Linux Kernel Zero-Day Privilege Escalation Vulnerability – CVE-2016-0728

By John Klimarchuk On January 20, 2016, a new Linux Kernel zero-day vulnerability was disclosed by Perception Point . The vulnerability has the potential to allow attackers to gain root on affected devices by running a malicious Android or Linux application. Our investigation is ongoing; however, at this time we have not identified any Cisco products as exploitable. Should this change, we will publish a Security Advisory on the Cisco Security Portal. Additional Background: The Linux Kernel Zero-Day vulnerability has been present in Linux kernel []

Source:: Cisco Security Notice

Fortinet Announces New $200 Million Share Repurchase Program

Fortinet Announces New $200 Million Share Repurchase Program

Source:: Fortinet

Fortinet Reports Fourth Quarter and Full Year 2015 Financial Results

Fortinet Reports Fourth Quarter and Full Year 2015 Financial Results

Source:: Fortinet

Respecting Privacy, Safeguarding Data and Enabling Trust

By Michelle Dennedy Data Privacy Day is January 28, and this year’s theme examines issues around respecting privacy, protecting data and enabling trust. Today more than ever, any global company is a digitized company, which means that every company is grappling with challenges around privacy, security and trust. As a result, these challenges are no longer an IT-only responsibility and now must be addressed by everyone: vendor, customer, partner, board member and end-user alike. While many security and privacy trends facing global companies []

Source:: Cisco Security Notice

Fortinet Details Updates to Their Cybersecurity Operating System

Fortinet Details Updates to Their Cybersecurity Operating System

Source:: Fortinet

Microsoft Windows 10 FAQ

Microsoft Windows 10 FAQ

Viele Nutzer sind bereits auf Windows 10 umgestiegen. Allen, die diesen Schritt noch vor sich haben, können wir hier den Link zur Seite unsere Technologie-Partners Microsoft ans Herz legen.

Die am häufigsten gestellten Fragen zum Upgrade auf Windows 10 hat Microsoft hier zusammengefasst – natürlich auf deutsch.

Brauchen Sie Unterstützung oder möchten Sie die vielen neuen Funktionen mit aktueller Hardware nutzen, so freuen wir uns auf Ihre Anfrage unter 02261 915500 oder einfach per Mail an vertrieb@oberberg.net

Bypassing MiniUPnP Stack Smashing Protection

By Talos Group This post was authored by Aleksandar Nikolic, Warren Mercer, and Jaeson Schultz. Summary MiniUPnP is commonly used to allow two devices which are behind NAT firewalls to communicate with each other by opening connections in each of the firewalls, commonly known as “hole punching”. Various software implementations of this technique enable various peer-to-peer software applications, such as Tor and cryptocurrency miners and wallets, to operate on the network. In 2015 Talos identified and reported a buffer overflow vulnerability in client []

Source:: Cisco Security Notice

Where is my (intermediate) TLS certificate?

By Tobias Mayer When dealing with TLS connections, it is important to understand how a client (in most cases this is a web browser) will be acting. Let’s quickly check some of the steps that are happening when a TLS connection is made. A web server will send its certificate down to the requesting client during the TLS handshake. But it is not only a single certificate but usually a complete chain of certificates. There is the server certificate , in many cases []

Source:: Cisco Security Notice

Link Arms Against the Attackers: Observations from the 2016 Cisco ASR

By Martin Nystrom Remember 2007, when the underground economy began to flourish, using simple protocols and static subnet ranges to control their infrastructure? That was the same year Cisco published the first Annual Security Report (ASR) . Nine years later, the drumbeat of cyberthreats grow louder, but the actors and threats are familiar, just as John reminded us when this year’s report was released. What’s Changed? Attackers have vastly increased the sophistication of their infrastructure, incorporated evasive techniques such as encryption and obfuscation, and diversified their revenue streams through ransomware . Defenders are sharing cyber threat intelligence and recognizing []

Source:: Cisco Security Notice

McAfee Mail Security – End of Sales

McAfee Mail Security – End of Sales

Intel Security stellt den Verkauf der Gateway-Security Produkte von McAfee ein. Dies zeichnete sich bereits ab, da die Lösung im Januar 2014 (VBSpam) letztmalig extern getestet wurde. Mit unserem Technologie-Partner Fortinet bieten wir einen einfachen Weg, Ihren Mailverkehr auch weiterhin aktuell zu schützen.

FortiMail bietet „Top Rated Protection“ – insbesondere im Zusammenspiel mit der FortiSandbox-Lösung. Dabei gibt es für McAfee Kunden nicht nur einen einfachen Ersatz, sondern handfeste Vorteile:

  • Verbesserte Sicherheit (VBSpam sagt, 99,9% Catch-rate, 0% False Positives)
  • Top Empfehlung der NSS-Labs (Breach Detection)
  • einfachere Preisgestaltung (keine Funktionslizenzen, keine Kosten je einzelner Mailbox)
  • kein User-Limit und Multi-Domain-Support

Oberberg-Online bietet Ihnen die FortiMail Services sowohl als Lösung für Ihre Infrastruktur, als auch als managed Service in unserer Regio-Cloud in Gummersbach an.

Sprechen Sie mit uns über Ihr Migrationskonzept unter 02261 9155050 oder schreiben Sie uns Ihren Terminwunsch an vertrieb@oberberg.net