable critical infrastructures that underpin our economies, governments, and personal well-being. Similar to how we marvel today at the Roman Empire's aqueducts, the 3rd millennium will likely do the same with today's critical infrastructures. That is, if they don't lead to our downfall. Our Strength, Our Weakness The common understanding of the phrase 'all roads lead to Rome' is that there are many different ways to reach a goal. ... | Guideline | ||
|
2017-09-28 12:50:59 | Redefining Next Generation Firewalls (lien direct) | When the first firewalls were developed and deployed, their primary role was to act as sentinels monitoring traffic moving into, and sometimes out of the network. These devices would look at packets, network addresses, and ports to determine if data should be allowed through or blocked. A good analogy is airline travel. In the first few iterations of the firewall, data was simply checked to see if it had a ticket, and if its credentials were in order it were allowed to board the plane. Then application traffic took off, and first generation firewalls... |
To see everything:
Our RSS (filtrered)
