Search This Blog

Thursday, November 16, 2017

Fireside Chat with Gibson Energy: Talking Data Center Consolidation, IoT and Cloud Security

Gibson Energy, a 60-year-old Canadian company, specializes in the transportation, storage, blending, processing, and distribution of crude oil and other refined products. The company, headquartered in Calgary, also offers oilfield waste and water management services.

https://blog.fortinet.com/2017/11/16/fireside-chat-with-gibson-energy-talking-data-center-consolidation-iot-and-cloud-security

Improve business productivity with IBM Cloud

Think you deleted that embarrassing WhatsApp message you sent? Think again

At the end of last month, to the undoubted delight of many users, WhatsApp began rolling out a long craved-for feature: the ability to “unsend” those messages that you almost instantly regret as soon as you hit the Send button.
The feature, which was rolled out on the latest versions of WhatsApp for iOS, Android, Windows Phone and desktop, simply requires the regretful messenger to tap and hold on the offending message, choose “Delete” and then select “Delete for everyone”.

https://www.welivesecurity.com/2017/11/16/whatsapp-deleted-messages/

BMC Mainframe Solutions Accelerate Secure Digital Experiences with IBM® z14™

BMC solutions protect customers' critical data and provide highest level of security and compliance

http://newsroom.bmc.com/phoenix.zhtml?c=253321&p=RssLanding&cat=news&id=2317315

Wednesday, November 15, 2017

BMC SURVEY: New Management Approaches, Intelligent Capabilities are Required for Multi-Cloud Environments

40 percent of IT decision makers do not know how much they are spending on cloud services
BMC recommends that organizations re-think their current multi-cloud management approaches to address new complexities
78 percent of global respondents are looking at applying artificial intelligence to manage multi-cloud environments

http://newsroom.bmc.com/phoenix.zhtml?c=253321&p=RssLanding&cat=news&id=2316699

Executive Insights: Stopping Threats Starts with Getting Back to the Basics

Over the past year there have been a large number of high profile security breaches. Millions of organizations have been impacted. Tens of millions of names along with personally identifiable information has been stolen. Billions of dollars in damages have resulted. It’s almost like we haven’t been investing more time and money into cybersecurity than ever.

https://blog.fortinet.com/2017/11/15/stopping-threats-starts-with-getting-back-to-the-basics

Spotlight: Fattmerchant Offers Subscription-based Payment Processing for Business

Subscription businesses have made an impact on nearly every industry, from music to beauty supplies. And now, the idea is coming to payment processing, thanks to Fattmerchant.
You can read more about the business and its unique way of serving merchants in this week’s Small Business Spotlight.

https://smallbiztrends.com/2017/11/flat-rate-credit-card-processing-fattmerchant.html

US rules on reporting cybersecurity flaws set to change according to source

UPDATE: Just after 9AM Washington, D.C. time the US government published three documents that describe its Vulnerabilities Equities Policy (VEP) and the process by which decisions about vulnerability disclosure are made. Here are the documents:

https://www.welivesecurity.com/2017/11/15/us-rules-reporting-cybersecurity-flaws-change-according-source/

Squarespace Launches New Mobile App for Tracking Customer Analytics

The redesigned mobile analytics platform from Squarespace gives you valuable insights into your website so you can make informed decisions about your small business.
The new Squarespace Analytics app delivers a range of metrics about your website on your iOS and Android mobile device. You can access the information any time no matter where you are by using the desktop analytic capabilities.

https://smallbiztrends.com/2017/11/squarespace-analytics-app.html

Crush Your Competition with these Website Building Basics

Let’s start this off on the right foot — your website is really important.
Once a customer chooses you over your competition in search, it’s extremely important that your website provide all the information and deep facts about your business in a way that’s easy to navigate. No argument.

https://smallbiztrends.com/2017/11/website-building-basics.html

US Vulnerability Equities Policy: transparency welcome, but serious questions remain

Here is a good essay question for students of cybersecurity and public policy: “Does the government jeopardize internet security by stockpiling the cybervulnerabilities it detects in order to preserve its ability to launch its own attacks on computer systems?”

https://www.welivesecurity.com/2017/11/15/us-vulnerability-equities-policy-questions-remain/

Azure IoT Edge brings AI and advanced analytics capabilities to the edge

Remote locations. Rugged job sites. Spotty connectivity. In many industries, such conditions are a reality, making Internet of Things scenarios such as cloud analytics and real-time response more costly and unpredictable. Today Microsoft announced the public preview of Azure IoT Edge, a new service that deploys cloud intelligence to local IoT devices via containers.

https://blogs.microsoft.com/iot/?p=24934

Creating A Better Cloud

Creating A Better Cloud: There’s a great deal of chatter out there about the cloud computing models, differing views and speculation about winning technologies and drivers of cloud adoption, as well as the direction of the industry.

Getting Ready for the Holidays: Your Safe Online Shopping Guide


https://blog.fortinet.com/2017/11/13/getting-ready-for-the-holidays-your-safe-online-shopping-guide

InfiniBand Accelerates 77 Percent of New High-Performance Computing Systems on TOP500 Supercomputer List

InfiniBand Connects 2 of the Top 5 Supercomputers, Including World's Fastest Supercomputer;
InfiniBand Connects 6 times more new HPC systems versus Proprietary Interconnects (June'17 - Nov'17); Mellanox Connects all 25 Gigabit and above Ethernet Systems

http://ir.mellanox.com/releasedetail.cfm?ReleaseID=1048461

New FortiGate 300E and 500E, the Next Era of NGFW Has Arrived

The sheer amount of data being communicated and processed around the world continues to grow at a staggering rate. The Internet stands as the primary driver of the global data explosion. But newer technologies that ride on the Internet, such as cloud computing, X-as-a-Service offerings, and Internet of Things (IoT), means that more sensitive and business critical information than ever is in motion within and beyond the traditional boundaries of individual enterprise IT infrastructures.

https://blog.fortinet.com/2017/11/13/new-fortigate-300e-and-500e-the-next-era-of-ngfw-has-arrived

Mellanox InfiniBand Solutions to Accelerate the World's Next Fastest Supercomputers

Mellanox InfiniBand Technology Delivers Breakthrough Performance and Advanced Accelerations to Accommodate the Department of Energy Computing Goals

http://ir.mellanox.com/releasedetail.cfm?ReleaseID=1048438

Deployment Collaboration With Lenovo Will Power Canada's Largest Supercomputer Centre With Leading Performance, Scalability for High Performance Computing Applications


http://ir.mellanox.com/releasedetail.cfm?ReleaseID=1048437

Mellanox InfiniBand to Accelerate Japan's Fastest Supercomputer for Artificial Intelligence Applications

Fujitsu Selects InfiniBand Smart Interconnect Solution due to its Superior Performance and Scalability

http://ir.mellanox.com/releasedetail.cfm?ReleaseID=1048436

Transparency of machine-learning algorithms is a double-edged sword

The European Union’s General Data Protection Regulation (GDPR), which will come into force on May 25, 2018, redefines how organizations are required to handle the collection and use of EU citizens’ personal data.
Debates around the GDPR focus mostly on the global reach of this legislation, the draconian fines it introduces, or its stricter rules for “informed consent” as a condition for processing personal data.

https://www.welivesecurity.com/2017/11/13/transparency-machine-learning-algorithms/

Tax Refund Phishing In Malaysia – How They Bypass The Two Factor Authentication Security System


https://blog.fortinet.com/2017/11/12/tax-refund-phishing-in-malaysia-how-they-bypass-the-two-factor-authentication-security-system

Multi-stage malware sneaks into Google Play

Another set of malicious apps has made it into the official Android app store. Detected by ESET security systems as Android/TrojanDropper.Agent.BKY, these apps form a new family of multi-stage Android malware, legitimate-looking and with delayed onset of malicious activity.
We have discovered eight apps of this malware family on Google Play and notified Google’s security team about the issue. Google has removed all eight apps from its store; users with Google Play Protect enabled are protected via this mechanism.

https://www.welivesecurity.com/2017/11/15/multi-stage-malware-sneaks-google-play/

The OnePlus 5T leaks before its Nov. 21st release date (Googlicious)



#Google


Thursday, November 9, 2017

Consider These 3 Benefits of Using AI in Ecommerce

Ecommerce continues its meteoric growth. As of 2016, online sales accounted for 8.3 percent of all sales in the United States.
Research firm, Forrester, predicts that online sales will skyrocket to $459 billion in 2017, totaling 12.9 percent of retail sales.

https://smallbiztrends.com/2017/11/ecommerce-ai.html

Twitter Promote Mode Automatically Boosts Small Business Tweets for $99 a Month

If you’re struggling with setting up a social media ad campaign, Twitter (NYSE:TWTR) has just introduced a solution right up your alley.
The new Twitter Promote Mode is an “always-on, amplification engine” which automatically boosts tweets and profiles.

https://smallbiztrends.com/2017/11/twitter-promote-mode.html

Wednesday, November 8, 2017

How to Learn from Dark Data Lurking in Your Small Business

It’s time to bring the data in your company out of the dark.
Yep — out of the dark.  At this very moment, most of your data is languishing in various systems.  It’s in your accounting system, your CRM system, your ERP system, it’s in your social media accounts, and it’s even in spreadsheets and other documents.

https://smallbiztrends.com/2017/11/dark-data-small-business.html

New Facebook Feature Allows Small Businesses to Integrate Messenger on Their Websites

Facebook (NASDAQ:FB) just introduced a new feature for its Facebook Messenger platform that will allow businesses to integrate Messenger into their own websites.

https://smallbiztrends.com/2017/11/facebook-messenger-customer-chat-small-business.html

Saturday, November 4, 2017

California Man Sentenced for Developing Malware and Infecting Computers

Department of Justice
U.S. Attorney’s Office
Western District of Pennsylvania

FOR IMMEDIATE RELEASE
Monday, October 30, 2017

California Man Sentenced for Developing Malware and Infecting Computers

PITTSBURGH - A resident of Santa Clara, California, has been sentenced in federal court to 24 months’ probation on his conviction of accessing a protected computer without authorization and initiating spam messages, Acting United States Attorney Soo C. Song announced today.
United States District Judge Arthur J. Schwab imposed the sentence on Sean Tiernan, age 29, of Santa Clara California.
According to information presented to the court, Tiernan, from his computer located in California, was involved in the development of malware, or a malicious computer program, which was programmed to infect computers at a rapid rate by spreading through the computer users’ use of social networking websites. Once a computer was infected with the malware, the malware was programmed by Tiernan to automatically communicate and receive direction from servers over the Internet which were controlled by Tiernan, without knowledge of the infected computers’ owners. The servers which the infected computers called back to were, in and of themselves, previously ‘hacked’, and were also being used without the knowledge of their legitimate owners. The combination of these hacked servers and malware-infected computers formed what is known as a "botnet”. This botnet was controlled by Tiernan and was used to transform the infected victims’ computers into proxy computers from which a high volume of spam (commercial electronic mail) messages could be sent over the Internet to other computers. Since on or about at least August 1, 2011, Tiernan would sell access to his botnet to those who sought to send out these commercial electronic email messages for their own personal commercial gain. At the time of the search of Tiernan's residence and computer via a search warrant on or about October 1, 2012, over 77,000 bots, or infected computers, were active in Tiernan's botnet. Each of these computers, along with the hacked servers used to control them, necessarily were “protected” computers because they were accessed over the Internet in order to be compromised without the owners’ consent. Several of these infected computers in Tiernan's botnet were located in the Western District of Pennsylvania.
Assistant United States Attorney James T. Kitchen prosecuted this case on behalf of the government.
Acting United States Attorney Song commended the Federal Bureau of Investigation for the investigation leading to the successful prosecution of Tiernan.

Tuesday, October 31, 2017

Antimalware Day: Genesis of viruses… and computer defense techniques

On November 3, 1983, Frederick Cohen, a student at the engineering school of the University of Southern California (USC), was sure that a malicious program could be used to exploit any connected system, but he wondered how long it would take for the code to do so.
He prepared a prototype that – after eight hours of hard work on a VAX 11/750 system running Unix – was ready to be shown at the weekly security seminar he attended. It was his lecturer, Leonard Adleman, who baptized that program as a computer virus.

https://www.welivesecurity.com/2017/10/31/antimalware-day-genesis-viruses/

Mellanox Technologies, Ltd. to Present at Upcoming Investor Conferences


http://ir.mellanox.com/releasedetail.cfm?ReleaseID=1046166

The ZTE Axon M Gives Small Business Owners a Mobile Option — with Dual Screens

For small businesses looking to get more done outside of the office, the new ZTE Axon M could be a critical innovation. It comes with two 5.2 inch displays. When fully open, the device actually turns into a small tablet. This phone can remove the strain of working on a small screen by taking advantage of both displays.
When it is folded, the Axon M looks like a standard smartphone and it pretty much has the same features. The transformation takes place when you unfold the back and it lights up to reveal a second screen of the same size.

https://smallbiztrends.com/2017/10/zte-axon-m-dual-screen-smartphone.html

Small Business Security Experts Discuss Importance of Identifying Needs First

Good security is just as important to a small business as solid marketing and a great product. The Electronic Security Association (ESA) recently hosted a roundtable of four American small business security experts. They discussed how small businesses’ should identify their security needs. Following are a few highlights that can help you get started.

https://smallbiztrends.com/2017/10/small-business-security-tips.html

Business Users, Twitter May be Miscalculating Your Reach

Twitter released its third quarter results report Thursday and revealed that it miscalculated the amount of users it had by millions.

https://smallbiztrends.com/2017/10/twitter-miscalculated-users.html

Russian trolls can go viral in 3 easy steps (The 3:59, Ep. 307)

Facebook increasing ad transparency, iPhone X repairs look pricey (Tech ...

Monday, October 30, 2017

Guardium Tech Talk - Advanced reporting (2 of 3)

Threat Hunting, the Investigation of Fileless Malware Attacks

Fileless Monero WannaMine, a new attack discovered by PandaLabs

https://www.pandasecurity.com/mediacenter/pandalabs/threat-hunting-fileless-attacks/

Halloween cyber security tricks to avoid being hacked

When it comes to cybersecurity, there are very few treats to be enjoyed.


https://www.pandasecurity.com/mediacenter/tips/halloween-cyber-security-tricks/

How Federal Agencies Can Use FortiMail to Comply with BOD-18-01

On October 16th, the U.S. Department of Homeland Security (DHS) announced its intention to have all federal agencies revamp their email security protocol. The Binding Operational Directive (BOD-18-01) will require all federal agencies to deploy STARTTLS, Secure Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication Reporting and Conformance (DMARC) within three months of the directive’s announcement. While having these email security features enabled is generally considered to be a cybersecurity best practice, many federal organizations do not currently have them in place. In fact, data shows that 82 percent of federal organizations do not use the DMARC protocol.

https://blog.fortinet.com/2017/10/30/how-federal-agencies-can-use-fortimail-to-comply-with-bod-18-01

Best Practices to Help Safeguard Your Organization for the Internet of Things

The Internet of Things is riddled with security challenges. Cybercriminals know this too, and have often been quicker to take advantage of vulnerabilities than we have been to fix them. For instance, according to Fortinet's Threat Landscape Report for the second quarter of 2017, 90% of organizations recorded attacks that targeted system and device vulnerabilities that were at least three years old, even though updates and patches had long been available. It's even more alarming that 60% of organizations reported attacks aimed at vulnerabilities that were 10 or more years old.

https://blog.fortinet.com/2017/10/30/get-serious-about-iot-security

Heathrow security plans ‘found on USB stick left in the street’

This weekend British tabloid newspaper The Sunday Mirror warned of a potential “risk to national security” after a memory stick containing sensitive information about Heathrow airport was reportedly “found in the street.”
If the report is to be believed, an unnamed unemployed man found a USB stick lying amid the leaves on Ilbert Street, in Queen’s Park, West London – miles away from Britain’s busiest airport.

https://www.welivesecurity.com/2017/10/30/heathrow-security-plans-found-on-usb-stick-left-in-the-street/

Fortinet A Premier Sponsor of AT&T’s Inaugural ‘The Summit’ Event

Fortinet is a Premier Sponsor of The Summit, the inaugural AT&T Business event that is bringing together 2500 thought leaders, influencers, and customers for three days to be inspired and informed about the future of technology and how it impacts the world. This premiere event is being held from October 30-November 2, 2017 at the Gaylord Texan Resort in Dallas, Texas.

https://blog.fortinet.com/2017/10/30/fortinet-a-premier-sponsor-of-at-t-s-inaugural-the-summit-event

5 Ways to Prepare Your Online Business for Increased Sales

U.S. ecommerce sales are expected to grow by about 3 percent this holiday season compared to last year, according to research from eMarketer. That’s pretty moderate growth. But small ecommerce businesses still need to be prepared for an influx of orders over the next few months if they want to reap the benefits of the busy holiday shopping season.

https://smallbiztrends.com/2017/10/getting-an-ecommerce-business-ready-for-the-holidays.html

ESET research team assists FBI in Windigo case – Russian citizen sentenced to 46 months


https://www.welivesecurity.com/2017/10/30/esets-research-fbi-windigo-maxim-senakh/

Windigo Still not Windigone: An Ebury Update

Back in February 2014, ESET researchers wrote a blog post about an OpenSSH backdoor and credential stealer called Linux/Ebury. Further research showed that this component was the core of an operation involving multiple malware families we called “Operation Windigo”. This led to the publication of a whitepaper covering the full operation.
In February 2017, we found a new Ebury sample, that introduces a significant number of new features. The version number was bumped to 1.6.2a. At the time of that discovery, the latest versions we had seen were 1.5.x, months before. After further investigation, we realized that its infrastructure for exfiltrating credentials was still operational and that Ebury was still being actively used by the Windigo gang.

https://www.welivesecurity.com/2017/10/30/windigo-ebury-update-2/

HP's Omen 17 gives great graphical grunt for under $2,000

Evasive Sage 2.2 Ransomware Variant Targets More Countries

The Sage ransomware variant appears to have been out of circulation for a while in the malware scene. Since we published our article on Sage 2.0 last February, and the discovery of version 2.2 in March, the FortiGuard Labs team hasn’t seen significant activity with this malware for over six months.

https://blog.fortinet.com/2017/10/29/evasive-sage-2-2-ransomware-variant-targets-more-countries

25 Android and iPhone Apps to Add a Second Phone Number for Business Only Calls

A smartphone is just as much a business communication device as it is a personal one. But using a single number for both on your phone is unprofessional and unnecessarily problematic. But smartphone technology and the many apps available in the marketplace allow you to easily get a second phone number avoiding these problems entirely.
If your phone can accept a second SIM card, you can get another number from your service provider. However, if you don’t want to use this option or can’t because you don’t have a secondary SIM slot, you can use an app to get a second number on your phone.

https://smallbiztrends.com/2017/10/second-phone-number-apps.html

Sunday, October 29, 2017

The DUHK Vulnerability

There have been some news items floating around the Internet discussing a weakness in the ANSI X9.31 random number generator (RNG) known as DUHK (for Don't Use Hard-coded Keys) that had affected older FortiGate devices.

https://blog.fortinet.com/2017/10/27/the-duhk-vulnerability

The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899)

Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data.

https://blog.fortinet.com/2017/10/25/the-analysis-of-apache-struts-1-form-field-input-validation-bypass-cve-2015-0899

The Analysis of Apache Struts 1 ActionServlet Validator Bypass (CVE-2016-1182)

Apache Struts 1 ValidatorForm is a commonly used component in the JAVA EE Web Application that requires validated form fields input by a user, such as a login form, registration form, or other information form. By configuring the validation rules, Apache Struts can validate many different kinds of fields - username, email, credit card number, etc. However, a bug in Apache Struts 1 can be used to manipulate the property of ValidatorForm so as to modify the validation rules, or even worse, cause a denial of service or execute arbitrary code in the context of the Web Application.

https://blog.fortinet.com/2017/10/25/the-analysis-of-apache-struts-1-actionservlet-validator-bypass-cve-2016-1182

Saturday, October 28, 2017

IBM Transforms FlashSystem to Help Drive Down the Cost of Data

IBM Transforms FlashSystem to Help Drive Down the Cost of Data

Data Center Modernization Solutions Deliver Support for Public Cloud, Containers and Machine Learning
ARMONK, N.Y. - 26 Oct 2017: IBM (NYSE: IBM) today announced sweeping advances in its all-flash storage solutions and software to significantly drive down the costs of data and extend its solutions for hybrid and private cloud environments.
  • New ultra-dense FlashSystem array capable of storing more data in the same footprint, contributes to lower data capacity costs by nearly 60 percent. [1]
  • New Spectrum Virtualize software allows simplified migration and disaster recovery of data to and from the IBM Public Cloud;
  • New software enables IBM and non-IBM storage to be used with popular Docker and Kubernetes containers environments;
  • Cloud-based software beta program integrates storage with artificial intelligence and machine learning through new software to collect inventory and diagnostic information in order to help optimize the performance, capacity and health of clients’ storage infrastructure.
“Companies are seeking guidance in modernizing their data from being a passive cost center to being the central hub for their business. IBM understands that only those that extensively analyze and exploit their data will benefit from it,” said Ed Walsh, GM, IBM Storage and SDI. “To help clients make this transformation, we are introducing new all-flash solutions that will dramatically lower the cost of storage systems while making data availability – whether on-site or in the cloud - a central part of their business strategy.”
In addition to the aforementioned features, updates to IBM Storage systems and software include:
  • New Platform Speeds Private Cloud Deployments – IBM Spectrum Access solutions offer what storage admins users need to deploy a private cloud quickly and efficiently, delivering the economics and simplicity of the cloud with accessibility, virtualization and performance of an on-premises implementation;
  • Consumption-Based Pricing – new utility offering enables a consumption-based buying model for hybrid cloud environments leveraging most of the IBM storage and VersaStack portfolios for users preferring to buy storage as an operating expense;
  • Consolidated User Interface – new interface for FlashSystem 900 consolidates activity and performance information in a single dashboard. Consistent with user interfaces used in other IBM storage systems and IBM Spectrum Storage software, the UI simplifies operations and helps improve productivity;
  • VersaStack with FlashSystem – incorporating the newest FlashSystem being announced today an extensive refresh to the IBM/Cisco VersaStack converged infrastructure offerings;
  • Investment Protection – several of the new all-flash storage and VersaStack solutions announced today are NVMe ready, enabling them to take advantage of the NVMe offerings coming in 2018.
“IT modernization has become a business necessity for us and IBM's newly announced provisioning of 3x more usable capacity in the same physical space presents an exciting opportunity,” said Nader El-Ramly,” Chief Product Officer at ZE PowerGroup. “We believe that maintaining the same characteristic low latency of previous FlashSystem generations without necessitating costly upgrades to rack space, cooling, and power or requiring a sacrifice of quality features like data reduction exemplifies IBM's deep understanding of modern client needs.”
“With this announcement, IBM is demonstrating, among other things, how highly leveraged their FlashCore strategy is,” said Eric Burgener, Research Director for Storage at IDC.  “Next generation FlashCore enhancements, including higher density 3D TLC NAND-based media and hardware-assisted in-line compression and encryption, immediately improve the capabilities of multiple IBM All Flash Arrays by providing features that drive higher infrastructure density and improved security more cost-effectively.”
IBM leadership in storage systems and software is based upon more than 380 system patents, including IBM FlashCore technology and more than 700 patents for IBM Spectrum Storage software. As a result IBM’s flash arrays have been ranked as Leader in Gartner Magic Quadrant for Solid State Arrays for four years in a row and for the 3rd year in a row has been named the#1 Software-Defined Storage vendor by IDC.
Availability
The new features to IBM’s all-flash systems and IBM Spectrum Storage software will be available in Q4. Clients interested in participating in the IBM beta program for cognitive support can inquire by visiting ibm.biz/FoundationPilot.
For more information about IBM Flash Storage please visit: https://www.ibm.com/storage/flash.   For more about IBM Spectrum Storage please visit: https://www.ibm.com/storage/spectrum.
 
[1] Applies to IBM FlashSystem 900, which is used in the IBM FlashSystem V9000 and IBM FlashSystem A9000

Protecting Higher Education Networks with Secure Access Architecture

Colleges and universities have unique wireless network and security needs. They are typically densely-populated and highly-collaborative environments. Students and faculty alike rely on a consistent wireless connection that allows them fast and constant communication with each other across campuses and buildings.

https://blog.fortinet.com/2017/10/27/protecting-higher-education-networks-with-secure-access-architecture

Why ICSA Advanced Threat Defense for Email is So Important

Verizon’s 2017 Data Breach Investigations Report found that two-thirds (66%) of all installed malware that successfully made its way past established defenses were delivered by email.  This is particularly concerning as our weekly FortiGuard Labs Threat Intelligence Brief lists ransomware downloaders –typically delivered via email – as consistently among the top 5 pieces of malware in most weeks.

https://blog.fortinet.com/2017/10/27/why-icsa-advanced-threat-defense-for-email-is-so-important

The Cybersecurity Skills Gap: Educating the next generation

Technological advancements are increasing rapidly, but the general population’s ability to utilize these new capabilities continues to lag behind. The growing number of recent cybersecurity attacks highlights a second gap; a shortage of skilled workforce in the cybersecurity industry, predicted to reach around 1.8 million workers by 2022.
There are numerous suggestions and ideas about how to close the gap, such as upskilling existing employees skill sets or utilizing automation. But a long-term strategy focused on training and educating the next generation will help to ensure enough people have the right skills for the future.

https://www.welivesecurity.com/2017/10/27/cybersecurity-skills-gap-educating-next-generation/

The Analysis of Apache Struts 1 Form Field Input Validation Bypass (CVE-2015-0899)

Apache Struts 1 is a popularly used JAVA EE web application framework. It offers many kinds of validators to filter user input by using the Apache Common Validator library, which is both convenient and fast. However, a bug in Apache Struts can be used to easily bypass the input validation process, allowing an attacker to submit arbitrary dirty data to the database, possibly resulting in a cross-site scripting attack when the user views the JSP file that refers directly to the corrupted data.

https://blog.fortinet.com/2017/10/26/the-analysis-of-apache-struts-1-form-field-input-validation-bypass-cve-2015-0899

The Analysis of Apache Struts 1 ActionServlet Validator Bypass (CVE-2016-1182)

Apache Struts 1 ValidatorForm is a commonly used component in the JAVA EE Web Application that requires validated form fields input by a user, such as a login form, registration form, or other information form. By configuring the validation rules, Apache Struts can validate many different kinds of fields - username, email, credit card number, etc. However, a bug in Apache Struts 1 can be used to manipulate the property of ValidatorForm so as to modify the validation rules, or even worse, cause a denial of service or execute arbitrary code in the context of the Web Application.   

https://blog.fortinet.com/2017/10/26/the-analysis-of-apache-struts-1-actionservlet-validator-bypass-cve-2016-1182

To what extent are smartphone shaping our lives?


https://www.pandasecurity.com/mediacenter/mobile-security/how-dependant-on-your-cellphone-are-you/

CHIME 17 Event Preview: Understanding Your Patients’ Cybersecurity Concerns

Healthcare and IT are becoming increasingly intertwined as technology enables patient-centric care, more efficient hospital workflows, and greater visibility into effective treatment plans through data analytics. Moreover, as digital transformation initiatives take effect across industries, increased technical capabilities will be necessary to remain competitive.

https://blog.fortinet.com/2017/10/26/chime-17-event-preview-understanding-your-patients-cybersecurity-concerns

Tracking the Bad Rabbit

A new ransomware campaign dubbed “Bad Rabbit” has hit a number of high profile targets in Russia and Eastern Europe. First detected on October 24th, 2017, Bad Rabbit was originally detected in Russia and Ukraine, along with a small number of infections reported in parts of eastern Europe, Turkey, and Germany. However, the attack now appears to be spreading to other regions, including reports from South Korea and the US.

https://blog.fortinet.com/2017/10/25/tracking-the-bad-rabbit

Threat Information Sharing Can Change the Security Landscape

One of the biggest security challenges IT teams face is simply staying a step ahead of the cybercriminal community. Of course, digital transition continues to compound this problem by continually expanding the potential attack surface. And at the same time, the cybercriminal community continues to up their game with increasingly sophisticated exploits designed to circumvent security solutions and evade detection.

https://blog.fortinet.com/2017/10/25/threat-information-sharing-can-change-the-security-landscape

Cloud Migration a Challenge to Many

In May, the President signed an Executive Order aimed at enhancing cybersecurity at Federal government agencies.  Of its handful of mandates, migration of computing resources to the cloud is likely to have the most sweeping Federal impact. While Federal agencies are feeling the pressure to accelerate their plans to shift to the cloud, they understand that they need to do so with minimal disruption. In a recent survey conducted by MeriTalk and Fortinet, 70 percent of Federal IT decision makers believe that the majority of Federal agencies will rely on hybrid cloud environments to power core applications over the next decade.

https://blog.fortinet.com/2017/10/24/migrating-to-the-cloud-without-an-all-at-once-or-all-or-nothing-approach

Friday, October 27, 2017

Food Services Giant Moves Securely to the Cloud Over a Single Weekend

When one of the world’s largest food services companies needed a better way to connect its vast distributed network of operations, it turned to Microsoft Azure and Fortinet to "move the entire organization to Azure on a single weekend morning: no issues, no downtime, no fuss!” 

https://blog.fortinet.com/2017/10/26/food-services-giant-moves-securely-to-the-cloud-over-a-single-weekend

How to secure your router to prevent IoT threats?

Earlier this year I was forced to buy a new router for my home. As it is, with so many devices to connect, the old TP Link no longer provided me with what I needed. Two computers, three cell phones, video game console, TV, Chromecast, stereo, smart lights, thermostat, smartwatch… There are 13 computers permanently connected in 50 square meters, regardless of when guests come and the first thing they ask for is the key to Wi-Fi.
After several sittings to analyze the characteristics of many devices, I decided on the OnHub router from Google, since it is a computer built for the Internet of Things and besides supporting more than 30 connected devices simultaneous , is considered one of the safer products on the market.

https://www.welivesecurity.com/2017/10/26/secure-your-router-prevent-iot-threats/

National Cybersecurity Awareness Month Twitter Chats part 4

Welcome to the fourth part in our series containing short blogs from Twitter chats we took part in to mark the 14th National Cybersecurity Awareness Month (NCSAM). The National Cyber Security Alliance (@NatlCyberSecAlliance) is once again hosting a series of Twitter chats every Thursday in October using the hashtag #ChatSTC (moderated by @STOPTHNKCONNECT), in which ESET researchers are once again participating.

https://www.welivesecurity.com/2017/10/26/ncsam-twitter-chats-part4/

The Scariest Cyber Nightmares in Recent Years



https://www.pandasecurity.com/mediacenter/adaptive-defense/cyber-nightmares-halloween/

Google Pixelbook review

Thursday, October 26, 2017

YouTube Virus: Can I Get One?


https://www.pandasecurity.com/mediacenter/mobile-news/youtube-virus-tips/

Canadian SMBs: How technology can help you stay energized

Getting any business up and running is a major challenge, but keeping it going from strength to strength is just as difficult, and requires owners to remain energized as they strive to improve all aspects of the company.
This is a crucial mindset to have as a company looks to establish itself within an ever-evolving market. Canadian small and medium businesses (SMBs) use a multitude of skills and resources to continuously improve all aspects of their companies’ performance. One of the most critical areas for these owners to focus on is implementing the latest technology — as this will help them improve their product or service, and improve customer retention with help from their customers.

https://www.welivesecurity.com/2017/10/25/how-technology-can-help-you-stay-energized/

Bad Rabbit: Not-Petya is back with improved ransomware

A new ransomware outbreak today and has hit some major infrastructure in Ukraine including Kiev metro. Here are some of the details about this new variant.

https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/

The Google Pixel 2 has a display problem (The 3:59, Ep. 306)

Pressure builds on iPhone X after weak iPhone 8 sales



#apple #smartphone #iphone

Katie Linendoll is excited about "Data Science for All" on November 1st

Introducing the "Face" of Big SQL - Data Server Manager

Solve your productivity challenges with AI

Hackers hit plastic surgery, threaten to release patient list and photographs

London Bridge Plastic Surgery & Aesthetic Centre (LBPS) in Wimpole Street, London, is a favourite haunt of surgery-addicted celebrities seeking facelifts and breast augmentations.
Famous clients include publicity-shy glamour model/author/reality TV star Katie Price, who just a few months ago made a video endorsing the surgery for her “silhouette face lift”.

https://www.welivesecurity.com/2017/10/24/plastic-surgery-hacking-dark-overlord/

Preordering the iPhone X? Good Luck! You'll need it (Apple Byte)



#apple #smartphone #iPhone #iPhoneX


Apple Co-Founder Steve Wozniak Says He Won't Be Upgrading To The iPhone ...



#Apple #smartphone #iPhone #iPhoneX


Toni Sacconaghi: IPhone X Price Could Be Dissuading Upgraders | CNBC



#Apple  #iPhone #iPhoneX


Wednesday, October 25, 2017

Bendigo and Adelaide Bank find rapid innovation at the IBM Garage

Securing the IoT | Internet of Things | CyberSecurity

Apple relaxes Face ID requirements, says report

Adding Firewall Policies to FortiManager Policy Package



#Cybersecurity

Optimize Your Future by Making Better Decisions Now with IBM SPSS

Bring apps to market faster with Inversoft Passport on IBM Cloud

Apple says "arrive early" for iPhone X, new Uber driver charges



#news #business #technology

IBM Security helps Wimbledon focus on the court, not the cloud.



#cybersecurity


USA Cycling medals at the Olympics with IBM Cloud's help

Introducing IBM Cloud App ID

Transform your data with IBM Garage's Data Science Insights MVP

Virtual gaming on the IBM Cloud Platform

Big SQL for Experienced Data Warehouse DBAs

Model Management in IBM DSX Local

The Pixel 2 XL has screen burn-in, and it's a big problem (Googlicious)



#Google


Kiev metro hit with a new variant of the infamous Diskcoder ransomware

Several transportation organizations in Ukraine and as well as some governmental organizations have suffered a cyberattack, resulting in some computers becoming encrypted, according to media reports.
Public sources have confirmed that computer systems in the Kiev Metro, Odessa airport and also a number of organizations in Russia are affected.

https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/

Android Parental Controls and Virus Protection


https://www.pandasecurity.com/mediacenter/mobile-news/android-parental-control/

National Cybersecurity Awareness Month Twitter Chats part 3

The third part in our series of short blogs from Twitter chats we have had to mark the 14th National Cybersecurity Awareness Month (NCSAM). The National Cyber Security Alliance (@NatlCyberSecAlliance) is once again hosting a series of Twitter chats every Thursday in October using the hashtag #ChatSTC (moderated by @STOPTHNKCONNECT), in which ESET researchers are once again participating.
In the first two parts of our series we have looked at the role an everyday internet user has in making the internet a safer place, and ID theft. This time around we focus on the role everyone has when it comes to cybersecurity best practices in the workplace.

https://www.welivesecurity.com/2017/10/24/ncsam-twitter-chats-part3/