Time and time again, the old methods of identifying who you are have fallen prey to various attacks and breaches. Simply having a login name and a password, even a strong password – one that doesn’t contain words from the dictionary, and consists of upper case letters, lower case letters, numbers, and special symbols like exclamation points, ampersands or other non-alphanumeric characters – is often no longer strong enough to prevent a breach. You could have an incredibly strong passwo…
DDoS: A Brief History, Part II
In our last blog, we discussed DDoS, detailing the chronology of the DDoS attack from an early attack used by hackers to gain notoriety and wreak havoc to a sophisticated cybercrime tool used for monetary gain. In this Part II, gathered from information provided by FortiGuard AV analyst Karine de Ponteves, we discuss the latest iteration of DDoS – specifically, how the attack is leveraged to disrupt government and corporate systems to make a political statement and mobilize users to action –…
Sandboxing Technologies, Techniques Get Another Look
Neil MacDonald, a vice president at Gartner, wrote in a blog last week the idea of sandboxing potentially malicious content and applications isn’t new, but interest in this type of approach – particularly on Windows desktops – is on the rise. A growing number of virtualization and abstraction techniques available on Windows, he wrote, create isolation to provide security separation. FortiGuard Labs describes sandboxing as a practice employed by security technology to separate running progra…
Insomni’hack 2013
Insomni’hack 2013 took place last week at Geneva and I had the opportunity to attend. Insomni’hack DAY 1 consisted of one day workshops on subjects ranging from “Linux exploitation” to “How to make sure your Pentest Report is never empty”. I had the chance to attend a workshop on “Practical ARM exploitation” given by black Steve (@s7ephen) and white Steve (Stephen Lawler)
2013 BlackHat Europe
BlackHat Europe was last week, and Fortiguard Labs members were there for the briefings. Again this year, the 2 days event took place in Amsterdam downtown
Deloitte Survey Finds Breaches Across Industries
A mid-February 2013 Deloitte Tech Trends poll of 1,749 business executives found more than one in four report their organizations were the victims of at least one cyber attack in the past year. Nine percent report multiple breaches, and 17 percent say they are not confident their organizations could detect an attack
Network World Security Landscape Video Podcast (March)
In this month’s Network World Security Landscape video podcast, reporter Keith Shaw speaks with Fortinet’s Derek Manky on trends he saw at this year’s RSA tradeshow, a new Claco cross platform botnet that’s migrating from the smartphones to PCs, the recent Evernote hack and the recent trend of companies migrating to two factor authentication.
Cloud Security Alliance (CSA) says Data Breach, Loss Top Cloud Threat List
A new survey of industry experts from the Cloud Security Alliance (CSA) finds data breach and data loss at the top of nine critical threats to cloud security. Cloud computing is more mainstream among businesses and government now than ever before. CSA’s “The Notorious Nine: Cloud Computing Top Threats in 2013” report details the development of the cloud service model and how it delivers business-supporting technology more efficiently.
RSA Conference 2013: New Threats, New Solutions
The keynote speakers have gone home, the parties have ended, and another RSA Conference 2013 is over. By all reports, this year set records for attendance and business conducted. With a complex and evolving threat landscape and the accelerating adoption of disruptive technologies, exhibitors had a field day on the show floor with sophisticated releases that vied to differentiate in the burgeoning security markets
One Brand of Firewall is a Best Practice
In case you haven’t seen it, there’s an interesting research note authored by Greg Young of Gartner that posits “one brand of firewall is a best practice for most enterprises.” And, in particular we have to agree. Why? Let’s go back to 1999 and see. Taking a quote from Bruce Schneier’s, A Plea for Simplicity, “the worst enemy of security is complexity.” Thirteen years later, Gartner also seems to agree; saying basically that having different firewall platforms increases configuration and m…