Signature Update #2543
  • Published in

Signature Update #2543 247 new signatures:HIGHHTTP: Typo3 CMS SanitizeLocalUrl Cross-Site ScriptingMEDIUMHTTP: Static HTTP Server ini File Parsing Buffer Overflow1HIGHHTTP: Novell ZENworks Mobile Management Cross-Site ScriptingMEDIUMHTTP: Integard Home and Pro Password Remote Version Check1MEDIUMHTTP: VLC HTTPD Connection Header Format String1HIGHHTTP: Ignite Realtime Openfire group-summary.jsp Cross-Site ScriptingMEDIUMHTTP: ntop Basic Authorization Denial of Service1MEDIUMHTTP: PHPWiki CVE-2014-5519 Ploticus Arbitratu Code Execution1MEDIUMHTTP: Sun Java System Web Server JSP Source Code Disclosure1MEDIUMHTTP: ESTsoft ALZip MIM File Processing Buffer Overflow1MEDIUMHTTP: Maxthon History Cross Site Scripting1MEDIUMHTTP: Digium Asterisk Management Interface HTTP Digest Authentication Stack Buffer Overflow1MEDIUMHTTP: Adobe Flash Player Privilege Escalation1MEDIUMHTTP:Multiple Product XML External Entity Injection1MEDIUMHTTP: Wordpress W3 Total Cache Plugin Remote Code Execution1MEDIUMHTTP: Microsoft ASP.NET Post Request Parameters Handling Denial of Service1MEDIUMHTTP: Suspicious WIPER/SHAMOON Infected File Download1MEDIUMHTTP: XnView mbm File Parsing Buffer Overflow1MEDIUMHTTP: Microsoft Telnet Protocol Handler Insecure Loading1MEDIUMHTTP: Inout Article Base Ultimate Cross Site Request Forgery1MEDIUMHTTP: Sysax Multi Server Function Buffer Overflow1MEDIUMHTTP: Alt-N WebAdmin USER Buffer Overflow1MEDIUMHTTP: Ruby Gem Multiple Wrappers Command Injection1MEDIUMHTTP: Adobe RoboHelp Server SQL Injection Vulnerability1MEDIUMHTTP: Multiple Web Browsers Window Injection1MEDIUMHTTP: Microsoft .NET Framework Heap Corruption1MEDIUMHTTP: Localhost Host Header in Trans-Internet Request1MEDIUMHTTP: Microsoft Windows Folder GUID Code Execution1MEDIUMHTTP: Apple CUPS SGI Image Format Decoding imagetops Filter Buffer Overflow1MEDIUMHTTP: Ruby on Rails XML Parameter Parsing Remote Code Execution1MEDIUMHTTP: Easy LAN Folder Share .reg FIle Parsing Buffer Overflow1MEDIUMHTTP: Ruby on Rails JSON YAML Parsing Remote Code Execution1MEDIUMHTTP: Oracle Exploit Kit Angler Java1MEDIUMHTTP: Microsoft .NET Framework XAML Browser Applications Stack Corruption1MEDIUMHTTP: XAMPP Request Forgery Attempt1MEDIUMHTTP: HP LaserJet Pro Printers Remote Information Disclosure1MEDIUMHTTP: GD Graphics Library PNG Buffer Overflow1MEDIUMHTTP: Wordpress FGallery Plugin Malicious File Hosting1MEDIUMHTTP: UltraVNC VNCLog Buffer Overflow1MEDIUMHTTP: WireLurker Serial Number Upload Detected1MEDIUMHTTP: ManageEngine Multiple Products FailOverHelperServlet copyfile Information Disclosure1MEDIUMHTTP: Attachmate Reflection FTP Client ActiveX CE1MEDIUMHTTP: ContentKeeper Web Appliance benetool Remote Command Execution1HIGHDNS: ISC BIND openpgpkey Denial of ServiceMEDIUMHTTP: Apple QuickTime JPEG Atom Buffer Overflow 2MEDIUMHTTP: Apple QuickTime JPEG Atom Buffer Overflow 3HIGHHTTP: Microsoft Publisher PLC Objects Remote Code Execution 1HIGHHTTP: Microsoft Publisher PLC Objects Remote Code Execution 2HIGHHTTP: Microsoft Publisher PLC Objects Remote Code Execution 3MEDIUMHTTP: Invalid ANI Block Size Parameter in Stream (2)2MEDIUMHTTP: Invalid ANI Block Size Parameter in Stream (2)3HIGHHTTP: Adobe Flash Player null Reference Memory Corruption1HIGHHTTP: Microsoft PowerPoint 0xFB1 Parsing Buffer Overflow1HIGHHTTP: Adobe Flash Player null Reference Memory Corruption2HIGHHTTP: Adobe Flash Player null Reference Memory Corruption3HIGHHTTP: Microsoft PowerPoint 0xFB1 Parsing Buffer Overflow2HIGHHTTP: Microsoft PowerPoint 0xFB1 Parsing Buffer Overflow3MEDIUMHTTP: Google Chrome HTTP Response Handling Memory Corruption 2MEDIUMHTTP: Google Chrome HTTP Response Handling Memory Corruption 3HIGHHTTP: Microsoft Office OneNote 2010 Buffer Size Validation2HIGHHTTP: Avira Management Console Server HTTP Header Processing Heap Buffer OverflowHIGHDNS: ISC BIND DNSSEC Key Parsing Buffer Denial of ServiceHIGHHTTP: DHTML Object Handling Race Condition1HIGHHTTP: KingView KChartXY.ocx Unsafe ActiveX Control1MEDIUMHTTP: Microsoft IE MHTMLFile NULL De

Read More
Networking: Intelligence Augmentation vs. Artificial Intelligence
  • Published in

I recently read the book Machines of Loving Grace: The Quest for Common Ground Between Humans and Robots by John Markoff, a technology and science reporter at the New York Times. This is a good book that goes over the history of the development of automation in the 1950s and 1960s, and takes you to the current day where new robotic developments from Apple (Siri) and Google (driverless cars) put us in the another age of rapid change.

Read More
It’s a Team Effort: Developing a Culture of Cybersecurity in the Workplace
  • Published in

It’s a Team Effort: Developing a Culture of Cybersecurity in the Workplace Cyber threats today are evolving, becoming more sophisticated and making it critical for organizations to educate, implement and encourage employees to follow cyber best practices. In a recent RAND Corporation report, sponsored by Juniper Networks, it was projected that the cost to businesses in managing cybersecurity risk is set to increase 38 percent over the next 10 years. Copyright © 1996-2013 Juniper Networks, Inc.     All rights reserved                                                                                      Update preferences                    

Read More
Junos 14.1 FIPS 140-2 Certification is Most Comprehensive Certification Yet
  • Published in

Junos 14.1 FIPS 140-2 Certification is Most Comprehensive Certification Yet I am pleased to report that the National Institute of Standards and Technology (NIST) has issued a Federal Information Processing Standard (FIPS) 140-2 Certification of the following Juniper Networks devices with Junos 14.1R4 software.   EX9204, EX9208, EX9216 M7i, M10i, M120, M320 MX240, MX480, MX960, MX2010, MX2020 PTX3000, PTX5000 T640, T1600, T4000   The FIPS certification is #2451.   This is a first time FIPS certification for the EX9200 and the PTX devices and a recertification for the M, MX, and T-series devices.  This is Juniper Network’s 56th FIPS certification and this is the most comprehensive single FIPS certification completed to date.   FIPS Certification continues to be challenging as NIST requirements evolve including the deprecation of cryptographic algorithms that were once approved and increased focus on important cryptography elements like maintaining sufficient entropy and using strong deterministic random bit generators (DRBG).   Copyright © 1996-2013 Juniper Networks, Inc.     All rights reserved                                                                                      Update preferences                    

Read More
U.S. Critical Infrastructure Continue to Make Risky IT Bets

When the term “critical infrastructure” is mentioned in conversation, thoughts immediately turn to things like electrical power plants, oil and gas pipelines, food, water, etc. You know, the foundational services of modern life that we all take for granted. These are the same industries that former Defense Secretary Leon Panetta was referring to when he warned of the possibility of a “cyber-Pearl Harbor” back in 2012.  Panetta stated:

Read More
IBM Gets Clever(safe) to Broaden Cloud Offerings

Yesterday IBM announced its intent to acquire Cleversafe, a Chicago-based object storage vendor. This is a great move for IBM and certainly fills some gaps in the portfolio for the cloud business. Thats because object storage is likely the next big storage technology wave that will house the massive amounts of unstructured data we are generating today, and the even more massive amounts we will be generating in the future.

Read More
Amazon AWS and Rackspace - A Cloud Hole-in-one?

Francis Ouimet had Eddy Lowery, Tiger Woods had Steve Williams, Jordan Spieth has Michael Greller, and now AWS users have…Rackspace?  Behind every golf phenom is a silent partner. That even keel caddy that brings the right blend of wit, wisdom and instinctual insight and advice to help propel his or her wunderkind to the top of the leader board. Like these unsung heroes of the fairway, Rackspace too is now bringing caddy-like concierge services to bear to help businesses leverage AWS for grand slam success in the cloud.

Read More
Signature Update #2542

Signature Update #2542 A detector has been released, see complete details http://www.juniper.net/techpubs/software/management/idp/de/index.html 2 updated signatures. Copyright © 1996-2013 Juniper Networks, Inc.     All rights reserved                                                                                      Update preferences                    

Read More
Juniper Networks Announces Date of Its Third Quarter 2015 Preliminary Financial Results Conference Call and Webcast

Dateline City: SUNNYVALE, Calif. SUNNYVALE, Calif.--(BUSINESS WIRE)--Juniper Networks (NYSE: JNPR), the industry leader in network innovation, today confirmed it will release preliminary financial results for the quarter ended Sept. 30, 2015, on Oct. 22, 2015 after the close of the market. The Company’s senior management will host a conference call that day at 2:00 pm PDT. Language: English Contact: Juniper NetworksMedia Relations:Cindy Ta, 408-936-6131cta@juniper.netInvestor Relations:Ryan Miyasato, 408-936-7497rmiyasato@juniper.net Ticker Slug: Ticker: JNPR Exchange: NYSE read more                    

Read More
A Striated Strategy at Strata

Just home from the latest Strata+Hadoop World in NYC, with over 6,700 participants and at least 150 vendors, and I wanted to share some reflections on the event and the big data market as a whole.

Read More
On the Lookout for These Three at AWS re:Invent 2015

Wait! AWS re:Invent is next week? Thankfully Amazon did not opt for the December date being bandied about and chose a date early in the quarter to avoid travelling around the holidays. And how this event has grown. When I first attended in 2013, attendance had doubled from 2012 to 6,000 and then did more than a 2X jump last year with 13,000 cloudies in attendance. But what do attendance numbers have to do with security? It’s a proxy of cloud adoption and the types of customers getting their agile on and, as such, is an indicator that enterprises transitioning at least some of their workloads to AWS require hybrid security solutions.

Read More
Ericsson – growth in a changing ICT world

I attended Ericsson’s North American industry analyst day and was pleased to see their progress in transitioning themselves into the new world of mobile networks where apps ultimately drive the change. Theyre also getting ready for 5G networks. As most readers are aware, mobile networks are making a steady march toward ever faster speeds even in the current 4G generation. There are 800 million subscribers on LTE in 2015, experiencing 80% subscriptions growth. And video is generating half of all mobile traffic. The question is how this change affects businesses that utilize this platform as well as vendors like Ericsson, which already manages 1 billion subscribers, supports 2.5 billion subscribers, and has 118,000 employees. Change at this scale is actually a daunting thing to manage. Ericsson has traditionally been perceived as a telecom equipment vendor, but they have made a significant transition to become a ICT (information and communication technology) provider where approximately two-thirds of their revenue comes from services and software. They compete more with ICT vendors than traditional telecom vendors. It’s actually ranked 5th on the list of the top global software companies.

Read More

Videos

Interview with Emely Patra, Regional VP and Head of EMEA Customer Success Strategy and Architecture, at MuleSoft. Women working in the IT industry share their experiences – covering the opportunities they have had, the challenges they have had to overcome during their careers to date, and offering plenty of constructive thoughts and observations as to what improvements still need to be made when it comes to improving diversity within the workplace.
Shyam Iyer, Chair, SNIA SDXI (Smart Data Accelerator Interface) Technical Work Group, Member, SNIA Technical Council, discusses the work of the Smart Data Accelerator Interface (SDXI) Working Group as it develops an open data mover interface specification - explaining the desired characteristics of the standard, as well as the roadmap which should see version 1.0 released before the end of 2022.
Dr. Stephan Thiel, Global Analytics Business Management Senior Director – GAMMA, Boston Consulting Group, discusses the importance of Responsible AI in today’s digital business world.
Interview with Helena Nimmo, CIO at Endava. Women working in the IT industry share their experiences – covering the opportunities they have had, the challenges they have had to overcome during their careers to date, and offering plenty of constructive thoughts and observations as to what improvements still need to be made when it comes to improving diversity within the workplace.

News

Ciena® has entered into a definitive agreement to acquire Tibit Communications, Inc., a privately-held company headquartered in Petaluma, California, and that it has acquired Benu Networks, Inc., a privately-held company headquartered in Burlington, Massachusetts. Tibit and Benu are focused on simplifying broadband access networks through next-generation PON technologies and advanced subscriber management, respectively.
Panzura has launched a new comprehensive data management solution for customers that work in sensitive data environments, such as public sector, healthcare, and financial services. Because the service makes both the snapshots and the data immutable, ransomware attacks can’t damage files in the Panzura global file system. Instead, attacks are shrugged off by quickly reverting to seconds-old data blocks to reassemble uninfected files. Through a new strategic agreement, this new solution, as well as all of Panzura’s other workloads, will run on Amazon Web Services (AWS).
Signings cover significant expansion in Philippines, Saudi Arabia, Poland, Czech Republic, Gulf States, Emirates, Middle East, North Africa, Cyprus and Turkey.
ABB power solutions support one of Shanghai’s largest data centres, used by Tencent and China Telecom.