At the end of this past June, Fortinet ran the NSE Experts Academy which featured for the first time a Capture The Flag (CTF) session. We welcomed close to 60 participants, and feedback was extremely positive. We congratulate the top 2 winners, with very close scores, teams YouMayNotWannaCry and ACSN. Our CTF had two specifications: While it included challenges on Fortinet products it was not limited to them - this was not a sales session but a technical one! For instance, while we had challenges on FortiSandbox, FortiCam, and FortiGate,... [Read More]
by RSS Axelle Apvrille  |  Jul 30, 2017  |  Filed in: Security Research
The US political season is over and a new President has been elected. This election has arguably been one of the most colorful (some might say entertaining) and controversial presidential election cycles in the country’s history. For cyber crooks, this has been just the right environment to target victims with their attacks and trolls. In this post we take a look at some of the more notable US campaign-themed malware and scams. While some may induce false fears and a few laughs, others represent serious threats.  “Donald... [Read More]
by RSS Joie Salvio and Rommel Joven  |  Nov 15, 2016  |  Filed in: Security Research
Countries where open elections occur have often developed arcane rules and processes for casting, collecting, and tabulating votes, in part because counting and managing votes is so time-consuming. But also because different groups, especially those with power, have strongly vested interests not only in the outcome, but also in the process itself. In the US, for example, Americans voting in the current Presidential election don’t actually vote for Presidential candidates, but for slates of “electors” pledged to support those... [Read More]
by RSS Anthony Giandomenico  |  Oct 31, 2016  |  Filed in: Industry Trends
The news is inescapable. Hackers and their nefarious counterparts have been thrust into popular culture, not just in the form of fictional characters like Mr. Robot (see our thoughts on season 1), but in the form of very real individuals and organizations that are responsible for everything from the sophisticated take down of nuclear enrichment facilities to the humiliation of major media organizations. It all sounds terrifying, I know. Which is why I asked some of our very own researchers and analysts to help us separate fact from fiction. In this... [Read More]
by RSS Michael Chalmandrier-Perna  |  Oct 04, 2016  |  Filed in: Industry Trends
Fortinet has developed a talented group of security experts and veterans that work together to design, execute, and administer every conceivable type of networking and security infrastructure. These infrastructures serve the largest enterprises, university campuses, and industry conferences, to small and mid-sized businesses, inter-connected retail locations, and even storm-battered cargo ships. Designing and building any network infrastructure poses unique challenges, and requires extreme diligence in the planning, implementation, and administration.... [Read More]
by RSS Aamir Lakhani  |  Oct 03, 2016  |  Filed in: Industry Trends
I'm back from Hacktivity 2015, a big hacking and industrial event in Budapest (Hungary), where I was presenting an update of my research on the Fitbit Flex tracker (slides). It seems several people in the audience were wearing a sports wristband ;) Fitness Trackers at my talk at Hacktivity For your information, I will be presenting on the same topic at Hack.lu next week, but let's say 70% of the presentation will be *different* as I am not focusing on the same aspects. Tamas Szakaly - Shall we play a game? Tamas gave an interesting... [Read More]
by RSS Axelle Apvrille  |  Oct 14, 2015  |  Filed in: Security Research
[Editor's Note: If you haven't yet watched the season finale of Mr. Robot, there are some spoilers here. It's not a recap and it won't ruin the whole episode, but you might want to watch it first before you keep reading.] Within the first four minutes of last night's Mr. Robot finale (postponed from last week because of sensitivity to the on-air shooting in Virginia), we saw a character who's life had been destroyed by the Ashley Madison data dump and heard how astoundingly difficult it is to prosecute computer... [Read More]
by RSS Chris Dawson  |  Sep 03, 2015  |  Filed in: Industry Trends
Much to the chagrin of actual hackers, the term “hacking” has been co-opted in countless ways that bear little resemblance to actually breaking into computer systems. An intrepid homeowner might be a DIY hacker. Makers rarely object to the hacker moniker. Savvy homeschooling parents are hacking their children’s education and Silicon Valley entrepreneurs are hacking their brains with supplements and stimulants. So it should come as no surprise that mainstream media throw around the term “hack” pretty loosely. The... [Read More]
by RSS Chris Dawson  |  Jun 30, 2015  |  Filed in: Industry Trends
La Nuit du Hack is a major French hacking event I attended last Saturday in Paris. The organization is amazing and there is a ton to do there (provided you've had enough sleep in the last few days): bug bounties, wargame, hack4kids and talks of course. I will not be commenting my own talk (on Android malware statistics) as that would sound like a 'blog selfie'. If you have missed it though, you can watch it here (live stream - starts around 2:05) or grab the slides. Rather, I'll shortly explain wargame in connection with my slides.... [Read More]
by RSS Axelle Apvrille  |  Jun 25, 2015  |  Filed in: Security Research
It was my first time at Hack in Paris, with a single track of talks, but definetely good ones. I'll be highlighting below what struck me the most. You don't hear me but your phones voice interface does (José Lopes Esteves, Chaouki Kasmi) It is possible to inject signal to voice control systems on a phone. That signal, although it won't sound like a voice to human beings - will be interpreted by the voice control system and can be used to remotely command the phone. The authors showed a video where the injected signal... [Read More]
by RSS Axelle Apvrille  |  Jun 24, 2015  |  Filed in: Security Research