What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2017-09-27 12:50:59 | Today\'s Best Practices for Protecting the Distributed Network (lien direct) | In the new digital economy, businesses that are able to adapt will be the most competitive and successful. This will require adopting new technologies, networking systems, and strategies. But many of the emerging technologies and strategies that are being deployed across our networks come with a set of unknowns that are having a huge impact on security. The reason is that traditional approaches to security were never really designed to protect dynamic, borderless, and hyper-connected environments. Many Factors Are in Play For example,... | |||
|
2017-09-26 12:50:00 | Benefits of Using CASBs in Financial Services (lien direct) | The financial services sector is one industry benefiting from cloud adoption, not only from the increased services they can provide consumers, but also through cloud-enabled solutions. Bank employees require access to SaaS solutions and CRMs enabled by the public cloud that simplify daily tasks, such as Fiserv and Salesforce. These solutions use cloud computing and storage to optimize operations, putting adopters at a distinct advantage in several key areas. | |||
|
2017-09-25 12:50:00 | Fortinet a Signature Sponsor at Oracle OpenWorld 2017 (lien direct) | The need for real-time access to critical data is driving today's digital transformation. The volume of data being generated, the proliferation of data mining applications, and consumer expectations about access to information are all increasing the value of data and making effective data management and orchestration increasingly critical. Which makes securing that data more important than ever. Which is why Fortinet is a Signature Sponsor at this year's Oracle OpenWorld 2017 conference, being held October 1-5 at the Moscone... | |||
|
2017-09-22 12:55:00 | Gartner Peer Insights for Enterprise Firewalls: See What Government Leaders are Saying About Fortinet (lien direct) | Government entities provide critical services that ensure stability across the nation for organizations and the population, such as transportation systems, water, energy, and healthcare. In order to provide these services, respond to queries, and react to an ever-changing global landscape effectively and efficiently, government organizations must rely on IT systems and computer networks. However, this technical infrastructure is also under constant attack from cybercriminals who range from amateur hackers and technical hacktivists to hostile... | ★★ | ||
|
2017-09-22 03:20:59 | Locky Unleashes Multiple Spam Waves with a New Variant “ykcol“ (lien direct) | While FortiGuard Labs was preparing for another presentation on our Locky research at the Black Alps cyber security conference this coming November in Switzerland, Fortinet's Kadena Threat Intelligence System (KTIS)1 caught another Locky variant using a new extension – “ykcol†or “locky†spelled backwards. Locky has been stepping up its game over the past few months after going dark during the first half of 2017. Just like the old days, this new variant is distributed through massive volumes of malicious... | |||
|
2017-09-20 18:30:00 | Evasive Malware Campaign Abuses Free Cloud Service, Targets Korean Speakers (lien direct) | Earlier this month, FortiGuard Labs researchers published findings about a malware campaign exploiting a PowerPoint vulnerability. Cybercriminals, however, are equal opportunity exploiters, so just recently an interesting targeted malware campaign was found to be using another document vulnerability. Only this time, it's a Hangul Word Processor (HWP) document leveraging the already known CVE-2015-2545 Encapsulated PostScript (EPS) vulnerability. | |||
|
2017-09-20 14:30:59 | For Cybercriminals, IoT Devices are Big Business, Part Two (lien direct) | In part one of this article, Anthony Giandomenico described how cybercrime has become not only a business, but a big business, designed to generate revenue with predesigned attacks focused on attack vectors that are easy to exploit: IoT devices. Opportunity is also the land of innovation Because cybercriminals are focusing more on attacks that target critical infrastructure based on new, interconnected technologies, they don't have to spend enormous resources and development cycles on figuring out how to break into these systems... | |||
|
2017-09-20 14:30:59 | For Cybercriminals, IoT Devices are Big Business, Part One (lien direct) | When people think of cybercrime, they tend to think of geeks in dark rooms staring into computer monitors trying to figure out some new way to infiltrate a network. And historically, that was a pretty accurate assessment. Today, however, cybercrime is a business. Cybercriminals tend to keep business hours (attack surges very often follow standard work hours), attacks are designed to generate revenue, and cost/benefit ratios are often considered when deciding who and how to attack a target. Hacker tools and malware can be custom built and... | |||
|
2017-09-20 14:00:00 | Fortinet Partner Insider (lien direct) | Network security is a complex subject that requires those in charge to stay on the lookout for the latest industry news and events. Here, you, our channel partners, will find all of the information you need to answer your current and prospective customers' questions moving into the fall. | |||
|
2017-09-20 12:45:00 | Five Cyber Threats Every Security Leader Must Know About (lien direct) | Fortinet recently identified five factors that are driving these changes in the cyberthreat landscape. Each of them makes it increasingly difficult for organizations to protect their networks, data, and communications from malicious actors. | |||
|
2017-09-19 22:30:00 | Rewriting IDAPython Script objc2_xrefs_helper.py for Hopper (lien direct) | Security researchers have identified more and more Mac OS malware attacks over the past two years. In June 2017, Rommel Joven and Wayne Chin Yick Low from Fortinet's Fortiguard Labs found and analyzed a new ransomware targeted at Mac OS.  Most malware for Mac OS was developed in the Objective-C programming language. A good introduction to reverse engineering Cocoa applications can be found here. In that blog post, the researcher released an IDAPython script named objc2_xrefs_helper.py that can only be executed in IDA Pro. As you... | |||
|
2017-09-19 17:30:00 | A Look Into The New Strain Of BankBot (lien direct) | BankBot is a family of Trojan malware targeting Android devices that surfaced in the second half of 2016. The main goal of this malware is to steal banking credentials from the victim's device. It usually impersonates flash player updaters, android system tools, or other legitimate applications. Once installed, it hides itself and then tricks the user into typing his or her credentials into fake bank web pages that have been injected onto the device's screen. | |||
|
2017-09-18 17:49:00 | A Wrap Up of ToorCon 19 at San Diego (lien direct) | ToorCon 19 San Diego was held Monday August 28th to Sunday September 3rd, 2017 at The Westin San Diego. It included three parts. The first was training workshops focused on various aspects of computer security. These took place on Aug 28-31. The second was a Seminar held on Sep 1. The third part was the formal Conference that ran from Sep 1-3. I was honored to be able to present my research, Dig Deep into FlexiSpy for Android at ToorCon 19. FlexiSpy for Android is a spy app with full IM tracking, VoIP call recording, and live call interception.... | |||
|
2017-09-18 16:00:00 | Fortinet Demonstrates Critical Security Capabilities for Hybrid Cloud Networks at Microsoft Ignite 2017 (lien direct) | Fortinet is proud to be a Gold Sponsor of this year's Microsoft Ignite conference, being held September 25-29, 2017 at the Orange County Convention Center in Orlando, Florida. This year's event is completely sold out, with over 23,000 attendees from around the world expected to participate. This year's Fortinet booth (#1907) is situated directly adjacent to the main Central Square showcase that will be featuring many of Microsoft's latest technologies. At this year's Ignite event we are featuring several demo... | |||
|
2017-09-18 15:20:00 | The Apache Struts 2 Vulnerability (lien direct) | It now appears that this crime was enabled through an exploit that targeted a Java vulnerability in Apache Struts 2, which is an open-source web application framework for developing Java web applications that extends the Java Servlet API to assist, encourage, and promote developers to adopt a model–view–controller (MVC) architecture. | |||
|
2017-09-18 12:50:00 | Adapting to the New Normal with an Informed Cybersecurity Strategy (lien direct) | As cyberattacks become more frequent and impactful, security teams and executives across industries are taking notice. With new strains of malware being constantly reported, organizations want to make sure that their security solutions, and the vendors that provide them, are adapting to defend against this new normal. To ensure they have the capability to deal with these constantly evolving attacks, customers are turning to you, their solution providers, to answer their questions and ensure there is a structured strategy in place to deal with... | |||
|
2017-09-18 03:00:00 | Integrating Artificial Intelligence into Cybersecurity: Collaboration is the Key….! (lien direct) | We have seen from the previous two posts on cybersecurity and AI the importance of using advanced technology to stay ahead of cybercriminals. But far too often, a threat transcends the capacity of one particular box, especially when it has been deployed in a discrete place in the network and has been functionally isolated from the rest of the network and other security devices. This is where Fortinet's innovations around collaboration are paramount. Regardless of the physical location of a doiscovered security event, FortiGuard Labs teams... | |||
|
2017-09-15 12:50:00 | Deep Analysis of New Poison Ivy/PlugX Variant - Part II (lien direct) | This is the second part of the FortiGuard Labs analysis of the new Poison Ivy variant, or PlugX, which was an integrated part of Poison Ivy's code. In the first part of this analysis we introduced how this malware was installed onto victim's systems, the techniques it used to perform anti-analysis, how it obtained the C&C server's IP&Port from the PasteBin website, and how it communicated with its C&C server. | |||
|
2017-09-15 12:50:00 | How Can SMB Practices Improve Healthcare Cybersecurity? (lien direct) | The healthcare sector has been under increasing attack from cybercriminals with a variety of tactics and motivations. In fact, cyberattacks targeting healthcare providers increased 63 percent in 2016. The increased attention cybercriminals are giving the healthcare space is not surprising. The protected health information and other personally identifiable information (PII) that healthcare practices store about their patients is exactly the type of data that is easily monetized. Once cybercriminals breach healthcare networks and exfiltrate patient... | |||
|
2017-09-14 23:00:00 | BlueBorne May Affect Billions of Bluetooth Devices (lien direct) | Bluetooth is one of the most widely deployed and used connectivity protocols in the world. Everything from electronic devices to smartphones uses it, as do a growing number of IoT devices. Now, a new Bluetooth exploit, known as BlueBorne, exploits a Bluetooth, making literally billions of devices potentially vulnerable to attack. BlueBorne is a hybrid Trojan-Worm malware that spreads thru the Bluetooth protocol. Because it includes worm-like properties, any infected system is also a potential carrier, and will actively search for vulnerable hosts.... | |||
|
2017-09-14 12:50:00 | Browser Extensions: A New Threat? (lien direct) | Introduction Recently, there have been a series of high profile attacks using browser extensions. Having dealt with this threat vector in the past, we here at FortiGuard Labs decided to conduct a large-scale study of browser extensions. Before diving into the results, we want to make a distinction between two seemingly similar browser technologies: browser plugins and browser extensions. Both are mechanisms that allow an end user to customize their browser to suit their needs, however there are some fine distinctions between them. The former... | |||
|
2017-09-14 12:45:00 | Power, Performance and the Cloud (lien direct) | When considering security solutions for your hybrid cloud environment, here are some critical areas to look at in terms of security performance. | |||
|
2017-09-14 03:00:00 | Addressing Security in an IoT World (lien direct) | Fortinet will be showcasing our IoT security solutions at Telstra Vantageâ„¢ at the Melbourne Convention & Exhibition Centre this coming September 20th-21st in Booth # S08. The Internet of Things (IoT) is not new a concept, yet in recent years IoT has gained mass popularity. Conversations range from how IoT can improve our daily lives to how it can improve efficiency, or innovate and transform businesses - from the services offered to improving the ways a business operates. Unfortunately, today we are being constantly confronted with... | |||
|
2017-09-13 12:50:00 | IoT Security: Trickier Than You Think (lien direct) | In the new digital economy, access to data is critical. Meeting the shifting demands of consumers, monitoring and managing critical network and system components in real time, and creating algorithms to extract meaningful information from the Big Data these devices can generate are all necessary to compete in the new digital marketplace. Part of this digital transformation is the adoption of IoT devices and networks, which continue to be deployed in networks at an unprecedented rate. | |||
|
2017-09-12 14:00:00 | IBM Bluemix Cloud Platform and Fortinet Extend Partnership for Open and Scalable Cloud Security Services (lien direct) | By accelerating application mobility across the hybrid cloud, IBM Cloud for VMware Solutions is blurring the boundaries that often distinguish the operational challenges between private and public clouds. | |||
|
2017-09-11 12:50:00 | The Value of Fortinet Products in Education: Customer Reviews in Gartner Peer Insights (lien direct) | Learn what fellow education IT professionals have to say about their experiences using Fortinet security products. | |||
|
2017-09-11 03:00:00 | Integrating Artifical Intelligence into Cybersecurity: AI and Transparency Level the Playing Field (lien direct) | In our last post we talked about some of the AI tools (AEE, AutoCPRL, etc.) that Fortinet has developed, and how the specialist teams at FortiGuard Labs around the world collaborate to detect, mitigate, and prevent threats of all shapes and sizes. But all of that happens in the background. How do these innovations and techniques translate into actionable tactics and strategies that decision-makers and CISOs can employ toda, to protect their IP, data, and networks from an increasing number of bad actors and adversaries? The key to cyber security... | |||
|
2017-09-08 22:08:00 | Seven Ways to Ensure a Data Breach Does Not Happen to You (lien direct) | While the scale of this data breach is alarming, the attack they suffered is not unique. Far too many organizations have adopted state of the art network designs and yet still rely on isolated second-generation security solutions and strategies to protect them. More than ever, security cannot be an afterthought. It requires planning, people, and processes combined with adaptive security technologies that can dynamically scale to today's digital networks and automatically respond as an integrated system to address the advanced cyberthreats. | |||
|
2017-09-08 12:50:00 | Moving to the Cloud? Top Security Factors to Consider (lien direct) | It seems like everyone is talking about moving to the cloud these days. The efficiencies, productivity, agility, elasticity, and cost savings all make a compelling case for migrating from traditional private networks and data centers to private clouds and other virtualized instances, and eventually into public and hybrid environments. Because of these advantages, government agencies and private enterprises across industries are all looking at ways to effectively embrace cloud-first strategies. I attended a security conference just a few... | |||
|
2017-09-07 12:50:00 | (Déjà vu) Security Research News in Brief - July 2017 Edition (lien direct) | Welcome back to our monthly review of some of the most interesting security research publications. July was very busy with the annual DEFCON and BlackHat US conferences, but also RMLL, the Worldwide Free Software Meeting held this year in France. Past editions: June 2017 May 2017 April 2017 March 2017 Elie Burzstein et al, How We Created the First SHA-1 collision and what it means for hash security video, DEFCON 25 slides and paper With the nickname "Crypto Girl", I obviously had to listen to this... | |||
|
2017-09-07 12:50:00 | Adapting Network Security for DevOps in Financial Services (lien direct) | The financial services sector is expected to continue to deliver new, customer-driven and business-critical capabilities as they continue their transition to a digital business model. For example, customers have come to expect to be able to access and make changes to their financial information online and through mobile web applications. Additionally, consumers now expect more customized services from banks and financial services firms, which means these financial institutions must collect and process data about their users to offer tailored products... | |||
|
2017-09-06 12:50:00 | FortiDDoS Launches Support for FortiGuard Domain Reputation Service for IoT and Botnet Based DDoS Attack Mitigation (lien direct) | The FortiGuard Domain Reputation Service License for FortiDDoS is yet further ammunition to use against the growing threat of the IoT and botnet attacks, which are easier than ever to launch due to proliferation of open source code for such attacks, and growing availability of vulnerable devices. | |||
|
2017-09-06 12:50:00 | Preparing Your Customers for the Digital Transformation with Fortinet (lien direct) | There are countless examples of companies and industries that failed to adapt to technological disruptions at their outset, and as a result have become obsolete. When was the last time you left your home to rent a movie? Fifteen years ago, Blockbuster was a movie rental giant. However, they did not adapt well to the demands of the digital age. Companies like Netflix created online portals and shipped movies to customers, and then moved to online streaming. By the time Blockbuster got on board with this digital shift, it was too late. Today, the... | |||
|
2017-09-06 02:00:00 | A wrap up of HITCON 2017 (lien direct) | The 13th annual Hacks In Taiwan Conference (HITCON) took place August 25th and 26th at Academia Sinica, Taiwan's national academy located in Taipei. Elite cyber security researchers from across the world gather at this annual conference to share their research and exchange ideas about the global threat landscape. Approximately 1000 people registered for the conference and, according to one of the HITCON crewmembers we met, one third of the attendees were undergraduates and fresh graduates. This is a good sign, given... | |||
|
2017-09-05 15:30:00 | Rehashed RAT Used in APT Campaign Against Vietnamese Organizations (lien direct) | Early last week, FortiGuard Labs came across several malicious documents that exploit the vulnerability CVE-2012-0158. To evade suspicion from the victim, these RTF files drop decoy documents containing politically themed texts about a variety of Vietnamese government-related information. | |||
|
2017-09-04 03:00:00 | Integrating Artificial Intelligence into Cybersecurity: Protecting IP, Data, and Networks with AI (lien direct) | In recent years we have seen a surge in the way companies have leveraged technology to drive new revenue streams and create a unique competitive advantage in the marketplace. The companies that have been the most successful are the ones using Artificial Intelligence (AI). AI is already being used by hundreds of companies all over the world. We have seen retailers being able to predict what their customers will order based on their previous order history, automobile manufactures using car data to provide a better driving experience, and even locally... | |||
|
2017-09-01 18:03:00 | PowerPoint File Armed with CVE-2017-0199 and UAC Bypass (lien direct) | FortiGuard Labs recently discovered a new malicious PowerPoint file named ADVANCED DIPLOMATIC PROTOCOL AND ETIQUETTE SUMMIT.ppsx. Taking a look at the four slides of the PowerPoint Open XML Slide Show (PPSX) file, we can tell that it targets people from UN agencies, Foreign Ministries, International Organizations, and those who interact with international governments. | |||
|
2017-09-01 16:35:00 | Fortinet 361° Security Forum 2017 (lien direct) | Securing Your Digital Transformation On September 5-7, Fortinet will be hosting the 2017 361° Security Forum in Vienna, Austria. Hundreds of Fortinet partners and customers from across EMEA and SAARC will be attending this three-day conference to discuss the impact that the transition to a digital economy and new digital business models are having on organizations around the world. Digital transformation is driving sweeping changes to not only how businesses compete for customers, but to fundamental ways that organizations operate. Data... | |||
|
2017-09-01 12:12:00 | Living Securely in a Digital World (lien direct) | Over the past several months the news has been full of reports about cybercriminals using malware to shut down devices or networks, steal data, or hold it for ransom. During the second quarter of 2017, over 184 billion total exploits were documented, coming from nearly 6,300 unique exploits. This is an increase of 30% over Q1. While most of these attacks targeted large, commercial networks, there has also been a large spike in such activities targeting the devices and data of individual users. Some of these attacks, like having your... | ★★★ | ||
|
2017-08-31 12:55:00 | CIPA Compliance and Cybersecurity: You Can\'t Have One Without the Other (lien direct) | Cybersecurity measures are being adopted and fine-tuned across industries to ensure sensitive data is protected against cybercriminals and evolving attack vectors. However, some industries, such as education, are held more accountable for data protection than others. | |||
|
2017-08-30 12:55:00 | WLAN Security Challenges that Healthcare Organizations Need to Overcome (lien direct) | The healthcare industry is evolving rapidly. Doctors, nurses, and hospital staff need the most up-to-date information and technology at their fingertips at a moment's notice. While technological advances improve efficiency, patient care, and overall experience, they also bring new challenges in terms of network and WLAN security. Wireless local area networks (WLAN) are increasingly operating web-facing applications and supporting critical functions required by both new technology and user demand. This makes the wireless network a high impact... | |||
|
2017-08-29 12:50:00 | Preparing for GDPR: What the Financial Services Industry Should Know (lien direct) | Businesses around the globe are becoming increasingly data driven. This, in large part, has to do with the expectation of customization across the user experience. Financial institutions, for example, have been able to use customer data and customization to offer tailored services to their customers, such as loans or insurance, based on recent purchases or financial history. However, consumers are now being encouraged to re-take control of their own personal data. The new emphasis being placed on individual rights to data is clearly demonstrated... | |||
|
2017-08-29 07:00:00 | Why the Financial Sector Needs to Focus on Automating Threat Intelligence (lien direct) | Threat intelligence is a necessary part of threat detection, yet is often ignored. Learn why financial institutions must focus on building their architecture for automated threat intelligence. | |||
|
2017-08-28 12:05:00 | Seamless Hybrid Cloud Security is Critical for VMware Cloud on AWS (lien direct) | Our FortiGate VM for VMware Cloud on AWS features the identical FortiOS firmware and FortiGuard security services that are delivered for other hypervisors and public clouds. But because the hybrid cloud raises additional security considerations – issues that we've been talking about with customers for more than a year - a major offering like VMware Cloud on AWS really brings those requirements into sharp focus. | |||
|
2017-08-25 13:00:00 | Gartner Peer Insights for Enterprise Firewalls: See What Financial Services Leaders Are Saying About Fortinet (lien direct) | The financial services sector has unique security needs. Financial services firms are considered critical infrastructure by many governments, and therefore are bound by strict government cybersecurity regulations. They house highly personal information of their clients that has to be accurate and accessible at all times, as well as secure from new, sophisticated cyberattacks. Ensuring data security, accuracy, and compliance was simpler when there was a defined network that could only be directly accessed by bank employees. However, consumers... | |||
|
2017-08-24 13:00:00 | What Does a Ransomware Attack in Healthcare Really Cost? (lien direct) | Ransomware attacks are becoming more prolific in the healthcare sector to great cost. Learn how much ransomware really costs healthcare, as well as the best defense strategies. | |||
|
2017-08-23 13:05:00 | Deep Analysis of New Poison Ivy Variant (lien direct) | Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was being spread through a compromised PowerPoint file. We captured a PowerPoint file named Payment_Advice.ppsx, which is in OOXML format. Once the victim opens this file using the MS PowerPoint program, the malicious code contained in the file is executed. It downloads the Poison Ivy malware onto the victim's computer and then launches it. In this blog, I'll show the details of how this happens, what techniques are used by this malware, as well as... | |||
|
2017-08-23 12:55:00 | We Have Seen the Enemy, and It Is Us (lien direct) | Fortinet just released its Global Threat Landscape Report for Q2. Much of the data it provides is just what you'd expect. For example, FortiGuard Labs detected 184 billion total exploit attempts in Q2 from 6,300 unique and active exploits. Not only is this is an increase of 30% over Q1, with the growth of IoT and Shadownet resources we expect these numbers to continue to rise dramatically. In addition, 7 in 10 organizations experienced high or critical exploits during the quarter. By any measure, these are alarming numbers. | |||
|
2017-08-22 15:50:00 | The GDPR: Adding Teeth to Data Privacy (lien direct) | The Fortinet Security Fabric allows organizations to harness the collective power and intelligence of Fortinet's portfolio of security solutions to collect and correlate threat intelligence, actively detect and isolate threats, and automate a coordinated response across the entire network. Such an approach allows organizations to extend visibility deep into their infrastructure, and more importantly, into their data, so they know where it is, who and what have access to it. It also allows them to demonstrate compliance... | |||
|
2017-08-21 12:44:00 | Dissecting Our Q2 Threat Landscape Report (lien direct) | Today we released our Q2 Global Threat Landscape report for 2017. The data in our quarterly threat analysis is drawn from over 3 million network devices and sensors deployed within live production environments around the world. |
To see everything:
Our RSS (filtrered)
