Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/26/2007
02:07 AM
50%
50%

GFI Launches Storage Device Scanner

GFI launches free, online portable storage device scanner

LONDON -- GFI Software, an international developer of network security, content security and messaging software, announced today the release of EndPointScan, an industry-first, free online service that allows you to check what devices are or have been connected to computers on your network and by whom. Using this diagnostic tool, you can identify those areas where the use of portable storage devices could pose a risk to the integrity of the company's systems and data.

The uncontrolled use of portable mass storage devices - USB sticks, CDs, floppies, smartphones, MP3 players, handhelds, iPods, digital cameras - coupled with data theft techniques such as 'pod slurping', are a major threat to network security and could lead to security breaches, data theft, viruses and other malware being uploaded to a company's network. Earlier this year, for example, a scientist who worked with DuPont was arrested after he had copied $400 million worth of commercially-sensitive information from the network. This is why it is vital for you to know what devices have been or are currently in use on your company's network and to be in a position to take action where the risk of a breach is high.

Security companies, including GFI Software, have long warned of the risks of portable storage devices and how vital it is that companies do something about it. Knowing what devices are on your network and the threat they pose is the first step towards minimizing these risks and this is what EndPointScan, an industry-first diagnostic tool, is designed to do.

Unfortunately, many businesses are unaware of or ignore the threat until something actually happens. According to research conducted on behalf of GFI Software, 35 per cent of 370 UK companies surveyed said they considered portable devices to be a massive risk to their company's security. However, 83 per cent of employers said they provided devices such as USB sticks, PDAs and Blackberrys to their staff. It is even more worrying to note that even though 51 per cent said they know who uses these devices at the office, 71 per cent do not log what files are transferred to and from the network. For all they know sensitive and confidential data could have easily been stolen from the network!

"Over the past few months, we have strived to create awareness on this issue and the launch of this utility is aimed at helping administrators to examine device usage on their network and act accordingly to reduce possible future risks. We have made it a point to keep the utility as simple as possible and easy to use," Andre Muscat, director, network security products at GFI, said. "Our main message is that the cost to take the necessary action to manage risk is much less than the costs involved reacting to a particular incident. We believe that an endpoint security solution such as GFI's EndPointSecurity product is a must in today's highly networked corporate environment," he added.

GFI Software Ltd.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5595
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute...
CVE-2020-5596
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) does not properly manage sessions, which may allow a remote attacker to stop the network functions of the products or execute a mali...
CVE-2020-5597
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a null pointer dereference vulnerability, which may allow a remote attacker to stop the network functions of the products o...
CVE-2020-5598
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop ...
CVE-2020-5599
PUBLISHED: 2020-07-07
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper neutralization of argument delimiters in a command ('Argument Injection') vulnerability, which may allow a remo...