Articles about Security Appliance

Carbon Black snaps up cloud-dwelling threat-sniffing 'next-gen AV'

Endpoint security firm Carbon Black has bought "next-generation antivirus" firm Confer. Financial terms of the deal, announced today, were undisclosed. Carbon Black plans to re-badge Confer’s security software as “Cb Defense” and offer it alongside its existing roster of application control, incident response, and threat …
John Leyden, 19 Jul 2016

Cisco patches security appliance bugs

It's Borg Bug Day, and this week Cisco's issued patches of interest to users of its Adaptive Security Appliances (ASAs). The two newly-announced bugs are CVE-2016-1379, a VPN block memory exhaustion vulnerability; and CVE-2016-1385, a problem with the ASA XML parser. The memory exhaustion vulnerability affects ASA software …
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Suck on this: White hats replace Locky malware payload with dummy

Pranksters have infiltrated the control system behind the infamous Locky ransomware and replaced the malware’s main payload with a dummy file. Locky normally spreads using malicious and disguised JavaScript inside email attachments supposedly containing an invoice or similar. Malicious messages are sent to prospective marks in …
John Leyden, 05 May 2016
Cat from Cisco TV ad

Cisco: Whoops, hackers can commandeer your TelePresence boxes with a devilish HTTP poke

Cisco has released three security patches to address flaws in its TelePresence, FirePower and Adaptive Security Appliance lines. The May bundle includes one patch classified by Cisco as "critical" and two more labeled "high" risks. In total, the updates remedy three CVE-listed security vulnerabilities: For TelePresence …
Shaun Nichols, 04 May 2016
Venomous snake

Cisco patches DoS holes

Cisco has patched five denial of service (DoS) flaws, including one critical and four high severity holes. The most dangerous flaw affects the HTTP URL redirect feature of Cisco's LAN Controller Software, allowing unauthenticated remote attackers to trigger buffer overflows and DoS or arbitrary code execution. Any attacker …
Darren Pauli, 22 Apr 2016

Cisco security kit wide-open to IKE bug

Patch it now and don't wait: Cisco has announced that a bunch of its Adaptive Security Appliance (ASA) products are vulnerable to a remote code execution bug. The problem is in how the ASA products reassemble fragmented Internet Key Exchange (IKE) payloads. Cisco's implementation of the fragmentation protocol has a bounds- …
band_aid_patching_648

Cisco patches borked web box proxy hole

Cisco has patched a vulnerability in its Web Security Appliance that allows unauthenticated remote attackers to bypass security controls. The bug (CVE-2016-1296) allows attackers to use proxies when such traffic should be restricted. Affected users of versions 8.5.3-055, 9.1.0-000, and 9.5.0-235 should apply the released fix …
Team Register, 20 Jan 2016

Sophos, Fortinet settle patent lawsuit, allegations of staff poaching

Sophos has settled a patent infringement lawsuit with US competitor Fortinet, in a case that also involved allegations of staff poaching. The recently listed UK company, a cloud and network security solutions outfit, paid an undisclosed sum to Fortinet to settle the dispute, as a brief statement (below) explains. Sophos …
John Leyden, 09 Dec 2015
Internet of Things book cover

F-Secure makes SENSE of smart home IoT insecurities

F-Secure is looking to go that extra mile in consumer security with the launch of an anti-hacker appliance for the Internet of Things. The device, dubbed SENSE, works as a secure gateway, policing traffic to devices that might be insecure and generating alerts. For example, it will warn consumers if their router is running …
John Leyden, 11 Nov 2015
band_aid_648

Packet floods can bork Borg's security kit

Cisco has announced a patch for a high-severity bug in the AsyncOS that runs a bunch of its security appliances. The operating system underneath its Email Security Appliance (ESA), Content Security Management Appliance (SMA) and Web Security Appliance (WSA) can be hosed by sending them crafted TCP packets at a high enough rate …
cisco asa 5505

Patch Cisco ASA ASAP: DNS, DHCPv6, UDP packets will crash them

Cisco has issued a firmware update to address four security flaws in its Adaptive Security Appliance (ASA) that open up the gear to denial-of-service attacks. By exploiting these bugs, six models in the ASA family can be forced to repeatedly reset, rendering the hardware useless. Vulnerable products include the Cisco ASA …
Shaun Nichols, 23 Oct 2015
band_aid_648

Cisco applies plaster to email, Web security appliances

Cisco email and Web security appliance customers have some patching to do to paper over newly revealed denial-of-service and other cracks. The Borg has issued two advisories for Web security appliances, one covering a DoS bug and the other addressing a problem with DNS resolution. In the DNS issue, a remote attacker can hose …

Cisco: Nice things you got there. Shame if anything should happen to them

If you doubted that the Internet of Things is a security problem, doubt no more, since Cisco kicked off its Cisco Live! US with John Chambers talking up the Borg's IoT security capabilities. There are announcements a-plenty, so The Register's networking desk is quite happy for Cisco's PR team to do its own talking. Instead, in …
Bye bye Olympia

Infosec turns 20 to face battle with BSides, RSAC Unplugged

Infosec 2015 Infosec, the annual IT security trade show, wheeled out the rock stars of the Infosec world for its 20th anniversary this week. Bruce Schneier and John McAfee – the Paul McCartney and Keith Moon of the cybersecurity world – both keynoted as the show return to its original home in Olympia, London following an extended sojourn at …
John Leyden, 04 Jun 2015

Cisco pitches security for SMEs

Small and/or medium businesses and branch offices rejoice: Cisco has joined the ranks of vendors deciding you warrant security you can afford. As incidents like the Target “hack” demonstrated, a small contractor can easily provide a path into an enterprise network, so one of the key chunks of The Borg's latest announcement is to …

Cisco splats Bash bug in busy swatting season

Cisco has begun its response to the Bash “Shell Shocked” vulnerability, the 20-year-old bug that's sent the *nix world into a frenzy. It's going to be a long slog for the Borg, but in its advisory, Cisco has so far identified 31 individual products vulnerable to Shell Shocked, compared to seven confirmed not vulnerable. Another …

Cisco sprinkles Sourcefire goodies on ASA firewalls

Cisco has taken the next step in wrapping the technology it acquired along with Sourcefire, by putting its Adaptive Security Appliance (ASA) next-gen firewalls and the FirePOWER technology into the blender and giving it a good spin. The idea is to run up a combination of firewall, application control, intrusion prevention and …
iPad Psycho image

NUDE SELFIE CLOUD PERV menace: Apple 2FA? Sweet FA, more like

Apple’s two-factor authentication doesn't actually protect iCloud backups or photo streams, contrary to what many iPhone and iPad fondlers might wish to believe. Scores of (mostly female) celebrities, including Oscar winner Jennifer Lawrence, had their iCloud hacked before miscreants siphoned off private nude snaps which …
John Leyden, 03 Sep 2014
Parliament in the clouds

Devs SLAM UK.gov's JavaScript-astic, 'shoddy' security education website

A high profile UK government cyber security campaign aimed at changing attitudes to online security has come under criticism for the poor quality of its expensive website. Cyber Streetwise was launched with great fanfare, and much positive comment from the IT security biz, last month. It was part of a campaign led by the Home …
John Leyden, 14 Feb 2014

Ex-Google, Mozilla bods to outwit EVIL BOTS with 'polymorphic' defence

Startup Shape Security is re-appropriating a favourite tactic of malware writers in developing a technology to protect websites against automated hacking attacks. Trojan authors commonly obfuscate their code to frustrate reverse engineers at security firms. The former staffers from Google, VMWare and Mozilla (among others) have …
John Leyden, 21 Jan 2014
Cloud security

Use strong passwords and install antivirus, mmkay? UK.gov pushes awareness campaign

The UK government has launched a new campaign aimed at changing attitudes to online security among consumers and small businesses, dubbed Cyber Streetwise. Cyber Streetwise is urging people to take five actions in order to protect themselves and others from cyber crime: Use strong, memorable passwords Install anti-virus …
John Leyden, 14 Jan 2014
Astute Class Submarine

Palo Alto Networks snaps up NSA-trained security company

Government-trained security company Morta Security has been snapped up by Palo Alto Networks for an undisclosed sum. The acquisition was announced on Monday and arms Palo Alto Networks with a company whose staff hail from the National Security Agency, US Army, US Air Force, and others. "The Morta team brings additional valuable …
Jack Clark, 07 Jan 2014

Hackers steal 'FULL credit card details' of 376,000 people from Irish loyalty programme firm

A hack attack against an Irish loyalty programme firm, Loyaltybuild, has led to the theft of the full credit card details of at least 376,000 consumers, says the country's data protection watchdog. According to the results of a preliminary investigation by the Office of the Data Protection Commissioner (ODPC), credit card and – …
John Leyden, 14 Nov 2013
Github octodex

GitHub wipes hand across bloodied face, stumbles from brutal DDoS beating

Popular source-code warehouse GitHub was back online today after weathering a huge denial-of-service attack throughout the week. The status page of the San Francisco-based outfit charts the progress of the assault and the attempts to end it. Problems with the web service first cropped up on Tuesday, 1 October, before the team …
John Leyden, 04 Oct 2013

HyTrust pockets more dough, ready to expand virty platform coverage

A month ago, HyTrust, a maker of policy management and access control software for VMware virtual infrastructure, pocketed $12m in its third round of venture funding, with VMware and CIA sugar daddy In-Q-Tel both stuffing the company's pockets. But others wanted to get in on the action, so HyTrust decide to take the money and …
The Register breaking news

Symantec slams Web Gateway back door on would-be corporate spies

Symantec has plugged a series of critical flaws in its Web Gateway appliances which included a backdoor permitting remote code execution on targeted systems. The flaws, discovered during a short crash test by security researchers at Austrian firm SEC Consult, created a means to execute code with root privileges - or the ability …
John Leyden, 29 Jul 2013

HyTrust trousers $13m from VMware and CIA sugar daddy In-Q-Tel

Business is booming at HyTrust, a maker of policy management and access control software for VMware virtual infrastructure, and whistleblower system admin Edward Snowden, who revealed the National Security Agency's web-spying PRISM project, is doing his inadvertent part to pump it up even further. "The Snowden breach at the …
The Register breaking news

Cisco issues IronPort patch

Cisco has issued a patch for vulnerabilities that exposed its IronPort AsyncOS software for the Cisco e-mail security appliance to cover denial-of-service and command injection problems. The vulnerability, described here, exposed several IronPort components. Its Web framework would allow and authenticated remote user to execute …
The Register breaking news

AWS cloud gains critical federal security certification

The more people you have to go through to get approval for an IT project, the less likely it is to happen, so when Amazon announces another security certification it's not just about compliance, it's about releasing pent-up cloud demand. With the company's announcement on Tuesday that both its US West and East data center hubs, …
Jack Clark, 21 May 2013

Nutanix getting traction with server-storage hybrids

The road to the present is littered with the rusty hulks of server companies that had great engineering and a new twist on an old systems idea, and yet were crushed by incumbents. But judging by its numbers for the past year and a half, upstart Nutanix – which is peddling a virtualized server cluster with a virtualized SAN …
The Register breaking news

Got a Sophos Web Protection box? Make sure it's up to date

Sophos has plugged security holes in its Web Protection Appliance that could place its customers' internet connections in the hands of eavesdroppers. The equipment is supposed to filter out suspicious or harmful web traffic for businesses. But the flaws allowed any unauthenticated user to access sensitive configuration files in …
John Leyden, 04 Apr 2013

BIGGEST DDoS in history FAILS to slash interweb arteries

Analysis The massive 300Gbit-a-second DDoS attack against anti-spam non-profit Spamhaus this week didn't actually break the internet's backbone, contrary to many early reports. The largest distributed denial-of-service (DDoS) assault in history began on 18 March, and initially hit the Spamhaus website and CloudFlare, the networking biz …
John Leyden, 28 Mar 2013

Fortinet nabs wily Coyote and its slice of security appliance cake

Network security firm Fortinet has agreed to to acquire application delivery, load balancing and acceleration firm Coyote Point Systems. Financial terms of the deal, structured as a merged and announced on Friday, were not disclosed. Fortinet is best known for its Unified Threat Management all-in-one security appliances, which …
John Leyden, 26 Mar 2013
The Register breaking news

South Korea data-wipe malware spread by patching system

South Korea's data wiping malware that knocked out PCs at TV stations and banks earlier this week may have been introduced through compromised corporate patching systems. Several South Korean financial institutions - Shinhan Bank, Nonghyup Bank and Jeju Bank - and TV broadcaster networks were impacted by a destructive virus ( …
John Leyden, 25 Mar 2013
Barracuda Networks Copy

Forget Dropbox, here's Drobo-box: Small-biz array meets Barracuda cloud

Security appliance maker Barracuda Networks has agreed to marry its online file-sharing service to storage biz Drobo's box of hard drives called 5N. People can upload and download files to and from Barracuda's Copy cloud, and share their data between desktop computers, iPhones, iPads, iPods, Android devices and Microsoft's …
Chris Mellor, 20 Feb 2013
The big bad Nexus 6004 40GE fixed port switch

Cisco revs up Nexus switches to 40GE with fresh ASICs

Cisco has vowed to push 40GE Ethernet switches into the mainstream while also improving its 10GE/40GE Nexus boxes. The transition to 10GE networking is well under way, and the convergence of server and storage traffic onto switches continues apace, albeit at a slower rate than Cisco Systems had hoped. Despite this, the …

Juniper carbon copies sales and profits in Q4

If you squint real hard and tilt your head a little bit, you can see the difference between this year's fourth quarter at Juniper Networks and the quarter it turned in a year ago as 2011 came to a close. In the quarter ended in December, Juniper's product sales were down a barely perceptible two-hundredths of a point to $847. …

Citrix lowers sword, will take more time on 'Project Avalon' virty PC broker

Citrix Systems is hosting its Synergy partner and user conference in Barcelona this week, and has done a core dump on them with a barrage of announcements intended to demonstrate that Citrix, too, is down with the modern, post-PC, cloudy world. More than anything else, the announcements are trumpeting that the firm has made a …

Citrix XenServer 6.1 fires live VMs from cannon across servers

Citrix Systems is still in the server virtualization hypervisor racket, although it doesn't make as much noise about it as it used to. The company has released XenServer 6.1 with a bunch of new features that make it competitive with VMware ESXi and Microsoft Hyper-V, which is good for existing Xen customers but probably will not …
juniper

Juniper disappointed by skittish service providers

Switch and router maker Juniper Networks, like rival Cisco Systems, has been adversely impacted by the skittish economy and has now been rattled by VMware's $1.26bn acquisition of network virtualizer Nicira. The conversation will quickly shift from what Juniper is doing to get an edge on Cisco to what it is going to do to blunt …
channel_teaser_exit

Exit the Dragon: Barracuda Network CEO stands down

Barracuda Networks co-founder and CEO Dean Drako is to quit, the content security appliance vendor has confirmed. During the past nine years Drako was a constant, also serving as president and chairman but from the middle of next week he will hand control to three fellow board members on an interim basis. Fellow founder and CMO …
Paul Kunert, 13 Jul 2012

OpenFlow takes networks in a different direction

As network topologies and data access patterns have evolved, load profiles can change so quickly that a completely new approach to networking is required. That approach is OpenFlow. According to Renato Recio, IBM Fellow and system networking CTO, life before the advent of x86 virtualisation was simple: client computers did most …
Trevor Pott, 09 Jul 2012
The Register breaking news

Dell splashes cash on SonicWall's powerful firewall erections

Updated John Swainson, president of Dell Software, took control of the giant's nascent software business last week and has moved fast, using the Dell checkbook to snap up SonicWall – a firewall and threat-management software and appliance maker – for an undisclosed sum. SonicWall, which was founded in 1991 by brothers Sreekanth and …
DVD it in many colours

Gadget 'bouncers' hired to patrol biz clouds

Security appliance firms are using the big industry push towards cloud services, and the trend of allowing staff to bring their own devices into work, to sell technology that attempts to fix the resulting security mess. ForeScout Technologies launched a scheme to sell its CounterACT Network Access Control (NAC) technology as a …
John Leyden, 03 Nov 2011

Cisco girds Nexus switches for data center battle

Networking giant Cisco Systems has been under attack for the past several years, and the company gearing up its high-end, converged Nexus switches to defend its data-center turf from encroachment by HP, Dell, Arista Networks, Juniper Networks, Brocade Communications, and others. Picking up the offensive pace and doing better …
The Register breaking news

Defence firm Ultra goes cyber with AEP buy

UK-based defence conglomerate Ultra Electronics has acquired security appliance firm AEP Networks in a deal valued at up to $75m. Ultra Electronics agreed to pay $57.5m plus a further $17.5m, depending on sales figures, for the remote appliance firm. AEP Networks specialises in SSL VPN appliances that allow workers to securely …
John Leyden, 29 Sep 2011
channel

Cisco's virtual switching comes to Hyper-V 3.0 next year

It looks like Microsoft's Hyper-V server virtualization hypervisor is maturing enough at the jump to Windows 8 Server next year that Cisco Systems needs to make it a full peer to VMware's ESXi hypervisor, which has been the preferred virtualization layer on the "California" Unified Computing System servers from Cisco for the …
The Register breaking news

Double-barrel net infrastructure hack threatens ecommerce

Analysis Security watchers warn that hackers might be able to develop potent attacks that would be extremely hard to foil by combining DNS hacks of the kind that affected The Register and other high-profile websites over the weekend with DigiNotar-style forged digital certificates. An attack on Domain Name System (DNS) service provider …
John Leyden, 08 Sep 2011
The Register breaking news

Nearly everyone in SOUTH KOREA HACKED IN ONE GO

Personal information on as many as 35 million users of a South Korean social network site may have been exposed as the result of what has been described as the country's biggest ever hack attack. Local authorities were quick to blame hack attacks against the Cyworld social networking website and the Nate web portal – both of …
John Leyden, 28 Jul 2011
channel

Sophos buys security appliance firm Astaro

UK-based net security firm Sophos is getting into the hardware game with the purchase of all-in-one security appliance firm Astaro. Terms of the deal to acquire privately held Astaro, announced Friday, were not disclosed. Astaro, with $56m in billings during 2010, is the fourth largest dedicated unified threat management (UTM) …
John Leyden, 06 May 2011