Firewall Security Management

Firewall Security Management

20 TOP MOST PROBLEMS IN FIREWALLS WHICH IMPACT BUSINESS More »

Firewall Security Management

Firewall Security Management

Firewall Hardening Checklist More »

Firewall Security Monitoring

Firewall Security Monitoring

Giving You a Proactive Approach to Your Cyber security with Security Monitoring More »

Best TOP Enterprise Network Firewalls

Best TOP Enterprise Network Firewalls

List of Top Firewall Providers Company / Companies in India More »

 

Category Archives: Cyber Security News

10 Top Firewall Providers for 2019

10 Top Firewall Providers for 2019

Key Points to Consider When Purchasing a New Firewall

You’re either secure or you’re not, there is no middle ground when it comes to having proper network security.

This is why when it comes to mobility and wireless, security needs to be at the foundation of your wireless platform.

One of the most critical pieces of your security infrastructure is deploying the right firewall.

We’ve come along way since the days of traditional port-based firewall systems, and there a lot of solutions to choose from. To help you find the right firewall, here are key points to consider before you buy.

Visibility & Control Of Your Applications

Traditional port-based firewalls only provide you with limited control and visibility of the applications and end-users accessing your network.

Obviously, you don’t want everyone accessing applications like YouTube or Facebook, however, what about your marketing team, or teachers that are streaming a video for a specific lesson?

With the right firewall in place, you can apply policies to certain end-users, allowing access to those with jobs pertinent to the applications being used.

What about end-users like guests or if your company is a hospital, what about your patients?

Different end-users can have different polices applied that prohibit them from accessing certain applications.

Furthermore, next-gen firewalls can limit access to certain parts of applications. For instance a user might be able to use Facebook calling and messaging but not be able to post to their timeline or on a friends “wall.”

Protection and Prevention From Threats

Did you know your port-based firewall can’t “see” any of the applications or users gaining access to your network? This is a big issue today with data breaches, if the firewall can’t see the devices or applications being used- how will it protect your network and your end-users?

A next-gen firewall can see and control all of the applications and sensitive information on your wireless network. They can limit traffic and risks to your network by only allowing approved applications to be used.

You can even scan these approved applications to ensure there are no potential threats. As an added bonus, because applications have to be approved by the firewall, it can also reduce bandwidth consumption helping to improve your overall wifi performance.

Legitimate 1 Gigabit Throughput

Port-based firewalls often claim with each port you get 1 gigabit, however once all of the services are turned on like malware, you can cut that throughput by a third.

With next- generation firewalls 1 gigabit is as claimed, you get 1 gigabit of throughput with ALL of the services turned on.

It’s About Your Devices Not IP Addresses

Think of modern firewalls like telephone books. Instead of searching to find a user using an IP address, your next-gen firewall is capable of finding a device by user name.

This way you know exactly how many devices each of your employees are using to access the network, and if they cause a breach you can find the device and wipe it clean.

Remote Users

With the influx in employers allowing remote workers in every industry, employees need to be able to access your internal network and applications from any location.

Whether it’s from home, the library, a coworking space or even a Starbucks, they should be able to connect and complete their work.

The same rules and policies should be enforced by the firewall outside of the hospital, school grounds, warehouse, or university. This keeps traffic coming in and out of your internal server safe and threat free.

Streamlined Security Infrastructure

Buying more security components (appliances) hoping they fix your security needs isn’t always the answer, and often times ends up being costly and ineffective.

Adding more and more components means there’s more to manage and update, which can decrease your efficiency by creating a unnecessarily more complex system.

Next-gen firewalls already have the necessary security infrastructure components built-in, including:

  • Anti-virus protection
  • Spam filtering
  • Deep packet inspection
  • Application filtering

It’s a comprehensive security component that enables you to not have to worry about what other pieces you’ll need to add in order to make your network more secure.

Cost

Last but not least, cost is always a factor when it comes to choosing the right firewall. It’s important that you think about not only how much something costs but how it will fit into your budget.

Often times we fail to see the harm in not purchasing something, and waiting until something goes wrong. Well if something goes wrong, and data is leaked, it can end up costing you a lot more than just money.

Modern firewalls are more affordable than you might think, especially when compared to the cost of a major network security breach, or the decreased efficiency you’ll experience from having poor wifi performance due to an old or insufficient firewall.

We’ve found that with the correct firewall in place, they pay for themselves almost instantly.

At IT Monteur’s Firewall Firm, we deliver affordable, robust, and secure Firewall & wireless platforms – it’s all we do. If you have any questions about choosing the right firewall or would like to discuss an upcoming project, Please contact us on

Sales :+91 958 290 7788 | Support : +91 96540 16484

Register & Request Quote | Submit Support Ticket

Firewall Providers

1. Fortinet

Fortinet

Fortinet

 

 

 

Maybe it’s the company’s independently certified and continuous threat intelligence updates. Perhaps its the ability to protect against malware attacks lurking in encrypted traffic. Whatever the reason, Fortinet remains a popular firewall solution. It stands alone atop Gartner’s list — by a wide margin, thanks to a stellar 4.5-star rating from users.

One reviewer, a network engineer, praised its ease of use and value. The IT pro writes: “Overall, we have been extremely satisfied ….” Another user, in the industrial automation space, highlights one feature in particular. “The dual-wan feature also gives you the ability to have load-balancing or failover for multiple WAN connections.”

A partnership with Symantec to integrate into the latter’s cloud-delivered network security service, Secure Web Gateways, will ensure continued utility and relevance for Fortinet throughout 2019.

2. Palo Alto Networks

Palo Alto Networks

 

 

 

 

Another highly regarded firewall provider found a new dance partner of its own in late 2018. Palo Alto

Networks announced its acquisition of RedLock, which leverages AI to connect seemingly disparate dots that provide a comprehensive picture of potential threats to an organization’s cloud environment. Already a Gartner superstar with a 4.5-star rating equal to Fortinet’s, adding this strength and capability to Palo Alto Networks’ offerings can only help.

A senior network engineer describes Palo Alto Networks’ firewall as consistently updated, stable, and robust, and a CIO credits it with making his team “much more productive and efficient.”

Palo Alto Networks features worth a look are the scanning engine it uses to prevent the transfer of unauthorized files and sensitive data, and its integration with enterprise directory services such as Active Directory, eDirectory, LDAP, and Citrix.

3. Cisco

Cisco

Cisco

 

 

 

One reviewer calls Cisco’s firewall solution “mature, solid, and easy to understand.” It’s great if you can find such characteristics in a person and even better if your firewall solution shares them. There’s a reason for Cisco’s “Customer Choice 2018” achievement from Gartner, after all. A network administrator using Cisco’s firewall claims it has “more functions than I can use” but is easy to maintain and manage.

In addition to manufacturing security solutions, Cisco has been making news lately. The good kind. “Three years ago, it was still like is Cisco serious or not?” one IT leader expressed. “Now you’ve got single sign-on Multi-Factor Authentication, Cloud Access Security Broker, all under Cisco Umbrella …. Those are all good moves. Even in the market, customer perception is tenfold better compared to three years ago.”

Considering Cisco? Then check out the automation capabilities of Cisco’s networking and security operations, as well as its next-generation IPS, advanced malware protection, and sandboxing features.

4. Check Point

 

 

 

Keeping pace with the multi-star user ratings of more prominent players in the firewall space, Check Point receives high marks and high praise. “The feature set of Check Point’s next gen firewalls keeps expanding to include new ways to address security concerns,” one reviewer shares, noting their “very positive experience” with the solution. Another reviewer cuts straight to the point when he calls it “the best firewall in the market.”

Check Point touts the industry’s broadest application coverage: more than 8,000 applications and 260,000 social network widgets. This allows companies to administer rules to features that people use daily, such as instant messaging, social networking, video streaming, and games.

One of Check Point’s stated goals is “superior protection across the entire security gateway.” Capabilities such as that help it reach such goals. Its recent moves to bolster integration with the Amazon Web Services Security Hub will also help.

5. SonicWall

 

 

 

Though smaller in market size to other firewall providers on this list, SonicWall still lays claim to protecting more than 1 million networks worldwide. It’s earned that business, in part because of features that defend against zero-day vulnerabilities, prevent the unauthorized takeover of virtual systems, and stop unauthorized access to protected data assets.

And doing all of that doesn’t require a team of IT pros beyond the initial installation. One reviewer writes, “Setup has a lot of features, so I suggest you get some help with someone that is familiar with SonicWall.” Another calls it “an extremely easy to use firewall” and adds, “The settings are easy to configure even though initial setup may be challenging for your specific environment.”

One thing to consider if you’re looking at SonicWall: while it is making inroads to virtual environments, it seems to be doing so at a pace that sets it behind others in the field.

 

10 Top Firewall Vendors

Reviews

Overall Rating

Fortinet

Fortinet

Fortinet

Cisco

Cisco

Cisco

Palo Alto Networks

Palo Alto Networks

Palo Alto Networks

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies

Sophos

Sophos

Sophos

SonicWall

SonicWall

SonicWall

4.4
Juniper Networks

Juniper Networks

Juniper Networks

WatchGuard

WatchGuard

WatchGuard

4.3
Barracuda

Barracuda

Barracuda

4.6
Forcepoint

Forcepoint

Forcepoint

4.6

 

For Any type of Firewall Security and Support, Please call us on

Sales :+91 958 290 7788
Support : 0120 2631048

Register & Request Quote
Submit Support Ticket

11 TOP Firewall Features for your Business

A firewall should be part of your overall cyber security mitigation strategy. You’re not a big bank or Apple, so your business is safe from hackers. Right? Unfortunately not. Many hackers actually target smaller to medium organizations because they know SMEs are less likely to invest in cyber security.

So how can you protect your business and client information from falling into the wrong hands? A firewall can help form part of your overall strategy.

What is a firewall?

A firewall is a network security system that controls incoming and outgoing traffic on a computer or business network. This control is based on a set of policies or rules. These policies or rules are configured on the firewall or via the firewall management console.

A firewall basically helps protect the devices, applications and data that sit behind it on the internal network. This can be at your office or between offices or even services you have sitting at your hosting provider or cloud provider.

Installing a firewall on your network or in front of your cloud services means you are helping protect your users and data on the network from nasty attacks and vulnerabilities from the internet.

11 TOP Firewall Features for your Business

1. Bandwidth control and monitoring

Bandwidth control or sometimes it can be referred to as traffic shaping is one of the best. We don’t always have unlimited amounts of bandwidth so it’s vital to take control of the bandwidth available. With a firewall you can control bandwidth available for sites, applications and users.

You may want to give your graphics department more overall bandwidth. Or you might want to stop cloud based file synchronization services from hammering your bandwidth. Things line OneDrive, DropBox and Google Drive can cause serious issues.

With bandwidth control on your firewall you can allocate a set amount of dedicated bandwidth for your VoIP phone system. You can even allow other cloud based services like Skype for Business or Hangouts to have priority. This will help stop the dreaded jitter that makes any phone or video call painful.

You can control when backups for example happen between sites so that those backups aren’t causing problems during business hours. You can allow backups to have a large chunk of the connection out of hours.

You could enforce backup traffic to travel over cheaper links. And more important traffic can be set to go over your higher quality links when quality really matters.

2. Web filtering

Most firewalls allow you to block access to websites. This can be done on a case by case basis or your firewall can include a subscription that helps you choose categories you don’t want people to have access to. Such as illegal activities, downloading illegal content, gambling and many many more.

The firewall vendor will continuously update their lists for you as those types of websites will always be updating their IP addresses and domain names. Vendors like Cisco and Fortigate take the hassle out of this for you with their automatic updated lists.

3. Logging

Having access to logs on a firewall gives you up to the minute information about what is happening on your network. Good firewalls give graphs in real time and they also show you what vulnerabilities or attack are happening in real time.

4. Internet aggregation and SD WAN

Link aggregation and SD WAN is a great feature for businesses who need multiple links to the internet. Or where you are using multiple links and you would like to connect to other sites such as branch offices or cloud services.

The ability to use multiple links allows you to have redundancy or even use multiple cheap links with different providers to meet your bandwidth requirements.

 

5. Sandboxing

Sandboxing takes a file or executable as your are downloading and opens it in a completely isolated and separate environment. This environment replicates the end user environment away from your production environment without putting your users at risk. A sandbox then opens it, runs it scans it and looks for malware or activity that is suspicious.

If the files or link looks ok it will pass it on to the end user. Sandboxing is one of those things that the end users have no idea is there but it is another layer protecting them from a cyber attack.

 

6. Integrated wireless controller

Using a firewall with an integrated wireless controller is a fantastic way to save money and bring all of your policies and control into one place or platform.

You can easily setup different SSIDs, policies and take full control over your environment. Depending on the model of firewall you choose will depend on how many wireless access points you can use. Low entry level models will allow 2-10 access points and larger high end models will allow hundreds.

You can even setup all of your sites using the same policies so your users can roam between sites without any need to connect or enter in passwords at each site.

 

7. Deep Packet Inspection

Deep packet inspection is a great feature we just can’t live without anymore. This technology allows the firewall to really take a close look at the packet that is being passed though.

It can look for hidden viruses, and malicious activity that is hidden within the packet. The firewall can then decide what to do with the packet. It can block the sender or drop the packet.

The really great thing is if the firewall determines it’s a new source threat it will sent a note back to the vendor that will then be reviewed and update other firewalls around the world helping other networks keep safe.

 

8. Virtual Private Networks

Virtual private networks (VPN) are great for users connecting back to a site or the office. VPNs can also be used to connect two sites together.

You want to make sure that device if it’s another network/firewall or if it’s an end user computer that it is secure and safe. With a VPN you can allow users to access applications and data securely from remote locations. And best of all you aren’t opening up public facing ports or applications.

 

9. Malware and virus filtering

Next generation firewalls are always filtering for malware new and old. Viruses, compromised websites, files containing viruses, bot nets trying to hack you, man in the middle attacks you name it! They can even scan encrypted traffic such as SSL and TLS connections to make sure they are safe and trusted.

 

10. Intrusion prevention system

Intrusion prevention systems (IPS) is the latest advancements from intrusion detection systems (IDS).

Intrusion prevention goes one better by monitoring the network traffic using policies. It looks for suspicious activity. If it detects suspicious activity on a network it will block the traffic and then provide a report.

 

11. Identity management integration and single sign on

One of the greatest features is that firewalls allow you to integrate with single sign on platforms either directly or via a radius server. If you have an environment where cyber security is paramount and you are controlling your users by department or function or even site then integrating their access into group management and single sign on cuts down the administrative overhead.

A firewall can never guarantee the safety of your data, it does provide a greater chance of keeping it safe. If you can’t afford to lose your data, or suffer a breach of confidential data, then a firewall will help form part of your overall cyber security mitigation strategy.

St John Ambulance hit with ransomware attack

  • The ransomware attack impacted everyone who had opened an account, booked or attended a St John Ambulance training course until February 2019.
  • The data includes names of those who booked and attended the course, course details, contact information, costs, invoicing details, and driving license data.

What is the issue?

St John Ambulance, the nation’s leading first aid charity suffered a ransomware attack compromising the data belonging to individuals who undertook a training course.

The big picture

St John Ambulance became aware of the ransomware infection on July 2, 2019. Upon which, the first aid charity temporarily blocked access to the infected system. The charity organization confirmed that the attack did not impact its operational systems.

  • St John Ambulance notified the Information Commissioner’s Office (ICO), the Charity Commission, and the police authorities about the incident.
  • It has hired third-party cyber experts to enhance its security mechanism in order to protect its data systems.
  • The organization confirmed that the issue was resolved immediately within half an hour.

“We work as hard as we can to protect our data systems from these types of attacks and employ a range of third party partners and cyber-crime solutions to continually update our protection,” St John Ambulance said.

What was the impact?

  • The incident has impacted everyone who opened an account, booked or attended a St John Ambulance training course until February 2019.
  • The data includes names of those who booked and attended the course, course details, contact information, costs, invoicing details, and driving license data.
  • However, no credit card details or customer passwords were compromised.

“The only data that has been affected relates to our training course delivery. It does not cover supplies, events, ambulance operations, volunteering, volunteer, data, employee data, clinical data or patient data,” St John Ambulance said.

Recent DanaBot campaigns observed with new ransomware module

  • DanaBot campaigns targeted at European countries also drop a ransomware executable onto target systems.
  • The trojan also comes with new plugins, configuration files, and other updates.

Banking trojan DanaBot, which is known to target organizations across Europe, North America, and Australia, has been found being distributed with a ransomware module. Security researchers from CheckPoint came across this new variant in few of the recent DanaBot campaigns. According to the researchers, DanaBot also had new plugins, configuration files, string encryptions, file name generation algorithms as well as had a different communication protocol.

Worth noting

  • In a report by CheckPoint, researchers indicate that the new DanaBot is also spread through phishing emails that contain a malicious link. This link acts as a dropper for DanaBot.
  • On top of having a new communication protocol, the researchers found that the recent campaigns used additional plugins and configuration files for DanaBot.
  • Coming to the ransomware module, it was identified to be a variant of “NonRansomware”, which is known for enumerating files on local drives and encrypting them except for the Windows directory.
  • After execution, the ransomware runs a Batch script. This script performs a host of actions which includes disabling Windows Defender, removing system logs amongst others. Furthermore, it schedules a task that executes the ransomware every 14 minutes until a certain period and then proceeds with encryption.

Evolving malware

CheckPoint researchers hint that the threat actors behind DanaBot continue to keep updating the trojan. “For almost a year, DanaBot has been extending its capabilities and evolving into a more sophisticated threat. We assume its operators will continue to add more improvements,” they said.

“A lot of ransomware still remain a relatively stable source of income for cybercriminals. Therefore such simple ‘copy-paste’ encryptors as the one that was described here will continue to emerge constantly,” the researchers wrote, regarding the prevalence of ransomware attacks.

Hackers Abused MSPs and Their Remote Management Tools to Deploy Ransomware on Customers’ Networks

  • The remote management tools which were targeted include Webroot SecureAnywhere and Kaseya VSA.
  • The tools have been abused to execute a Powershell script that downloads and installs the Sodinokibi ransomware.

Attackers have hacked three Managed Service Providers (MSPs) and abused their remote management tools to deploy Sodinokibi ransomware on their customers’ systems.

The incident came to light after some of the impacted MSPs reported in a subreddit on Reddit dedicated to MSPs.

The big picture

Kyle Hanslovan, co-founder and CEO of Huntress Lab, analyzed the incidents and revealed the following,

  • Attackers compromised the MSPs via exposed RDP endpoints.
  • Upon compromise, attackers gained escalated privileges and uninstalled antivirus products such as ESET and Webroot.
  • The attackers then searched for remote management tools used by MSPs to manage remotely-located workstations of their customers.
  • They then abused the remote management tools to execute a Powershell script on customers’ systems.
  • The malicious script downloaded and installed the Sodinokibi ransomware on customer endpoints.
  • The abused remote management tools include Webroot SecureAnywhere and Kaseya VSA.

“Two companies mentioned only the hosts running Webroot were infected. Considering Webroot’s management console allows administrators to remotely download and execute files to endpoints, this seems like a plausible attack vector,” Hanslovan said.

Webroot makes 2FA mandatory

After the incident, Webroot mandated enabling two-factor authentication (2FA) for accounts in order to prevent hackers from using any other potentially hijacked accounts to deploy ransomware.

“Recently, Webroot’s Advanced Malware Removal team discovered that a small number of customers were impacted by a threat actor exploiting a combination of customers’ weak cyber hygiene practices around authentication and RDP,” Chad Bacher, SVP of Products at WEBROOT told ZDNet via email.

“To ensure the best protection for the entire Webroot customer community, we decided it is time to make two-factor authentication mandatory. We did this by conducting a console logout and software update the morning of June 20,” Bacher added.

New Bird Miner Mac cryptominer leverages Ableton Live 10 cracked installer for propagation

  • The Ableton Live 10 cracked installer can be downloaded from a pirate website called VST Crack.
  • Ableton Live is a high-end music production software and is used as an instrument for live performance by DJs.

A new Mac cryptocurrency miner detected as Bird Miner has been found leveraging craked installer for Ableton Live 10 software for propagation. Ableton Live is a high-end music production software and is used as an instrument for live performance by DJs. The software is also used for composing, recording, mixing and mastering music.

How does it propagate?

According to Malwarebytes, the Ableton Live 10 cracked installer can be downloaded from a pirate website called VST Crack. The software is more than 2.6 GB. Once installed, the software downloads Bird Miner’s post-install script among other things. The cracked installer also copies some installed files to new locations with random names.

The files that get dropped on the infected system with random names have a variety of functions. This includes launching three different shell scripts.

Malicious scripts

One of the scripts launched is called Crax and its installed in the /usr/local/bin/ directory. Crax ensures that the malware gains persistence on the victim’s system without being detected by security solutions.

“The first thing it does is check to see if Activity Monitor is running and, if it is, unload the other processes. If Activity Monitor isn’t running, the malware then goes through a series of CPU usage checks. If the results show that it’s pegging the CPU at more than 85 percent, it again unloads everything,” explained the researchers.

After Crax completes its check process, it loads two more processes named ‘com.Flagellariaceae.plist’ and ‘com.Dail.plist’. While the first one runs a script named Pecora, the second runs a script called Krugerite.

These two scripts once again check for Activity Monitor and later launches an executable named Nigel which is an old version of open-source software called Qemu. The Nigel enables attackers to execute the miner code by hiding it inside Qemu images.

Worth noting

Malwarebytes highlights that the malware was first spotted in a pirated Ableton Live 10 installer. Since then, it has been found to be distributed via other software through the same site. The site has been distributing the malware in one form or the other for at least four months.

Lightbox adware redirects mobile users to random sites

  • The redirected sites include pages related to viral apps or just random tech articles.
  • If the visitor chooses to install any of these apps, they are taken to the respective official store’s webpage.

An external script has been found redirecting visitors to several random sites. This script is frequently used by various webmasters to provide easy Lightbox functionalities on their websites.

Dissecting the malicious script

According to the researchers from Sucuri, the issue came to light after visitors were redirected to random sites while accessing a site via mobile. During the investigation, it was discovered that the installed script made a call to another script and redirected mobile users to a link (below).

hxxp://click[.]thebestoffer[.]gq/?utm_medium=6a9d4be48f9dd74ece2547f9a7d3ed068107809c&utm_campaign=js_1&1=&2=

What next?

Once users fall prey to the URL redirection attack, then they would be bombarded with various random pages related to viral apps or just random tech articles. If the visitor chooses to install any of these apps, they are taken to the respective official store’s webpage.

After a while, the script changes into a different campaign and redirects the visitors to another shady looking page https[:]//you.1gowest[.]top/?utm_medium=87e4ad4e587d6a3c668e4dda57a31ea60a0235b2&utm_campaign=1gowest.

So far, there has been no evidence of extremely malicious happening through the script.

Threat actors often implement this type of technique to generate revenue on the downloaded tool, app or script. Therefore, it is very necessary for webmasters to be cautious while adding external assets to their websites.

SACK Panic and three other vulnerabilities discovered in Linux and FreeBSD kernels

 

  • All these vulnerabilities are related to the minimum segment size (MSS) and TCP selective acknowledgment (SACK) capabilities.
  • ‘SACK Panic’ is the most severe vulnerability of all the flaws.

Four TCP networking vulnerabilities in FreeBSD and Linux kernels have been discovered by security researchers recently. All these vulnerabilities are related to the minimum segment size (MSS) and TCP selective acknowledgment (SACK) capabilities.

SACK PANIC, the serious one

In a report, Netflix Information Security’s Jonathan Looney has revealed that ‘SACK Panic’ is the most severe vulnerability of all the flaws. Tracked as CVE-2019-11477, the vulnerability has been marked with a CVSS score of 7.5. It could permit an attacker to remotely induce a kernel panic within recent Linux operating systems.

A kernel panic is a kind of vulnerability where an operating system cannot be recovered easily. This could force a restart of a targeted host, causing a temporary shutdown in services.

The SACK Panic flaw impacts Linux kernel version 2.6.29 and later. It can be addressed by deploying PATCH_net_1_4.patch. Additionally, the versions of the Linux kernel up to 4.14 require a second patch PATCH_net_1a.patch.

The other way to mitigate the issue is by completely disabling SACK processing on the system.

What are the other flaws?

As per Red Hat, the two other issues that impact the kernel’s TCP processing subsystem are CVE-2019-11478 (dubbed SACK Slowness) and CVE-2019-11479. These flaws are considered to be moderate severity vulnerabilities.

The CVE-2019-11478 can be exploited by sending a crafted sequence of SACKs which will fragment the TCP retransmission queue, while CVE-2019-11479 allows attackers to trigger a DoS attack.

CVE-2019-5599 is the FreeBSD counterpart of CVE-2019-11478. The flaw impacts FreeBSD 12 installations using the RACK TCP Stack. It can be abused by delivering “a crafted sequence of SACKs which will fragment the RACK send map.”

Linux and FreeBSD admins and users can address CVE-2019-11478 by applying PATCH_net_2_4.patch. The second issue, CVE-2019-11479, can be addressed by using PATCH_net_3_4.patch and PATCH_net_4_4.patch security patches. CVE-2019-5599 can be patched only by applying ‘ ‘split_limit.patch’ and set the net.inet.tcp.rack.split_limit sysctl’’ to a reasonable value to limit the size of the SACK table.

Mermaids transgender charity data breach exposed confidential emails

Mermaids UK has apologized for an “inadvertent” data breach which exposed private messages between the charity and the parents of gender variant and transgender children.

As first reported by the Sunday Times last week, over 1,000 pages of confidential emails were leaked online, including “intimate details of the vulnerable youngsters it [the charity] seeks to help.”

The letters, sent between 2016 and 2017, also contained the names, addresses, and telephone numbers of those reaching out to the charity.

When data breaches occur, it is often the case that cyberattackers infiltrate internal networks and steal information — and this data may be published online or sold in underground forums.

However, in Mermaids UK’s case, the material had simply been uploaded to the web and could be accessed just by typing in “Mermaids” and the UK charity number assigned to the group.

After being warned of the leak on Friday, the charity removed the content from public view.

CNET: Black Hat cancels Rep. Will Hurd’s headline speech after Twitter backlash

In a statement, Mermaids UK called the data breach “inadvertent” and insists there is no evidence of the sensitive material being abused.

Mermaids said the leak involved roughly 1,100 emails between executives and trustees, rather than the correspondence of private users, according to the BBC. A spokesperson said the records were not related to “Mermaids service users emailing each other, and their emails and private correspondence being available to an outside audience.”

The charity added that the emails stemmed from a “private user group” and “the information could not be found unless the person searching for the information was already aware that the information could be found.” (Considering the publication was able to find the information through a simple online search, however, this position may not be wholly accurate.)

The UK’s Information Commissioner’s Office (ICO) has been informed, a step now demanded in light of the General Data Protection Regulation (GDPR) legislation, introduced in 2018.

TechRepublic: Magecart attack: What it is, how it works, and how to prevent it

Under the terms of GDPR, organizations now must be prompt when it comes to reporting data breaches and should they be found wanting in terms of data protection and security, heavy fines can be issued. Each security incident is considered on a case-by-case basis.

Mermaids has also contacted the families affected, alongside stakeholders and the Charity Commission.

See also: Have I Been Pwned: It’s time to grow up and smell the acquisition potential

“Mermaids apologizes for the breach,” the charity added. “Even though we have acted promptly and thoroughly, we are sorry.  At the time of 2016 — 2017, Mermaids was a smaller but growing organization. Mermaids now has the internal processes and access to technical support which should mean such breaches cannot now occur.”

Reported losses from NBN scams increase by nearly 300% in 2019: ACCC

Australian consumers reported over AU$110,000 in monthly losses from NBN scams in the January-May 2019 period, according to the Australian Competition and Consumer Commission (ACCC).

Compared to the average monthly losses of AU$38,500 in 2018, this is a near 300% increase.

“People aged over 65 are particularly vulnerable, making the most reports and losing more than AU$330,000 this year. That’s more than 60% of the current losses,” ACCC Acting Chair Delia Rickard said.

Despite being only halfway through the year, the amount of reported losses for NBN scams in 2019 has already exceeded the total of last year’s losses, which was around AU$462,000.

“Scammers are increasingly using trusted brands like ‘NBN’ to trick unsuspecting consumers into parting with their money or personal information,” Rickard added.

See also: ACCC questions fairness of NBN basic pricing

The most common types of NBN scams, the ACCC said, include scammers pretending to be the NBN attempting to sell NBN services or test the speed of their connection and asking them to provide personal details such as their name, address, date of birth, and Medicare number or payment; scammers pretending to be NBN Co or an internet provider and claiming there is a connection problem that requires remote access to fix, allowing them to install malware or steal valuable personal information; and scammers calling during a blackout offering consumers the ability to stay connected during a blackout for an extra fee.

“We will never make unsolicited calls or door knock to sell broadband services to the public. People need to contact their preferred phone and internet service provider to make the switch,” NBN Co chief security officer Darren Kane said.

“We will never request remote access to a resident’s computer and we will never make unsolicited requests for payment or financial information.”

This follows the ACCC in April releasing its annual Targeting scams report, which unveiled that the total combined losses from scams in 2018 exceeded AU$489 million  — AU$149 million more than the year prior, up 41.7% year on year.

Of that total reported amount, AU$107 million was reported to Scamwatch, the ACCC’s scam reporting website.

“These record losses are likely just the tip of the iceberg. We know that not everyone who suffers a loss to a scammer reports it to a government agency,” Rickard said at the time.

RELATED COVERAGE

Cryptocurrency scams took over AU$6m from Australians in 2018: ACCC

While hacking scams accounted for over AU$3 million in reported losses.

ACCC starts breaking out Vodafone NBN customer connections

Vodafone Australia is sitting around the level of Aussie Broadband and MyRepublic in the latest ACCC Wholesale Market Indicators Report.

TPG is still king of NBN speed report

TPG still delivers on its download speed promises the most often, while Exetel won on upload speeds, Telstra on latency, and Optus on the highest number of daily outages, according to the fifth ACCC report.

ACMA warns TPG, Foxtel, Aussie Broadband on priority assistance

TPG, Aussie Broadband, MyRepublic, Foxtel, Activ8me, Exetel, Dodo, Skymesh, Southern Phone, Spintel, and V4 Telecom have been formally warned to provide accurate information on priority assistance services.

NBN pulls in AU$2b revenue so far for FY19

For the first nine months of FY19, NBN has reported AU$2 billion in revenue and negative AU$808 million in EBITDA.

Network technologies are changing faster than we can manage them (TechRepublic)

Kentik’s Cisco Live survey shows networks are changing faster than they have in decades, and companies are stumbling trying to keep up with the changes.

Firewall Company | Firewall Company India | Firewall Provider India | Firewall Company