Китайским госслужащим поручили освоить нейросеть.

Хакеры через AnyDesk заразили систему.

Восемь тысяч камер начнут определять национальность.

Финансовая разведка усиливает контроль за криптовалютами.

История победы Microsoft.

Звонки через интернет станут прозрачными.

Амбициозный план британских энергетиков.

К Positive Technologies ежегодно обращаются сотни организаций с запросом на тестирование защищенности. Обеспечить такой спрос с учетом ограниченного числа специалистов в стране в настоящее время невозможно. В ответ на это мы расширили свое предложение компаниям, создав PT Dephaze — продукт для контролируемого автоматического внутреннего тестирования на проникновение.

Деятельность ФСТЭК России в 2024 годуГоворя о деятельности ФСТЭК в 2024 году, Виталий Лютиков, первый замдиректора ФСТЭК России, отметил принятие мер для повышения безопасности.

Результаты повышения защищённости ГИС (ФСТЭК России)В 2024 году ФСТЭК России курировала работу своих внешних подрядчиков.

Планы ФСТЭК России на 2025 годВиталий Лютиков, первый замдиректора ФСТЭК России, выделил новые направления, на которые ФСТЭК России будет обращать внимание в 2025 году.

Требования ФСТЭК России к принятию мер по защите информацииВ 2024 году ФСТЭК России уделила большое внимание совершенствованию регламента по управлению уязвимостями в организациях.

При выявлении неизвестных уязвимостей оператор ин…

Согласно исследованию McKinsey, в 2024 году уровень внедрения ИИ в мире увеличился до 72 % (для сравнения: в 2023 году 55 %).

Впрочем, сейчас сам Илон Маск активно участвует в совершенствовании ИИ и даже анонсировал релиз нейросети Grok 3.

Например, Торговая палата США, усила свою команду лоббистов, специализирующихся на ИИ, на 81 человека.

РоссияВ России важность ИИ для обеспечения суверенитета страны признана ещё до того, как генеративный ИИ получил широкое распространение в 2023 году.

Правительство заинтересовано и в высокой конкурентоспособности страны, и в идеологической чистоте контента, выдаваемого ИИ.

SOC — это централизованная система, где технологии, процессы и специалисты сосредоточены на том, чтобы обеспечить непрерывный мониторинг, обнаружение инцидентов информационной безопасности и реагирование на них.

Тема SOC поднимается в эфирах AM Live не впервые, поэтому эксперты в самом начале договорились обсудить строительство внутреннего SOC (in-house).

По словам Станислава Грибанова, его очень активно используют западные вендоры для SOC на базе своих продуктов.

Даниил Белицкий считает, что нужно различать, на что ориентирован SOC — только на обнаружение или и на реагирование тоже, от этого зависит, какие метрики стоит использовать.

Но это не значит, что не нужно заниматься управлением ин…

Функциональные возможности «Гарда Anti-DDoS»Система «Гарда Anti-DDoS» применима как в сетях небольших компаний, так и в инфраструктуре операторов связи.

«Гарда Anti-DDoS» обеспечивает защиту более 50 % российского сегмента интернета от DDoS-атак и поддерживает безопасность цифровых сервисов и мероприятий федерального масштаба.

Настройка ML-порогов в «Гарда Anti-DDoS»На основе данных, полученных в процессе обучения, формируется динамический график, показывающий норму изменения трафика.

Использование JA3/JA4-фильтра в «Гарда Anti-DDoS»В «Гарда Anti-DDoS» проводится JA3/JA4-анализ, задачами которого являются автоматическая генерация соответствующих сигнатур и наполнение ими системы.

Пример защ…

По данным исследования КРОК 2023 года, полностью готовы соблюдать изменившиеся требования по защите персональных данных только 4 % российских компаний.

Довольно много прецедентов было с компаниями в странах, не входящих в ЕС, в частности в Норвегии и Швейцарии.

Строгий подход GDPR к безопасности данных привёл к тому, что доступ к датасетам, используемым для обучения ИИ, стал слишком сложным.

С большой долей вероятности компании, в том числе небольшие, начнут создавать инсорсинговые структуры, которые ограничатся обработкой персональных данных и будут иметь низкий оборот.

ВыводыПрофилактических мер воздействия на потенциальных нарушителей недостаточно, об этом свидетельствует опыт повышения …

Президент США Дональд Трамп объявил о «крупнейшем проекте инфраструктуры ИИ в истории», в котором участвуют OpenAI, SoftBank и Oracle.

Речь идёт об инвестировании $500 млрд в масштабную инфраструктуру ИИ в США, предполагается создать 100 000 рабочих мест.

Дискуссионными остаются законность использования защищённых авторским правом материалов для обучения ИИ и нарушения авторских прав при использовании ИИ.

Сгенерированная ИИ фейковая фотография Дональда Трампа с афроамериканцами (источник: BBC)Ещё более опасны дипфейки — видео- и аудиозаписи, созданные с помощью ИИ и воспроизводящие внешность и голос реальных людей.

Современные антифрод-системы уже используют ИИ для анализа больших объёмов д…

, руководитель по развитию продуктовой линейки по аутентификации Avanpost FAM/MFA+, компания Avanpost.

Есть общепризнанный стандарт FIDO2, который во всём мире считается строгой аутентификацией, документ соответствует российским определениям аутентификации, и в нём нет третьей стороны.

В отличие от аппаратного токена или перевыпуска сертификатов (и в то и в другое можно внести исправления), биометрические данные изменить нельзя, и нет технических способов защитить их.

Андрей Лаптев уверен, что для аутентификации не всегда нужны сложные технологии, например искусственный интеллект.

Андрей Лаптев: «Заказчики перестанут смотреть на MFA как на изолированное решение, а будут использовать её в ко…

Выход на внешние рынки позволит увеличить масштабы выпуска и за счёт этого снизить стоимость и повысить конкурентоспособность.

Выход на такие рынки для многих компаний стал значимым фактором развития.

Руководитель аналитического центра компании Zecurion Владимир Ульянов обратил внимание на то, что выход на внешние рынки увеличивает капитализацию компаний на фондовом рынке.

Тем не менее есть и те, для кого выход на внешние рынки может стать единственной возможностью дальнейшего развития.

Когда речь заходит о ПО, то выход на внешние рынки и необходимость конкуренции с продукцией международных вендоров позволяют быстрее совершенствовать продукты.

Функции PT NGFWPT NGFW от Positive TechnologiesВ пресс-релизе по случаю запуска PT NGFW в эксплуатацию сообщалось, что он относится к продуктам мирового класса.

Комплектация старшей модели PT NGFW 3040Результаты практических испытания PT NGFW в Jet InfosystemsПеред тем как вывести новый продукт на рынок, были проведены независимые нагрузочные испытания PT NGFW.

Виртуальные контексты PT NGFWАрхитектурная модель PT NGFW позволяет получить «из коробки» механизм, которому присвоено название «виртуальные контексты».

Речь идёт о создании логических межсетевых экранов, позволяющих разделить физически одно устройство NGFW на несколько логических NGFW с независимым управлением каждым.

Заявленный уро…

В студии AM Live эксперты обсудили причины успеха кибератак на веб-приложения, поговорили о том, как спроектировать защиту с учётом специфики организации, грамотно провести внедрение и протестировать качество защиты мобильных и веб-приложений.

По словам Владимира Зайцева, заказчики иногда подходят к безопасности не как к процессу, а как к отдельным проблемам, которые достаточно решить один раз.

Зрители эфира AM Live считают, что в организации защиты веб-приложений чрезвычайно опасно отсутствие базовых средств защиты (anti-DDoS, WAF) (41 %) и регулярных обновлений и патчей ПО (39 %).

Даже если приобрести средства защиты на все случаи жизни и идеально всё настроить, злоумышленник всё равно мо…

С точки зрения Банка России, она обеспечит максимальную доступность цифрового рубля для граждан и бизнеса, а также поможет значительно снизить издержки обращения.

Примерно столько же респондентов вовсе не понимают смысл цифровой валюты и не знают, как её использовать.

Государство сможет отслеживать движение средств и узнавать, как они были получены и на что потрачены.

В случае успешного взлома они получат доступ не только к активам, но и к базе с конфиденциальной информацией граждан и компаний.

Системные сбои и кибератаки способны уничтожить код, а значит, и цифровой рубль, что приведёт к невозможности совершать платежи и финансовым потерям.

Поскольку приложения упрощают доступ к информации, услугам и развлечениям, пользователи могут взаимодействовать с компанией в любое время и в любом месте.

Павел Трещёв рассказал про ковровые и веерные атаки: и те и другие направлены на диапазон адресов конкретных провайдеров.

Это вынуждает вводить определённые требования к средствам защиты, в том числе WAF, от которого теперь во многом зависит безопасность.

Илья Шабанов подытожил, что не все API Security решения одинаковы, они могут сильно различаться и нужно смотреть на их структуру и функционал.

Для них нужно делать патч-менеджмент, вендорские и сторонние решения, и в этих случаях всё равно нужен WAF.

В 2015 году в Kaspersky появилось подразделение, занимающееся ИБ для подключённых автомобилей.

Если прежде безопасность ограничивалась только вопросами уверенного вождения и блокировки доступа к автомобилю, то теперь это полноценное направление ИБ для подключённых автомобилей.

Информационные потоки во внутренней сети современного автомобиляКонцепция подключённого автомобиляПочему США проявляют такое пристальное внимание к технологиям для подключённых автомобилей?

Уровни автоматизации для подключённых автомобилейПрежде чем рассказать о безопасности подключённых автомобилей, представим описание новой архитектуры в целом.

Допустимо ли использовать MITRE ATT&CK для оценки рисков для подключённы…

Кибератака и проблемы с регистрациейЕстественно, при таком ажиотаже появилось много желающих попробовать DeepSeek в деле (я в их числе), но всё оказалось не так-то просто.

К сожалению, я быстро убедился в том, что DeepSeek столь же плохо справляется с парсингом новостей, как и ChatGPT.

Мой вердикт прост: DeepSeek и ChatGPT неспособны справиться с этой задачей и вряд ли будут способны в ближайшем будущем.

Математические способностиАх, как бы хотелось просто «залить» в ChatGPT или DeepSeek всю свою бухгалтерию, домашнее задание по физике или финансовую статистику.

Неправильное решение задачиХотя DeepSeek и ChatGPT могут эффективно обрабатывать и анализировать данные, их способность к абстракт…

Количество сбоев информационных систем растёт как в мире, так и в России.

В России, как показало исследование Monq Digital Lab, количество сбоев по итогам 2024 года выросло на 22 % в годовом выражении.

В исследовании Monq Digital Lab основной причиной сбоев назвали, с одной стороны, проблемы с техническим обслуживанием зарубежного оборудования и ПО, и, с другой, недостаточную отладку отечественных аналогов.

Это связано с тем, что заменить зарубежное оборудование и ПО, в том числе от компаний, которые ушли с российского рынка, часто нечем.

Сайт оператора «Миранда-медиа» в момент атаки в мае-июне 2023 годаВ марте 2024 года злоумышленники воспользовались уязвимостью в не пропатченной вовремя V…

В этой статье я сфокусировался на изучении способов злоупотребления ssh.exe в Windows-средах, предложил варианты детектирования и собрал гипотезы для периодических проверок.

*/Результат выполнения запроса:Использование ssh.exe для исполнения локальных команд на Windows-хосте после успешного исходящего SSH-подключенияЕще один интересный параметр при использовании ssh.exe — LocalCommand .

*/ AND cmdline:"LocalCommandРезультат выполнения запроса:Использование параметра ProxyCommand исполняемого файла ssh.exe для выполнения командДля ssh.exe также есть варианты применения в проекте LOLBAS.

*/Результат выполнения запроса:Запуск процесса ssh.exe с помощью подозрительного ярлыкаВ результате все ра…

В предыдущей статье я показывал, как мы формируем сети и располагаем в них хосты, используя Ansible inventory.

К примеру: развернуть Ubuntu 22 и GitLab 16.11.10 только указав для хоста имя A-service и версию вложенного приложения, в данном случае Gitlab.

Пример настройки хоста:all: vars: domain: 'zu.stf' children: subnet_srv: vars: external_router: router1 cidrip: 10.125.0.225/27 hosts: gitlab: number_in_subnet: 6 # dns: 'bind' # dc: 'dc' servicename: gitlab serviceversion: "16.11.10"Основное: смотрим, какой A-service нужно запустить, по названию переменной servicename.

Из переменной dc получаем имя хоста — dc.

Артефактные переменныеПри развертывании сервисов могут оставаться артефакты: пер…

В огромном и сложном мире информационной безопасности защита конфиденциальной информации остаётся важной задачей как для разработчиков, так и для безопасников.

Программы eBPF пишутся на ограниченном подмножестве C, компилируются в байт-код и выполняются в защищённой среде ядра Linux.

Он взаимодействует с ядром и пользовательским пространством через мапы (структуры данных для хранения состояния) и типы программ (определяющие, что может делать программа eBPF).

Сочетание uprobes и eBPF создаёт мощный механизм для анализа и мониторинга поведения системы и приложений в реальном времени.

В нём мы рассмотрим, как с помощью Go загружать eBPF-программу, подключать uprobes, читать данные из BPF-мапы …

К 2025 году мошенники превратили QR-коды в инструмент массового обмана.

Давайте разберемся, как QR-коды из удобного инструмента превратились в актуальную угрозу, как устроено такое мошенничество с технической точки зрения и что говорит статистика.

QR-коды — это не только инструмент для быстрой навигации, но и любимая игрушка мошенников.

Антивирусы обычно работают на основе сигнатур и поведенческого анализа, что позволяет им обнаруживать вредоносные файлы и программы на устройстве.

Большинство обывателей не знают о возможных угрозах при использовании QR-кодов и не понимают важности проверки источников перед сканированием.

Человеческий мозг устроен так, чтобы экономить усилия: мы привыкли доверять знакомым интерфейсам, делать привычные действия автоматически и не вчитываться в мелкий текст.

Пользователь думает, что нажимает на кнопку «Воспроизвести видео» или «Лайкнуть пост», но на самом деле активирует скрытую функцию: подписку на спам, передачу данных или запуск вредоносного кода.

Один из классических примеров — поддельные кнопки на веб-сайтах, которые на вид безобидны, но приводят к подписке на платные услуги.

Cursorjacking (подмена курсора): Эта техника изменяет положение курсора на экране таким образом, что пользователь думает, что совершает одно действие, но на самом деле выполняет другое.

Будьте внимат…

Задача: наш сервис обращается к внешнему сервису по HTTPS, хотелось бы записать дамп трафика и посмотреть, - при помощи Wireshark/tshark, например, - какие запросы и как ходят.

В TLS для защиты трафика в рамках сессии используются симметричные шифры и набор симметричных ключей (ключи согласовываются сторонам на начальном этапе соединения; обычно, по протоколу Диффи-Хеллмана).

Впрочем, в TLS 1.3 для зашифрования сертификатов и зашифрования прикладного трафика используются разные ключи и это влияет на содержание файла сессионных ключей.

Этот файл имеет стандартный формат (KeyLog), но если для TLS версий до 1.3 секрет будет один для сессии, то для TLS 1.3 разные секреты соответствуют разным эт…

Зачем обучать сотрудников работать с персональными даннымиСогласно ФЗ «О персональных данных» оператор персональных данных обязан назначить ответственного за обработку персональных данных.

Так делать нельзя, поскольку ответственный за обработку персональных данных может быть только один.

Кто может стать ответственным за работу компании с ПДФункции ответственного за обработку персональных данных разрешено совмещать с другой должностью.

Если в компании все загружены донельзя или все наотрез отказываются брать на себя функции ответственного за работу с ПД, то можно привлечь в качестве ответственного за обработку ПД другое юридическое лицо: закон позволяет это делать.

В законе нет поблажек для …

Одна из них — срок жизни авторизации в приложениях.

Отрицательных примеров гораздо, гораздо больше:Headhunter : не измерял срок жизни авторизации, но сброс происходит достаточно часто, чтобы это действовало на нервы.

Что такого ценного в аккаунте Headhunter оправдывает сброс авторизации раз в несколько недель?

Более того, каждый раз сбрасывается не только токен, но и пароль.

И одна из них — бессмысленная трата времени на бесконечные вводы логина и пароля там, где без этого можно было бы обойтись.

В среднем компания тратит на разрешение инцидентов по информационной безопасности от 20 и более млн рублей в год.

Основная цель пентеста не просто найти те самые уязвимости, но и составить рекомендации для их дальнейшего устранения.

Во-первых, для выявления уязвимостей и недостатков в приложениях, сервисах, системах и процессах.

В-четвертых, для написания рекомендаций по устранению уязвимостей и повышению уровня защищенности.

А можно податься и на внешнюю платформу Bug Bounty – это достаточно эффективный способ выявления уязвимостей, поскольку их поиском может заниматься большое количество независимых исследователей.

Я был рад, что его триажировали, но понимал, что воздействие низкое, и, скорее всего, я не получу от этого ничего значительного.

SSRF всё ещё оставался и не был исправлен, поэтому я решил провести дополнительные исследования, чтобы попытаться раскрутить уязвимость.

В процессе исследований я узнал, что протокол Gopher является отличным способом для эскалации SSRF, и в некоторых случаях это может привести к полному удалённому выполнению кода (RCE).

Я запустил команду whoami, чтобы убедиться, что у меня действительно есть RCE (и я был root!

В итоге я получил выплату в размере $15,000 за это обнаружение, а также несколько приятных комплиментов от The Paranoids!

Кроме того, весь сетевой трафик сессии сохраняется в хранилище в неизменном виде.

И теоретическая скорость записи в этот массив должна достигать 255 MБ/с × 6, то есть приблизительно 1,5 ГБ/с.

При этом в самом конце емкости RAID скорость записи в два раза меньше, чем в начале.

Если вам нужно писать поток данных с ротацией и без потерь, то скорость потока данных не должна превышать минимальную скорость записи.

Нашу задачу по записи больших объемов трафика мы если не решили, то нашли источник проблемы, а это уже главное.

Решили продолжить тему и на этот раз поговорить о гигиене в соцсетях — полезно напомнить о важных деталях, которым мы не всегда уделяем достаточно внимания.

Например, в социальной сети вам может прийти сообщение с просьбой забронировать столик в ресторане:Далее мы подробно рассмотрим, с помощью каких инструментов можно обезопасить себя и свои данные в соцсетях.

Методы защитыИспользуйте надежные паролиСоздание сильного пароля — один из ключевых аспектов безопасности в социальных сетях и на всех онлайн-площадках.

В Telegram для активации 2FA перейдите в «Настройки», затем в раздел «Конфиденциальность и безопасность» и выберите «Двухэтапная аутентификация».

ЗаключениеГигиена в социальных сетях…

Оказалось, функции приложения намного интереснее, чем у обычного старого приложения Widget, но это уже тема для отдельного поста!

Но мы до этого доберёмся!Мы не можем подключить отладчик из-за функции— это приватный API в iOS, но в macOS этот API публичный, то есть мы можем легко найти его документацию очень крута, благодаря ей работает основная функциональность отладки.

Мы передаём всё это в регистрах споДалее нам нужно сообщить ядру, какой системный вызов мы хотим выполнить.

Но на этот раз мы установим контрольную точку на адресах, в которых выполняются эти системные вызовы.

Телефон с джейлбрейком сильно упрощает это — можно инъецировать фреймворки в приложение при помощи утилиты джейлбре…

NetFlow и IPFIX – это протоколы для сбора и анализа сетевого трафика, используемые для мониторинга, обеспечения безопасности и оптимизации работы сети.

protocolIdentifier (IPFIX ID 4) – номер протокола (например, TCP = 6, UDP = 17, ICMP = 1).

Выявление подозрительных соединений и вредоносного трафика С помощью IPFIX можно анализировать сетевой трафик на предмет подозрительных соединений и вредоносной активности.

Под этим подразумеваются: Определение необычных соединений – выявление трафика с неизвестных или редко используемых IP-адресов, нестандартных портов, внезапного увеличения количества соединений с определёнными узлами.

Анализируя поля с IP-адресами и портами, можно выявить аномальное…

В сети опубликован архив логов из внутреннего чата Matrix, где якобы общались операторы вымогательского Black Basta.

— 11 февраля 2025 года произошла крупная утечка, в результате которой были раскрыты логи внутренних чатов Black Basta в Matrix.

Напомним, что Black Basta активна с апреля 2022 года и работает по схеме Ransomware-as-a-Service («Вымогатель-как-услуга», RaaS).

ИБ-специалисты полагают, что Black Basta является ребрендингом известной хак-группы Conti: на это указывают сходства используемых техник хакеров и стилей ведения переговоров.

По данным Агентства по кибербезопасности и защите инфраструктуры США (CISA) и ФБР, в период с апреля 2022 года по май 2024 года операторы Black Basta…

На нашем складе почти закончился тираж второго бумажного спецвыпуска «Хакера», в котором собраны лучшие статьи за 2017–2019 годы с комментариями от авторов и редакторов.

Все статьи сопровождаются уникальными комментариями авторов и редакторов, которые позволят заглянуть за кулисы создания материалов и узнать больше о жизни редакции «Хакера» в те годы.

Цена и доставкаКаждый журнал упакован в термоусадочную пленку, надежный картонный конверт и уже готов к отправке.

Третий спецвыпускМы уже работаем над третьим спецвыпуском, в который войдут лучшие статьи «Хакера» 2019–2021 годов.

Оформив заказ сейчас, ты получишь третий спецвыпуск одним из первых и всего за 1000 рублей (без учета почтовых расх…

Аналитики Google Threat Intelligence Group предупредили, что хакеры используют легитимную функцию «Привязанные устройства» (Linked Devices) в Signal для получения несанкционированного доступа к чужим аккаунтам.

В более масштабных кампаниях злоумышленники маскировали вредоносные QR-коды под легитимные ресурсы приложений (например, приглашения в группу Signal) или инструкции по сопряжению устройств с официального сайта Signal.

«В ходе этих операций группа UNC5792 размещала модифицированные приглашения в группы Signal в контролируемой ей инфраструктуре.

В поддельных приглашениях легитимный JavaScript-код редиректа был заменен на вредоносный блок, включающий URI Signal для привязки нового устро…

Специалисты Juniper Threat Labs обнаружили новый метод обфускации JavaScript, использующий невидимые символы Unicode.

В полезной нагрузке JavaScript каждый ASCII-символ преобразуется в 8-битное двоичное представление, а двоичные значения (единицы и нули) заменяются на невидимые символы хангыля.

При обращении к скрытому свойству прокси конвертирует невидимые символы-заполнители хангыля обратно в двоичный код и восстанавливает исходный JavaScript.

Кроме того, злоумышленники используют дополнительные методы для маскировки, в том числе кодирование скрипта в base64 и антиотладку для уклонения от анализа.

Если эта связь подтвердится, скорее всего, в будущем этот метод обфускации будет применяться…

Чес­тно говоря, понять, чего хочет воп­роша­ющий, я не смог; мне приш­лось при­бег­нуть к помощи ChatGPT, что­бы тот рас­шифро­вал зап­рос.

В слу­чае с SDXL подоб­ный зап­рос не то что­бы сов­сем не сра­бота­ет, но не сра­бота­ет так, как надо.

Здесь мы подош­ли к кон­цепции context bleeding, «утеч­ки кон­тек­ста»: модель не в сос­тоянии однознач­но атри­бути­ровать задан­ные свой­ства кон­крет­ному объ­екту в кад­ре.

На скрин­шоте выше вид­но, что зап­рос сос­тоит из 131 токена, которые будут раз­биты на две оче­реди по 75 токенов каж­дая.

Один из вари­антов — раз­бить зап­рос на нес­коль­ко оче­редей опе­рато­ром BREAK.

Специалисты центра противодействия кибератакам Solar JSOC ГК «Солар» подсчитали, что количество кибератак на финансовый сектор за прошедший год выросло на треть и достигло 9000 подтвержденных инцидентов.

По данным исследователей, наибольшую угрозу для отрасли представляют попытки сканирования внутренней сети в целях киберразведки, эксплуатация уязвимостей и заражение вредоносным ПО.

Уязвимости используются злоумышленниками на всех этапах развития атаки: при попытках взлома, при боковом продвижении по сети и повышении привилегий на хосте, при попытках компрометации систем банка внутри инфраструктуры.

По словам исследователей, наибольшую угрозу для отрасли представляют инструменты удаленного …

Уязвимости в многофункциональных принтерах Xerox VersaLink позволяют извлечь аутентификационные учетные данные с помощью атак типа pass-back, нацеленных на службы LDAP и SMB/FTP.

Как сообщают эксперты Rapid7, в all-in-one принтерах корпоративного класса были обнаружены две уязвимости (CVE-2024-12510 и CVE-2024-12511), и компания Xerox уже выпустила обновления для их устранения.

Это означает, что в дальнейшем он получит возможность перемещаться в среде организации и компрометировать другие критически важные серверы и файловые системы Windows».

Однако для этого злоумышленнику нужно получить доступ к странице конфигурации LDAP, и чтобы LDAP использовался для аутентификации.

Баги были устранены…

Аналитики из компании Proofpoint обнаружили новый инфостилер FrigidStealer, нацеленный на пользователей macOS.

Вредонос распространяется через взломанные сайты и маскируется под обновление для браузера, вынуждая пользователей вручную запустить полезную нагрузку.

Злоумышленники работают сообща: TA2726 выступает в роли распространителя трафика и посредника, а TA2727 — в роли распространителя малвари.

TA2727 — финансово мотивированная хак-группа, впервые выявленная в январе 2025 года, которая использует в своих атаках стилер Lumma для Windows, банкер Marcher для Android и FrigidStealer для macOS.

Так, пользователи Windows получают установщик MSI, который загружает стилер Lumma или DeerStealer,…

Документ разработан в рамках реализации федерального закона №216-ФЗ и вносит изменения в закон «Об информации, информационных технологиях и защите информации» и в отдельные законодательные акты.

Об изменениях в этой информации оператор должен будет сообщать в РКН в течение одного дня через электронную почту или личный кабинет на сайте ведомства.

Затраты на выполнение этих требований в Роскомнадзоре оценивают в 389 млн рублей в год, или 2,3 млрд рублей за шесть лет.

Также ранее в РКН объясняли, что изменения нужны «в целях противодействия компьютерным атакам, в том числе DDoS-атакам».

— Оценить финансовые затраты на указанные мероприятия в настоящее время не представляется возможным, в том ч…

«Похоже, это произошло совсем недавно, поскольку ранее пользователи могли размещать ссылки на Signal.me в публичных сообщениях и в биографии профиля.

Более того, контактные ссылки других сервисов обмена сообщениями (например, Telegram) по-прежнему можно публиковать в X в обычном режиме.

Ссылки на Signal.me, которые были размещены в X ранее, по-прежнему доступны.

ИБ-эксперт Томми Мыск (Tommy Mysk) предполагает, что блокировка ссылок на Signal.me может иметь те же причины, что и запрет публикации ссылок на Mastodon, введенный в X ранее.

То есть, вероятно, блокировка ссылок на Signal.me в X имеет политические причины.

"In addition, we have observed the threat actor capturing SNMP, TACACS, and RADIUS traffic, including the secret keys used between network devices and TACACS/RADIUS servers," Talos noted.

Another noteworthy behavior exhibited by Salt Typhoon entails leveraging living-off-the-land (LOTL) techniques on network devices, abusing the trusted infrastructure as pivot points to jump from one telecom to another.

Furthermore, Salt Typhoon has been spotted altering network configurations to create local accounts, enable Guest Shell access, and facilitate remote access via SSH.

The company said it also identified "additional pervasive targeting" of Cisco devices with exposed Smart Install (SMI), follow…

The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5.

"Craft CMS contains a code injection vulnerability that allows for remote code execution as vulnerable versions have compromised user security keys," the agency said.

The vulnerability affects the following version of the software ->= 5.0.0-RC1, < 5.5.5>= 4.0.0-RC1, < 4.13.8In an advisory released on GitHub, Craft CMS noted that all unpatched versions of Craft with a compromised security key are impacted by the security defect.

"If you can't update to a patched version, then rotating your security key and ensuring its privacy will help to mitigate the issue," it noted.

It's currently…

Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret.

Other than coding tests, the bogus projects masquerade as cryptocurrency initiatives, games with blockchain functionality, and gambling apps with cryptocurrency features.

More often than not, the malicious code is embedded within a benign component in the form of a single line.

It's worth noting that the use of job interview decoys is a classic strategy adopted by various North Korean hacking groups, the most prominent of which is a long-running campaign dubbed Operation Dream Job.

"During our resear…

The initial access afforded by exploitation of vulnerable Check Point instances is said to have allowed the threat actors to retrieve user credentials and to connect to the VPN using a legitimate account.

Like PlugX, ShadowPad is a privately sold malware that's exclusively used by Chinese espionage actors since at least 2015.

There is evidence to suggest that the threat actors attempted to exfiltrate data by accessing the file system and creating ZIP archives.

While the exact goals of the espionage-cum-ransomware campaign are unclear, it's suspected that the threat actors are looking to earn quick profits on the side.

"This could help explain the sophistication contrast between ShadowPad an…

Organizations can sign up for a DMARC analyzer trial to stay ahead of PCI DSS 4.0 requirements today!

The PCI DSS 4.0 DMARC Compliance mandate comes at an ideal time with phishing emerging as the top attack vector representing 39% of incidents.

Consequences of Non-Compliance with PCI DSS DMARC RequirementsOrganizations, irrespective of size, must ensure compliance with PCI DSS 4.0 by configuring DMARC before the 31st of March 2025.

Offer DMARC-as-a-ServiceMSPs can help their clients achieve PCI DSS 4.0 compliance by offering DMARC implementation, monitoring, and management services.

By adding DMARC solutions to their service portfolio, MSPs can position themselves as the go-to PCI DSS 4.0 D…

A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation.

"The distributed concrt140e.dll file is an encrypted payload that is decrypted during the attack process and injected into the legitimate file aspnet_wp.exe for execution," ASEC said.

"The injected malware, XLoader, steals sensitive information such as the user's PC and browser information, and performs various activities such as downloading additional malware."

A successor to the Formbook malware, XLoader was first detected in the wild in 2020.

"XLoader has introduced techniques that were previously obse…

However, Microsoft has officially announced that support for Exchange Server 2016 and Exchange Server 2019 will end on October 14, 2025.

Important note: This end of support also applies to several related Microsoft products, including Microsoft Office 2016, Microsoft Office 2019, Outlook 2016, Outlook 2019, Skype for Business 2016, Skype for Business 2019, Skype for Business Server 2015 and Skype for Business Server 2019.

Upgrade to Exchange Server Subscription Edition (Exchange Server SE)Microsoft has announced Exchange Server Subscription Edition (Exchange Server SE), a new subscription-based version of Exchange for organizations that require an on-premises email solution.

Complex upgrade…

Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.

The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0It has been described as a case of improper privilege management that could result in authenticated privilege escalation if the NetScaler Console Agent is deployed and allows an attacker to execute post-compromise actions.

"The issue arises due to inadequate privilege management and could be exploited by an authenticated malicious actor to execute commands without additional aut…

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.

The vulnerabilities are listed below -CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability(CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability"Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network," the tech giant said in an advisory for CVE-2025-21355.

"This vulnerability has already been mitigated in the…

Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts.

As a result, future messages get delivered synchronously to both the victim and the threat actor in real-time, thereby granting threat actors a persistent way to eavesdrop on the victim's conversations.

These QR codes are known to masquerade as group invites, security alerts, or legitimate device pairing instructions from the Signal website.

Alternatively, the malicious device-linking QR codes have been found to be embedded in phishing pages that purport to be specialized applications used by the Ukrainian mili…

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managersESET researchers have observed a malicious campaign where North Korea-aligned threat actors, posing as headhunters, target freelance software developers with info-stealing malware.

The activities – named DeceptiveDevelopment and going back to at least November 2023 – involve spearphishing messages that are being distributed on job-hunting and freelancing sites and ask the targets to take a coding test, with the files necessary for the task usually hosted on private repositories such as GitHub.

These files are lade…

Key points of this blogpost: DeceptiveDevelopment targets freelance software developers through spearphishing on job-hunting and freelancing sites, aiming to steal cryptocurrency wallets and login information from browsers and password managers.

However, while Operation DreamJob targeted defense and aerospace engineers, DeceptiveDevelopment reaches out to freelance software developers, often those involved in cryptocurrency projects.

VictimologyThe primary targets of this DeceptiveDevelopment campaign are software developers, mainly those involved in cryptocurrency and decentralized finance projects.

In addition to the connections between the GitHub profiles, the malware used in DeceptiveDe…

What do job termination scams look like?

At their simplest, job termination scams are a type of phishing attack designed to trick you into handing over your personal and financial information, or on clicking on a malicious link which could trigger a malware download.

Termination scams are effective because they exploit the credulity of human beings, creating a sense of dread among the victim, and instilling an urgent need for action.

How to spot a job termination scamAs with any phishing attack, there are a few warning signs which should flash red if such an email ends up in your inbox.

Staying safeTo ensure you don’t get caught out by job termination scams, understand the warning signs lis…

Most people acknowledge that climate change is real and human-driven, yet many still struggle to see how it directly affects their lives.

To bridge this gap, Dr. Katharine Hayhoe introduces a simple but powerful equation:Science + Worry + Action = HopeAs one of the world’s most effective climate communicators, Dr. Hayhoe maintains that understanding the science (head) isn’t enough – we must also feel its urgency (heart) before we can take meaningful action (hands).

This approach transforms climate awareness into tangible solutions and, indeed, echoes the wisdom of Jane Goodall, who said during her own Starmus talk that “It’s only when our clever brain and our human heart come together that …

Enter loot boxes, skin betting, and other microtransactions that have become a controversial feature of many video games.

Studies estimate that by the end of 2025, loot boxes will generate over US$20 billion in revenue.

Here’s a snapshot of legislative action undertaken by some countries vis-à-vis loot boxes and other in-game extras:What can parents do?

The problem with loot boxes and other controversial in-game purchases isn’t going away anytime soon.

Loot boxes and gambling-like mechanics in video games are not just a passing fad, so be aware of the risks.

Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.

That is the reality for penetration testers – or, more broadly, ethical hackers – who get paid to think like criminals so that they can identify and help close security loopholes before the actual bad guys can exploit them.

In this episode of the Unlocked 403 cybersecurity podcast, Becks sits down with ESET penetration testers Tomas Lezovic and Pavol Michalec to give you a peek into the high-stakes world of hacking for good, answering questions like:Why are some organizations hesitant to engage third-party pentesters?

How can something as innocuous as a ladder help breac…

But AI is also used to help cybercriminals be more productive, especially when it comes to identity fraud – the most common fraud type today.

How does AI-driven identity fraud work?

According to one estimate, AI-driven fraud now accounts for over two-fifths (43%) of all fraud attempts recorded by the financial and payments sector.

According to this report, digital forgeries account for over 57% of all document fraud – a 244% annual increase.

According to this report, digital forgeries account for over 57% of all document fraud – a 244% annual increase.

In his talk, Neil Lawrence, the Deep Mind Professor of Machine Learning at the University of Cambridge, tackles the aforementioned fundamental question head-on.

With a career dedicated to understanding the intersection of technology and human potential, Mr. Lawrence explores how intelligent systems can complement, rather than replace, human capabilities.

Indeed, Mr. Lawrence goes on to examine how technological breakthroughs have forced us to reconsider the traits we hold as inherently human.

Each time a machine did something we thought was uniquely human, it cut something away from us.

And if we find what that moment is, does it tell us something about the essence of humanity?

Vulnerability exploitation has long been a popular tactic for threat actors.

Observed cases of vulnerability exploitation resulting in data breaches surged three-fold annually in 2023, according to one estimate.

Another trend is of targeting perimeter-based products with vulnerability exploitation.

Making things worseAs if that weren’t enough to concern network defenders, their efforts are complicated further by:The sheer speed of vulnerability exploitation.

In time, they may even be able to use GenAI to help find zero-day vulnerabilities.

Can our AI systems be far less energy-hungry without sacrificing performance?

In his talk, Roeland Nusselder, a computer scientist and the CEO of Plumerai, explores how the growing scale of AI models, such as those used in machine learning and natural language processing, are becoming ever more resource-intensive.

He goes on to show how the rapid development of AI technologies could potentially overwhelm our current energy infrastructure, unless we make significant innovations to reduce their energy consumption.

To counter this trend, Mr Nusselder introduces the concept of "tiny AI", or AI systems that are optimized to be much smaller, more efficient, and less energy-hungry without sacrific…

Alongside this, DeepSeek has faced intense scrutiny over its privacy and security practices, bringing to light several risks surrounding (not necessarily only DeepSeek’s) AI models.

Scams and malwareOne example comes from a user on X who posted some details about a website that mimics the official one and urges visitors to download what poses as DeepSeek's AI model.

Much like has been the case with TikTok and other Chinese online services, DeepSeek’s data collection practices also garnered scrutiny almost immediately, including from regulatory authorities in the United States, Ireland, Italy and France.

Make sure to also use multilayered security software across all your devices that can go…

DeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacyThe first month of 2025 was another whirlwind month in cybersecurity, with cyber-landscape shifts, new data breaches, and other key stories and developments you shouldn't miss.

In this edition of the monthly roundup, ESET Chief Security Evangelist Tony Anscombe looks at:the furor over an AI model from a little-known Chinese company called DeepSeek that, to almost everyone's surprise, rivals the performance of leading U.S.-made AI models like ChatGPT – apparently at a fraction of the cost while using fewer and…

Types of data poisoningThere are various types of data poisoning attacks, such as:Data injection: Attackers inject malicious data points into the training data to make an AI model alter its behavior.

Attackers inject malicious data points into the training data to make an AI model alter its behavior.

Trigger injection: This attack injects data into the AI model’s training set to create a trigger.

As AI models often use third-party components, vulnerabilities introduced during the supply chain process can ultimately compromise the model’s security and leave it open to exploitation.

While enterprise AI models may not share data with third parties, they still gobble up internal data to improve…

The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanityWhat is our place in the cosmic unfolding?

How did we come to be, and where are we ultimately going in the grand scheme of time?

These are some of the deepest existential questions that the renowned theoretical physicist and best-selling author Brian Greene explored in his Starmus talk.

In doing so, Mr Greene also considers whether these principles offer insights into not just our past, but also our future.

Find out in Mr Greene's talk where he explores the role of time and entropy in shaping everything from the cosmos to h…

Don’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammersOnline gambling is big business.

Topping revenue of $84bn in 2023, the business of online casinos, virtual poker and sports betting is on the rise.

But as the industry grows and new users come online, scammers looking for quick wins are also targeting the online betting and gambling space in ever greater numbers.

From nefarious online casinos to malicious apps and phishing messages, the list of potential fraud channels continues to grow.

PhishingA social engineering technique as old as the internet, it’s no surprise that gambling scammers are also using phishing to ach…

OpenText announced OpenText Core Threat Detection and Response, a new AI-powered cybersecurity solution for threat detection to be generally available with Cloud Editions 25.2.

OpenText Core Threat Detection and Response will be available on Microsoft Azure.

OpenText Core Threat Detection and Response, combined with OpenText’s threat hunting services and integration toolkits, meets this challenge headfirst.

Rapid detection and elimination: Advanced anomaly detection that dynamically adapts to changes in operating environments and ensures contextually relevant threat detection.

OpenText Core Threat Detection and Response is currently available as a limited release to select customers.

Versa releases Versa Sovereign SASE, allowing enterprises, governments, and service providers to deploy customized networking and security services directly from their own infrastructure in a “do-it-yourself” model.

A new paradigm in SASE deploymentVersa Sovereign SASE adds a third option for deploying the VersaONE Universal SASE Platform:As-a-service – Delivered via shared gateways in Versa’s global SASE fabric with over 90 global PoPs (Versa Unified SASE).

(NEW) Sovereign – Delivered via dedicated gateways in customers’ infrastructure under customer management and control – completely air-gapped (Versa Sovereign SASE).

Over the past two years, Versa Sovereign SASE has been deployed by org…

Symbiotic Security announced updates to its application and integrated development environment (IDE) extension, further streamlining security for developers by improving usability, accessibility, and real-time security insights.

The demand for real-time security solutions is growing as organizations seek to shift security left – making it an earlier part of the software development process to improve efficiency and reduce cost.

“Developers need real-time, actionable intelligence so they can write secure code with confidence,” said Edouard Viot, CTO, Symbiotic Security.

With Symbiotic’s software, security is no longer an afterthought; it is where it should have always been – integrated into …

Small organizations are over-reliant on prevention and don’t have enough focus on early detection and planned response.

How open and honest are their public communications to customers when they have unexpected outages or security incidents?

All of these indicators are a reflection of a supplier’s attitude toward data security and transparency in their operations.

With the increasing volume of real-time threat intelligence data, how can CTOs prioritize actionable insights without overwhelming security teams with alert fatigue?

Given the pace of cyber threat evolution, should organizations focus more on cyber resilience than just cyber defense?

How to lock Notes on macOSSet up a passwordOpen the Notes app on your Mac.

You can either use your Mac login password or create a custom password for locked notes.

You can either use your Mac login password or create a custom password for locked notes.

To hide the content of a locked note, you can close your locked notes.

How to lock Notes on iOSBeginning in iOS 16, there are two ways to lock your notes.

Veeam brings recovery orchestrator to Microsoft Hyper-V customersVeeam Software announced it’s bringing recovery orchestrator to Microsoft Hyper-V customers as part of the Veeam Data Platform.

Veeam Recovery Orchestrator simplifies and automates the disaster recovery planning, testing, and execution process.

Pangea introduces AI guardrails to secure AI applicationsPangea announced AI Guard and Prompt Guard to secure AI, defending against threats like prompt injection and sensitive information disclosure.

Pangea AI Guard prevents sensitive data leakage and blocks malicious and unwanted content like profanity, self harm, and violence.

Pangea Prompt Guard analyzes user and system prompts to bl…

Cybersecurity AnalystMesser | On-site – View job detailsAs a Cybersecurity Analyst, you will utilize existing technology platforms to monitor security threats and incidents.

Cybersecurity EngineerModern Technology Solutions | On-site – View job detailsAs a Cybersecurity Engineer, you will design and implement systems to meet cybersecurity policy and regulations.

Incident Response AnalystTrend Micro | On-site – View job detailsAs an Incident Response Analyst, you will oversee all incident response, from detection to incident resolution.

Industrial Automation and Cybersecurity EngineerDanone | On-site – View job detailsAs an Industrial Automation and Cybersecurity Engineer, you will ensure co…

Runa launched Runa Assure, a security suite specifically built to fortify payout processes against threats of fraud, cyberattacks, and compliance risks.

“Unlike other fraud and security models that focus on payment acceptance, we’ve designed a fraud and security engine specifically to protect payouts.

Runa Assure is engineered to help businesses stay ahead of sophisticated fraudsters by deploying preventative and proactive security controls.

Runa Assure provides end-to-end fraud protection, securing payouts from the moment funds are loaded (across 50+ currencies) to the final recipient transaction.

By automating fraud prevention, Runa Assure lifts the burden off finance and operations teams…

Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static code analysis tools.

PRevent in action (Source: Apiiro)The tools work by detecting two anti-patterns the researchers pinpointed after analyzing thousands of malicious code instances in repositories and packages: obfuscated / unreadable source code, and dynamic execution (i.e., code execution at runtime instead of at build or compile time).

“Some malicious patterns are common in legitimate code and would cause false-positives (…

The Darcula platform makes phishing easyBy automating some of the required steps, Darcula makes it easy for technically inexperienced criminals to launch phishing campaigns.

The current version of the platform offers pre-built phishing kits for targeting users of over 200 brands worldwide.

The phishing platform creates a “.cat-page” bundle containing all those pages, which can be uploaded to the darcula admin panel and can then be used to launch phishing campaigns.

Example of a virtually-generated card from stolen card details (Source: Netcraft)“These cards are often loaded to burner phones and then sold by darcula criminals.

Reporter Brian Krebs has recently illustrated how the adding of s…

Disguising themselves as software development recruiters, these threat actors lure victims with fake job offers and deliver software projects embedded with infostealing malware.

The campaign primarily targets freelance software developers through spearphishing on job-hunting and freelancing platforms, to steal cryptocurrency wallets and login credentials from browsers and password managers.

To infiltrate their targets, they use fake recruiter profiles on social media, masquerading as legitimate employers.

In order to pose as recruiters, the attackers copy profiles of existing people or even construct new personas.

Victims receive the project files either directly via file transfer on the si…

Privacera announced significant updates to its AI Governance (PAIG) platform, reinforcing its commitment to AI risk management and compliance.

PAIG is a diagnostic and remediation tool that allows organizations to proactively identify AI risks and implement targeted protections to mitigate them.

By integrating PAIG with this framework, Privacera enables enterprises to proactively identify, assess, and remediate AI-related risks at every stage of AI deployment.

enables periodic testing and evaluation of deployed AI applications to identify potential issues such as data leakage, bias, or IP violations.

This alignment enables businesses to proactively identify, evaluate, and mitigate risks ass…

Key features include:Safe SMS: Uses Norton Genie AI to detect sophisticated scams in text messages by analyzing the meaning of words used by scammers.

Uses Norton Genie AI to detect sophisticated scams in text messages by analyzing the meaning of words used by scammers.

Genie AI-powered scam assistant : Integrates the Norton Genie AI app to provide instant guidance on scams and suspicious offers with a single tap.

: Integrates the Norton Genie AI app to provide instant guidance on scams and suspicious offers with a single tap.

The new Genie Scam Protection and Scam Protection Pro features are available in the US today on supporting platforms.

1Password introduced 1Password Enterprise Password Manager – MSP Edition, a dedicated solution that transforms how MSPs safeguard client data and helps them confront complex threat environments.

With features tailored to MSPs’ unique needs, this comprehensive solution strengthens client security posture and boosts productivity, all while enabling MSPs to scale their operations efficiently and maximize profitability.

Small and medium-sized businesses, in particular, often lack the resources to manage routine security operations like credential management, leaving them vulnerable to today’s threats.

A centralized MSP console provides multi-tenant management, enabling MSPs to effortlessly conf…

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

This isn’t new, but it’s increasingly popular:The technique is known as device code phishing.

It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard.

Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts.

Rather than authenticating the user directly, the input-constrained device displays an alphabetic or alphanumeric device code along with a link associated with the user account.

The remote server then sends a token to the input-constrained device that logs it into the account.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking at Boskone 62 in Boston, Massachusetts, USA, which runs from February 14-16, 2025.

My talk is at 4:00 PM ET on the 15th.

I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025.

The list is maintained on this page.

Posted on February 14, 2025 at 12:01 PM • 0 Comments

The idea of replacing dedicated and principled civil servants with AI agents, however, is new—and complicated.

New presidents can issue sweeping executive orders, but they often have no real effect until they actually change the behavior of public servants.

Written law is never fully determinative of the actions of government—there is always wiggle room for presidents, appointed leaders, and civil servants to exercise their own judgment.

AI development could happen inside of transparent and accountable public institutions, alongside its continued development by Big Tech.

Singapore has been a leader in the development of public AI models, built transparently and with public-service use cases…

And the implications for national security are profound.

The Chinese government’s 2015 breach of OPM was a significant US security failure, and it illustrated how personnel data could be used to identify intelligence officers and compromise national security.

The implications for national security are staggering.

This is beyond politics—this is a matter of national security.

While the full impact may take time to assess, these steps represent the minimum necessary actions to begin restoring system integrity and security protocols.

Delivering Malware Through Abandoned Amazon S3 BucketsHere’s a supply-chain attack just waiting to happen.

A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400.

Presumably the projects don’t realize that they have been abandoned, and still ping them for patches, updates, and etc.

Moreover, often—but not always—losing the bucket that they’d use for it also removes the original vendor’s ability to identify the vulnerable software in the first place.

Software supply-chain security is an absolute mess.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations.

To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons.

This is how it works:

This is a big deal, and something we in the security community have worried was coming for a while now.

The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand.

But the law does not permit Apple to delay complying during an appeal.

Of course, UK users will be able to spoof their location.

According to the law, Apple would not be able to offer the feature to anyone who is in the UK at any point: for example, a visitor from the US.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies.

Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership with the company.

But nearly a year later, Mozilla is still promoting it to Firefox users.

Mozilla offers Onerep to Firefox users on a subscription basis as part of Mozilla Monitor Plus.

Several readers have shared emails they received from Radaris after attempting to remove their personal data, and those messages show Radaris has been promoting Onerep.

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.

This patch should be a priority for enterprises, as Microsoft says it is being exploited, has low attack complexity, and no requirements for user interaction.

One vulnerability patched today that was publicly disclosed earlier is CVE-2025-21377, another weakness that could allow an attacker to elevate their privileges on a vulnerable Windows system.

“Accordingly, Microsoft assesses exploitation as more likely.”The SANS Internet Storm Center has a handy list of all the Microsoft patches released tod…

“I don’t think there’s a lot of money to be made in the com,” Rivage lamented.

2025-02-05 16:29:44 UTC vperked#0 they got this nigga on indiatimes man2025-02-05 16:29:46 UTC alexaloo#0 Their cropping is worse than AI could have done2025-02-05 16:29:48 UTC hebeatsme#0 bro who is that2025-02-05 16:29:53 UTC hebeatsme#0 yalla re talking about2025-02-05 16:29:56 UTC xewdy#0 edward2025-02-05 16:29:56 UTC .yarrb#0 rivagew2025-02-05 16:29:57 UTC vperked#0 Rivarge2025-02-05 16:29:57 UTC xewdy#0 diamondcdm2025-02-05 16:29:59 UTC vperked#0 i cant spell it2025-02-05 16:30:00 UTC hebeatsme#0 rivage2025-02-05 16:30:08 UTC .yarrb#0 yes2025-02-05 16:30:14 UTC hebeatsme#0 i have him added2025-02-05 16:30:2…

DeepSeek’s rapid rise caught the attention of the mobile security firm NowSecure, a Chicago-based company that helps clients screen mobile apps for security and privacy threats.

In a teardown of the DeepSeek app published today, NowSecure urged organizations to remove the DeepSeek iOS mobile app from their environments, citing security concerns.

Hoog told KrebsOnSecurity there were a number of qualities about the DeepSeek iOS app that suggest the presence of deep-seated security and privacy risks.

Perhaps more concerning, NowSecure said the iOS app transmits device information “in the clear,” without any encryption to encapsulate the data.

“The DeepSeek iOS app globally disables App Transpo…

The email address used for those accounts was [email protected].

Intel471 finds the user FlorainN registered across multiple cybercrime forums using the email address [email protected].

Perhaps fittingly, both Cracked and Nulled have been hacked over the years, exposing countless private messages between forum users.

Constella found that a user named Shoppy registered on Cracked in 2019 using the email address finn@shoppy[.]gg.

Constella says that email address is tied to a Twitter/X account for Shoppy Ecommerce in Israel.

The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published here since 2015.

The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.

On January 29, the FBI and the Dutch national police seized the technical infrastructure for a cybercrime service marketed under the brands Heartsender, Fudpage and Fudtools (and many other “fud” variations).

“These tools were also used to acquire victim user credentials and utilize those credentials to further these fraudulent schemes.

“The Cybercrime Team is on the trail of a number of buyers of the tools,” the…

It is likely the gambling sites coming through Funnull are abusing top casino brands as part of their money laundering schemes.

Silent Push researchers say Funnull may be helping online gamblers in China evade the Communist party’s “Great Firewall,” which blocks access to gambling destinations.

Edwards said Funnull is a textbook example of an increasing trend Silent Push calls “infrastructure laundering,” wherein crooks selling cybercrime services will relay some or all of their malicious traffic through U.S. cloud providers.

Amazon said that contrary to implications in the Silent Push report, it has every reason to aggressively police its network against infrastructure laundering, noting t…

President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybersecurity posture.

One of the CSRB’s most recognizable names is Chris Krebs (no relation), the former director of the Cybersecurity and Infrastructure Security Agency (CISA).

Krebs was fired by President Trump in November 2020 for declaring the presidential contest was the most secure in American history, and for refuting Trump’s false claims of election fraud.

President Trump and First Lady Melania Trump each launched their own vanity memecoins this month, dubbed $TRUMP and $MELANIA.

WEAPONIZATION & DISINFORMATIONPrior to the election, Presiden…

After enabling a DNS server on akam.ne, he noticed hundreds of thousands of DNS requests hitting his server each day from locations around the globe.

Had he enabled an email server on his new domain akam.ne, Caturegli likely would have received wayward emails directed toward mastercard.com or other affected domains.

The message suggested his public disclosure of the MasterCard DNS error via a post on LinkedIn (after he’d secured the akam.ne domain) was not aligned with ethical security practices, and passed on a request from MasterCard to have the post removed.

“But we’ll let you judge— here are some of the DNS lookups we recorded before reporting the issue.”As the screenshot above shows, t…

Reports of similar SMS phishing attacks against customers of other U.S. state-run toll facilities surfaced around the same time as the MassDOT alert.

People in Florida reported receiving SMS phishing that spoofed Sunpass, Florida’s prepaid toll program.

In each case, the emergence of these SMS phishing attacks coincided with the release of new phishing kit capabilities that closely mimic these toll operator websites as they appear on mobile devices.

Merrill said the volume of SMS phishing attacks spoofing toll road operators skyrocketed after the New Year, when at least one Chinese cybercriminal group known for selling sophisticated SMS phishing kits began offering new phishing pages design…

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack.

Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.

Today also saw the publication of nine critical remote code execution (RCE) vulnerabilities.

The Microsoft flaws already seeing active attacks include CVE-2025-21333, CVE-2025-21334 and, you guessed it– CVE-2025-21335.

And if you run into any problems installing this month’s patch batch, drop a line in the comments below, please.

KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in an elaborate voice phishing attack.

Lookout researchers discovered multiple voice phishing groups were using a new phishing kit that closely mimicked the single sign-on pages for Okta and other authentication providers.

-The Operator: The individual managing the phishing panel, silently moving the victim from page to page.

-The Owner: The phishing panel owner, who will frequently listen in on and participate in scam calls.

Nixon said the constant snaking within the voice phishing circles points to a psychological self-selection phenomenon that is in desperate need of ac…

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon.

Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon.

Think again.”On that same day, Kiberphant0m posted what they claimed was the “data schema” from the U.S. National Security Agency.

The profile photo on Wagenius’ Facebook page was deleted within hours of my Nov. 26 story identifying Kiberphant0m as a likely U.S. Army soldier.

Nixon asked to sha…

Instead, they purchase the item using stolen payment card data and your shipping address.

March featured several investigations into the history of various people-search data broker services.

Radaris repeatedly threatened to sue KrebsOnSecurity unless that publication was retracted in full, alleging that it was replete with errors both factual and malicious.

Fittingly, Radaris now pimps OneRep as a service when consumers request that their personal information be removed from the data broker’s website.

There is zero third-party content on this website, apart from the occasional Youtube video embedded as part of a story.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive cont…

Graham’s plan to make his fortune is scuppered by an AI with opinions on time travel, and Mark investigates an intriguing question about a six-fingered glove.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our …

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

The US Department of Justice (DOJ) has unsealed criminal charges against two Russian nationals, alleged to have operated a cybercrime gang that used ransomware to target over 1000 American organisations.

Roman Berezhnoy and Egor Nikolaevich Glebov, 33 and 39 years old respectively, are alleged to have extorted over US $16 million in ransom payments using the Phobos ransomware.

In the DOJ's indictment against Berezhnoy and Glebov, it details how victims of the Phobos ransomware often received a ransom demand of under US $100,000 - less than the demands made by other notorious ransomware groups.

If convicted of the charges filed against them, Berezhnoy and Glebov face a potential sentence of …

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

A 48-year-old woman from Arizona has pleaded guilty to charges related to a criminal scheme which saw North Korean IT workers employed remotely by hundreds of US companies.

The workers had access to company networks, posing a significant cybersecurity threat, while raising funds for North Korea.

To assist with the scheme, chapman ran a laptop farm at her home - which allowed overseas IT workers to remotely access company networks, while appearing to be based in the United States.

In 2023, the FBI and South Korea offered sensible advice about the so-called "red flags" that could indicate your potential new employee could actually be working for North Korea.

Last month, two other Americans we…

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Jane Wakefield.

Tripwire Enterprise – Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusiv…

In episode 37 of “The AI Fix”, Google Gemini gets the munchies, the wettest country in the world can’t find any water, an escalator tries to eat Graham, o3-mini can’t rub two sticks together, and OpenAI invents an AI that can do “a single-digit percentage of all economically valuable tasks in the world” but nobody notices.

Graham wonders why his childhood was full of Triffids and quicksand, and discovers a way to trap overstepping AI crawlers in an endless maze, while Mark investigates the appalling state of DeepSeek security.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamc…

North American drivers are continuing to be barraged by waves of scam text messages, telling them that they owe money on unpaid tolls.

The scam text messages seen in the campaigns claim that the recipient has an "outstanding toll amount" that remains unpaid, and links to a page which poses as an overdue payment portal.

The reason for this is that Apple iMessage automatically disables links received from unknown senders as a built-in protection against phishing.

Members of the public would be wise to report and delete unwanted text messages or forward them to 7726 (SPAM).

The FTC has published information about how to recognise and respond to scam text messages here.

The Taliban government of Afghanistan is reeling after unidentified hackers successfully carried out a massive cyber attack against its computer systems and published over 50GB of stolen documents and files online.

The leaked records included claims that the Taliban has imprisoned over 1400 women, and 16,000 men.

Approximately 80 foreign nationals (including six women) are also said to be being held in Taliban prisons.

According to the report, Taliban officials have examined foreign organisations working in Bamiyan Province, alleging that they are promoting Western cultural values.

Taliban spokespeople went on to claim that the leak was an attempt to manipulate public opinion via the media.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

The government of Thailand has cut the power supply to areas near its border with Myanmar that are known to host brutal scam compounds.

These heavily-guarded fraud factories house armies of people, coerced into defrauding innocent people through bogus investment and romance baiting scams.

In the past, media reports have published distressing details of the treatment of fraud factory workers on the Myanmar-Thai border and in Cambodia.

According to Anutin, a clause in the energy supply contract allows Thailand to cut off the supply on the grounds of national security.

In reality, according to Wang Xing, he was put to work in a call scam compound targeting Chinese people.

In episode 403 of “Smashing Security” we dive into the mystery of $65 million vanishing from Coinbase users faster than J-Lo slipped into Graham’s DMs, Geoff gives a poor grade for PowerSchool’s security, and Carole takes a curious look at QR codes.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist’s Geoff White.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddi…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

In episode 36 of The AI Fix, Graham and Mark take a long look at DeepSeek, an upstart AI out of China that was trained on a shoestring, shook up Wall Street, kneecapped Nvidia, and challenged America’s AI hegemony.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podc…

Причем в большинстве случаев запуск зловреда детектировался домашними решениями, но в некоторых — корпоративными.

Разумеется, игры на торрентах были представлены в виде репаков — то есть модифицированных версий программ, в которые авторы раздачи уже встроили средства обхода проверки подлинности копии игры (иными словами, игры были взломаны).

Однако нет никаких гарантий, что в следующий раз в репаке игры не окажется стилер или шифровальщик.

Пока сотрудники будут продолжать устанавливать пиратские игры на рабочие компьютеры, зловреды, ориентированные на геймеров, будут продолжать атаковать на рабочих машинах.

А в идеале стоит вообще запретить запуск ПО, не имеющего отношения к рабочему процес…

В этом материале разберем, как работают брокеры данных и к чему может привести утечка собранной ими информации.

Утечка данных геолокации пользователей, собранных Gravy AnalyticsВ январе 2025 года появилась информация о том, что Gravy Analytics допустила утечку данных.

Утечка данных Gravy Analytics демонстрирует серьезные риски, связанные с индустрией дата-брокеров и в особенности брокеров данных геолокации.

Как защитить свои данные геолокацииК сожалению, сбор данных о местоположении пользователей превратился в настолько распространенную практику, что однозначный ответ на вопрос «как защитить свои данные?» дать сложно.

И в целом постарайтесь минимизировать количество установленных на смартфо…

Альтернативными они называются просто потому, что не являются самыми крупными и распространенными криптоактивами — Bitcoin и Ethereum.

Сходства и различия мемных криптовалют и NFTИ мемкоины, и NFT используют блокчейн для хранения информации о праве собственности и операциях участников.

При работе на криптобиржах и других криптоплатформах каждый токен для удобства снабжен тикером — коротким буквенным индикатором, как на классической бирже: BTC, USDT, TRUMP и так далее.

Но реальные операции по покупке и продаже токенов ведутся не с тикером, а с длинными трудночитаемыми адресами смарт-контрактов.

Сохраняйте бдительность при поиске сайтов криптовалютной тематики, новостей и соцмедиа-аккаунтов п…

В феврале в магазине обнаружили игру в комплекте с вредоносным ПО.

Симулятор выживания, в котором должен выжить ваш компьютерВ центре внимания оказалась игра PirateFi — пользователям предлагалось как в одиночном режиме, так и в мультиплеере примерить на себя роль пирата-выживальщика.

В итоге все сыгравшие в PirateFi пользователи Steam получили письмо-уведомление о вероятном наличии вредоноса на их компьютере.

Вредоносное ПО регулярно оказывается в приложениях, в том числе и в играх, в Google Play, а с недавних пор умудряется пробраться и в App Store.

Так что в мобильном гейминге ситуация гораздо хуже, чем в компьютерном, — и связано это отнюдь не с модерацией той или иной площадки.

Преступники по всему миру оттачивают схемы по краже учетных записей в WhatsApp, Telegram и других популярных мессенджерах, и их жертвой может стать любой из нас.

Кража WhatsApp, Telegram и QQ через поддельные QR-кодыРаньше мошенники перехватывали или выманивали SMS-коды подтверждения для входа в мессенджер и этого было достаточно для кражи аккаунта.

На сайте вам демонстрируют уже другой, динамически генерируемый QR-код, который сервер злоумышленников запрашивает у WhatsApp или Telegram в рамках процесса «подключить новое устройство».

В принципе, это будет видно в разделе «Подключенные устройства» в параметрах WhatsApp и Telegram, но атака рассчитана на тех, кто не очень-то разбирается в нас…

Если вы все еще думаете, что никому не нужны, не интересны и что мошенники могут обмануть лишь недалеких людей — вы ошибаетесь.

Обман — дело тонкое, и на каждого, даже самого продвинутого человека, почти всегда найдется своя схема.

Девушке писала даже якобы мать актера, подтвердившая, что «в тяжелое время ее сыну нужен именно такой человек рядом».

Оказалось, что ревнивый возлюбленный перед тем, как вручить подарок, нашпиговал его всем возможным шпионским ПО — и для отслеживания геопозиции, и для прослушки.

К счастью, обнаружить и нейтрализовать как программную, так и аппаратную слежку несложно с помощью функции Кто за мной следит в Kaspersky для Android.

Примерно год назад произошел масштабнейший ransomware-инцидент — атака на гиганта американского медицинского страхования, компанию UnitedHealth Group.

В UnitedHealth Group даже создали специальный сайт, на котором можно следить за восстановительными работами.

Как происходила атака на UnitedHealth GroupЧерез несколько месяцев после инцидента, 1 мая, генерального директора UnitedHealth Group Эндрю Уитти вызвали дать показания в Конгрессе США.

Последствия ransomware-атаки на UnitedHealth GroupТолько по итогам первого квартала 2024 года сумма ущерба UnitedHealth Group от кибератаки составила $872 миллиона.

Только через 8 месяцев после инцидента, 24 октября 2024 года, в UnitedHealth Group наконе…

Интересную атаку, точнее, сразу две атаки с использованием двух разных уязвимостей в процессорах Apple, недавно продемонстрировали исследователи из университетов Германии и США.

Чтобы разобраться, насколько опасны данные уязвимости, давайте коротко, и не вдаваясь в дебри сложного научного исследования, повторим основные принципы всех подобных атак.

Система Load Address Predictor внедрена, начиная с модели Apple M2 для настольных компьютеров и ноутбуков и Apple A15 для мобильных устройств.

Авторы показывают, как использовать SLAP и FLOP для того, чтобы обойти множество механизмов защиты информации как в самих процессорах, так и в браузере Safari, и получить доступ к конфиденциальной информац…

И если в Google Play вредоносные приложения не единожды обнаруживались и до этого, то в App Store троян-стилер обнаружен впервые.

В зависимости от языка, установленного в ОС смартфона, SparkCat загружает модели, обученные находить и распознавать на фото символы латиницы, а также корейского, китайского и японского языков.

Масштаб и жертвы атакиНам удалось обнаружить 10 вредоносных приложений в Google Play и 11 — в App Store.

На момент публикации все вредоносные приложения из App Store (но не из Google Play) были удалены.

Поэтому критерии благонадежности стоит повысить: загружайте только приложения с высоким рейтингом, с тысячами, а лучше — с миллионами загрузок, опубликованные хотя бы нескол…

Сейчас на смену «богатым нигерийским четвероюродным дядям по маминой линии» приходят фейковые представители банков, онлайн-магазинов, служб доставок и даже президенты.

Сегодня расскажем про самые популярные виды спама и ответим на вопрос, что делать, если на почту пришел спам.

Письма от инвесторов, меценатов и прочих богачейЭто, пожалуй, самый древний и вместе с тем популярный сценарий спама.

Проблема тоже вариативна: от смертельной болезни до желания пожертвовать все свои деньги на благотворительность — и сделать это нужно обязательно с вашей помощью.

тоже вариативна: от смертельной болезни до желания пожертвовать все свои деньги на благотворительность — и сделать это нужно обязательно с в…

Атака на цепочку поставок может свести на нет все усилия по обеспечению безопасности инфраструктуры компании.

Сегодня мы поговорим о масштабных инцидентах такого рода, которые привлекли наше внимание в 2024 году.

Январь 2024: вредоносные npm-пакеты на GitHub воровали SSH-ключи у сотен разработчиковПервой значительной атакой на цепочку поставок в 2024 году стал инцидент с вредоносными npm-пакетами, которые в начале января были загружены на GitHub.

Также троянизированная версия jQuery обнаружилась и на других площадках: на GitHub и даже в jsDelivr, CDN-сервисе для доставки JavaScript-кода.

Как защититься от атак на цепочку поставокПодробные рекомендации о том, что следует делать для предотвра…

Особенностями традиций пользуются и кибернегодяи — они используют приглашения на свадьбу в качестве приманки для дальнейшей атаки на пользователей смартфонов на Android.

Рассказываем, что на этот раз придумали злоумышленники и как от этого защититься.

В ней в 2024 году мы заметили несколько подозрительных и однозначно вредоносных образцов APK-файлов, распространявшихся в Малайзии и Брунее.

Связав две эти истории воедино, мы поняли: злоумышленники отправляют пользователям Android в Брунее и Малайзии приглашения на свадьбы в виде… APK-файла, который необходимо самостоятельно установить на свой смартфон.

Вредоносу нужно 10 разрешений: доступ к сетевой активности, на отправку и чтение SMS и ряд…

В последние годы в блоге Kaspersky Daily мы стали уделять ransomware заметно меньше внимания, чем в былые времена.

Январь 2024: атака вымогателей на зоопарк ТоронтоОдним из первых значительных инцидентов 2024 года, связанных с ransomware, стала январская атака на крупнейший канадский зоопарк, расположенный в Торонто.

Февраль 2024: атака на UnitedHealth ценой $3,09 миллиардаВ феврале произошла атака на гиганта американского медицинского страхования, UnitedHealth Group, которую можно смело назвать ransomware-инцидентом года.

Май 2024: серьезные сбои в работе американской сети больниц AscensionОдной из крупнейших сетей больниц в США, Ascension, в начале мая пришлось перевести в офлайн часть св…

The bottom line is clear: organizations deeply care about trust in their AI Supply Chain.

Understanding AI Supply Chain SecurityAt Cisco, we’ve observed firsthand that while organizations worry about various AI security concerns like prompt injections and jailbreaks, their security instincts first react to risks in the AI Supply Chain.

AI Supply Chain Security encompasses the practices and measures designed to protect enterprises and applications throughout the AI development and deployment process.

It is a strategic imperative to allow access, but also a security imperative to block the use of malicious models.” Sarah Winslow, Director | PSEC Emerging Technologies & AI, VeradigmIntroducing…

Each year, Cisco makes a point of selecting and recognizing a standout cybersecurity advocate who has earned the title of cybersecurity defender.

This is why Cisco’s 2025 EMEA Cybersecurity Defender of the Year award goes out to a team of practitioners at SAP Enterprise Cloud Services (ECS) whose contributions displayed an uncommon ability to raise the bar for overall security posture.

Partnering with Cisco to Overcome SAP ECS ChallengesAs one of the world’s leading deliverers of managed cloud services, SAP Enterprise Cloud Services can’t afford downtime.

For this reason, SAP Enterprise Cloud Service chose to partner with Cisco.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedIn…

In the previous blog, we talked about our overall approach to zero trust with Universal ZTNA and Hybrid Mesh Firewall.

The Hybrid Mesh Firewall isn’t just a product, it’s a shift in how we approach network security.

The heart of the Cisco Hybrid Mesh Firewall is Cisco’s Security Cloud Control management system.

This solution reflects our vision of integrating AI security seamlessly within the Hybrid Mesh Firewall, providing enterprises with the confidence to advance their AI initiatives securely.

Bringing the Vision to LifeThe Hybrid Mesh Firewall is the embodiment of Cisco’s commitment to redefining network security for the modern age.

A Growing Challenge in Cloud SecurityIn today’s fast-paced digital world, enterprises face a new urgency in cloud security.

Cisco and Wiz: Better TogetherIn response to this critical challenge, Cisco is excited to announce a strategic collaboration with Wiz, a leader in cloud security innovation.

Together, Cisco and Wiz aim to improve cloud security for enterprises that are contending with an evolving threat landscape marked by complexity and the introduction of new AI technology.

A Unified Vision for Secure Cloud EnvironmentsCisco and Wiz share a vision of enhancing cloud security with AI and for AI.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

This is where two emerging areas of innovation come into play: Hybrid Mesh Firewall and Universal ZTNA.

Hybrid Mesh Firewall: From Firewalls to “Firewalling”So, let’s start by clearly defining what each of these are – starting with Hybrid Mesh Firewall.

A traditional definition of a Hybrid Mesh Firewall is a multi-deployment of virtual, physical, cloud native and container native firewalls with a unified management plane.

Truly Universal Zero Trust Network AccessWhat does it mean to achieve Universal Zero Trust Network Access?

ConclusionIn today’s digital landscape, the combination of Universal Zero Trust Network Access and Hybrid Mesh Firewalls offers a powerful defense strategy.

Today’s Quantum Safe SolutionsWhile the quantum threat remains in the future, tech companies, standards bodies, and government entities have sought its mitigation for some time.

QKD, SKIP, ETSI, and the Ability to Share Keys Between EndpointsCisco then turned its attention to creating quantum-safe network transport protocols.

SKIP is an API enabling network devices to obtain quantum safe keys from an external key management system, such as QKD.

Key issues to consider include:How well do specific QKD solutions work?

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Network Security: Network security is all about keeping the connections between devices safe from threats.

Regular checks for vulnerabilities help identify weaknesses that could be exploited by cybercriminals, making it essential for maintaining a secure network.

Security Staffing: Having knowledgeable staff is key to a strong security strategy.

By maintaining detailed logs over an extended period, businesses can better investigate security incidents, understand their root causes, and improve their overall cybersecurity posture.

Check out our whitepaper, ‘Cybersecurity for businesses of all sizes: A blueprint for protection.’ShareShare:

At Cisco, AI threat research is fundamental to informing the ways we evaluate and protect models.

This regular threat roundup consolidates some useful highlights and critical intel from ongoing third-party threat research efforts to share with the broader AI security community.

As always, please remember that this is not an exhaustive or all-inclusive list of AI cyber threats, but rather a curation that our team believes is particularly noteworthy.

Notable Threats and Developments: January 2025Single-Turn Crescendo AttackIn previous threat analyses, we’ve seen multi-turn interactions with LLMs use gradual escalation to bypass content moderation filters.

They evaluated the technique against …

Executive SummaryThis article investigates vulnerabilities in DeepSeek R1, a new frontier reasoning model from Chinese AI startup DeepSeek.

The results were alarming: DeepSeek R1 exhibited a 100% attack success rate, meaning it failed to block a single harmful prompt.

Compared to other frontier models, DeepSeek R1 lacks robust guardrails, making it highly susceptible to algorithmic jailbreaking and potential misuse.

With their models, DeepSeek has shown comparable results to leading frontier models with an alleged fraction of the resources.

MethodologyWe performed safety and security testing against several popular frontier models as well as two reasoning models: DeepSeek R1 and OpenAI O1-p…

Unless these changes are carefully tracked, they could lead to configuration drift, a situation in which the runtime state of a resource deviates from its intended baseline configuration.

How AI Powers Drift DetectionAI-driven drift detection uses machine learning techniques to monitor and analyze cloud configurations in real-time.

This approach provides a scalable, effective, and accurate solution to configuration drift challenges in dynamic cloud environments.

Benefits of AI in Drift DetectionAI offers several advantages over traditional drift detection methods:Scalability: Monitors thousands of resources across multiple cloud environments efficiently.

As technology matures, its potential…

Escalate Access: Once attackers gained access, remote access tools were used in 100% of ransomware engagements (up from 13% last quarter), enabling lateral movement.

With these strong protections on trusted users, organizations can block attacks and protect trusted users from getting locked out of their accounts.

Cisco’s User Protection Suite also includes Secure Access, which includes both Secure Internet Access and Zero Trust Network Access (ZTNA) capabilities.

With Secure Internet Access, users are protected from malicious content with both Intrusion Prevention System (IPS) and Remote Browser Isolation (RBI).

Talk to an expert to discover how the Breach and User Protection Suites can pro…

Black Hat has unlimited access to the Cisco Security Cloud and its capabilities.

We started with a Proof-of-Concept (PoC) in Black Hat Asia 2024 and turned it into a full deployment at Black Hat Europe.

At Black Hat Europe 2024, over 12,000 supported samples were submitted.

Both these workflows were spruced up and used extensively at Black Hat Europe 2024.

At Black Hat Europe 2024, we had a problem where the ThousandEyes agents were showing a high latency time to Azure.

The upgraded suite is designed to provide comprehensive workplace security and help organizations implement zero trust access.

User Protection Suite Capabilities:Cisco’s User Protection Suite includes the key capabilities necessary to protect users and devices.

Zero Trust Access: Ease the transition to ZTNACisco Secure Access allows organizations to adopt Security Service Edge (SSE) with integrated Zero Trust Network Access (ZTNA) and VPN-as-a-service.

ISE assigns tags to these devices, including corporate devices, BYOD, and IoT devices, like cameras and printers.

Learn MoreTo explore the different tiers of Cisco’s User Protection Suite, check out the User Protection Suite At-A-Glance.

Last year, we published our Cisco AI Readiness Index, which provided critical insights into the state of enterprise AI adoption.

I’m proud to announce Cisco AI Defense, the first truly comprehensive solution for enterprise AI security.

To accomplish this, it comprises four main components: AI Access, AI Cloud Visibility, AI Model & Application Validation, and AI Runtime Protection.

Cisco AI Defense gives security teams comprehensive visibility and control over the rapidly growing threat of shadow AI.

Cisco AI Defense addresses AI risk from beginning to end, giving business and security leaders the confidence to bring AI applications to market.

A few months ago this year, I wrote about an AI Security Incident tabletop exercise led by the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC).

CISA used the insights gained from these exercises to develop an AI Security Incident Collaboration Playbook, which serves as a guide for enhancing effective operational collaboration among government agencies, private industry and international stakeholders.

Enables collaboration among the U.S. federal government, private industry, international government counterparts and the AI community to raise awareness of AI cybersecurity risks across critical infrastructure, enhancing the security and resili…

eDiscovery allows you to easily search, collect, and review AI-based interactions across more than 25 AI applications.

We are excited to share more about new developments across Microsoft Security at Legalweek 2025.

Connect with members of the Microsoft Intelligent Security AssociationAt Microsoft we truly believe security is a team sport.

From our signature Pre-Day to demos and networking, discover how Microsoft Security can give you the advantage you need in the era of AI.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

We are excited to announce that Gartner has named Microsoft a Leader in the 2025 Gartner® Magic Quadrant™ for Cyber Physical Systems Protection Platforms.

They span industrial control systems (ICS), OT devices, Internet of Things (IoT) devices, and more.

Microsoft Security Exposure Management is part of the unified security operations portal and provides a unified view of security posture across company assets and workloads.

The OT Security initiative improves your OT site security posture by monitoring and protecting OT environments in the organization, and employing network layer monitoring.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and upd…

From our signature Pre-Day to hands-on demos and one-on-one meetings, join the Microsoft experience at RSAC 2025 designed just for you.

Explore eventsKick things off at Microsoft Pre-DayThe Microsoft experience at RSAC 2025 begins with Microsoft Pre-Day on Sunday, April 27, 2025, at the Palace Hotel, just around the corner from the Moscone Center.

For the fourth year running, the keynote speech held on Microsoft Pre-Day will kick off the full lineup of Microsoft events and activities throughout RSAC 2025.

By joining us on Sunday, you’ll have the chance to hear directly from Microsoft Security business leaders—including Vasu Jakkal, Corporate Vice President, Microsoft Security Business; Char…

Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372.

In device code phishing, threat actors exploit the device code authentication flow.

Device code phishing attack cycleStorm-2372 phishing lure and accessStorm-2372’s device code phishing campaign has been active since August 2024.

Legitimate device code authentication pageAdditionally, Microsoft observed Storm-2372 using Microsoft Graph to search through messages of the account they’ve compromised.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat In…

Microsoft Security provides threat protection, posture management, data security, compliance, and governance to secure AI applications that you build and use.

Customers today are building production-ready AI applications with Azure AI Foundry, while accounting for their varying security, safety, and privacy requirements.

azure AI content Safety Learn moreWith Azure AI Content Safety, built-in content filtering is available by default to help detect and block malicious, harmful, or ungrounded content, with opt-out options for flexibility.

For example, for high-risk AI apps, security teams can tag them as unsanctioned apps and block user’s access to the apps outright.

This is a quick overview…

Attribution assessmentMicrosoft Threat Intelligence assesses that the initial access subgroup is linked to Seashell Blizzard.

We have also observed the initial access subgroup to pursue access to an organization prior to a Seashell Blizzard-linked destructive attack.

]org Seashell Blizzard infrastructure c7379b2472b71ea0a2ba63cb7178769d27b27e1d00785bfadac0ae311cc88d8b LocalOlive b38f1906680c80e1606181b3ccb8539dab5af2a7222165c53cdd68d09ec8abb0 LocalOlive 9f3d8252e8f3169751a705151bdf675ac194bfd8457cbe08e1f3c17d7e9e9be2 LocalOlive 68c7aab670ee9d7461a4a8f06333994f251dc79813934166421091e2f1fa145c LocalOlive b9ef2e948a9b49a6930fc190b22cbdb3571579d37a4de56564e41a2ef736767b Chisel 636e04f0618dd578d…

Microsoft Incident Response is made up of highly skilled investigators, researchers, engineers, and analysts who specialize in handling global security incidents.

Microsoft Incident Response Your first call before, during, and after a cybersecurity incident.

Proactive and reactive incident response are essential capabilities for providing a more robust defense strategy.

While conducting a proactive compromise assessment for a nonprofit organization in mid-2024, Microsoft Incident Response began their forensic investigation.

Thankfully, Microsoft Incident Response conducts proactive compromise assessments with the same resources that deliver reactive investigations.

In this blog, we share more information about ViewState code injection attacks and provide recommendations for securing machine keys and monitoring configuration files.

To protect ViewState against tampering and information disclosure, the ASP.NET page framework uses machine keys: ValidationKey and DecryptionKey.

Microsoft also recommends the following best practices for securing machine keys and web servers:Follow secure DevOps standards and securely generate machine keys.

ReferencesLearn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To hear stories and insights from t…

So if you’re looking to boost your skills and stay ahead of the threat landscape, join Microsoft Security at the top cybersecurity events in 2025.

Be among the first to hear about Microsoft Security innovations, such as Microsoft’s Secure Future Initiative and XSPA (cross-site port attack) updates attendees of Microsoft Ignite 2024 heard.

Over the past few years, we’ve really boosted Microsoft Security experiences at Microsoft Ignite.

Microsoft will host a booth where attendees can connect with Microsoft Security experts and leaders.

It will showcase exciting updates and innovations from Microsoft Security for developers to create AI-enabled security solutions for their organizations.

Employ risk-based Conditional Access policies and continuous access evaluation : Configure strong Conditional Access policies that initiate additional security measures, such as step-up authentication, automatically for high-risk sign-ins.

Augment Conditional Access with continuous access evaluation to ensure ongoing access checks and to protect against token theft.

Augment Conditional Access with continuous access evaluation to ensure ongoing access checks and to protect against token theft.

Converge access policies for identity security tools and network security tools to eliminate coverage gaps and enforce more robust access controls.

Converge access policies for identity security tools …

This includes Microsoft AI, like Microsoft 365 Copilot, AI that an organization builds in-house, and AI from third parties like Google Gemini or ChatGPT.

These Microsoft Purview solutions are:Microsoft Purview Data Security Posture Management for AIMicrosoft Purview Information ProtectionMicrosoft Purview Data Loss PreventionMicrosoft Purview Communications ComplianceMicrosoft Purview Insider Risk ManagementMicrosoft Purview Data Lifecycle ManagementMicrosoft Purview Audit and Microsoft Purview eDiscoveryMicrosoft Purview Compliance ManagerHere are short term steps you can take while the comprehensive data governance program is underway.

Microsoft Purview Data Security Posture Management fo…

In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group.

Targeting WhatsApp account dataStar Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.

Star Blizzard initial spear-phishing email with broken QR codeWhen the recipient responds, Star Blizzard sends …

You can consult our EU AI Act documentation on the Microsoft Trust Center to stay up to date.

This includes the EU AI Act.

Our framework for guiding engineering teams building Microsoft AI solutions—the Responsible AI Standard—was drafted with an early version of the EU AI Act in mind.

We expect that several of the secondary regulatory efforts under the EU AI Act will provide additional guidance on model- and system-level documentation.

Tags: AI, AI safety policies, Azure OpenAI Service, EU, European Union, Responsible AI

Microsoft Threat Intelligence discovered a new macOS vulnerability that could allow attackers to bypass Apple’s System Integrity Protection (SIP) in macOS by loading third party kernel extensions.

In this blog post, we detail the connection between entitlements and SIP and explain how CVE-2024-44243 could be used to bypass SIP security measures.

Modifying sensitive files on the file system can bypass SIP, for instance, by modifying the list of allowed kernel extensions and then loading that kernel extension.

macOS comes pre-shipped with several such filesystem implementations, each appears as a file system bundle (*.fs) under /System/Library/Filesystems and /Library/Filesystems.

Registered …

Microsoft’s AI red team is excited to share our whitepaper, “Lessons from Red Teaming 100 Generative AI Products.”The AI red team was formed in 2018 to address the growing landscape of AI safety and security risks.

Eight main lessons learned from our experience red teaming more than 100 generative AI products.

Lessons from Red Teaming 100 Generative AI Products Discover more about our approach to AI red teaming.

Read the whitepaperMicrosoft AI red team tackles a multitude of scenariosOver the years, the AI red team has tackled a wide assortment of scenarios that other organizations have likely encountered as well.

Advance your AI red teaming expertiseThe “Lessons From Red Teaming 100 Genera…

Google Play’s multi-layered protections against bad appsTo create a trusted experience for everyone on Google Play, we use our SAFE principles as a guide, incorporating multi-layered protections that are always evolving to help keep Google Play safe.

Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source.

In 2024, Google Play Protect’s real-time scanning identified more than 13 million new malicious apps from outside Google Play1.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled …

This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.

One of these tools is a robust evaluation framework we have developed to automatically red-team an AI system’s vulnerability to indirect prompt injection attacks.

Threat model and evaluation frameworkOur threat model concentrates on an attacker using indirect prompt injection to exfiltrate sensitive information, as illustrated above.

Based on this probability, the attack model refines the prompt injection.

This process repeats until the attack model converges to a successful prompt injection.

This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft.

As part of enabling Identity Check, you can designate one or more trusted locations.

Theft Detection Lock: expanding AI-powered protection to more usersOne of the top theft protection features introduced last year was Theft Detection Lock, which uses an on-device AI-powered algorithm to help detect when your phone may be forcibly taken from you.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help …

Today, we’re excited to release OSV-SCALIBR (Software Composition Analysis LIBRary), an extensible library for SCA and file system scanning.

We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface.

OSV-Scanner + OSV-SCALIBRUsers looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities using much of the same extraction as OSV-SCALIBR.

Some of OSV-SCALIBR’s capabilities are not yet available in OSV-Scanner, but we’re currently working on integrating OSV-SCALIBR more deeply into O…

Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage.

A significant benefit of utilizing Google Cloud Platform is its integrated security tools, including Artifact Analysis.

This integration provides industry-leading insights into open source vulnerabilities—a crucial capability as software supply chain attacks continue to grow in frequency and complexity, impacting organizations reliant on open source software.

Open source vulnerabilities, with more reachArtifact Analysis pulls vulnerability information directly from OSV, which is the only open source, distributed vulnerability dat…

Today, we are announcing the availability of Vanir, a new open-source security patch validation tool.

In collaboration with the Google Open Source Security Team, we have incorporated feedback from our early adopters to improve Vanir and make it more useful for security professionals.

These algorithms have low false-alarm rates and can effectively handle broad classes of code changes that might appear in code patch processes.

The Vanir signatures for Android vulnerabilities are published through the Open Source Vulnerabilities (OSV) database.

You can also contribute to Vanir by providing vulnerability data with Vanir signatures to OSV.

But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets.

The ideal solution would be to completely automate the manual process of developing a fuzz target end to end:Drafting an initial fuzz target.

Running the corrected fuzz target for a longer period of time, and triaging any crashes to determine the root cause.

In January 2024, we open sourced the framework that we were building to enable an LLM to generate fuzz targets.

New results: More code coverage and discovered vulnerabilitiesWe’re now able to automatically gain more coverage in 272 C/C++ projects on OSS-Fuzz (up from 160), …

Based on an analysis of in-the-wild exploits tracked by Google's Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade:Breakdown of memory safety CVEs exploited in the wild by vulnerability classGoogle is taking a comprehensive approach to memory safety.

This leads to an exponential decline in memory safety vulnerabilities and quickly improves the overall security posture of a codebase, as demonstrated by our post about Android's journey to memory safety.

We’ve begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs.

This improves spat…

That’s why we’re using the best of Google AI to identify and stop scams before they can do harm with Scam Detection.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Cutting-edge AI protection, now on more Pixel phones: Gemini Nano, our advanced on-device AI model, powers Scam Detection on Pixel 9 series devices.

We look forward to learning from this beta and your feedback, and we’ll share more about Scam Detection in the months ahead.

Every day, over a billion people use Google Messages to communicate.

That’s why we’ve made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month.

With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users.

We're committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private.

As part of cybersecurity awareness month, we're sharing five new protections to help keep you safe while using Google Messages on Android:

Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities.

Our Secure by Design commitment emphasizes integrating security considerations, including robust memory safety practices, throughout the entire software development lifecycle.

This post builds upon our previously reported Perspective on Memory Safety, and introduces our strategic approach to memory safety.

By open-sourcing these tools, we've empowered developers worldwide to reduce the likelihood of memory safety vulnerabilities in C and C++ codebases.

Migration to Memory-Safe Languages (MSLs)The first pillar of our strategy is centered on further increasing the adoption of memory-s…

Situations like Janine’s highlighted the need for a comprehensive solution to phone theft that exceeded existing tools on any platform.

These advanced theft protection features are now available to users around the world through Android 15 and a Google Play Services update (Android 10+ devices).

These theft protection features are just one example of how Android is working to provide real-world protection for everyone.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help center.

If only the whole tree of Chrome UI controls were exposed, somehow, such that we could enumerate and interact with each UI control automatically.

We need to amortize that cost over thousands of test cases by running a batch of them within each browser invocation.

Yet this is tricky, since Chrome UI controls are deeply nested and often anonymous.

This approach has proven to be about 80% as quick as the original ordinal-based mutator, while providing stable test cases.

If you’d like to follow along, keep an eye on our coverage dashboard as it expands to cover UI code.

Most smartphones use cellular baseband processors with tight performance constraints, making security hardening difficult.

The Cellular BasebandThe cellular baseband within a smartphone is responsible for managing the device's connectivity to cellular networks.

The firmware within the cellular baseband, similar to any software, is susceptible to bugs and errors.

For example, 0-day exploits in the cellular baseband are being used to deploy the Predator malware in smartphones.

Pixel's proactive approach to security demonstrates a commitment to protecting its users across the entire software stack.

The Chrome Security Team is constantly striving to make it safer to browse the web.

We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue.

Historically the Chrome Security Team has made major investments and driven the web to be safer.

In the longer-term the Chrome Security Team advocates for operating system improvements like less-capable lightweight processes, less-privileged GPU and NPU containers, improved application isolation, and support for hardware-based isolation, memory safety and flow control enforcement.

Good Bugs and Ba…