Company Extends Industry Lead with Most Comprehensive Support for Large, Complex Networks FireMon, the global leader in Network Security Policy Management (NSPM), today confirmed its intention to support Check Point R80 security management. It is the latest addition to the list of supported technologies that also includes Cisco, F5 Networks, Fortinet, Intel Security (McAfee), Juniper, and Palo Alto Networks. FireMon’s Intelligent Security Management is a comprehensive approach to policy and risk analysis, automated change management through our industry-leading Intelligent Policy Automation framework and security analytics and monitoring. FireMon anticipates that customers with Check Point R80 will gain the ability to centrally manage…
ISBuzz Team
News Highlights: Customers with higher security requirements now have a complete solution from one supplier that gives users a single, secure credential for accessing doors, IT systems, networks and data. New HID PIV solution spans the full range of identity proofing and lifecycle management capabilities to establish, create, use, and manage secure credentials with a simplified path to government and regulatory compliance. Flexible offering gives users a streamlined experience while extending strong authentication throughout the enterprise – from the desktop to the door – and supports advanced use cases such as digital signing and secure printing, as well as full…
E-Sports Entertainment Association (ESEA), one of the largest competitive video gaming communities on the planet, was hacked last December. As a result, a database containing 1.5 million player profiles was compromised. IT security experts from Tripwire, ESET and Positive Technologies comment below. . Tyler Reguly, Manager of Software Development at Tripwire: “There is a lot of money in video games and the in-game items associated with them. There are several websites that provide exchange rates for in game currency or items to real world dollars. Assuming credential reuse, gaining access to one set of credentials could allow you to gain access to…
Last week, the Internet caught fire when Evernote changed their Terms of Service privacy policy to explicitly allow them to read user content. After a very vocal and rightfully negative response, Evernote recanted their position and will only read user content if users opt-in to a new service they are creating for the platform. In reality, they’ve always been able to read a user’s content. In fact, just about every service on the Internet can do that. Always could, and always will. Most services’ business models, like Facebook, Twitter and Google, depend on reading user content, so their Terms of…
Following the news that hosting website 123-reg has been hit by yet another distributed denial of service (DDoS) attack, Stephanie Weagle, VP at Corero Network Security commented below. Stephanie Weagle, VP at Corero Network Security: “Hosting providers are at increased risk for DDoS attacks impacting their network environment and their hosted tenants, due to the number of customers they service and the aggregate Internet peering bandwidth they utilize. An attack on a single tenant of the provider can create major collateral damage to other hosted customers. These innocent bystanders are placed in the unfortunate situation of suffering from second-hand damage because they are…
Banks are finding out that stolen passwords are fueling cardless ATM fraud and point to identity proofing as the most difficult challenge in mobile banking. Robert Capps, VP at NuData Security commented below. Robert Capps, VP at NuData Security: “Traditionally, ATM security has long relied on multi-factor authentication, namely, something you have (an ATM card issued by the bank) and something you know (the ATM card PIN). This requirement to possess a physical card kept ATM fraud largely in check. The presence of a physical card meant you either have to steal the legitimate card from the consumer, convince the bank to send a…
BlackHat hacker CyberZiest claims to have used a zero-day flaw to hack into the FBI’s Content Management System (built by Plone). Plone released a statement calling the hack a ‘hoax’. However, CyberZiest has since tweeted a claim that they will release proof to support the breach. IT security expert from Barracuda Networks commented below. Wieland Alge, VP & GM EMEA at Barracuda Networks: “For many large organisations, CMS used to be an internal application that sat behind a well-defended perimeter. Over time, we’ve seen this perimeter weaken to the point where CMS is now a poorly-defended and therefore easily accessible application for hackers to exploit. As with many business applications,…
Following the news about the gigabytes of medical, payroll and other data held in MongoDB databases have been deleted in a cyber attack, with the attacker seeking a ransom to restore the information. IT security experts from Cryptzone and Varonis commented below. Jason Garbis, Vice President of Products at Cryptzone: “Attacks – such as those against MongoDB databases, are exceptionally damaging but frustratingly they’re also preventable. “Exposing any system to the ‘Internet Cesspit’ is fundamentally a bad idea. All systems have weaknesses – whether it’s a vulnerability, poor configuration or inadequate controls. It’s far too easy for an attacker to…
Is this the end of London as a financial centre, or will British financial services providers actually retain free access to the EU? Whatever the case, it is by no means just banks which are affected by the Brexit chaos. Before the UK’s Brexit referendum, only two things were clear: no-one knew what a “Yes” vote would mean for the country’s exit from the EU, and, initially, nothing would change. Both things have come to pass, and now that the Brexit dust has settled, we find ourselves in the middle of Brexit chaos. According to Article 50 of the Treaty on European Union, the…
Ransomware is transforming into Doxware, which is a more strategic attack that targets specific victims. With Doxware, not only do hackers hold the computers hostage, but they also secure private conversations, photos and sensitive files to gain even more leverage that ensures that the victim actually pays the ransom. Travis Smith, Senior Security Research Engineer at Tripwire explains, “What makes Doxware more dangerous than typical ransomware is that it is truly holding the victims data for ransom. Previous ransomware variants were local to the victim’s machine, meaning the attacker never physically had any data to hold hostage. While a user…