fortiguard | Page 2


Summary On March 24 2017, I discovered and reported on a remote password change vulnerability in Hewlett-Packard Enterprise’s (HPE) Vertica Analytic Database. This week, HPE released Security Bulletin HPESBGN03734, which contains the fix for this vulnerability and identifies it as CVE-2017-5802. Fueled by ever-growing volumes of Big Data found in many corporations and government agencies, HPE’s Vertica Analytics Platform provides an SQL analytics solution built from the ground up to handle massive volumes of data and delivers blazingly... [Read More]
by RSS Honggang Ren  |  Apr 20, 2017  |  Filed in: Security Research
Back in February, more than 40,000 healthcare IT professionals, vendors, clinicians, and executives from around the world gathered in Orlando for the 2017 HIMSS conference. Fortinet, as well as its employees and customers, were once again in attendance to learn about the current state of the healthcare industry. We caught up with two Fortinet customers, Tom Stafford, Vice President & CIO of Halifax Health, and Josh Kinsler, Security Engineering Manager at Community Health Network, to hear what’s on the minds of today’s CIOs and... [Read More]
by RSS Susan Biddle  |  Apr 18, 2017  |  Filed in: Industry Trends
On February 21, Hussein Syed, Chief Information Security Officer at Barnabas Health System, and Ladi Adefala, Senior Security Strategist at Fortinet, led a roundtable discussion at HIMSS17 about the evolving challenges of securing the next-generation healthcare enterprise. The session was geared toward providing attendees with information around the current threats targeting the healthcare industry, how organizations can align security to the progressive business model, and the emerging trends in security practices that are protecting organizations... [Read More]
by RSS Susan Biddle  |  Apr 05, 2017  |  Filed in: Industry Trends
Digital Video Recorders / Network Video Recorders (DVR/NVR) Back in 2015, our telemetry detected a relatively small number of IPS signature hits on known vulnerabilities targeting DVR/NVR devices (~ 749 hits). In 2016, however, we saw this number increase alarmingly to around 1.5 million hits. By using a size comparison chart again, we can see the huge increase more clearly when we compare both years, as shown below: The question, of course, is what contributed to this huge increase in detected hits? Once again, let’s look at the... [Read More]
by RSS Gavin Chow  |  Mar 24, 2017  |  Filed in: Security Research
All users of vulnerable versions of the Microsoft Windows Server are encouraged to upgrade to the latest version of this software. Additionally, organizations that have deployed Fortinet IPS solutions are already protected from this vulnerability. [Read More]
by RSS Honggang Ren  |  Mar 23, 2017  |  Filed in: Security Research
More than any other database containing sensitive information for a large quantity of people, electronic health records (EHRs) are an especially attractive target for hackers. The patient data they hold can be used for financial gain, as recent reports show that stolen healthcare databases are being sold on the deep web for as much as US$500,000. But we’ve also seen a number of instances where large data breaches have occurred at the hands of state actors looking to collect data for espionage purposes. No matter the reasoning behind... [Read More]
by RSS Susan Biddle  |  Mar 21, 2017  |  Filed in: Industry Trends
As a product manager, the start of the year is a time to take a few breaths and reflect on the successes or failures of the past year and plan for future projects.  When we have invested so much effort into our products, we know their strengths, but spending so much time in such close proximity to a solution can also make one a bit blinkered. Which is why it is always important to get outside opinions on your progress as a sanity check. Of course, customer feedback is essential, and always very welcome, but it was particularly satisfying to... [Read More]
by RSS Carl Windsor  |  Mar 15, 2017  |  Filed in: Industry Trends
Attacks targeting and originating from IoT devices began grabbing news headlines toward the last quarter of 2016. Insecure IoT devices became the low-hanging fruit for threat actors to easily exploit. Some were even notoriously used as botnets to launch DDoS attacks against selected targets. For example, the infamous Mirai botnet exploited weak login vulnerabilities in insecure IoT devices such as IP cameras and home routers, and was responsible for one of the largest known DDoS attacks to date. Besides being used in DDoS attacks, exploited IoT... [Read More]
by RSS Gavin Chow  |  Mar 06, 2017  |  Filed in: Security Research
Introduction Dyzap belongs to a family of malware designed to steal confidential information from enormous target applications by installing a “man in the browser” attack into common browsers. FortiGuard Researchers recently discovered a new variant of this Trojan virus. Stolen information may include, but is not limited to, system information and application credentials stored on infected systems. In this blog, we will explain how the malware steals user accounts, acts as a keylogger, and communicates with its C&C server. Stealing... [Read More]
by RSS Bahare Sabouri and He Xu  |  Feb 22, 2017  |  Filed in: Security Research
Healthcare systems spanning the globe are recognizing the potential of digital technologies and looking to leverage them to develop new business models, new revenue streams, and a better customer experience across the industry.   When speaking about “digital” technologies impacting the industry in 2017, we at Fortinet are focused on four principal technologies that are most responsible for change:   Cloud IoT Ubiquitous Broadband Data Analytics   We recently sat down at HIMSS17 in Orlando,... [Read More]
by RSS Susan Biddle  |  Feb 22, 2017  |  Filed in: Industry Trends