اخبار الهكرز العرب

The compromise of a single enterprise endpoint can ultimately lead to a wider security incident, ransomware outbreak, data breach, costly remediation and rebuilding of lost reputation. Most organizations know this, but still struggle to obtain visibility into and control over corporate endpoints, which are often distributed throughout the world. When a device goes dark – goes off the corporate network, is lost or stolen, or operating without security controls – organizations have a limited window of time to remediate vulnerabilities and mitigate risk. These efforts are slowed or thwarted when the very software controls designed to protect are corrupted or removed. Persistence technology helps security controls self-heal Endpoint security company Absolute has a unique solution for that: firmware-embedded Persistence technology that allows endpoint security and management controls to “self-heal” or reinstall if they’ve been removed or compromised. This techn

The recent ROCA vulnerability (CVE-2017-15361) raises some important issues about the design of secure cryptographic software. The vulnerability is not in this case an obvious coding error such as a buffer overflow, or the use of a poor quality random number generator. In this case, it arose from what probably seemed like a reasonable software engineering decision. To understand this in detail requires some pretty complex mathematics. For that, I refer you to the paper that details the flaw along with the exploit, which you can download here . In summary, the researchers studied the statistical properties of a large sample of public keys. These are not normally easy to obtain, but the Estonian government had set up a public directory, associated with their national ID card . Since, by definition, these are public keys that’s a perfectly reasonable thing to do. Recall that there is a corresponding private key which is of course not disclosed. In theory, it’s alm

Data centers aren’t exactly going extinct, but given the massive shift to public clouds , you need to make some significant adjustments if your mindset doesn’t already include or understand the cloud. The problem is that not every organization knows how to prepare for and embrace the cloud-driven future. It can take some major mental adjustments to shift mindset from on-prem environments based on the data center, which has a clear and definable perimeter, to the nebulous world of the cloud. To help you get your mind out of the data center, beyond the perimeter, and into the cloud, we suggest you consider the five mental shifts outlined below. The threat landscape is evolving There was a time when keeping an eye on your network perimeter was sufficient to catch most threats. Today, that’s not the case. The 2017 Threat Landscape Survey from SANS found that endpoints and end users are now the front line of the battle against online threats. These are the most freq

The way we work is evolving. Traditional desktop computers and laptops are slowly giving way to the mobile device. From smartphones to tablets, a growing number of employees are embracing the flexibility that accompanies such devices. In fact, 55 percent of all email was opened on mobile devices from May 2017 to April 2017 – up from just 29 percent in 2012. In addition to keeping tabs on the office, consumers have come to rely upon mobile devices for a whole host of capabilities, including mobile banking, shopping and even payments. Today, Americans spend an average of 5 hours per day on mobile devices – a 20 percent increase compared to 2015. With this shift towards mobile access at work, home and everywhere in between, comes a shift in both user expectations and behaviors. Instant access to information – anytime, anywhere – is the norm, which means our tolerance for friction has greatly diminished. This new attitude allows employees to be more productive

Attackers demonstrated the power of an IoT-fueled botnet in 2016 when the Mirai botnet took down major websites like Reddit, Twitter and GitHub. Despite the damages, no significant changes to the IoT industry occurred. As a matter of fact, consumers continue to purchase and deploy IoT devices with little care outside the guarantee that the device works and the price tag is cheap. Manufacturers continue to pump out new IoT devices at a rapid pace, often trading security for usability and affordability. Without any incentive for device manufacturers to spend valuable development resources securing their products, conditions remain ripe for new IoT-fueled botnet attacks in 2018. As hackers continue to refine and improve their botnet code, I predict the next attack will be even larger than the record-shattering DDoS attack caused by Mirai and that it will create enough impact to trigger government regulation of IoT. IoT botnets earned notoriety in 2016 when Mirai s

As the price of Bitcoin keeps hitting surprising heights, more and more cyber crooks are turning their sights on anything and anyone who trades or uses the popular cryptocurrency. The latest attempt to deliver malware to a specific group of Bitcoin users was spotted by Fortinet researchers. A RAT is delivered The malicious offer comes via email: a free trial of Gunbot, a new bitcoin trading bot developed by Gunthy: The email carries an attachement – a VB Script that, when executed, downloads a file that looks like a JPEG image file, but it’s actually a PE binary. “At first glance, the downloaded executable appears to be a benign inventory system tool with a lot of references to SQL commands for inventory procedures. After further analysis, however, we found that it is a trojanized version of an open source inventory system tool named TTJ-Inventory System,” the researchers found. Ultimately, this malicious file ends up installing a number of executables.

Cisco has plugged six security holes in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files that could be exploited by remote attackers to execute malicious code on a target system. “The ARF and WRF file formats are used to store WebEx meeting recordings that have been recorded on a WebEx meeting site, or on the computer of an online meeting attendee,” the company explained . “The Cisco WebEx players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.” Vulnerability exploitation Exploitation of the vulnerabilities can be triggered via malicious ARF or WRF files. Attackers can send such a file as an attachment, or provide a link to it in an email. In both cases, they have to convince users to download

Resolve Systems shared the top trends to watch in 2018 relating to incident response and automation. The list of predictions are founded on the company’s insight into the challenges enterprises express in today’s new normal of high impact outages/breaches and why companies are investing in incident response and automation technology. “2018 is not going to be a quieter year in terms of cyber-attacks against organizations. We know that threats are becoming more sophisticated and easier for hackers to deploy, in most instances. Therefore, we have to continue to improve our ability to protect against those threats. To do so is a team effort that requires MSSPs, security vendors, SOC managers and all parties involved in incident response to lean on automation technologies and orchestration methodologies that help investigate and remediate attacks quickly, efficiently and in a way that really helps our overworked security teams rather than creating more w

  The volume of credential exposures has increased to 16,583 from April to July 2017, compared to 5,275 last year’s analysis by Anomali. 77% of the FTSE 100 were exposed, with an average of 218 usernames and password stolen, published or sold per company. In most cases the loss of credentials occurred on third party, non-work websites where employees reuse corporate credentials. Suspicious domain registrations by country In May 2017, more than 560 million login credentials were found on an anonymous online database, including roughly 243.6 million unique email addresses and passwords. A significant number of credentials linked to FTSE 100 organisations were still left compromised over the three months following the discovery. This failure to remediate and secure employee accounts, means that critical business content and personal consumer information held by the UK’s biggest businesses has been left open to cyber attacks. Targeted brand attacks and expos

  A vulnerability in the free, open source electronic medical record and medical practice management software OpenEMR can be exploited to steal patients’ medical records and other personally identifiable information, Risk Based Security warns. OpenEMR is used all over the world. 2012 estimates put the number of US installations (physician offices and other small healthcare facilities) over 5,000, and global numbers over 15,000. Among the users are the International Planned Parenthood Federation and the Peace Corps. The flaw was discovered by company researchers while reviewing previously discovered security issues in OpenEMR, and responsibly disclosed to the developers. The fix has been pushed out in early November, in the 6th patch for OpenEMR v5.0.0 . About the vulnerability The vulnerable component is the setup.php installation script, which allows users to easily install the application through a web browser. Isaac Sears, who released details and expl

PowerDNS, the company behing the popular open source DNS software of the same name, has pushed out security updates and patches for its Authoritative Server and Recursor offerings that, among other things, fix five security vulnerabilities of note. “PowerDNS users and customers include leading telecommunications service providers, large scale integrators, Wikipedia, content distribution networks, cable networks / multi service operators and Fortune 500 software companies,” the company proclaims on their site. “In various important markets, such as Scandinavia, Germany and The Netherlands, PowerDNS is the number one supplier of nameserver software.” About the vulnerabilities PowerDNS developer Remi Gacogne detailed the vulnerabilities in a post on the Open Source Security Mailing List (oss-sec), and pointed out each of them can be exploited only if the target has a specific configuration that is not enabled by default. The security issues, numbered sequen

Cyber Monday is a record setting day year after year: most internet traffic, most online sales, and unfortunately, huge amounts of cyber criminal activity. Christmas really does come early for hackers–they target gullible shoppers and vulnerable businesses to capitalize on the fervor surrounding Cyber Monday. Customers are far more likely to fall victim to malware or phishing and disclose sensitive information like credit card numbers and bank accounts. Hackers package their malicious links as too-good-to-be-true discount codes and take to social media in order to amplify their attack. Check out the infographic to see some tactics used by hackers and how you can protect yourself against any Cyber Monday scam. A cyber monday scam in action. For online businesses, Cyber Monday is the most lucrative 24 hours of the year. Customers take advantage of huge savings, jumpstarting the holiday shopping season – just look at last year’s stats: $2.29 billion in sales

    Social media is an often overlooked area when it comes to information security. Because social is sometimes treated like a personal communication tool rather than a business platform, risk monitoring & governance, employee security awareness and corporate security policies are rarely in place. But social is undeniably a business system, one that we use daily to communicate with our customers, grow our revenues and engage our employees. In fact, organizations spend on average almost 25% of their entire marketing budget on social.   Fixing the neglect for social media security is a bit more tricky than simply realizing it exists , because unlike traditional business platforms (think email), the enterprise doesn’t control the data or the access. Organizations need to take a different approach. They need to build employee awareness and social media security best practices around the dangers of targeted attacks and cybercrime on social media. They need

Words like “deep web” or “dark net” are sometimes used interchangeably although they are altogether different entities. The simple explanation, and the reason why deep and dark are sometimes confused, is that the majority of users only use the “surface web”—the most popular and heavily linked websites on the Internet. That leaves potentially millions of privately owned and operated websites that no one has officially classified or “indexed” (such as what Google and Bing do by crawling public websites), and perhaps only a handful of people have actually seen. Some individuals have likened the deep and dark web to trying to fish in the ocean, or perhaps an iceberg that rises to the surface but actually goes thousands of leagues under the ocean. As far back as 2001, the deep web was said to be “orders of magnitude” larger than the surface web, and modern 2016 reports suggest that hidden websites and databases are 500+ times greater in number than everything we see on the

Don’t let high-profile security attacks dominate your security efforts. This year we’ve seen the WannaCry and Petya attacks wreak havoc around the world, as well as high-profile data breaches like Equifax . It’s easy to get caught up in the news cycle, but they’re not the main threats security professionals should be focusing their attention on. Vulnerabilities , and the exploitation of them, are still the root cause of most information security breaches today. Although not all breaches result from a vulnerability being exploited, most do. Within this majority, they also come from known vulnerabilities, rather than zero day attacks. “ 99% of the vulnerabilities exploited by the end of 2020 will continue to be ones known by security and IT professionals at the time of the incident. ” Zero day vulnerabilities made up only approximately 0.4% of vulnerabilities during the past decade. The amount spent on trying to detect them is out of kilter with the