During the last few months, FortiGuard Labs discovered and reported multiple use-after-free (UAF) vulnerabilities found in different versions of Microsoft Word. These vulnerabilities were patched in the January and March security updates, respectively. These patches are rated as critical/important, and as always, we urge users update Microsoft Office as soon as possible.
Organizations today are not only aggressively moving many of their workloads to the cloud, but many of them are doing so using a multi-cloud model. They leverage one provider for specific functionality and another for location or for cost. At the same time, critical data is being distributed and processed across a variety of additional cloud-based applications and services. Nearly all of them have some sort of a private cloud as well, with nearly half using multiple hypervisors to manage those environments.
The volume of cyberattacks is growing at an unprecedented rate, increasing as much as nearly 80% for some organizations during the final quarter of 2017. One reason for this acceleration in the attack cycle is that in order for malware to succeed today it needs to spread further and faster than even before. This allows cybercriminals to stay a step ahead of new efforts by vendors to improve their delivery of updated signatures and patches.
The evolution of malware is being fueled largely by the proliferation of IoT. According to Gartner data, there were about 8 billion connected “things” in 2017. But that number is expected to nearly triple to more than 20 billion in just the next two years, which averages out to roughly three connected devices per person on Earth. Simply put, the opportunity for cybercriminals to enter networks and steal data or hold segments (or the entirety) of the network hostage is growing at an exponential rate, with no signs of slowing down.
Federal agencies are under pressure to make a timely, secure shift to the cloud with minimal disruption. For many, however, this is easier said than done. With a wide array of data that falls under a variety of privacy and protection regulations, "how?" is a complicated question.
We recently received a malware sample recently that had been packed and compiled on Tue Feb 06 2018. After unpacking it, we found that it contained a version of the Dreambot/Ursnif trojan, which had a compilation date of Tue Oct 10 2017, suggesting that existing versions of Dreambot are now being packaged with brand-new droppers.
This is the first conference where I have heard so much about hacking robots! Between yesterday and today, we've had: • Robotnikoff at Troopers: robots, security, and privacy - Brittany Postnikoff • Hacking Robots Before Skynet - Lucas Apa • Breaking the Laws of Robotics: Attacking Industrial Robots - Davide Quarta
Watch the video in this post to hear from Fortinet’s Troy Roberts, VP of Enhanced Technologies, as he discusses the challenges facing healthcare organizations in 2018 and how to overcome them.