Tag Archives: software

My latest Gartner research: Market Opportunity Map: Security and Risk Management Software, Worldwide

20 April 2017  |  The security software market is transforming through four vectors: analytics, adoption of SaaS and managed services, expanded ecosystems, and regulations. Technology business unit leaders must realign their product and go-to-market strategies to address these key forces….

Gartner clients can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner research: Market Insight: Security Market Transformation Disrupted by the Emergence of Smart, Pervasive and Efficient Security

1 February 2017  |  …fits into/addresses these situations. Analysis by Perry Carpenter and Lawrence Pingree Technologies such as cloud, software-defined networking (SDN), network…or managed services. Analysis by Ruggero Contu, Perry Carpenter and Lawrence Pingree By 2020, integrated security models, such as…

Gartner clients can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner Research: SWOT: Check Point Software Technologies, Network Security, Worldwide

Check Point remains a leading security vendor, with a strong and broad portfolio that has improved with the pace of innovation. However, its product leaders need better marketing and refined renewal pricing strategies to sustain its growth and leadership in the firewall market….

Gartner subscribers can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Israeli generals said among 1, 600 global targets of Iran cyber-attack

www.timesofisrael.com/israeli-generals-said-among-1600-global-targets-of-iran-cyber-attack/ BY TIMES OF ISRAEL STAFF January 28, 2016 Iran launched a cyber-attack targeting Israeli army generals, human rights activists in the Persian Gulf and scientists, an Israeli cyber-security firm said Thursday. Gil Shwed, CEO of Check Point Software Technologies, said the attack began two months ago and was directed at some 1,600 people worldwide. They received email messages aimed at sending spyware into their computers, Shwed told Israel Radio. More than a quarter of the recipients opened the emails and thus unknowingly downloaded spyware, allowing the hackers to steal information from their hard drives. Over the last two years, Israel has been targeted by a number of cyber-attacks. Officials say hackers affiliated with Hezbollah and the Iranian government were behind some of the infiltration attempts. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] NASA, Dept of Defense, Commerce etc probed over use of backdoored Juniper kit

www.theregister.co.uk/2016/01/26/juniper_us_government/ By Chris Williams The Register 26 Jan 2016 A bunch of US government departments and agencies – from the military to NASA – are being grilled over their use of backdoored Juniper firewalls. The House of Representatives’ Committee on Oversight and Government Reform fired off letters to top officials over the weekend, demanding to know if any of the dodgy NetScreen devices were used in federal systems. Juniper’s ScreenOS software – the firmware that powers in its firewalls – was tampered with by mystery hackers a few years ago to introduce two vulnerabilities: one was an administrator-level backdoor accessible via Telnet or SSH using a hardcoded password, and the other allowed eavesdroppers to decrypt intercepted VPN traffic. The flaws, which were smuggled into the source code of the firmware, were discovered on December 17 by Juniper, and patches were issued three days later to correct the faults. The backdoor (CVE-2015-7755) affects ScreenOS versions 6.3.0r17 through 6.3.0r20, and the weak VPN encryption (CVE-2015-7756) affects ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Techies busted for cyber crime

timesofindia.indiatimes.com/city/kolkata/Techies-busted-for-cyber-crime/articleshow/50635343.cms By Dwaipayan Ghosh TNN Jan 19, 2016 Kolkata: The Bidhannagar Police’s cyber cell arrested an employee of Wipro after the tech MNC lodged a complaint against unknown persons stealing sensitive data. This is the second arrest based on a specific complaint by the firm. The accused has been identified as Manish Ghosh, who was picked up from his residence on Sunday . Police said Ghosh is an expert in software coding. He kept a huge amount of data in compressed form in his mobile phone and laptop. During interrogation of Azaruddin Ahmed, who was the first person to be arrested in this case, police came to know that a few former and present employees of the company were also involved in the crime, which led to Ghosh’s arrest. Cops said the accused worked for Wipro BPO and was assigned to a British company -Talk Talk -to complete their backend services. Every weekend, the accused used data they got from Wipro to call up customers of Talk Talk. They would tell the customer how their internet speed was being “compromised” due to a virus. Once the customer gave their consent to know why there was a problem, the accused used two softwares -Team Viewer and Amiclient -to take control of their desktops. They would impress the need to send them an engineer for services and then charge them $70 for the visit. If the client asked them to add the bill to the existing monthly bills, they said it was not possible as engineers needed to be outsourced. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Hacking Team’s Leak Helped Researchers Hunt Down a Zero-Day

www.wired.com/2016/01/hacking-team-leak-helps-kaspersky-researchers-find-zero-day-exploit/ By Kim Zetter Security Wired.com 01/13/16 ZERO-DAY EXPLOITS ARE a hacker’s best friend. They attack vulnerabilities in software that are unknown to the software maker and are therefore unpatched. Criminal hackers and intelligence agencies use zero day exploits to open a stealth door into your system, and because antivirus companies also don’t know about them, the exploits can remain undetected for years before they’re discovered. Until now, they’ve usually been uncovered only by chance. But researchers at Kaspersky Lab have, for the first time, discovered a valuable zero-day exploit after intentionally going on the hunt for it. And they did so by using only the faintest of clues to find it. The malware they found is a remote-code execution exploit that attacks a vulnerability in Microsoft’s widely used Silverlight software—a browser plug-in Netflix and other providers use to deliver streaming content to users. It’s also used in SCADA and other industrial control systems that are installed in critical infrastructure and industrial facilities. The vulnerability, which Microsoft called “critical” in a patch released to customers on Tuesday, would allow an attacker to infect your system after getting you to visit a malicious website where the exploit resides—usually through a phishing email that tricks you into clicking on a malicious link. The attack works with all of the top browsers except Chrome—but only because Google removed support for the Silverlight plug-in in its Chrome browser in 2014. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] [CFP] Speak About Your Cyberwar at PHDays VI

Forwarded fFrom: Alexander Lashkov Positive Hack Days VI, the international forum on practical information security, opens Call for Papers. Our international program committee consisting of very competent and experienced experts will consider every application, whether from a novice or a recognized expert in information security, and select the best proposals. Now, more than ever before, cybersecurity specialists are being asked to stop sitting on the fence and choose a side — competitive intelligence vs DLP systems; security system developers vs targeted cyberattacks; cryptographers vs reverse engineers; hackers vs security operations centers. A new concept of PHDays VI is designed to show what the current vibe is in information security. We want researchers to speak about the real dangerous threats and possible consequences. We also expect developers and integrators to give real answers to these threats rather than to talk about empowering security technologies. Come and share your experience at PHDays VI in Moscow, May 17 and 18, 2016. Your topic can revolve around any modern infosec field: new targeted attacks against SCADA, new threats to medical equipment, vulnerabilities of online government services, unusual techniques to protect mobile apps, antisocial engineering in social networks, or what psychological constitution SOC experts have. In addition, this year, we are planning to discuss IS software design, development tools, and SSDL principles. Our key criteria is that your research should be unique and offer a fresh perspective on hacking, modern information technologies, and the role they play in our lives. If you have something interesting or surprising to share, but none of the formats are suitable for your participation, please apply anyway and be sure we will consider your work. The first stage of CFP ends on January 31, 2016. Apply now — the number of final reports is limited. In 2015, the forum brought together 3,500 participants. In 2016, it is expected to see 4,000 attendees: information security leaders, CIO and CISO of the world’s largest companies, top managers of giant banks, industrial and oil and gas producing enterprises, telecoms, and IT vendors, representatives from different government departments. Positive Hack Days featured a variety of distinguished participants including Bruce Schneier (the legendary cryptography expert), Whitfield Diffie (one of the inventors of asymmetric cryptography), Mohd Noor Amin (IMPACT, UN), Natalya Kasperskaya (CEO of InfoWatch), Travis Goodspeed (a reverse engineer and wireless enthusiast from the U.S.), Tao Wan (the founder of China Eagle Union), Nick Galbreath (Vice-President of IPONWEB), Mushtaq Ahmed (Emirates Airline), Marc Heuse (the developer of Hydra, Amap, and THC-IPV6), Karsten Nohl (a specialist in GSM engineering), Donato Ferrante and Luigi Auriemma (famous SCADA experts from Italy), and Alexander Peslyak (the creator of the password cracking tool John the Ripper). Find any details about the format, participation rules, and CFP instructions on the PHDays website: www.phdays.com/call_for_papers/


Facebooktwittergoogle_plusredditpinterestlinkedinmail