Latest Posts


Summer is upon us – a time for family, fun and travel. Whether you’re going around the block or around the world, odds are you’re taking your work laptop (just in case). And of course, you’re taking your smartphone. Maybe you’ll want to check email on your phone using the hotel’s public WiFi. Maybe the kids want to play an online game on that laptop.  If you haven’t exercised good cybersecurity hygiene, though, you could be opening yourself up to all kinds of fun-zapping connectivity catastrophe... [Read More]
by RSS Anthony Giandomenico  |  Jun 23, 2017  |  Filed in: Industry Trends
Welcome back to our monthly review of some of the most interesting security research publications. This month, let's do a bit of crypto... Past editions: April 2017 March 2017 P. Carru, Attack TrustZone with Rowhammer Rowhammer is an attack on DRAM, which consists in repeatedly accessing given rows of the DRAM to cause random bit flips in adjacent rows. Until now, the attack hadn't been demonstrated on ARM's TrustZone: but that's what the author implemented. He demonstrated that, using... [Read More]
by RSS Axelle Apvrille  |  Jun 22, 2017  |  Filed in: Industry Trends
Today’s healthcare networks are intricate ecosystems of different networks comprised of a wide variety of connected devices and moving data, but they weren’t always this open. The industry as a whole has had to rapidly shift gears. Healthcare data now flows faster than ever, and it isn’t slowing down. As a result, the role of the healthcare chief information officer (CIO) has had to expand and adapt. As networks expand and connected devices permeate the healthcare landscape, the CIO will continue to play an increasingly important... [Read More]
by RSS Susan Biddle  |  Jun 22, 2017  |  Filed in: Industry Trends
This past June 17th and 18th, 2017, Google hosted their second annual Capture The Flag (CTF) competition. The Google team created security challenges and puzzles that contestants were able to earn points for solving. It’s a clever way to leverage the security community to help protect Google users, and the web as a whole. Last year, over 2,400 teams competed, and this year the number was even higher. FortiGuard Labs decided to pull together a team and then write up a report on the experience. So, first things first, this challenge was... [Read More]
by RSS Kushal Arvind Shah  |  Jun 21, 2017  |  Filed in: Security Research
Blockchain is a shared and continuously reconciled database used to maintain a list of digital records, called blocks. It is quickly becoming an important tool not just for financial information, but also for managing and recording virtually all types of data, such as medical and other records, identity management, and transaction processing. Because a blockchain database is distributed and interconnected, it provides several essential services. The first is transparency. Because data is embedded within the network as a whole, it is by definition... [Read More]
by RSS Hemant Jain  |  Jun 20, 2017  |  Filed in: Industry Trends
In the context of digital trust, effective cybersecurity can become an essential enabler of digital transformation. In other words, if organizations and users can’t trust their data, and trust that it is safe, they will not engage, and the Digital Economy will fail. [Read More]
by RSS Drew Del Matto  |  Jun 19, 2017  |  Filed in: Industry Trends
Nine out of ten healthcare organizations have suffered a breach in the past two years, according to a new Ponemon study, and the data shows that these breaches could be costing the industry upwards of $6 billion. When analyzing the sources of these breaches, it should come as no surprise that criminal attacks represent more than half of the total as healthcare records provide a treasure trove of valuable data. The remainder of the breaches tends to result from internal issues like employee mistakes, third-party snags, and stolen connected devices. While... [Read More]
by RSS Susan Biddle  |  Jun 16, 2017  |  Filed in: Industry Trends
The Department of Homeland Security (DHS) has identified 16 sectors that have been determined to be designated as critical infrastructure due to the debilitating effect on security, national economic security, national public health or safety, or any combination that would result from any of these sectors being compromised. Included in this list of 16 is the Government Facilities Sector, which covers, “a wide variety of buildings, located in the United States and overseas, that are owned or leased by federal, state, local, and tribal governments.”... [Read More]
by RSS Susan Biddle  |  Jun 15, 2017  |  Filed in: Industry Trends
Summary In December 2016, FortiGuard Labs discovered and reported a WINS Server remote memory corruption vulnerability in Microsoft Windows Server. In June of 2017, Microsoft replied to FortiGuard Labs, saying, "a fix would require a complete overhaul of the code to be considered comprehensive. The functionality provided by WINS was replaced by DNS and Microsoft has advised customers to migrate away from it." That is, Microsoft will not be patching this vulnerability due to the amount of work that would be required. Instead, Microsoft... [Read More]
by RSS Honggang Ren  |  Jun 14, 2017  |  Filed in: Security Research
The recent WannaCry attack was interesting for a couple of reasons. First, the speed and scale of the attack was impressive. Over the course of a couple of days, hundreds of thousands of systems were affected and disrupted. Second, it also unveiled a disturbing trend. The attack malware exploited a known vulnerability that not only had been revealed through the highly public release of stolen cyber tools, but Microsoft had also released a patch for the targeted vulnerability over two months before. Which means that the scale of the attack was... [Read More]
by RSS Derek Manky  |  Jun 14, 2017  |  Filed in: Industry Trends