اخبار الهكرز العرب

Every year, there are certain buzzwords and trends that rise to popularity within the technology community. In years prior, it’s been things like “cloud,” “bitcoin,” or “IoT,” that set the trend. So it’s no surprise when those words fill the agenda at major events like RSA Conference . Leaving us to wonder what the trending topics will be at RSAC 2018, taking place April 16-20 in San Francisco. But, lucky for us, that’s exactly what one of the RSA Conference Advisory Board members was determined to figure out. Wade Baker, RSAC Advisory Board Member, Partner at Cyentia Institute and Professor at Virginia Tech, analyzed approximately 15,000 RSA Conference Call for Paper submissions over the last decade (2009-2018). Using a combination of Natural Language Processing (NLP) techniques and a classification system developed for the Cyentia Research Library , Baker was able to extract the “most important” terms among those thousand

هل يمكنني إخباركم بسر صغير ؟ عندما نتحدث عن حماية خصوصيتك ، أغلب برامج VPN سيئة ! — أغلب البرامج المشهورة ، ذات التقييم العالي تقوم بتسريب IP Address الخاص و تصيب جهازك ببرمجيات خبيثة و تحمّل برمجيات مخفية لتتبع أنشطتك على الانترنت ، تسرق معلوماتك الخاصة ، تجعل بياناتك مكشوفة للاختراق من قبل المخترقين ، و تسرق أيضاً Bandwidth الخاص باتصالك. كما ستشاهدون بالأسفل ، أغلب برامج VPN المشهورة ليست آمنة ، خصوصاً اذا ما أردت حماية خصوصيتك. يمكن أن تبدوا الشبكات الافتراضية VPN مثالية ، تعطيك الخصوصية المطلقة و تحميك من الكوارث الأمنية عند النظر لما تقدمه من مميزات. ولكن المشكلة ليست في تقنية VPN بل بـ Server أو الخادم  الذي ستقوم بالاتصال به ! بياناتك و معلوماتك قد تكون مشفرة من جهازك حتى السيرفر أو الشبكة التي تقوم بالاتصال بها ، ولكن هل أنت متأكد من الحماية المتوفرة في تلك الشبكة التي ستقوم بالاتصال بها ! هل هذه الشبكة سليمة ؟ لإزالة هذا اللبس قمت بالاقتباس من موقع Restore Privacy الشهير في حماية الخصوصية على الانترنت ، لقائمة البرامج السيئة و التي ي

من الصعب جداً التخلص من الخطر المصاحب لاستخدام التكنولوجيا و التقنية و لا توجد طريقة فعالة تستطيع بها ازالة هذه الاخطار ، ولكن من الممكن تقليصها فقط باسلوب ادارة المخاطر حتى يصبح الخطر الذي يهدد المنشأة من خطر عالي قد يشلّ جميع التقنيات إلى خطر منخفض محدود جداً لا يسبب تعطل جميع التقنيات. أسباب الاختراقات التي نراها تتزايد في الآونة الأخيرة : ١- ضعف التجهيزات الأمنية في الشبكة المخترقة سواء كانت أجهزة (Firewall, IPS) أو برمجيات (Antivirus) تقلل من خطر البرمجيات الخبيثة التي تسبب الاختراق في هذه الشبكة. ٢- امتلاك المخترقين قدرات برمجية هائلة تمكنهم من اكتشاف الثغرات الغير معلنة للبرمجيات المستخدمه في المنشآت. ٣- عدم وعي بعض المنشآت بالمخاطر التي تواجهها يؤدي لعدم أخذ كل الاحتياطات الممكنة في مواجهتها. ٤- عدم تحديث الأنظمة البرمجية بشكل سريع و دوري ، لأن أغلب التحديثات تكون أمنية لسد ثغرات في الأنظمة. ٥- قلة الوعي لدى الموظفين في المنشأة بالمخاطر المصاحبة لتصرفاتهم دا

New data from Juniper Research has found that global business spend on cybersecurity solutions will grow by 33% o  ver the next 4 years, reaching $134 billion annually by 2022. Cyberattacks: Not if, but when Juniper anticipates that the cumulative cost of data breaches between 2017 and 2022 will reach $8 trillion, with variable per-business losses depending on the nature and scale of the attack. Shipping company Maersk, for example, estimated the cost of NotPetya infecting its global network in 2017 at between $200 and $300 million. Juniper argued that, as a result, stakeholders must plan in terms of risk mitigation rather than prevention. It predicted that service providers in high-risk environments would be forced to restructure their networks to avoid potential compliance breaches, data theft or service outage. Research author Steffen Sorrell explained: “Once a single endpoint is breached, the big danger is lateral movement across the network. Layered netw

SonicWall recorded 9.32 billion malware attacks in 2017 and saw more than 12,500 new Common Vulnerabilities and Exposures ( CVE ) reported for the year. “The cyber arms race affects every government, business, organization and individual. It cannot be won by any one of us,” said SonicWall CEO Bill Conner. “Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber arms race continues to escalate. By sharing actionable intelligence , we collectively improve our business and security postures against today’s most malicious threats and criminals.” The annual threat report frames, compares and contrasts advances made by both cybersecurity professionals and global cybercriminals. Cyber attacks are becoming the No. 1 risk to business, brands, operations and financials 9.32 billion total malware attacks in 2017, an 18.4 percent year-over-year increase from 2016 Ransomware attacks dropped from 638 million to 184 million

Based on interviews with nearly 1,500 cybersecurity professionals over three years, Haystax Technology released a study that makes it clear that organizations are feeling the pressure from insider threats and are ramping up detection, prevention and remediation. Regular employees are surpassing privileged users as biggest insider security risk “One consistent message we heard in all of these interviews was that cybersecurity professionals don’t feel equipped to stop insider attacks, despite an increase in funding for things like better controls and training,” said Haystax CEO Bryan Ware. “I’m not surprised that so many are now using analytics, as they need actionable intelligence to proactively identify and defend against threats from both malicious insiders and negligent users.” Key findings In 2017, 90 percent of organizations reported feeling vulnerable to insider attacks , up from 64 percent in 2015. Haystax predicts 99 percent of organizations will

  The decision to introduce a new smart device into your home should come only after you’ve answered these two questions affirmatively: “Will the device improve the quality of my life/fill a need I have?” and “Am I satisfied with the level of security and privacy the manufacturer provides to users?”   Unfortunately, users’ needs (and wants) often end up being more important than security and privacy and the answer to that second question is simply ignored. In some cases, though, users want to find the answer to it, but they don’t know where to start. Researching smart devices According to ESET researchers, a good first step is to research the device’s potential vulnerabilities , and that can be done by searching online for mentions that include variations of “device name” or “device brand name” in conjunction with terms like “security vulnerability,” “privacy breach,” or “data leak.” “No device or software is guaranteed secure or without potential vulnerabi

Private, “Incognito mode” browsing sessions are not as foolproof as most users believe them to be “After a private session terminates, the browser is supposed to remove client-side evidence that the session occurred. Unfortunately, implementations of private browsing mode still allow sensitive information to leak into persistent storage,” a group of MIT and Harvard University researchers pointed out. “Browsers use the file system or an SQLite database to temporarily store information associated with private sessions; this data is often incompletely deleted and zeroed-out when a private session terminates, allowing attackers to extract images and URLs from the session. During a private session, web page state can also be reflected from RAM into swap files and hibernation files; this state is in cleartext, and therefore easily analyzed by curious individuals who control a user’s machine after her private browsing session has ended. Simple greps for keywords ar

  Ten years ago, I was brought into the industrial security arena by a top company executive in who was convinced that we needed traditional endpoint protection on smart meters . I had spent fifteen years before that in enterprise security, so it took a while to shape my focus around the nature of the problem of IT/OT convergence and industrial security. I have had the pleasure of being on both sides of the fence – from a major IT security provider building major partnerships with automation vendors, to specifically working at an automation networking company developing a major security practice. I’m a firm believer that we can have a world with basic security hygiene across all verticals within critical infrastructure. Over the past year, we have seen a continued cross-pollination: IT security staff trying to step on the plant floor and plant teams trying to understand IT security. At an oil and gas security conference I attended last fall, a full 40 percent of

Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge. “Just knowing a threat exists isn’t the same as knowing how to recognize and respond to a threat when it presents itself. In-depth education about phishing prevention is needed to create lasting behavior change,” Wombat Security researchers point out. The statistics included in the company’s latest annual State of the Phish report show the difference made by both the tools used to train end users to recognize and avoid phishing attacks and how often they are used. In the US, most organizations use computer-based online security awareness training and simulated

A new report from RedLock offers a look at the threats and vulnerabilities that continue to mount in public cloud computing environments. Account compromises keep rising Poor user and API access hygiene, combined with ineffective visibility and user activity monitoring, are causing organizations to be more vulnerable to breaches. For example, 73% of organizations allow the root user account to be used to perform activities – behavior that goes against security best practices. Furthermore, 16% of organizations have user accounts that have potentially been compromised. The cryptocurrency effect In many hacks, the goal is to steal data; now, the thieves also hijack compute resources in order to mine cryptocurrencies . The research reveals that 8% of organizations suffer from this strain of criminality, which mostly goes unnoticed because of ineffective network monitoring. Still a long way from compliance General Data Protection Regulation ( GDPR ) goes int