Industry Trends

The Critical Need for Threat Intelligence

Information sharing is one of the most critical elements of any security strategy. Without it, security has to be painted with abroad brush when literally anything is possible. Being able to compare the device or network you are trying to protect against a set of threats that are known to be currently active is invaluable in pitting the right resources and countermeasures against the appropriate target.

By Derek MankyApril 19, 2018

Industry Trends

Are Endpoints Integrated Into Your Network Security Strategy?

Endpoint security is the responsibility of far more than the endpoint or desktop IT team. In fact, it is required to be understood and leveraged by anyone who is responsible for the organization’s network security. These groups need better visibility, compliance, controls and response across the entire distributed network, including on and off network endpoints. More than simply protecting individual devices, a true endpoint security solution continually assesses and ensures the integrity, confidentiality, and availability of enterprise data, network resources, and information systems.

By John MaddisonApril 17, 2018

Threat Research

Searching for the Reuse of Mirai Code: Hide ‘N Seek Bot

At FortiGuard Labs we were interested in searching out other malware that leverages Mirai code modules. Interestingly, one of the families that showed up in our search was the Hide ‘N Seek (HNS) bot, which was discovered in January of 2018. HNS is a complex botnet that uses P2P to communicate with peers/other infected devices to receive commands. In this article, I will discuss how the Mirai bot code was used in this HNS bot.

By Jasper ManuelApril 16, 2018

Industry Trends

Recent Healthcare Regulations and Guidelines Providers Should Be Aware Of

Healthcare has long been a regulated space due to the sensitive personal information collected and stored. Top of mind when thinking of healthcare regulations is HIPAA, which provides comprehensive and mandatory standards for ensuring the security and privacy of protected health information (PHI). Noncompliance can result in heavy fines, as well reputational damage.

By Jonathan Nguyen-DuyApril 13, 2018

Industry Trends

Cloud-Based Malware Weather Forecast for Financial Firms

The explosion of new applications and connected IoT devices has created a wealth of data that, when analyzed, provides businesses with critical insights into consumer behaviors and interests, allowing them to create more customized offerings. Combined with the accelerated adoption of solutions across IaaS, PaaS and SaaS, the cloud is here to stay. However, this also means that cybercriminals will continue to attack the cloud.

By Aamir LakhaniApril 13, 2018

Industry Trends

Looking Back to Look Ahead: Cyber Threat Trends to Watch

Organizations today face an unprecedented volume of increasingly sophisticated threats as they conduct online operations. As the potential attack surface expands and attack volumes increase, it is imperative to track the most popular and successful strategies of cybercriminals to stay ahead of their malicious intentions.

By Derek MankyApril 12, 2018

Threat Research

Microsoft Windows JET Database Engine Heap Overflow Vulnerability

At the end of 2017, the FortiGuard Labs team discovered a heap overflow vulnerability in Microsoft Windows JET Database Engine and reported it to Microsoft following Fortinet’s responsible disclosure process. On April 10, 2018, Microsoft released an advisory that contains the fix for this vulnerability and identifies it as CVE-2018-1003.

By Honggang RenApril 11, 2018

Industry Trends

The Opportunity to Create Safer Schools and Campuses with Physical and Cybersecurity Solutions

Educators across the country are challenged to ensure students have access to safe and productive environments where they can advance their education and careers. In 2018, achieving this goal is becoming increasingly difficult. Maintaining efficient security means schools and universities need a combination of physical and cybersecurity solutions that work together to keep students and faculty safe without causing the environments to become less conducive to student success.

By Jonathan Nguyen-DuyApril 10, 2018

Industry Trends

The Darkweb and Tax Season

It seems like every season has an angle that hackers and scammers use to prey on unsuspecting individuals. We just managed to make it through the holiday season and now we are besieged with people trying to take advantage of us during tax season.

By Aamir Lakhani April 09, 2018

Threat Research

You Will Fall For This One Day...

A couple of days ago, a friend of mine, James, was the victim of a scam and gave away his credit card number and CVC. The interesting part is that he is not the "standard" victim, but a very security aware person: he's a researcher on the security of embedded systems, a CTF player, and he cares for his privacy. Nevertheless, he fell into the trap of a phishing scam, and the story tends to prove that we will all likely fall for one of these one day. The only difference between James and the ordinary online shopper is that, the next day, he was uneasy with the situation and decided to investigate more.

By Axelle ApvrilleApril 09, 2018