Organizations today face an unprecedented volume of increasingly sophisticated threats as they conduct online operations. As the potential attack surface expands and attack volumes increase, it is imperative to track the most popular and successful strategies of cybercriminals to stay ahead of their malicious intentions.
The EDUCAUSE Security Professionals Conference is coming up! Get a preview of the themes and events of this year’s conference, as well as what Fortinet will be there to discuss.
Not long after a new strain of the Akuma malware was discovered targeting ZyXEL devices with a new series of login/password attacks, FortiGuard Labs last week also began detecting strange scanning activities on uncommon TCP ports 52869 and 37215. We and other threat research teams quickly began to suspect that these were tied together, and that there was a new botnet out there.
To keep up with this threat landscape, your customers’ IT teams require security solutions that can provide real-time visibility into network activity and regulatory compliance, as well as automatically initiate a response to security events, to increase the overall efficiency of IT management teams. In order to effectively manage network security, compliance, and performance, your customers should consider implementing a SIEM (security information and event management) solution that features automation, scalability, and actionable intelligence
The majority of these breaches have one thing in common. IT teams are failing to practice basic security hygiene. Cybercriminals target known vulnerabilities because they know that most organizations will have failed to patch or replace their vulnerable devices. WannaCry targeted a vulnerability for which a patch had been available for months. Shame on them. But Petya followed a month later and targeted the exact same vulnerability. And millions of devices were still affected. So, shame on us.
Welcome back to our monthly review of some of the most interesting security research publications.
Introduction Last month, iSightPartners revealed a Microsoft Office zero-day leveraged in a targeted attack by a Russian cyber espionage team. This vulnerability has been patched in Microsoft bulletin MS15-070. CVE-2015-2424 was assigned to this vulnerability. In this blog post, we will discuss the nature of the vulnerability to give some insights to other researchers for understanding and detecting this specific Word vulnerability. Multi-directory entries chaining We first extracted the embedded objects inside the exploit document...