Fortinet

Credit to Author: Derek Manky| Date: Mon, 30 Oct 2017 12:55:59 +0000

Today, the billions of online IoT devices present an even more daunting challenge because they generally don't receive the level of control, visibility, and protection that traditional systems receive. Coupled with widespread automation-based attacks, the potential for damage is even greater. Recent developments, outlined below, reveal why it's time to take IoT security seriously.

Credit to Author: Felipe Fernandez| Date: Mon, 30 Oct 2017 12:55:59 +0000

On October 16th, the U.S. Department of Homeland Security (DHS) announced its intention to have all federal agencies revamp their email security protocol. The Binding Operational Directive (BOD-18-01) will require all federal agencies to deploy STARTTLS, Secure Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) within three months of the directive’s announcement. While having these email security features enabled is generally considered to be a cybersecurity…

Credit to Author: Derek Manky| Date: Mon, 30 Oct 2017 12:55:59 +0000

Today, the billions of online IoT devices present an even more daunting challenge because they generally don't receive the level of control, visibility, and protection that traditional systems receive. Coupled with widespread automation-based attacks, the potential for damage is even greater. Recent developments, outlined below, reveal why it's time to take IoT security seriously.

Credit to Author: Jennifer McDonald| Date: Mon, 30 Oct 2017 12:00:59 +0000

Fortinet is a Premier Sponsor of The Summit, the inaugural AT&T Business event that is bringing together 2500 thought leaders, influencers, and customers for three days to be inspired and informed about the future of technology and how it impacts the world. This premiere event is being held from October 30-November 2, 2017 at the Gaylord Texan Resort in Dallas, Texas.

Credit to Author: Floser Bacurio Jr., Wayne Low, and Jasper Manuel | Date: Sun, 29 Oct 2017 16:00:00 +0000

FortiGuard Labs just recently found new Sage ransomware samples that, while they appear to still be Sage 2.2, now have added tricks focused on anti-analysis and privilege escalation. In this article, we will share our findings of these recent updates.

Credit to Author: Susan Biddle| Date: Fri, 27 Oct 2017 12:55:59 +0000

Colleges and universities have unique wireless network and security needs. They are typically densely-populated and highly-collaborative environments. Students and faculty alike rely on a consistent wireless connection that allows them fast and constant communication with each other across campuses and buildings. They require access to various online resources and publications to conduct research for assignments and lesson plans, as well as access to various applications and software solutions to record, present, and share their findings. Furthermore,…

Credit to Author: David Finger| Date: Fri, 27 Oct 2017 12:50:59 +0000

Verizon’s 2017 Data Breach Investigations Report found that two-thirds (66%) of all installed malware that successfully made its way past established defenses were delivered by email.  This is particularly concerning as our weekly FortiGuard Labs Threat Intelligence Brief lists ransomware downloaders –typically delivered via email – as consistently among the top 5 pieces of malware in most weeks. {Update chart and excerpt closer to publication date} The reality is that while brand new attacks like WannaCry and Petya…

Credit to Author: Dehui Yin| Date: Wed, 25 Oct 2017 11:50:59 +0000

Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data.