اخبار الهكرز العرب

A group of researchers from Qatar University and Hamad Bin Khalifa University have demonstrated how years-old Bitcoin transactions can be used to retroactively deanonymize users of Tor hidden services. It seems that Bitcoin users’ past transactions – and especially if they used the cryptocurrency for illegal deals on the dark web and didn’t think to launder their payments – may come back to haunt them. Researchers’ findings “We crawled 1.5K hidden service pages and created a dataset of 88 Bitcoin addresses operated by those hidden services, including two ransomware addresses. We also crawled online social networks for public Bitcoin addresses, namely, Twitter and the BitcoinTalk forum. Out of 5B tweets and 1M forum pages, we created two datasets of 4.1K and 41K Bitcoin addresses, respectively. Each address in these user datasets is associated with an online identity and its corresponding public profile information,” the researchers explained . ...

Cybersecurity is quickly becoming the number one business priority, says identity and access management company Okta. Based on the results of an analysis of authentication and verification events made through the company’s enterprise offerings between November 1, 2016 to October 31, 2017, security tools by Jamf, KnowBe4, DigiCert, Cisco, Mimecast, Sophos, and CloudFlare all ranked in the top 15 fastest growing apps for the first time. “Jamf, which provides software for managing and securing Apple devices, is a notable newcomer to the list and the fastest growing app in our network with 389% year-over-year growth. Security awareness training company, KnowBe4 grew 290% in the past year, indicating organizations’ increased focus on training employees around security best practices and ways to combat social engineering attacks,” the company noted. These results definitely point to companies having increased security spending .   Identity attacks originate ...

The Internet of Things (IoT) is bringing about a new era of connectivity in the digital age, connecting critical business sectors through a network of secure data flow, analytics, and management. IoT is also bringing numerous opportunities for sensor participants through security technologies required for remote services and enhanced accessibility of devices. The total sensors market in security and surveillance applications was worth $6,267.9 million in 2016, with image sensors holding the largest market share at 23 percent. The market is expected to reach $12,012.1 million by 2023.   Who dominates the market North America and EMEA dominate the market, driven by aging infrastructures, but APAC is the fastest growing due to rapid infrastructure development, strong economic growth, and favorable government regulations. Challenges for sensor manufacturers and suppliers include...

Apple has published an updated version of its iOS security guide , in which it details features introduced in iOS 11.2 (released on December 4, 2017) and iOS 11.1 (October 31, 2017). The company first released the first version of the document in June 2012, and has been updating it periodically ever since. New information in the iOS security guide This latest iteration contains more and updated details about Apple Pay Cash, security certifications and programs, Touch ID and Face ID, Shared Notes, CloudKit end-to-end encryption, TLS, Apple Pay, Paying with Apple Pay on the web, Siri Suggestions, and the Shared iPad feature. For example, the updated document notes that, as of iOS 11 and macOS High Sierra, SHA-1 certificates are no longer allowed for TLS connections unless trusted by the user and certificates with RSA keys shorter than 2048 bits are disallowed. It also explains, in detail, about the security of Apple Pay Cash, a peer-to-peer ...

The growing implementation of indictments throughout 2017 was arguably the most impactful government action to counter cyber attacks, and yet received little attention. In November, federal prosecutors indicted an Iranian national with military links for his role in the HBO data exfiltration. A week later, indictments were issued against three members of the Chinese threat group known as APT 3, or Gothic Panda, for corporate espionage. The following day, a Canadian pled guilty to collaborating with Russian nationals in the Yahoo breach, the same FSB officers and criminals who were issued indictments earlier this year. These are perhaps the most high profile indictments for 2017, but criminals have also been indicted or arrested recently for masterminding global botnets, including Andromeda and Kelihos. In fact, there have been as many high profile indictments in 2017 as there have been in the last few years combined, and there already are rumors that the Dep...

IT can fail. It often does. We restart IT, and life goes on. Hackers can also compromise these same IT systems creating disruptions and causing theft of credentials. All manners of serious consequences result from these compromises. When Operations Technology (OT) fails, the consequence is of a different nature – arguably far more significant and far more serious. Decades of safety systems developed to keep OT from failing work – most of the time. That’s the good news. The bad news is that these OT systems and their parallel safety systems were not designed to stop the present threat of hackers whose intent would be to make them fail in catastrophic ways – including task 1 to turn off the safety systems. A state of geopolitical competition Consider also that we are now in the time of cyber as a tool of geopolitical competition. That is a nice way to say “nation-state” attacks – the same thing. It is time to consider, with utmost urgency, the cyber protections n...

Effective cybersecurity means keeping a close eye on the threats you currently face, and an even closer eye on the threats to come. As you consider your security strategy and investments for the coming year, here are three key trends that will define the threat landscape in 2018, and one hope for a more effective approach to protection.  Risk will continue to shift from infrastructure to the application layer As web apps have evolved from basic information and ecommerce functionality to full-fledged online services, their code and customer data have made them an increasingly appealing target for hackers. Not only are they accessible via the open Internet—they’re also woefully underprotected, with the application layer drawing only 3 percent of the typical security budget at a time when it accounts for 30 percent of successful breaches, according to Verizon. While an incident of the magnitude of the Equifax breach can hardly be said to have a silver lining...