اخبار الهكرز العرب

Private, “Incognito mode” browsing sessions are not as foolproof as most users believe them to be “After a private session terminates, the browser is supposed to remove client-side evidence that the session occurred. Unfortunately, implementations of private browsing mode still allow sensitive information to leak into persistent storage,” a group of MIT and Harvard University researchers pointed out. “Browsers use the file system or an SQLite database to temporarily store information associated with private sessions; this data is often incompletely deleted and zeroed-out when a private session terminates, allowing attackers to extract images and URLs from the session. During a private session, web page state can also be reflected from RAM into swap files and hibernation files; this state is in cleartext, and therefore easily analyzed by curious individuals who control a user’s machine after her private browsing session has ended. Simple greps for keywords ar...

  Ten years ago, I was brought into the industrial security arena by a top company executive in who was convinced that we needed traditional endpoint protection on smart meters . I had spent fifteen years before that in enterprise security, so it took a while to shape my focus around the nature of the problem of IT/OT convergence and industrial security. I have had the pleasure of being on both sides of the fence – from a major IT security provider building major partnerships with automation vendors, to specifically working at an automation networking company developing a major security practice. I’m a firm believer that we can have a world with basic security hygiene across all verticals within critical infrastructure. Over the past year, we have seen a continued cross-pollination: IT security staff trying to step on the plant floor and plant teams trying to understand IT security. At an oil and gas security conference I attended last fall, a full 40 percen...

Training employees to spot phishing emails, messages and phone calls can’t be done just once or once a year if the organization wants to see click rates decrease. For one thing, employees come and go (and change roles) with regularity. Secondly, threats change over time. Thirdly, knowledge and practices that aren’t regularly reinforced will be lost. And, finally, awareness isn’t the same as knowledge. “Just knowing a threat exists isn’t the same as knowing how to recognize and respond to a threat when it presents itself. In-depth education about phishing prevention is needed to create lasting behavior change,” Wombat Security researchers point out. The statistics included in the company’s latest annual State of the Phish report show the difference made by both the tools used to train end users to recognize and avoid phishing attacks and how often they are used. In the US, most organizations use computer-based online security awareness training and simulated ...

A new report from RedLock offers a look at the threats and vulnerabilities that continue to mount in public cloud computing environments. Account compromises keep rising Poor user and API access hygiene, combined with ineffective visibility and user activity monitoring, are causing organizations to be more vulnerable to breaches. For example, 73% of organizations allow the root user account to be used to perform activities – behavior that goes against security best practices. Furthermore, 16% of organizations have user accounts that have potentially been compromised. The cryptocurrency effect In many hacks, the goal is to steal data; now, the thieves also hijack compute resources in order to mine cryptocurrencies . The research reveals that 8% of organizations suffer from this strain of criminality, which mostly goes unnoticed because of ineffective network monitoring. Still a long way from compliance General Data Protection Regulation ( GDPR ) goes int...

As more and more smart TVs are sold worldwide, consumers should be aware of the risks associated with this technology. Consumer Union, a US-based nonprofit organization dedicated to unbiased product testing, has conducted a privacy and security evaluation of five smart TVs from the most widely sold TV brands in the US: Samsung UN49MU8000, running the company’s Tizen OS LG 49UJ7700, which uses LG’s webOS TCL 55P605, which uses the Roku streaming platform Sony XBR-49X800E, running Google’s Android TV OS Vizio P55-E1 SmartCast TV, which uses Google’s Chromecast platform. Security issues The testers found that remote attackers can take control of the Samsung and TCL TVs by exploiting flaws in the setups, allowing them to change channels, change volume levels, open disturbing content, and so on. Samsung smart TVs attempt to ensure that only authorized applications can control the television, but the mechanism they use to ensure that application...

Exclusive – The Iceman gang taking responsibility for infecting Crystal Finance Millennium , the journalist  Marc Miller  interviewd one of the members of the crew. Iceman gang member confirms that they are behind the introduction and spreading of malware that infected the systems at  Crystal Finance Millennium . In Septemeber security experts at TrendMicro reported that the Ukraine based Account Firm, Crystal Finance Millennium (CFM), has been hacked and is found to be distributing malware. The incident caused the firm to take down its website to stop spreading the threat. Crystal Finance Millennium attack (Source Trend Micro) Marc Miller had a chance to speak to one of the gang members on XMMP and he confirmed that the Iceman group is behind this attack. They started with a simple web attack (SQLI which lead to web shell upload, no privilege escalation was needed) in order to gain access to the web servers o...

A group of researchers from Qatar University and Hamad Bin Khalifa University have demonstrated how years-old Bitcoin transactions can be used to retroactively deanonymize users of Tor hidden services. It seems that Bitcoin users’ past transactions – and especially if they used the cryptocurrency for illegal deals on the dark web and didn’t think to launder their payments – may come back to haunt them. Researchers’ findings “We crawled 1.5K hidden service pages and created a dataset of 88 Bitcoin addresses operated by those hidden services, including two ransomware addresses. We also crawled online social networks for public Bitcoin addresses, namely, Twitter and the BitcoinTalk forum. Out of 5B tweets and 1M forum pages, we created two datasets of 4.1K and 41K Bitcoin addresses, respectively. Each address in these user datasets is associated with an online identity and its corresponding public profile information,” the researchers explained . ...