ESET launches a new line of endpoint security solutions

ESET launches a new line of endpoint security solutions

ESET Southern Africa CEO, Carey van Vlaanderen.

Cybersecurity research and endpoint security company, ESET announced the launch of its new line of endpoint security solutions designed to provide tools for prevention and management of cyber risks on a global scale.

ESET is raising its game with the introduction of ESET Dynamic Threat Defense, an off-premise cloud sandboxing solution providing almost instant analysis of zero-day and ransomware threats before they reach the network.

As recently reported by Forrester[1], buyers want an “endpoint security suite that consolidates capabilities and minimises complexity when possible.” ESET’s new line of cybersecurity solutions meets this demand and offers something extra.

The new line of security solutions also welcomes the brand-new ESET Security Management Center, a revamp of the renowned online console ESET Remote Administrator. This online console provides not only complete network visibility and full security management via one single pane of glass, but also fully customisable reporting and single-click threat remediation, adding important complexity-minimising elements to the whole suite.

“We understand global businesses increasingly requires cybersecurity solutions that are more tailored to their specific needs” explained Carey van Vlaanderen, CEO at ESET Southern Africa. “Get your hands on our latest offering and you’ll see how easily manageable a security solution can be.”

The ESET Endpoint Protection solutions offers business increased protection with the new Ransomware Shield and additional protection layer that evaluates all executed applications based on their behaviour and reputation in order to block ransomware. With increased visibility of the alerts being sent to ESET LiveGrid– a platform made up of 110 million sensors worldwide and verified by ESET research & development centres. This allows customers to have the highest level of confidence when viewing data and reports within their consoles.

Edited by Fundisiwe Maseko
Follow Fundisiwe Maseko on Twitter
Follow IT News Africa on Twitter

Powered by WPeMatico

Navigating the complexity of Oracle Cloud migrations

Navigating the complexity of Oracle Cloud migrations

Arthur Mostert, T-Systems’ Database Cloud Architect

One of today’s biggest boardroom frustrations goes something like this: ‘we have all this data about our customers and our business, but we can’t seem to get it into a usable structure… we just can’t seem to draw out valuable insights’

Many IT professionals are suggesting that Cloud-based platforms could well be the answer to this problem as they allow you to create new data analysis applications and add new processing resources, as and when you need them.

Cloud-based systems promise to crunch through vast volumes of data, testing out the useful information, finding correlations between data sets, and producing reliable business insights.

So, with many local enterprises already using Oracle systems to manage their data, the idea of migrating to the Oracle Cloud has become very attractive in recent years.

In most enterprises today, Oracle applications are critical to meet your business requirements, but traditional IT environments can hamper your efforts – with high capex costs for infrastructure and software licensing, coupled with long lead times to implement.

By shifting Oracle applications into a Managed Cloud environment, you gain richer insights from your data, finish projects on time and on budget, and support faster innovation.

However, with Oracle’s licensing and support structures being one of the most complex and expensive areas of one’s IT estate, there are a number of important considerations, as you plan your Oracle Cloud migration journey.

Getting a grip

The journey starts with an in-depth analysis of your current Oracle landscape. In our case, this is termed an ‘Oracle Estate Evaluation’: a process where we identify your current and future business requirements, analysing the existing Oracle licensing structures, and recommend a Cloud-based Oracle solution tailored to your needs.

As with many other major enterprise software vendors, the Cloud revolution has allowed software to be packaged into smaller ‘modules’, so that organisations can select only the modules and applications that serve their business’ needs.

Processes such as the Oracle Estate Evaluation give you a centralised view, helping CIOs to design the right migration path, choose the right modules, and ensure optimal licensing arrangements.

It’s this objective, ‘outsider’ perspective that makes the process so valuable. Over the years, firms tend to organically build up a very complex Oracle licensing arrangement. An external, trusted Managed Services Provider helps you to untangle this and to start afresh with new vigour.

Managed Services providers are there to guide organisations in the initial phases of aligning technology to business needs, and then deal with the intricacies of maintaining, migrating and upgrading your Oracle assets.

The fundamentals: spend, risk, business needs

As your needs are defined – across the realms of Platform-as-a-Service, Infrastructure-as-a-Service and Software-as-a-Service – your Managed Services Provider must then consider the hosting option that works best for your business.

Depending on the scale of your investment and the nature of your business (such as needing to have data residing in-country for legal reasons), you’ll need to choose between Public Cloud, Hosted Cloud or Onsite Private hosting options. In most large organisations, the best option is a blend of all three of these.

In essence, there are three core considerations that should drive every decision about Oracle Cloud: spend, risk and business needs. When tailored correctly, the Cloud can certainly reduce overall Cloud costs. It can also reduce your financial, operational or legal risks – especially when we consider the heightened focus on data privacy and security in the era of GDPR and POPI.

It’s important not to lose sight of your business’ unique requirements: What insights do I need? How is my business evolving? What performance do I need? What are my architectural constraints? What will be the best design for today, and what will be the best design for tomorrow?

The solution

These, all tend to be very complex questions to answer, so Oracle Cloud migration is certainly not something that you should step into lightly.

It’s for this reason that Oracle has developed its Oracle Managed Service Provider programme – accrediting a network of partners across the globe, and ensuring they have the expertise to successfully manage enterprise-wide Oracle Cloud migrations.

Your Managed Services Provider should have this accreditation and experience in managing similar large projects with other organisations. They should also have the business acumen to develop compelling business cases for CIOs to leverage in their internal conversations, and to guide the migration path.

Ultimately, you can free up internal resources by running Oracle applications on a fully managed Cloud platform, coupled with skilled resources to manage every aspect of your Oracle landscape.

The results include accelerated provisioning, more flexibility and increased availability of business-critical Oracle applications – giving your business the opportunity to finally draw true value from the masses of data you’re gathering.

By Arthur Mostert, ‘ Database Cloud Architect

Powered by WPeMatico

Spyro Reignited Trilogy release delayed until November

Spyro Reignited Trilogy release delayed until November

Spyro Reignited Trilogy release delayed until November

Activision and Toys For Bob, the developers behind the Spyro Reignited Trilogy package, have announced that the game will only be arriving on November 13, two months late than the original date of September 21.

Paul Yan, Co-Studio Head at Toys For Bob, said on the Activision Blog that the game “needs more love and care” and that they as a studio are “committed to getting these games right” and have therefore decided to push back the launch for PS4 and Xbox One.

To ease the pain of the anticipation, go ahead and watch the playthrough below:

By Daniëlle Kruger
Follow Daniëlle Kruger on Twitter
Follow IT News Africa on Twitter

Powered by WPeMatico

Five ways you a can create the perfect password and why you should

Five ways you a can create the perfect password and why you should

Five ways you a can create the perfect password and why you should.

Stories of people being hacked online are becoming more common these days. Many people have had their accounts, whether Facebook or Twitter, compromised.  Avoiding these kinds of hacks mean that one needs to use stronger passwords, but this won’t keep you secure from all the threats out there.

It is also important to ensure that there is a secure password for every service you use.

“Most sites today require a combination of capital letters, numbers and occasionally a special character. However, there are common patterns that most of us tend to use, like starting with a capital letter and ending with a couple of numbers. If a special character is required, we typically place it on the end. The bad guys know this. With machines equipped with today’s off-the-shelf processing power, even these seemingly complicated passwords are cracked in relatively short time”, said Martin Walshaw, Senior Engineer at F5 Networks.

Sometimes you are tempted to recycle your password mainly because it is easier to remember. It is okay to recycle but only if the website does not store any store personal information. You should always memorize your password never write it down. Other services like a password management tool could help with storing your password. These services automatically generate passwords and allow you to select the level of complexity, pattern type, and length.

“So, what happens when the bad guys acquire your credentials? You might think the password is hashed or encrypted and are therefore protected. In the case of LinkedIn 2012 data set, the SHA1 algorithm was used, which is now considered a broken hash and should not be used. To make things worse, the passwords were hashed without first being “salted” (i.e. adding more data to the password to hide its true meaning),” said Walshaw.

How then do you create the perfect password? Here is a list of 5 ways to help you create a password that is harder to crack.

1. Longer is better.
The more characters a password has, the harder it becomes for people to get it right. Mix letters, numbers, and punctuation and, when possible, include both uppercase and lowercase letters. Made up or altered words are better than actual words. You should go for passwords that are a minimum of 12 to 14 characters in length. A longer password would be even better.

2. Avoid calendar dates
As part of the numeric portion of the password. Don’t use account numbers or other billing information as part of a password. Passwords like “123456” are still the most used. Don’t Do This. It is easier for hackers to crack such passwords.

3. Avoid personal information
Personal information that can easily be looked up or verified should be avoided. The use of adjacent keys or consecutive numbers are easy for others to notice and should be avoided.

4. Use a password manager
One other way to keep track of all those passwords is to use an online password management option. These tools are easy to set up and useful in helping you manage all your passwords. They have strong encryption and allow you to unlock and auto-fill your passwords and other information with one master password.

5. Separate your passwords
Maintain a separate password for each highly sensitive account, such as email, financial institutions, and social media.

“The fact is that more than 1.1M people chose the password “123456” and nearly 190,000 people chose “password”. If people are using such configurations for LinkedIn, then there is a good chance they are adopting the same password on more sensitive sites, such as bank accounts, which might be more interesting to cybercriminals”, said Walshaw.

Walshaw advises people to be responsible for their personal information. He said, “Cybercriminals spend enormous effort trying to access your information for unscrupulous commercial gain. By adopting best practice and investing in personal security, your vital credentials will remain encrypted, which means that should a hack take place then you automatically devalue the stolen data for the cybercriminal. Don’t ignore the dangers of the Dark Web – cybersecurity is all of our responsibility. Stay safe.”

By Fundisiwe Maseko
Follow Fundisiwe Maseko on Twitter
Follow IT News Africa on Twitter

Powered by WPeMatico

Criminals target fax machines to hijack networks and spread malware

Criminals target fax machines to hijack networks and spread malware

Research reveals how criminals target fax machines to take over networks and spread malware.

New research from Check Point, a provider of cyber-security solutions globally, has shown how organisations and individuals could be hacked via their fax machines, using newly discovered vulnerabilities in the communication protocols used in tens of millions of fax devices globally. A fax number is all an attacker needs to exploit the flaws, and potentially seize control of a company or home network.

The Check Point research demonstrated the vulnerabilities in the popular HP Officejet Pro All-in-One fax printers. The same protocols are also used by many other vendors’ faxes and multifunction printers, and in online fax services such as fax2email, so it is likely that these are also vulnerable to attack by the same method. Following discovery of the vulnerabilities, Check Point shared the findings with HP, which was quick to respond and to develop a software patch for its printers, which is available on HP.com.

Not often perceived as modern-day technology, there are over 45 million fax machines in use in businesses globally, with 17 billion faxes sent every year. It is still widely used in several Industry sectors such as healthcare, legal, banking and real estate, where organizations store and process vast amounts of highly sensitive personal data. The UK’s National Health Service alone has over 9,000 fax machines in regular use for sending patient data. In many countries, emails are not considered as evidence in courts of law, so fax is used when handling certain business and legal processes. Nearly half of all laser printers sold in Europe are multifunction devices which include fax capability.

“Many companies may not even be aware they have a fax machine connected to their network, but fax capability is built into many multifunction office and home printers,” said Yaniv Balmas, Group Manager, Security Research at Check Point. “This groundbreaking research shows how these overlooked devices can be targeted by criminals and used to take over networks to breach data or disrupt operations.

“It’s critical that organizations protect themselves against these possible attacks by updating their fax machines with the latest patches and separating them from other devices on their networks,” Balmas continued. “It’s a powerful reminder that in the current, complex fifth-generation attack landscape, organisations cannot overlook the security of any part of their corporate networks.”

Once an attacker obtains an organisation’s fax number (which is easily obtainable from corporate websites), the attacker sends a specially created image file by fax to the target. The vulnerabilities enable malware (such as ransomware, crypto-miners or spyware) to be coded into the image file, which the fax machine decodes and uploads to its memory. The malware can then potentially breach sensitive data or cause disruption by spreading across any networks to which the fax machine is connected.

To minimize the security risk, Check Point advises that organisations check for available firmware updates for their fax devices and apply them. Businesses are also urged to place fax devices on a secure network segment separated from applications and servers that carry sensitive information. That will limit the ability of malware to spread across networks.

The vulnerabilities were presented by Check Point researchers Yaniv Balmas and Eyal Itkin at DEF CON 26, the leading security and hacking conference. For more information on these findings, visit Check Point’s corporate blog. For full details of the vulnerabilities found by Check Point’s researchers, visit Check Point’s Research Blog.

Edited by Fundisiwe Maseko
Follow Fundisiwe Maseko on Twitter
Follow IT News Africa on Twitter

Powered by WPeMatico

Google employees protest censored search engine For China

Google employees protest censored search engine For China

The employees are demanding more transparency so they can understand the moral implications of their work, said the Times, which obtained a copy of the letter.

About a thousand Google employees have signed a letter protesting the company’s efforts to build a censored version of its search engine in China, as reported by The New York Times.

The employees are demanding more transparency so they can understand the moral implications of their work, said the Times, which obtained a copy of the letter.

It has been signed by 1,400 employees and is circulating on the company’s internal communications system, the newspaper said, quoting three people who are familiar with the document.

The letter argues that the search engine project and Google’s apparent willingness to accept China’s censorship requirements “raise urgent moral and ethical issues.”

“We urgently need more transparency, a seat at the table and a commitment to clear and open processes: Google employees need to know what we’re building,” the letter said. It also asked the company to let employees be a part of ethics reviews and publish ethical assessments of projects that are seen as controversial. The letter said Google’s willingness to work within China’s censorship laws raises “urgent moral and ethical issues,” and that employees currently don’t have the information needed “to make ethically-informed decisions about our work, our projects and our employment.”

Employee anger flared with a report earlier this month in The Intercept that Google is secretly building a search engine that will filter content banned in China and thus meet Beijing’s tough censorship rules.

The multinational tech company withdrew its search engine from China eight years ago due to censorship and hacking.

Google did not immediately respond to comment. The company has repeatedly ignored requests for comment, despite being responsive to commenting on other stories. Its sole statement on its situation in China is from August 3rd: “We provide a number of mobile apps in China, such as Google Translate and Files Go, help Chinese developers, and have made significant investments in Chinese companies like JD.com. But we don’t comment on speculation about future plans.”’

Edited by Neo Sesinye
Follow Neo Sesinye on Twitter
Follow IT News Africa on Twitter

Powered by WPeMatico

F5 appoints David Helfer as Senior Vice President for EMEA Sales

F5 appoints David Helfer as Senior Vice President for EMEA Sales

David Helfer, newly appointed Senior Vice President for EMEA Sales at F5 Networks.

F5 Networks has announced the appointment of David Helfer as its new Senior Vice President of Sales for the UK, Europe, Middle East, and Africa (EMEA). A veteran leader of high-performance global teams, David has more than 25 years of deep industry knowledge in the technology sector. He first joined F5 in 2016 as Senior Vice President, Worldwide Partners & Cloud Sales.

“David is an accomplished leader with a strong global track record. With his customer development experience and deep commercial pedigree, we look forward to David continuing to accelerate F5’s application security and cloud leadership across EMEA,” said Chad Whalen, Executive Vice President, Worldwide Sales, F5 Networks.

Prior to F5, Helfer was Vice President of Worldwide Channels at the mobility cybersecurity company Lookout, where he also held the role of Direct Sales Manager for all of Asia Pacific and Inside Sales. For nearly 15 years, David also held senior positions at Juniper Networks as head of Worldwide Channels, Vice President of Commercial and Inside Sales, and while based in London, Vice President of EMEA Partners and Alliances. Helfer joined Juniper Networks in 2000 from UUNET, where he was working as Global Sales Director.

David holds a BA degree in Political Science from Kalamazoo College, Michigan, and he also attended the International Study Program from the Universidad de Extremadura, Cáceres, Spain.

Helfer is a sought-after public speaker and thought leader, regularly participating in high-profile events, roundtables, and global media engagements.

“I am delighted to head EMEA Sales and strengthen F5’s leadership position in the application security and cloud markets,” said David Helfer. “F5 is uniquely positioned to help EMEA businesses cope with a rapidly shifting threat landscape, soaring data privacy concerns and emerging, cloud-driven business imperatives. I have an exceptionally talented team of technical experts and sales professionals committed to growing our customer and partner relationships across the region. We now need to take initiatives to the next level by further enhancing and securing our customers’ apps – irrespective of where they reside.”

Edited by Fundisiwe Maseko
Follow Fundisiwe Maseko on Twitter
Follow IT News Africa on Twitter

Powered by WPeMatico

Motorola mimic’s Apple iPhone X

Motorola mimic’s Apple iPhone X

Motorola unveils new Moto P30 flagship.

Motorola’s new high-end Moto P30 6.2-inch phone has launched in China, looking uncannily like the Apple iPhone X.

Unveiled just hours after press renders of the smartphone appeared online, Motorola has been criticised for revealing a “shameless” copy of the iPhone X as its new model.

Similar to the iPhone X, the Motorola P30 boasts a metal and glass design with rounded corners, a sizeable notch at the top of its display, and a vertical dual camera array on its backside that’s almost indistinguishable to that found on Apple’s flagship.

Moto P30 comes with an octa-core Snapdragon 636 processor, 6GB of RAM, up to 128GB of storage, a 6.2-inch display with a resolution of 2246×1080 pixels, and a 3000mAh battery. For the camera, Motorola has included a 16MP sensor with a 5MP secondary sensor on the back — the system makes use of some sort of AI to take shots with “more refined depth of field effect”, much like the iPhone’s portrait mode camera. The device also ships with Android 8.0.

Moto P30 will go on sale next month, starting at 2,099 RMB which is roughly around $300. It’s available in black, white, and two-tone purple/blue model.

Motorola is basically making an iPhone X that runs Android. But is that so bad? 🤔 https://t.co/kqbj5zB1yq

— Android Central (@androidcentral) August 14, 2018

Edited by Neo Sesinye
Follow Neo Sesinye on Twitter
Follow IT News Africa on Twitter

Powered by WPeMatico

Google employees sign protest letter over China search engine

Google employees sign protest letter over China search engine

FILE PHOTO: The brand logo of Alphabet Inc’s Google is seen outside its office in Beijing, China August 8, 2018. Picture taken with a fisheye lens. REUTERS/Thomas Peter/File Photo

Hundreds of Google employees have signed a protest letter over the company’s reported work on a censor-friendly search engine to get back into China, The New York Times said Thursday.

The employees are demanding more transparency so they can understand the moral implications of their work, said the Times, which obtained a copy of the letter.

It has been signed by 1,400 employees and is circulating on the company’s internal communications system, the newspaper said, quoting three people who are familiar with the document.

The letter argues that the search engine project and Google’s apparent willingness to accept China’s censorship requirements “raise urgent moral and ethical issues.”

“Currently we do not have the information required to make ethically-informed decisions about our work, our projects, and our employment,” they say in the letter, according to the Times.

Employee anger flared with a report this month in The Intercept that Google is secretly building a search engine that will filter content banned in China and thus meet Beijing’s tough censorship rules.

Google withdrew its search engine from China eight years ago due to censorship and hacking.

The new project is said to be codenamed “Dragonfly.”

The tech giant had already come under fire this year from thousands of employees who signed a petition against a $10-million contract with the US military, which was not renewed.

With the secret project, Google employees are reportedly worried that they might unknowingly be working on technology that could help China hide information from its people.

“We urgently need more transparency, a seat at the table, and a commitment to clear and open processes: Google employees need to know what we’re building,” the protest letter says, according to the Times.

At a townhall gathering of employees on Thursday, Google CEO Sundar Pichai said the firm was committed to transparency, and that while it was “exploring many options”, it was “not close to launching a search product in China,” the Financial Times reported, citing a person present at the meeting.

Pichai said Google’s stated mission is “to organize the world’s information,” Bloomberg News reported, quoting a transcript of the employee meeting.

“China is one-fifth of the world’s population. I think if we were to do our mission well, I think we have to think seriously about how we do more in China,” he added, according to Bloomberg.

“I genuinely do believe we have a positive impact when we engage around the world and I don’t see any reason why that would be different in China.” Pichai said.

“We’ll definitely be transparent as we get closer to actually having a plan of record here. We definitely do plan to engage more and talk more.”

Powered by WPeMatico

Black Hat: Protecting Industrial Control System

Black Hat: Protecting Industrial Control System

Cameron Camp, security researcher at ESET

Industrial Control System (ICS) security was ramped up at Black Hat USA – with packed sessions ranging from specific attacks to vulnerable hardware – all with the aim of protecting critical infrastructure, whose security shortcomings so frequently hit the headlines these days.

While industrial control protocols themselves are horribly insecure, there is an attempt to bolt on security hardware and software to check for anomalous communication patterns. But while this is certainly progress, it’s only part of the whole picture.

In my experience, the communication to the industrial equipment wasn’t malicious at the packet level. The equipment was following legitimate commands, albeit for a malicious purpose. This is why security is difficult.
Think of it as a rogue insider, but a digital one. Once attackers gained access to the network, the limited ICS/SCADA (supervisory control and data acquisition) defenses didn’t stop legitimate commands emanating from legitimate – but compromised – workstations.

Also at Black Hat, we saw critical networks strapping on remote communication devices over cellular networks to monitor systems, and those devices often had critical misconfiguration errors allowing attackers to gain access and mine data that would inform future attacks. Again, these entry points were protectable, but weren’t protected.
Industries controlled by ICS sit at an interesting junction where the practitioners who are best able to keep the machinery running have been around long enough to have not grown up digital, and there seems to be a natural resistance.

I recently interviewed a senior engineer for a critical infrastructure firm. He explained there was little incentive to stray beyond his areas of expertise, into network security or other digital domain issues. He wouldn’t receive a pay raise, as he was already at or near the top of his pay scale, and he felt nervous about making mistakes that could get him in trouble. In short, there was a lot of risk for him and little perceived reward.
This experience seems systemic throughout the ICS world. In some cases, it will take the next generation of engineers and operators who grew up with, and/or understand the context of, digital security running this critical machinery, before the tide will change.

Meanwhile, it was encouraging to see so much effort amongst security practitioners at Black Hat being focused on protecting critical infrastructure. After all, this same infrastructure directly controls the ability to do what we do in the security world. If the lights go out, the water stop flowing soon too and things snowball into a situation no one wants. As so much of the infrastructure that our modern societies take for granted depends on ICS-managed systems, they are definitely worth protecting.

By Cameron Camp, security researcher at ESET

Powered by WPeMatico