Posts

You can’t hide from this top trend at RSA Conference, no matter where you operate

Image
Every year, there are certain buzzwords and trends that rise to popularity within the technology community. In years prior, it’s been things like “cloud,” “bitcoin,” or “IoT,” that set the trend. So it’s no surprise when those words fill the agenda at major events like RSA Conference . Leaving us to wonder what the trending topics will be at RSAC 2018, taking place April 16-20 in San Francisco. But, lucky for us, that’s exactly what one of the RSA Conference Advisory Board members was determined to figure out. Wade Baker, RSAC Advisory Board Member, Partner at Cyentia Institute and Professor at Virginia Tech, analyzed approximately 15,000 RSA Conference Call for Paper submissions over the last decade (2009-2018). Using a combination of Natural Language Processing (NLP) techniques and a classification system developed for the Cyentia Research Library , Baker was able to extract the “most important” terms among those thousand

تحليل لأغلب برامج VPN السيئة ! كن حذراً في اختياراتك

Image
هل يمكنني إخباركم بسر صغير ؟ عندما نتحدث عن حماية خصوصيتك ، أغلب برامج VPN سيئة ! — أغلب البرامج المشهورة ، ذات التقييم العالي تقوم بتسريب IP Address الخاص و تصيب جهازك ببرمجيات خبيثة و تحمّل برمجيات مخفية لتتبع أنشطتك على الانترنت ، تسرق معلوماتك الخاصة ، تجعل بياناتك مكشوفة للاختراق من قبل المخترقين ، و تسرق أيضاً Bandwidth الخاص باتصالك. كما ستشاهدون بالأسفل ، أغلب برامج VPN المشهورة ليست آمنة ، خصوصاً اذا ما أردت حماية خصوصيتك. يمكن أن تبدوا الشبكات الافتراضية VPN مثالية ، تعطيك الخصوصية المطلقة و تحميك من الكوارث الأمنية عند النظر لما تقدمه من مميزات. ولكن المشكلة ليست في تقنية VPN بل بـ Server أو الخادم  الذي ستقوم بالاتصال به ! بياناتك و معلوماتك قد تكون مشفرة من جهازك حتى السيرفر أو الشبكة التي تقوم بالاتصال بها ، ولكن هل أنت متأكد من الحماية المتوفرة في تلك الشبكة التي ستقوم بالاتصال بها ! هل هذه الشبكة سليمة ؟ لإزالة هذا اللبس قمت بالاقتباس من موقع Restore Privacy الشهير في حماية الخصوصية على الانترنت ، لقائمة البرامج السيئة و التي ي

أهم الأسباب لزيادة معدل الاختراقات بالآونة الأخيرة

Image
من الصعب جداً التخلص من الخطر المصاحب لاستخدام التكنولوجيا و التقنية و لا توجد طريقة فعالة تستطيع بها ازالة هذه الاخطار ، ولكن من الممكن تقليصها فقط باسلوب ادارة المخاطر حتى يصبح الخطر الذي يهدد المنشأة من خطر عالي قد يشلّ جميع التقنيات إلى خطر منخفض محدود جداً لا يسبب تعطل جميع التقنيات. أسباب الاختراقات التي نراها تتزايد في الآونة الأخيرة : ١- ضعف التجهيزات الأمنية في الشبكة المخترقة سواء كانت أجهزة (Firewall, IPS) أو برمجيات (Antivirus) تقلل من خطر البرمجيات الخبيثة التي تسبب الاختراق في هذه الشبكة. ٢- امتلاك المخترقين قدرات برمجية هائلة تمكنهم من اكتشاف الثغرات الغير معلنة للبرمجيات المستخدمه في المنشآت. ٣- عدم وعي بعض المنشآت بالمخاطر التي تواجهها يؤدي لعدم أخذ كل الاحتياطات الممكنة في مواجهتها. ٤- عدم تحديث الأنظمة البرمجية بشكل سريع و دوري ، لأن أغلب التحديثات تكون أمنية لسد ثغرات في الأنظمة. ٥- قلة الوعي لدى الموظفين في المنشأة بالمخاطر المصاحبة لتصرفاتهم دا

Global business spend on cybersecurity to grow 33% over the next 4 years

Image
New data from Juniper Research has found that global business spend on cybersecurity solutions will grow by 33% o  ver the next 4 years, reaching $134 billion annually by 2022. Cyberattacks: Not if, but when Juniper anticipates that the cumulative cost of data breaches between 2017 and 2022 will reach $8 trillion, with variable per-business losses depending on the nature and scale of the attack. Shipping company Maersk, for example, estimated the cost of NotPetya infecting its global network in 2017 at between $200 and $300 million. Juniper argued that, as a result, stakeholders must plan in terms of risk mitigation rather than prevention. It predicted that service providers in high-risk environments would be forced to restructure their networks to avoid potential compliance breaches, data theft or service outage. Research author Steffen Sorrell explained: “Once a single endpoint is breached, the big danger is lateral movement across the network. Layered netw

Cyber attacks becoming No. 1 business risk

Image
SonicWall recorded 9.32 billion malware attacks in 2017 and saw more than 12,500 new Common Vulnerabilities and Exposures ( CVE ) reported for the year. “The cyber arms race affects every government, business, organization and individual. It cannot be won by any one of us,” said SonicWall CEO Bill Conner. “Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate. By sharing actionable intelligence , we collectively improve our business and security postures against today’s most malicious threats and criminals.” The annual threat report frames, compares and contrasts advances made by both cybersecurity professionals and global cybercriminals. Cyber attacks are becoming the No. 1 risk to business, brands, operations and financials 9.32 billion total malware attacks in 2017, an 18.4 percent year-over-year increase from 2016 Ransomware attacks dropped from 638 million to 184 million

Cybersecurity pros don’t feel equipped to stop insider attacks

Image
Based on interviews with nearly 1,500 cybersecurity professionals over three years, Haystax Technology released a study that makes it clear that organizations are feeling the pressure from insider threats and are ramping up detection, prevention and remediation. Regular employees are surpassing privileged users as biggest insider security risk “One consistent message we heard in all of these interviews was that cybersecurity professionals don’t feel equipped to stop insider attacks, despite an increase in funding for things like better controls and training,” said Haystax CEO Bryan Ware. “I’m not surprised that so many are now using analytics, as they need actionable intelligence to proactively identify and defend against threats from both malicious insiders and negligent users.” Key findings In 2017, 90 percent of organizations reported feeling vulnerable to insider attacks , up from 64 percent in 2015. Haystax predicts 99 percent of organizations will

Is that smart device secure, and will it protect your privacy?

Image
  The decision to introduce a new smart device into your home should come only after you’ve answered these two questions affirmatively: “Will the device improve the quality of my life/fill a need I have?” and “Am I satisfied with the level of security and privacy the manufacturer provides to users?”   Unfortunately, users’ needs (and wants) often end up being more important than security and privacy and the answer to that second question is simply ignored. In some cases, though, users want to find the answer to it, but they don’t know where to start. Researching smart devices According to ESET researchers, a good first step is to research the device’s potential vulnerabilities , and that can be done by searching online for mentions that include variations of “device name” or “device brand name” in conjunction with terms like “security vulnerability,” “privacy breach,” or “data leak.” “No device or software is guaranteed secure or without potential vulnerabi