Today Okiok is releasing version 4.7.1 of S-Filer/Portal™.
This bugfix release fixes 1 issue.
Some browsers would fail to upload files silently when a user with a french profile performed a "Quick Send" (sending a file to a user known only by email address)
This update does not involve database schema changes
This update does not change the UI themes or email templates
Studying the global trends of information security, throughout the last decade, shows a continuous raise of cyberattack's frequency, severity and impacts. In 2015, the number of detected security incidents soared 107% over the year before, according to a recent study.
New attack schemes and methods have destabilized actual prevention and detection processes, which have been proved less effective against increasingly in-depth assaults. Many organizations are completely doubtful, in addition to not having sufficient resources required to implement countermeasures against cybercriminals. Thus, it ...
OKIOK is pleased to have presented “Application Security and Phishing” at the OWASP conference initiative sponsored by OWASP Montreal. OKIOK exposed the impacts of phishing experienced by businesses and presented practical action plans to address those risks.
The presentation introduced and emphasized the connection and causality links between the application security and phishing campaigns. In a study conducted in 2015, the APWG (Anti Phishing Work Group) identified no less than 1.3 million unique phishing campaigns. This represents twice the 2014 occurrences as ...
Montreal, February 5th, 2016.
The BYOR series, stands for Bring Your Own Risk and are aimed at providing a repository of multiple articles related to the trends and domains of information security risks. The acronym is inspired from the well-known ‘’Bring Your Own Device’’.
Risk is characterized as an intangible notion that humanity has always tried to predict, avoid and master for a very long time. Due to its unpredictable character and multiple forms, risk has always been studied and formalized as a ...
JSP File Upload Remote Code Execution using PowerShell Empire
During a penetration test on a Web application, we have found a file upload functionality. File uploads are always interesting for a penetration tester because they are difficult to implement securely. The application was written in Java, so, one file type we are interested in is JSP files, because they will be executed by the server if we can upload and access them.
Because everything is not so easy, the feature only allows some ...
Nuremberg, October 22, 2015.
It-sa, the only IT security exhibition in the German-speaking region in Europe and one of the most important worldwide industry events for providers and customers, was attended by OKIOK’s European sales partner LaunchPad Services on Oct. 6-8. The exhibition exceeded the successes from previous years and attracted well over 9,000 visitors and 428 exhibitors, sharing and receiving the latest information around trends and solutions in IT security.
With this double digits growth from previous year, it is clear that the awareness ...
Montreal, September 21 2015
On September 29th and 30th, ISACA Quebec will host the Symposium on Identity and Access Management (IAM), where several Information Technology professionals will meet and discuss about concerns and best practices in the field.
OKIOK's President, Mr. Claude Vigeant, will present the workshop Du principe à la pratique ("From Principle to Practice") in collaboration with Mr. Bruno Guay. The purpose of the workshop is to highlight some of the practical challenges related to the implementation of IAM solutions and to propose practical solutions. Mr. Vigeant will also participate in the round ...
Montreal, September 16, 2015.
The Montreal Security Experts Summit will be held on Thursday, September 17 at the Oracle Offices. Mr. Claude Vigeant has been invited as a top security expert to discuss risks and attack landscape and safety of databases.
More precisely, topics are foreseen as follows :
Is it just us that think that data at the source should be protected? Are we reading the market right?
Do we need to educate our customers and if so how do we go about it?
If we agree, what ...
Date et lieu : Le 22 octobre prochain à l'Hôtel Continental.
Par : Me Julie M. Gauthier, LL.M.
Résumé : La virtualisation des environnements numériques est l'aboutissement d'un mouvement vers la dématérialisation, et les organisations se tournent progressivement vers les services d'externalisation. La nature même du concept d'infonuagique ("Cloud Computing") implique une « dépossession » des données et, conséquemment, une perte de contrôle. Le flou juridique qu'il crée et les incidences sur la sécurité méritent qu'on leur porte une attention particulière et qu'on se munisse ...
Récemment, nous nous sommes fait interroger sur les meilleures pratiques en informatique judiciaire relativement à l’intégrité de l’information traitée dans le cadre d’expertises. Comme nous le savons, l’intégrité est une condition cruciale pour que la preuve numérique traitée puisse conserver sa valeur juridique. Au Québec, la Loi concernant le cadre juridique des technologies de l’information (« LCCJTI ») mentionne précisément que l’intégrité des « documents technologiques » doit être assurée pour que ces derniers puissent conserver la même valeur juridique. En voici quelques articles pertinents :
5. (…) ...