اخبار الهكرز العرب

  A vulnerability in the free, open source electronic medical record and medical practice management software OpenEMR can be exploited to steal patients’ medical records and other personally identifiable information, Risk Based Security warns. OpenEMR is used all over the world. 2012 estimates put the number of US installations (physician offices and other small healthcare facilities) over 5,000, and global numbers over 15,000. Among the users are the International Planned Parenthood Federation and the Peace Corps. The flaw was discovered by company researchers while reviewing previously discovered security issues in OpenEMR, and responsibly disclosed to the developers. The fix has been pushed out in early November, in the 6th patch for OpenEMR v5.0.0 . About the vulnerability The vulnerable component is the setup.php installation script, which allows users to easily install the application through a web browser. Isaac Sears, who released details and expl

PowerDNS, the company behing the popular open source DNS software of the same name, has pushed out security updates and patches for its Authoritative Server and Recursor offerings that, among other things, fix five security vulnerabilities of note. “PowerDNS users and customers include leading telecommunications service providers, large scale integrators, Wikipedia, content distribution networks, cable networks / multi service operators and Fortune 500 software companies,” the company proclaims on their site. “In various important markets, such as Scandinavia, Germany and The Netherlands, PowerDNS is the number one supplier of nameserver software.” About the vulnerabilities PowerDNS developer Remi Gacogne detailed the vulnerabilities in a post on the Open Source Security Mailing List (oss-sec), and pointed out each of them can be exploited only if the target has a specific configuration that is not enabled by default. The security issues, numbered sequen

Cyber Monday is a record setting day year after year: most internet traffic, most online sales, and unfortunately, huge amounts of cyber criminal activity. Christmas really does come early for hackers–they target gullible shoppers and vulnerable businesses to capitalize on the fervor surrounding Cyber Monday. Customers are far more likely to fall victim to malware or phishing and disclose sensitive information like credit card numbers and bank accounts. Hackers package their malicious links as too-good-to-be-true discount codes and take to social media in order to amplify their attack. Check out the infographic to see some tactics used by hackers and how you can protect yourself against any Cyber Monday scam. A cyber monday scam in action. For online businesses, Cyber Monday is the most lucrative 24 hours of the year. Customers take advantage of huge savings, jumpstarting the holiday shopping season – just look at last year’s stats: $2.29 billion in sales

    Social media is an often overlooked area when it comes to information security. Because social is sometimes treated like a personal communication tool rather than a business platform, risk monitoring & governance, employee security awareness and corporate security policies are rarely in place. But social is undeniably a business system, one that we use daily to communicate with our customers, grow our revenues and engage our employees. In fact, organizations spend on average almost 25% of their entire marketing budget on social.   Fixing the neglect for social media security is a bit more tricky than simply realizing it exists , because unlike traditional business platforms (think email), the enterprise doesn’t control the data or the access. Organizations need to take a different approach. They need to build employee awareness and social media security best practices around the dangers of targeted attacks and cybercrime on social media. They need

Words like “deep web” or “dark net” are sometimes used interchangeably although they are altogether different entities. The simple explanation, and the reason why deep and dark are sometimes confused, is that the majority of users only use the “surface web”—the most popular and heavily linked websites on the Internet. That leaves potentially millions of privately owned and operated websites that no one has officially classified or “indexed” (such as what Google and Bing do by crawling public websites), and perhaps only a handful of people have actually seen. Some individuals have likened the deep and dark web to trying to fish in the ocean, or perhaps an iceberg that rises to the surface but actually goes thousands of leagues under the ocean. As far back as 2001, the deep web was said to be “orders of magnitude” larger than the surface web, and modern 2016 reports suggest that hidden websites and databases are 500+ times greater in number than everything we see on the

Don’t let high-profile security attacks dominate your security efforts. This year we’ve seen the WannaCry and Petya attacks wreak havoc around the world, as well as high-profile data breaches like Equifax . It’s easy to get caught up in the news cycle, but they’re not the main threats security professionals should be focusing their attention on. Vulnerabilities , and the exploitation of them, are still the root cause of most information security breaches today. Although not all breaches result from a vulnerability being exploited, most do. Within this majority, they also come from known vulnerabilities, rather than zero day attacks. “ 99% of the vulnerabilities exploited by the end of 2020 will continue to be ones known by security and IT professionals at the time of the incident. ” Zero day vulnerabilities made up only approximately 0.4% of vulnerabilities during the past decade. The amount spent on trying to detect them is out of kilter with the

We’ve all seen them on Facebook, maybe even done them ourselves: viral social media quizzes. Perhaps it was about the top 10 concerts you’ve attended or a dozen fun facts people might not know about you. Innocent though they may seem, these social media quizzes can put you in the crosshairs for attackers, both physical and cyber. They are a prime example of over-sharing sensitive data online, which has grown rampant with the advent of social media. In the spirit of National Cyber Security Awareness Month , we’re shining on the light on this ubiquitous issue. Its one of the most prevalent and most preventable. Over-sharing not limited to viral quizzes or trends. Posting publicly about vacations, family, personally identifiable information (PII), or your physical location can, in some cases, put you at risk. Most people know not to post pictures of their credit cards ( you’d be surprised ) or disclose sensitive login of financial information, but a surprising