اخبار الهكرز العرب

The compromise of a single enterprise endpoint can ultimately lead to a wider security incident, ransomware outbreak, data breach, costly remediation and rebuilding of lost reputation. Most organizations know this, but still struggle to obtain visibility into and control over corporate endpoints, which are often distributed throughout the world. When a device goes dark – goes off the corporate network, is lost or stolen, or operating without security controls – organizations have a limited window of time to remediate vulnerabilities and mitigate risk. These efforts are slowed or thwarted when the very software controls designed to protect are corrupted or removed. Persistence technology helps security controls self-heal Endpoint security company Absolute has a unique solution for that: firmware-embedded Persistence technology that allows endpoint security and management controls to “self-heal” or reinstall if they’ve been removed or compromised. This techn

The recent ROCA vulnerability (CVE-2017-15361) raises some important issues about the design of secure cryptographic software. The vulnerability is not in this case an obvious coding error such as a buffer overflow, or the use of a poor quality random number generator. In this case, it arose from what probably seemed like a reasonable software engineering decision. To understand this in detail requires some pretty complex mathematics. For that, I refer you to the paper that details the flaw along with the exploit, which you can download here . In summary, the researchers studied the statistical properties of a large sample of public keys. These are not normally easy to obtain, but the Estonian government had set up a public directory, associated with their national ID card . Since, by definition, these are public keys that’s a perfectly reasonable thing to do. Recall that there is a corresponding private key which is of course not disclosed. In theory, it’s alm

Data centers aren’t exactly going extinct, but given the massive shift to public clouds , you need to make some significant adjustments if your mindset doesn’t already include or understand the cloud. The problem is that not every organization knows how to prepare for and embrace the cloud-driven future. It can take some major mental adjustments to shift mindset from on-prem environments based on the data center, which has a clear and definable perimeter, to the nebulous world of the cloud. To help you get your mind out of the data center, beyond the perimeter, and into the cloud, we suggest you consider the five mental shifts outlined below. The threat landscape is evolving There was a time when keeping an eye on your network perimeter was sufficient to catch most threats. Today, that’s not the case. The 2017 Threat Landscape Survey from SANS found that endpoints and end users are now the front line of the battle against online threats. These are the most freq

The way we work is evolving. Traditional desktop computers and laptops are slowly giving way to the mobile device. From smartphones to tablets, a growing number of employees are embracing the flexibility that accompanies such devices. In fact, 55 percent of all email was opened on mobile devices from May 2017 to April 2017 – up from just 29 percent in 2012. In addition to keeping tabs on the office, consumers have come to rely upon mobile devices for a whole host of capabilities, including mobile banking, shopping and even payments. Today, Americans spend an average of 5 hours per day on mobile devices – a 20 percent increase compared to 2015. With this shift towards mobile access at work, home and everywhere in between, comes a shift in both user expectations and behaviors. Instant access to information – anytime, anywhere – is the norm, which means our tolerance for friction has greatly diminished. This new attitude allows employees to be more productive

Attackers demonstrated the power of an IoT-fueled botnet in 2016 when the Mirai botnet took down major websites like Reddit, Twitter and GitHub. Despite the damages, no significant changes to the IoT industry occurred. As a matter of fact, consumers continue to purchase and deploy IoT devices with little care outside the guarantee that the device works and the price tag is cheap. Manufacturers continue to pump out new IoT devices at a rapid pace, often trading security for usability and affordability. Without any incentive for device manufacturers to spend valuable development resources securing their products, conditions remain ripe for new IoT-fueled botnet attacks in 2018. As hackers continue to refine and improve their botnet code, I predict the next attack will be even larger than the record-shattering DDoS attack caused by Mirai and that it will create enough impact to trigger government regulation of IoT. IoT botnets earned notoriety in 2016 when Mirai s

As the price of Bitcoin keeps hitting surprising heights, more and more cyber crooks are turning their sights on anything and anyone who trades or uses the popular cryptocurrency. The latest attempt to deliver malware to a specific group of Bitcoin users was spotted by Fortinet researchers. A RAT is delivered The malicious offer comes via email: a free trial of Gunbot, a new bitcoin trading bot developed by Gunthy: The email carries an attachement – a VB Script that, when executed, downloads a file that looks like a JPEG image file, but it’s actually a PE binary. “At first glance, the downloaded executable appears to be a benign inventory system tool with a lot of references to SQL commands for inventory procedures. After further analysis, however, we found that it is a trojanized version of an open source inventory system tool named TTJ-Inventory System,” the researchers found. Ultimately, this malicious file ends up installing a number of executables.

Cisco has plugged six security holes in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files that could be exploited by remote attackers to execute malicious code on a target system. “The ARF and WRF file formats are used to store WebEx meeting recordings that have been recorded on a WebEx meeting site, or on the computer of an online meeting attendee,” the company explained . “The Cisco WebEx players are applications that are used to play back WebEx meeting recordings that have been recorded by an online meeting attendee. The player can be automatically installed when the user accesses a recording file that is hosted on a WebEx server.” Vulnerability exploitation Exploitation of the vulnerabilities can be triggered via malicious ARF or WRF files. Attackers can send such a file as an attachment, or provide a link to it in an email. In both cases, they have to convince users to download

Resolve Systems shared the top trends to watch in 2018 relating to incident response and automation. The list of predictions are founded on the company’s insight into the challenges enterprises express in today’s new normal of high impact outages/breaches and why companies are investing in incident response and automation technology. “2018 is not going to be a quieter year in terms of cyber-attacks against organizations. We know that threats are becoming more sophisticated and easier for hackers to deploy, in most instances. Therefore, we have to continue to improve our ability to protect against those threats. To do so is a team effort that requires MSSPs, security vendors, SOC managers and all parties involved in incident response to lean on automation technologies and orchestration methodologies that help investigate and remediate attacks quickly, efficiently and in a way that really helps our overworked security teams rather than creating more w

  The volume of credential exposures has increased to 16,583 from April to July 2017, compared to 5,275 last year’s analysis by Anomali. 77% of the FTSE 100 were exposed, with an average of 218 usernames and password stolen, published or sold per company. In most cases the loss of credentials occurred on third party, non-work websites where employees reuse corporate credentials. Suspicious domain registrations by country In May 2017, more than 560 million login credentials were found on an anonymous online database, including roughly 243.6 million unique email addresses and passwords. A significant number of credentials linked to FTSE 100 organisations were still left compromised over the three months following the discovery. This failure to remediate and secure employee accounts, means that critical business content and personal consumer information held by the UK’s biggest businesses has been left open to cyber attacks. Targeted brand attacks and expos