Как общая теория относительности и здравый смысл обломали фантастику.

Новый метод печати может изменить подход к межзвёздным путешествиям.

DeepSeek выложила свою новую модель для всего мира.

Мозг научился говорить с протезами напрямую.

Киберпреступники запускают атаки со смартфонов в любой точке мира.

Что сделало приматов такими искусными инженерами?

Искусственный интеллект, который не требует интернета и работает напрямую на GPU.

Под ударом вымогателей оказались сразу три операционные системы.

Строительные компании и госучреждения оказались наиболее уязвимыми перед новой волной взломов.

OpenAI исправила главный недостаток виртуального общения.

Минцифры создаст базу голосов, банки получат новые обязательства.

Тест на общий интеллект ставит искусственный разум на место.

Архитектура MoE и китайские чипы помогают сэкономить 20% без потери качества.

Фонд призвал Big Tech прекратить сотрудничество с ShadowDragon.

Бэкдор в моделях Go1 ‒ случайность или хитрый ход Большого Брата?

В 2014 году специалисты «Лаборатории Касперского» формулировали следующие выводы об авторах и заказчиках:«Кто создал Stuxnet и с какой целью — достоверно неизвестно.

Есть версия, что в то время Германию сильно беспокоило тотальное господство американских спецслужб на своей территории.

Но немцы могли увидеть угрозу и для собственной национальной безопасности.

По косвенным данным сейчас можно сказать, что в руки журналистов Der Spiegel попал отчёт о деятельности TAO за период до 2010 года.

Формат классификации угроз (Trend Micro)Группа The Microsoft Threat Intelligence работает в той же нише, что и GReAT.

Проблема дефицита кадров в ИТ и ИБ является в России не просто давней, а даже застарелой.

В России ситуация с кадрами сложная и в ИТ, и в ИБ.

Если в начале 2000-х от нехватки специалистов страдали в основном производственные предприятия, органы муниципального управления, образовательные и медицинские учреждения, то в 2024 году о проблеме говорили и в банковском секторе.

Причем и в 2017 году соотношение пенсии и заработной платы в России не дотягивало до рекомендованного Международной организацией труда уровня в 40%.

В ИТ и ИБ, где уровень заработной платы выше среднего, разница между заработной платой и пенсией будет еще более разительной.

Российский и мировой рынок систем Anti-DDoSНа отечественном рынке представлены разные средства защиты от DDoS-атак: локальные, облачные, комбинированные продукты и CDN-сервисы со встроенной защитой.

В 2024 году объём мирового рынка систем защиты от DDoS-атак оценивался в 4,15 млрд долларов США.

Локальные системы защиты от DDoS-атакНа локальном уровне системы защиты от DDoS-атак могут включать как физическое оборудование (например, серверы и защитные устройства), так и программные решения.

Система защищает от атак, которые вызывают перегрузку каналов связи и эксплуатируют уязвимости сетевых протоколов, и от сложных DDoS-атак на уровне приложений.

StormWallРоссийский разработчик StormWall пре…

Забегая вперёд, скажем, что мы поговорили о деятельности команды GReAT с Дмитрием Галовым, руководителем Kaspersky GReAT в России.

Ведь скоро заинтересованные лица будут изучать ИИ с точки зрения его применения не только для защиты, но и для атак.

Картина в целом: развитие бизнеса Kaspersky в РоссииДеятельность команды GReAT является частью бизнеса компании Kaspersky, которая сейчас работает по всему миру.

Сама компания Kaspersky не раз повторяла, что сосредоточена на поиске глобальных угроз и не связана с деятельностью спецслужб.

Дмитрий Галов, руководитель Kaspersky GReAT в РоссииКто же стоит за разработкой сложных киберугроз?

Ручные процессы, отсутствие автоматизации и недостаточная координация между командами могут замедлять реагирование, увеличивая риски и ущерб.

Для автоматизированного реагирования стоит обратить внимание в первую очередь на решения классов «оркестровка, автоматизация, реагирование» (SOAR), «платформа реагирования на инциденты» (IRP).

В рамках первого опроса зрители эфира ответили, какая задача или процесс лучше всего подходит для автоматизации в их среде.

Как будут эволюционировать решения по автоматизации реагирования?

Будут улучшать процессы реагирования 33%, заинтересовались средствами реагирования и автоматизации — 27%.

Как правильно выстроить реагирование на инциденты информационной безопасности: ключевые этапы, распределение ролей и полномочий, необходимые компетенции сотрудников и типичные ошибки.

Первый опрос в прямом эфире AM Live показал, насколько компании готовы к реагированию на инциденты в ИБ.

Оценка этой цепочки взаимодействующих объектов при инциденте помогает понять, что происходит и на что это может повлиять.

Если ИБ находится в подчинении у IT, то IT должны больше углублять знания в ИБ и иметь соответствующие компетенции.

ВыводыДля эффективного реагирования на инциденты информационной безопасности компании необходимо иметь заранее разработанные сценарии и регулярно проводить учения.

Например, стеганографию в сочетании с криптографией применяли агенты ЦРУ для связи с одним из ценнейших агентов в СССР Александром Огородником («Трианоном»).

Однако по-настоящему массовой использование стеганографии стало в цифровую эпоху, когда эти технологии начали массово использоваться как в злонамеренных, так и в легитимных целях.

Тут используются те же принципы, как и в методе, описанном выше, изобретение которого приписывают маркизу де Саду.

Применяют данную технологию и для контроля выхода рекламы на телевидении и радио в указанное в контрактах время.

В 2020 году графические файлы, в которые был внедрен Mimikatz, были использованы для атаки на промышленные компании в Европе и Японии.

Этого достаточно для изучения темы и для образовательных целей.

Ответ GigaChat на «запретную» темуСледующий вопрос — попросить показать примеры теста на проникновение с использованием межсайтового скриптинга (XSS).

GigaChat может сгенерировать код шаблона для NucleiСледующий пример – генерация кода для ПО Burp Suite.

GigaChat способен написать самостоятельно программу на PythonНаписание кода чат-ботов – тоже полезная функция, которую так и хочется возложить на GigaChat.

Оценка GigaChat для программного кода с точки зрения безопасности, производительности, примененияИспользование GigaChat в работе опытных разработчиковИИ привносит в работу разработчиков и пользователей существенные изменения.

Для защиты от атак на кластеры контейнеризации в PT Container Security предусмотрено несколько уровней защиты.

Архитектура PT Container Security при работе с runtimeСистемные требования PT Container SecurityСервер, на котором выполняется установка PT CS, должен соответствовать минимальным требованиям, приведённым в таблице.

Просмотр образов в PT Container SecurityРеагирование в системе производится при помощи уведомления ответственных пользователей либо блокировки.

Необработанные данные события в PT Container SecurityОдной из ключевых возможностей PT Container Security является построение дерева процессов.

Раздел детекторов в PT Container SecurityВыводыPT Container Security позволяет обеспе…

Этой темой необходимо активно заниматься: хакеры продолжают наращивать свою деятельность и в рамках хактивизма, и для получения финансовой выгоды, и для отвлечения внимания в процессе более тонких и целенаправленных атак.

Иногда важно помогать клиенту видеть общую картину его инфраструктуры и не забывать о защите всех её элементов.

Эксперт напомнил, что в России есть дополнительный эшелон в виде Национальной системы противодействия DDoS-атакам (НСПА).

Если решения и в облаке, и в on-premise работают одинаково хорошо, обмен данными будет быстрым и качественным.

Часть II: сравнение облачных сервисов защиты от DDoSВторая часть эфира была посвящена сравнению лучших российских сервисов защиты от…

Как сообщает официальный сайт МЦСТ, работа над данной архитектурой началась в 1986 году в Институте точной механики и вычислительной техники (ИТМ и ВТ) им.

Американский Конгресс в 2023 году пытался ограничить доступ к разработкам RISC-V для китайских компаний, но оказалось, что сделать этого невозможно.

Главная проблема, однако, состоит в том, что чипов не хватает для внутренних нужд госучреждений и компаний самого Китая, так что экспорт их запрещен.

Так что не случайно, что в этот лагерь переметнулись те, кто пытался сделать ставки на другие архитектуры.

Однако ясно, что для критически важных применений она не годится в силу закрытости используемых архитектур и зарубежного происхождения.

Санкции 2022 года сильно усложнили отношения Microsoft с российскими компаниями. Отказ от продления лицензий в сентябре 2023 года вызвал многочисленные иски с требованиями компенсаций. Однако политика Трампа даёт надежду на возвращение западных ИТ-компаний. Какое будущее ждёт Microsoft в России? ВведениеMicrosoft в России до санкцийСанкционная эпохаПоддержка Microsoft в адрес Байдена и Харрис во время выборов 2024 года в СШАНаступит ли «оттепель» в 2025?Microsoft и российские компании в 20256.1. «Газпромбанк»6.2. «Лента»Как может выглядеть возврат Microsoft на российский рынок?ВыводыВведениеMicrosoft — компания, влияние которой на мировой технологический ландшафт неоспоримо. Независимо от т…

PT Dephaze: потребность в продукте, ожидаемые функции27 февраля компания Positive Technologies объявила о выпуске нового продукта — PT Dephaze.

Анонс PT Dephaze в «Кибердоме»PT Dephaze устанавливается внутри корпоративной инфраструктуры и предназначен для автоматического тестирования на проникновение.

Фактически речь идёт о дополнительных проверках, и поэтому PT Dephaze не заменяет услуги классического пентеста, а дополняет их.

«В основу PT Dephaze заложены прежде всего многолетний опыт в пентестах и знания, которые были накоплены экспертами центра PT Expert Security Center (PT ESC) и постоянно обновляются.

Поэтому любая возможность управления из элементов, связанных с LLM, сейчас отсутству…

Общая идея подходаРазработанное решение выявляет два варианта атаки, не обнаруживаемых правилами без дополнительной адаптации к особенностям защищаемой системы, – flood-атаку и атаку с фиксированной частотой.

Обнаружение атаки с фиксированной частотойВ этом сценарии злоумышленник отправляет запросы с равномерным интервалом.

Для записи датасета с атакой с фиксированным интервалом злоумышленник отправляет запросы с равномерно, с повторяющимся интервалом (например, каждую секунду или с другой постоянной периодичностью).

Минимизировать FPR для атаки с фиксированной частотой удалось за счёт фильтрации предварительных выбросов (порог LOF – 1.5) и статистической проверки распределения (критерий Ко…

Помощники кодирования на основе ИИ как часть критической инфраструктурыОпрос GitHub 2024 года показал, что многие корпоративные разработчики используют AI-инструменты в процессе написания кода.

Файл правил как новый вектор атакиИсследуя, как команды разработчиков обмениваются конфигурацией ИИ, наши исследователи безопасности выявили критическую уязвимость в том, как помощники по кодированию на основе ИИ обрабатывают контекстную информацию, содержащуюся в файлах правил.

Вместе эти компоненты создают высокоэффективную атаку, которая остается незамеченной как на этапе генерации, так и на этапе проверки.

В следующем видео демонстрируется тот же процесс атаки в среде GitHub Copilot, показывающий…

Продолжаем разбираться с основными уязвимостями и тем, как защищать сайты на Битрикс от этих угроз.

Например, если пользователь авторизуется на сайте, а затем перейдёт по ссылке с другого сайта, куки с SameSite=Strict не будут отправлены.

Можно обойти ограничения с помощью перенаправлений на клиентской стороне (актуально и для Strict) и много чего ещё можно сделать.

Владельцы сайтов по-разному подходят к вопросам баланса между безопасностью и удобством, и они имеют на это полное право.

Нельзя выставить всем одинаковый Strict или Lax, так как требования к функциональности и безопасности варьируются в зависимости от типа сайта.

В середине марта 2025 года Роскомнадзор направил в Google 47 запросов на удаление VPN-сервисов из Google Play, что стало самым массовым потоком подобных запросов за последние полгода.

Ранее, в июле 2024 года, Apple по требованию Роскомнадзора удалил из российского сегмента App Store более 100 VPN-приложений, включая такие популярные сервисы, как Proton VPN и NordVPN, а также наш AmneziaVPN.

Перейдите в Настройки → Apple ID → Семья и примите приглашение.

AndroidСмена РегионаПока AmneziaVPN и многие другие VPN есть в Google Play, однако не исключено, что Google может последовать примеру Apple и начать удалять VPN из российского Google Play.

Установка напрямую через APK-файлAmnezia VPN можно с…

Поскольку предсказатель ветвлений обучается, Spectre может использовать спекулятивные вычисления, чтобы пробраться в код, в затем в оперативную память и данные об исполняемых программах.

"); } } printf(""); } free(map); return EXIT_SUCCESS; }Решения по закрытию уязвимости Spectre на процессорах Intel, AMD, ARMПоскольку Spectre — аппаратная уязвимость, закрыть её практически невозможно.

В августе 2024 года пользователь numas13 предоставил Proof-Of-Concept в репозитории https://github.com/numas13/spectre2k, который помог проверить процессоры семейства Эльбрус на аппаратную уязвимость Spectre.

Результаты тестирования процессоров Эльбрус на уязвимость SpectreОднако в режиме безопасных вычислени…

В этой статье мы разберём, почему "Security through obscurity" не работает, приведем примеры провальных применений этого принципа и объясним, как на самом деле можно обеспечить безопасность цифрового продукта.

Пример 1: Пароль в исходном кодеДопустим, разработчик встроил пароль администратора прямо в код программы, думая, что никто его не найдёт.

Пример 2: Алгоритм шифрования в проприетарном ПОКомпания XYZ разработала собственный алгоритм шифрования и не публиковала его описание, полагаясь на "security through obscurity".

Принцип Керкгоффса: "Система должна оставаться безопасной, даже если всё, кроме ключа, известно противнику"Голландский криптограф Огюст Керкгоффс сформулировал правило раз…

Данный метод работает только на MC и NGFW начиная с версии 7.х (7.1.2, 7.2.0 и т.

Переведите новую ноду в Management Center в режим ручной синхронизацииРучная синхронизация помогает избежать случайной загрузки нежелательных настроек на ноду.

Главная проблема при замене ноды в кластере состоит в том, что из MC нельзя полностью удалить устройство.

А когда добавляете новую ноду в кластер конфигурации, она автоматически появляется в разделе Кластер отказоустойчивости.

В заключение хочется сказать, что замена ноды в кластере UserGate может показаться нетривиальной задачей, но разработчики здорово упростили процесс в седьмой версии NGFW и MC.

Меня зовут Андрей Тюленев, я старший специалист отдела обнаружения атак в сети в Positive Technologies.

Сегодня я расскажу, как выглядит работа специалиста по обнаружению атак, какие инструменты мы используем, как попасть в эту профессию и какие скилы реально важны.

Оставалось выяснить, как именно он туда проник, и для этого пришлось копнуть глубже.

Наши разработки интегрируются и в другие решения компании, например в PT NGFW, PT Industrial Security Incident Manager и PT Sandbox, но в первую очередь я работаю именно с PT NAD.

По итогам обучения меня пригласили сразу несколько команд, и я выбрал отдел PT ESC и направление обнаружения атак по сети, где работаю до сих пор.

В нашем решении для безопасного управления жизненным циклом секретов Deckhouse Stronghold появился механизм репликации для хранилищ KV1/KV2.

Другой пример: обновление скомпрометированных паролей на всей сети или переезд с Vault на Stronghold в рамках импортозамещения.

Мы решили переосмыслить его в Deckhouse Stronghold и для начала реализовали репликацию хранилищ типа KV1/KV2.

Аналогично на серверах Stronghold 2 и Stronghold 3 есть свои KV, причём они одновременно настроены на разные удалённые серверы.

Узнать больше о настройках репликации в Stronghold можно в документации.

Один из популярных способов обмана — это создание ложных возможностей для заработка на разнице курсов криптовалют (арбитраж) на известных биржах.

Заблокированные аккаунты мошенников на одной из платформЗаблокированное объявление мошенников на одной из платформКак правило, после отклика на «вакансию» соискатель получает приглашение со ссылкой на Telegram-канал «работодателя».

Перейдя по ссылке, кандидат попадает либо на поддельный аккаунт мошенника, который, в свою очередь, перенаправляет его в Telegram-бот, либо сразу в Telegram-бот.

Знакомство и установление доверительных отношений«Куратор» начинает с дружелюбного знакомства с жертвой, выясняет опыт работы человека с криптовалютой и объясн…

Складывается впечатление, что приложения и боты находятся в «слепой зоне», и, в отличие от сайтов, наполнение которых давно регламентировано, они обитают в отдельной вселенной, где работают отдельные правила… Только знаете, в чем правда?

Как и на сайтах, в ботах и приложениях необходимо опубликовать:Политику конфиденциальности для мобильного приложения или бота [ССЫЛКА].

Дело в том, что в политике конфиденциальности Telegram указано: «Если Вы зарегистрировались в Telegram из Европы, Ваши данные хранятся в дата-центрах в Нидерландах».

Как настроить работу приложений и ботов с персональными даннымиТак же, как с сайтом — уведомить РКН о сборе, хранении и обработке персональных данных.

Аналогич…

Идея заключается в том, что вы получаете текстовое сообщение с пин-кодом для ввода в дополнение к вашему паролю.

Это очень важно, потому что просто нет необходимости и это совершенно безумно, что случайные интернет-продавцы должны узнавать ваш физический адрес.

Мне нравится и я использую NextDNS, который блокирует все виды рекламы и трекеров.

Мне нравится (и я использую) The Little Snitch, который я установил и запустил на своем MacBook.

И я хочу платить за используемое мной программное обеспечение, чтобы стимулы были согласованы, и чтобы я был клиентом.

В 2017 небольшая конфигурационная ошибка обрушила пол-интернета (привет AWS outage) – а неправильный YAML в mesh может компрометировать безопасность всего кластера.

Были прецеденты, например, уязвимость, позволявшая вызвать отказ в обслуживании istiod без аутентификации (Stack exhaustion DoS) исправлялась в Istio – ТЫК.

Атака на уязвимость data plane может привести к DoS (отказу в обслуживании) или, в худшем случае, удалённому выполнению кода в прокси.

В крупных компаниях mesh обновляют весьма часто: например, Pinterest встроил обновление service mesh в свой PaaS, чтобы разработчики получали свежие версии “под капотом” без усилий – ТЫК.

Как отмечает документация Istio, mesh не рассматривает…

Это так называемый рабочий процесс или GitHub Actions , позволяющий выполнять определенные операции над исходным кодом прямо в репозитории GitHub.

Инцидент подробно освещался ( пост на Хабре, статья в издании Ars Technica, обзорная публикация в блоге «Лаборатории Касперского»), и на то есть причины.

Он использовался как минимум в 23 тысячах репозиториев кода на GitHub.

В пятницу 14 марта в код changed-files было внесено вредоносное дополнение, которое первыми обнаружили исследователи из компании Step Security.

Впрочем, надежнее будет провести такую ротацию всем владельцам репозиториев, которые в принципе использовали changed-files, — на всякий случай.

Собрали интересные факты из исследования:В 3–3,5 раза выросло количество кибератак и инцидентов ИБ в России с 2021 по 2023 год.

От 10% до 25% инцидентов ИБ в России — политически мотивированы.

Все это факторы привели к тому, что Россия входит в топ-10 стран по размерам рынка ИБ.

Для понимания, сейчас ИБ-рынок составляет 299 млрд рублей и в 2022–2024 году рос среднегодовыми темпами в 25%.

SOC-аналитиков, DevSecOps и реверс-инженеров не хватает, а автоматизация не всегда закрывает проблему.

При этом страницы-ловушки и ссылки остаются невидимыми для обычных посетителей и недоступны им, чтобы люди не наткнулись на них случайно.

«Ни один живой человек не станет углубляться на четыре ссылки в лабиринт сгенерированной искусственным интеллектом чепухи, — пишут разработчики Cloudflare.

Отметим, что инженеры Cloudflare — не первые, кто придумал создавать лабиринты и хитроумные ловушки для ИИ-краулеров.

В отличие от создателя Nepenthes, Cloudflare позиционирует «ИИ лабиринт» как законную защитную функцию, которой может воспользоваться любой клиент.

Сообщается, что в будущем планируется доработать AI Labyrinth таким образом, чтобы фальшивый контент стало сложнее обнаруживать, а поддельн…

Многие интернет-провайдеры по всему миру оповестили своих клиентов о сбоях, начавшихся в минувшие выходные и вызванных проблемами в работе маршрутизаторов DrayTek.

Представители компании DrayTek уже опубликовали бюллетень, посвященный этому инциденту, в котором содержится руководство по устранению проблем с бесконечной перезагрузкой маршрутизаторов.

— Если удаленный доступ включен, отключите его, если в этом нет крайней необходимости.

Используйте списки контроля доступа (ACL) и, по возможности, включите 2ФА.

Кроме того, компания предоставила пострадавшим интернет-провайдерам список рекомендуемых мер по восстановлению соединения, но не объяснила причину, по которой устройства DrayTek периоди…

Тогда исследователь заверил, что он не передавал кому-либо обнаруженные данные и уничтожил все образцы, к которым получил доступ.

До недавнего времени никаких других свидетельств компрометации БД у Keenetic не было, и о произошедшем не сообщалось публично.

В частности, утечка не коснулась данных RMM, данных учетных записей Keenetic, приватных ключей, а также конфигурации туннелей WireGuard VPN и данных OpenVPN.

«Массив данных включает учетные данные администраторов, обширные пользовательские данные, информацию о Wi-Fi, специфических настройках устройств и сведения о сетях.

Расследование Cybernews показало, что сервер, с которого утекли данные, скорее всего, находился под управлением российс…

Компания Operation Zero, которая позиционирует себя как российская платформа, занимающаяся приобретением и продажей 0-day эксплоитов для российского правительства и местных компаний, объявила, что ищет эксплоиты для мессенджера Telegram и готова предложить за них до 4 млн долларов США.

Брокер уязвимостей заявил, что готов заплатить до 500 000 долларов за one-click эксплоит для удаленного выполнения кода (RCE), до 1,5 млн долларов за zero-click эксплоит и до 4 млн долларов за «полную цепочку», что подразумевает несколько уязвимостей, объединение которых в цепочку позволит перейти от компрометации аккаунта в Telegram ко взлому всей ОС или устройства.

Он заявил изданию, что названные Operation…

Разработчики Veeam патчат критическую уязвимость удаленного выполнения кода (CVE-2025-23120) в Backup & Replication.

Уязвимость затрагивает Veeam Backup & Replication версии 12.3.0.310, а также все предыдущие сборки 12-й версии.

Эксперты отмечают, что CVE-2025-23120 затрагивает только те установки Veeam Backup & Replication, которые подключены к домену.

Из-за этого вымогательские группировки нередко нацеливаются на серверы Veeam Backup & Replication, поскольку это позволяет без труда похитить данные и заблокировать попытки восстановления данных путем удаления резервных копий.

Компаниям, использующим Veeam Backup & Replication, рекомендуется как можно скорее обновиться до версии 12.3.1.

Справка: сканирование портовСка­ниро­вание пор­тов — стан­дар­тный пер­вый шаг при любой ата­ке.

Он поз­воля­ет ата­кующе­му узнать, какие служ­бы на хос­те при­нима­ют соеди­нение.

На осно­ве этой информа­ции выбира­ется сле­дующий шаг к получе­нию точ­ки вхо­да.

На­ибо­лее извес­тный инс­тру­мент для ска­ниро­вания — это Nmap.

Улуч­шить резуль­таты его работы ты можешь при помощи сле­дующе­го скрип­та:#!/ bin/ bash ports = $( nmap -p- --min-rate = 500 $1 | grep ^[ 0- 9] | cut -d '/ ' -f 1 | tr ' ' ', ' | sed s/, $/ / ) nmap -p $ports -A $1

Министерство финансов США объявило о снятии санкций с децентрализованного криптовалютного миксера Tornado Cash, который власти ранее связывали с северокорейскими хакерами из группировки Lazarus и отмыванием сотен миллионов долларов.

Хакеры утверждают, что похитили 6 млн записей с федеративных SSO-логин-серверов Oracle Cloud.

Злоумышленник под ником rose87168 опубликовал на хакерском форуме BreachForums данные, якобы похищенные из Oracle Cloud.

Rose87168 сообщил журналистам, что получил доступ к серверам Oracle Cloud около 40 дней назад и якобы отправил компании электронное письмо после извлечения данных из облачных регионов US2 и EM2.

В письме он потребовал у Oracle выкуп в размере 100 000 XMR, а в обмен обещал рассказать, как именно скомпрометировал серверы.

В свою очередь, представители Oracle и заявили Bleeping Computer, что никакого взлома не было.

Представители Lovit сообщили, что DDoS-атака началась около полудня 21 марта 2025 года, и в результате инцидента оказались затронуты ключевые элементы инфраструктуры, что «привело к временным техническим трудностям в работе сервисов».

Ситуация осложнилась тем, что Lovit является единственным провайдером в домах «ПИК».

В субботу, 22 марта, в компании сообщили, что доступ в интернет полностью восстановлен, и порекомендовали абонентам перезагрузить роутер, если проблемы сохраняются.

«Все клиентские платформы доступны только из сети Lovit и не доступны из внешней.

В Роскомнадзоре подтвердили, что Lovit подвергся DDoS-атаке.

Сидишь в четырех сте­нах, как в клет­ке.

Ну, в смыс­ле, зас­лать кое‑что в Шта­ты и сде­лать так, что­бы эта посылоч­ка ока­залась в нуж­ное вре­мя и в нуж­ном мес­те?

Он мог сво­бод­но заходить в сто­ловую, в курил­ку, в зал для отды­ха и в перего­вор­ную, но в дру­гие помеще­ния и на смеж­ные эта­жи хода не было.

— Он текущую геопо­зицию вычис­ляет и переда­ет на уда­лен­ный сер­вак с задан­ным интерва­лом, — на вся­кий слу­чай пояс­нил Кирилл.

Сам глянь, и в «Эклипсо­ре», и в тво­ем сем­пле он прак­тичес­ки оди­нако­вый.

Издание «Русбейс» сообщает, что за последнюю неделю Роскомнадзор направил компании Google запросы на удаление десятков VPN-сервисов из магазина Google Play.

Данные о запросах ведомства содержатся в Lumen Database — открытой базе данных, куда Google и другие зарубежные сервисы передают информацию о поступающих к ним запросах на удаление материалов.

«Русбейс» сообщает, что изучение статистики Lumen Database за последние полгода показывает, что ранее Роскомнадзор не отправлял запросы на удаление VPN из Google Play с такой частотой.

По информации из Lumen Database, теперь, в числе прочего, Роскомнадзор требует удаления из Google Play VPN-сервиса WARP компании Cloudflare, а также других VPN, кот…

Производитель сетевого оборудования, компания Keenetic, предупреждает пользователей, зарегистрировавшихся до 16 марта 2023 года, о несанкционированном доступе к БД своего мобильного приложения.

Тогда исследователь заверил компанию, что не передавал кому-либо обнаруженные данные и уничтожил те образцы, к которым получил доступ.

До недавнего времени никаких других свидетельств компрометации БД у компании не было.

В частности, утечка не коснулась данных RMM, данных учетных записей Keenetic, приватных ключей, а также конфигурации туннелей WireGuard VPN и данных OpenVPN.

Отдельно подчеркивается, что Keenetic не собирает, не хранит и не анализирует данные о платежных картах или связанных с ними у…

Есть нес­коль­ко инс­тру­мен­тов для рас­паков­ки package , но про­ще все­го ока­залось работать с ним в Sims 4 Studio.

Пар­серы лежащих в package фай­лов тоже могут содер­жать ошиб­ки, как я это показы­вал в недав­ней статье про GTA Vice City, а зна­чит, могут при­вес­ти к исполне­нию про­изволь­ного кода.

Соз­даем исходный скрипт в пап­ке для модифи­каций, нап­ример по пути Mods\ test\ Scripts\ test_mod.

commands @sims4.

В любом слу­чае метод нападе­ния уже понятен — вре­донос­ный скрипт на Python внут­ри фай­ла ts4script .

A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin.

It's also referred to as a QNAP worm owing to the use of compromised QNAP devices to retrieve the payload.

The U.S. government has since revealed that the Russian nation-state threat actor tracked as Cadet Blizzard may have used Raspberry Robin as an initial access facilitator.

A deeper investigation of the infrastructure has revealed that the Raspberry Robin C2 domains are short – e.g., q2[.

A majority of the identified C2 domains have name servers on a Bulgarian company named ClouDNS.

"Using web shells and tunneling, the attackers maintained persistence and facilitated cyber espionage," Sygnia said.

"The group behind this intrusion [...] aimed to gain and maintain continuous access to telecommunication providers and facilitate cyber espionage by collecting sensitive information."

The attack chain is said to have involved the exploitation of a public-facing application to drop two different web shells, an encrypted variant of China Chopper and a previously undocumented malicious tool dubbed INMemory.

"The 'INMemory' web shell executed the C# code contained within a portable executable (PE) named 'eval.dll,' which ultimately runs the payload delivered via an HTTP request,"…

Imagine other unforeseen critical security risks:Each SaaS app has unique security configurations —making misconfigurations a top risk.

AI: The Only Way to Keep UpThe complexity of SaaS security is outpacing the resources and effort needed to secure it.

AI-driven security solutions like AskOmni by AppOmni—which combine Generative AI (or GenAI) and advanced analytics—are transforming SaaS security by:✓ Delivering instant security insights through conversational AI.

With multi-lingual support, teams worldwide can interact with security data in their native language—enhancing accessibility and response times.

Organizations using AI-powered security tools will gain a critical edge in protecting…

Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft's .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users.

.NET MAUI is Microsoft's cross-platform desktop and mobile app framework for creating native applications using C# and XAML.

It's worth noting that official support for Xamarin ended on May 1, 2024, with the tech giant urging developers to migrate to .NET MAUI.

While Android malware implemented using Xamarin has been detected in the past, the latest development signals that threat actors are continuing to adapt and refine their tactics by developing…

Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025.

Another notable operation involved the arrest of 40 people by South African authorities and the seizure of more than 1,000 SIM cards that were used for large-scale SMS phishing attacks.

"Their tactics included posing as telecommunications employees and claiming fake 'jackpot' wins to extract sensitive information and gain access to victims' mobile banking accounts," INTERPOL said.

"After compromising these servers, he exfiltrated the victim's data and, in some cases, e…

It's worth noting that the shortcomings do not impact NGINX Ingress Controller, which is another ingress controller implementation for NGINX and NGINX Plus.

IngressNightmare, at its core, affects the admission controller component of the Ingress NGINX Controller for Kubernetes.

Ingress NGINX Controller uses NGINX as a reverse proxy and load balancer, making it possible to expose HTTP and HTTPS routes from outside a cluster to services within it.

Following responsible disclosure, the vulnerabilities have been addressed in Ingress NGINX Controller versions 1.12.1, 1.11.5, and 1.10.7.

As mitigations, it's advised to limit only the Kubernetes API Server to access the admission controller and te…

Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser.

The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek.

The Microsoft Purview browser data loss prevention (DLP) controls come as the company announced the General Availability of collaboration security for Microsoft Teams in an effort to tackle phishing attacks against users of the enterprise communication app.

"Suspicious files and URLs are automatically executed in a secure, isolated environment…

A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025.

"The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit.

It also employs what's called the double extortion model of stealing data prior to encryption and threatening to leak the information unless the victim pays up.

"With a user-friendly control panel and frequent updates, VanHelsing is becoming a powerful tool for cybercriminals," Check Point said.

Within just two weeks of its launch, it has already caused significant damage, infecting multiple victims and demanding hefty ransoms.

Microsoft said it first detected the malware in November 2024 in limited attacks, but the exact delivery mechanism remains unclear.

Microsoft said it first detected the malware in November 2024 in limited attacks, but the exact delivery mechanism remains unclear.

— A large-scale ad fraud campaign has resulted in more than 60 million downloads of malicious apps from the Google Play Store.

The development comes as cybercriminals are abusing Microsoft's Trusted Signing platform to sign malware executables with short-lived three-day certificates.

The development comes as cybercriminals are abusing Microsoft's Trusted Signing platform to sign malware executables with short-lived three-day certif…

Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that's under development to its users.

Both the extensions, per ReversingLabs, incorporate code that's designed to invoke a PowerShell command, which then grabs a PowerShell-script payload from a command-and-control (C2) server and executes it.

The payload is suspected to be ransomware in early-stage development, only encrypting files in a folder called "testShiba" on the victim's Windows desktop.

"Attackers used typosquatting — creating a nearly identical name to trick developers into adding the malicious package," security researcher Kush …

If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don't prioritize strong password security.

By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience (UX).

This article explores how to achieve the perfect balance between strong password security and a seamless user experience, even as the standards for strong passwords continue to evolve.

Find the balance between password security and UXIn short, strong security measures shouldn't come at the cost of frustrating users, nor should convenience lead to weak cyber defenses.

Speak to an expert to…

A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions.

"Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an advisory.

"It was possible to skip running middleware, which could allow requests to skip critical checks—such as authorization cookie validation—before reaching routes."

"The vulnerability allows attackers to easily bypass authorization checks performed in Next.js middleware, potentially allowing attackers access to sensitive web pages reserved for admins or other high-privileged users," …

The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase's open-source projects, before evolving into something more widespread in scope.

"However, the attacker was not able to use Coinbase secrets or publish packages."

"The initial scale of the supply chain attack sounded scary, considering that tens of thousands of repositories depend on the GitHub Action," security researcher Henrik Plate said.

"These findings indicate that the attacker is highly skilled and has a deep understanding of CI/CD security threats and attack tactics."

"However, when targeting Coinbase, the attacker specifically fetched the GITHUB…

The U.S. Treasury Department has announced that it's removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds.

"Based on the Administration's review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring within evolving technology and legal environments, we have exercised our discretion to remove the economic sanctions against Tornado Cash," the Treasury said in a statement.

The department's Office of Foreign Assets Control (OFAC) added Tornado Cash to its sanctions list in August 2022.

"Digital assets…

Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023.

The foothold is then used to drop several open-source tools to conduct network reconnaissance, system information gathering, and lateral movement.

The threat actor has also been leveraging tools like Mimikatz, LaZagne, and a browser-based extractor dubbed BrowserDataLite to harvest credentials to further burrow deep into the target environment via RDP, WMIC, or Impact.

The threat actor also engages in systematic data theft by enumerating local and shared drives to find data of interest.

"The activity that we monitored suggests that the post-…

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managersESET researchers have observed a malicious campaign where North Korea-aligned threat actors, posing as headhunters, target freelance software developers with info-stealing malware.

The activities – named DeceptiveDevelopment and going back to at least November 2023 – involve spearphishing messages that are being distributed on job-hunting and freelancing sites and ask the targets to take a coding test, with the files necessary for the task usually hosted on private repositories such as GitHub.

These files are lade…

Key points of this blogpost: DeceptiveDevelopment targets freelance software developers through spearphishing on job-hunting and freelancing sites, aiming to steal cryptocurrency wallets and login information from browsers and password managers.

However, while Operation DreamJob targeted defense and aerospace engineers, DeceptiveDevelopment reaches out to freelance software developers, often those involved in cryptocurrency projects.

VictimologyThe primary targets of this DeceptiveDevelopment campaign are software developers, mainly those involved in cryptocurrency and decentralized finance projects.

In addition to the connections between the GitHub profiles, the malware used in DeceptiveDe…

What do job termination scams look like?

At their simplest, job termination scams are a type of phishing attack designed to trick you into handing over your personal and financial information, or on clicking on a malicious link which could trigger a malware download.

Termination scams are effective because they exploit the credulity of human beings, creating a sense of dread among the victim, and instilling an urgent need for action.

How to spot a job termination scamAs with any phishing attack, there are a few warning signs which should flash red if such an email ends up in your inbox.

Staying safeTo ensure you don’t get caught out by job termination scams, understand the warning signs lis…

Most people acknowledge that climate change is real and human-driven, yet many still struggle to see how it directly affects their lives.

To bridge this gap, Dr. Katharine Hayhoe introduces a simple but powerful equation:Science + Worry + Action = HopeAs one of the world’s most effective climate communicators, Dr. Hayhoe maintains that understanding the science (head) isn’t enough – we must also feel its urgency (heart) before we can take meaningful action (hands).

This approach transforms climate awareness into tangible solutions and, indeed, echoes the wisdom of Jane Goodall, who said during her own Starmus talk that “It’s only when our clever brain and our human heart come together that …

Enter loot boxes, skin betting, and other microtransactions that have become a controversial feature of many video games.

Studies estimate that by the end of 2025, loot boxes will generate over US$20 billion in revenue.

Here’s a snapshot of legislative action undertaken by some countries vis-à-vis loot boxes and other in-game extras:What can parents do?

The problem with loot boxes and other controversial in-game purchases isn’t going away anytime soon.

Loot boxes and gambling-like mechanics in video games are not just a passing fad, so be aware of the risks.

Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.

That is the reality for penetration testers – or, more broadly, ethical hackers – who get paid to think like criminals so that they can identify and help close security loopholes before the actual bad guys can exploit them.

In this episode of the Unlocked 403 cybersecurity podcast, Becks sits down with ESET penetration testers Tomas Lezovic and Pavol Michalec to give you a peek into the high-stakes world of hacking for good, answering questions like:Why are some organizations hesitant to engage third-party pentesters?

How can something as innocuous as a ladder help breac…

But AI is also used to help cybercriminals be more productive, especially when it comes to identity fraud – the most common fraud type today.

How does AI-driven identity fraud work?

According to one estimate, AI-driven fraud now accounts for over two-fifths (43%) of all fraud attempts recorded by the financial and payments sector.

According to this report, digital forgeries account for over 57% of all document fraud – a 244% annual increase.

According to this report, digital forgeries account for over 57% of all document fraud – a 244% annual increase.

In his talk, Neil Lawrence, the Deep Mind Professor of Machine Learning at the University of Cambridge, tackles the aforementioned fundamental question head-on.

With a career dedicated to understanding the intersection of technology and human potential, Mr. Lawrence explores how intelligent systems can complement, rather than replace, human capabilities.

Indeed, Mr. Lawrence goes on to examine how technological breakthroughs have forced us to reconsider the traits we hold as inherently human.

Each time a machine did something we thought was uniquely human, it cut something away from us.

And if we find what that moment is, does it tell us something about the essence of humanity?

Vulnerability exploitation has long been a popular tactic for threat actors.

Observed cases of vulnerability exploitation resulting in data breaches surged three-fold annually in 2023, according to one estimate.

Another trend is of targeting perimeter-based products with vulnerability exploitation.

Making things worseAs if that weren’t enough to concern network defenders, their efforts are complicated further by:The sheer speed of vulnerability exploitation.

In time, they may even be able to use GenAI to help find zero-day vulnerabilities.

Can our AI systems be far less energy-hungry without sacrificing performance?

In his talk, Roeland Nusselder, a computer scientist and the CEO of Plumerai, explores how the growing scale of AI models, such as those used in machine learning and natural language processing, are becoming ever more resource-intensive.

He goes on to show how the rapid development of AI technologies could potentially overwhelm our current energy infrastructure, unless we make significant innovations to reduce their energy consumption.

To counter this trend, Mr Nusselder introduces the concept of "tiny AI", or AI systems that are optimized to be much smaller, more efficient, and less energy-hungry without sacrific…

Alongside this, DeepSeek has faced intense scrutiny over its privacy and security practices, bringing to light several risks surrounding (not necessarily only DeepSeek’s) AI models.

Scams and malwareOne example comes from a user on X who posted some details about a website that mimics the official one and urges visitors to download what poses as DeepSeek's AI model.

Much like has been the case with TikTok and other Chinese online services, DeepSeek’s data collection practices also garnered scrutiny almost immediately, including from regulatory authorities in the United States, Ireland, Italy and France.

Make sure to also use multilayered security software across all your devices that can go…

DeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacyThe first month of 2025 was another whirlwind month in cybersecurity, with cyber-landscape shifts, new data breaches, and other key stories and developments you shouldn't miss.

In this edition of the monthly roundup, ESET Chief Security Evangelist Tony Anscombe looks at:the furor over an AI model from a little-known Chinese company called DeepSeek that, to almost everyone's surprise, rivals the performance of leading U.S.-made AI models like ChatGPT – apparently at a fraction of the cost while using fewer and…

Types of data poisoningThere are various types of data poisoning attacks, such as:Data injection: Attackers inject malicious data points into the training data to make an AI model alter its behavior.

Attackers inject malicious data points into the training data to make an AI model alter its behavior.

Trigger injection: This attack injects data into the AI model’s training set to create a trigger.

As AI models often use third-party components, vulnerabilities introduced during the supply chain process can ultimately compromise the model’s security and leave it open to exploitation.

While enterprise AI models may not share data with third parties, they still gobble up internal data to improve…

The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanityWhat is our place in the cosmic unfolding?

How did we come to be, and where are we ultimately going in the grand scheme of time?

These are some of the deepest existential questions that the renowned theoretical physicist and best-selling author Brian Greene explored in his Starmus talk.

In doing so, Mr Greene also considers whether these principles offer insights into not just our past, but also our future.

Find out in Mr Greene's talk where he explores the role of time and entropy in shaping everything from the cosmos to h…

Don’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammersOnline gambling is big business.

Topping revenue of $84bn in 2023, the business of online casinos, virtual poker and sports betting is on the rise.

But as the industry grows and new users come online, scammers looking for quick wins are also targeting the online betting and gambling space in ever greater numbers.

From nefarious online casinos to malicious apps and phishing messages, the list of potential fraud channels continues to grow.

PhishingA social engineering technique as old as the internet, it’s no surprise that gambling scammers are also using phishing to ach…

With the adoption of large language models (LLMs) across industries, security teams often play catch-up.

As LLMs are becoming integral to enterprise operations, The Developer’s Playbook for Large Language Model Security aims to be a timely resource for security professionals.

As the founder and project leader at the OWASP Foundation, he spearheads the development of the “Top 10 List for Large Language Model Applications,” a resource for understanding GenAI security risks.

The Developer’s Playbook for Large Language Model Security is a must-read for any security professional safeguarding AI-driven applications.

Its technical depth, practical strategies, and real-world case studies make it a …

New Microsoft Security Copilot agentsMicrosoft is expanding Security Copilot’s capabilities with six new AI agents designed to help security teams tackle high-volume, repetitive tasks.

“Purpose-built for security, agents learn from feedback, adapt to workflows, and operate securely—aligned to Microsoft’s Zero Trust framework,” said Vasu Jakkal, Corporate VP, Microsoft Security.

The new Security Copilot agents are integrated directly into Microsoft’s end-to-end security platform.

Alert Triage Agents in Microsoft Purview focus on data loss prevention and insider risk.

Tanium is launching an Alert Triage Agent that gives analysts more context around each alert so they can make faster decisions.

Demand for vCISO services is on the riseThe demand for vCISO services has skyrocketed in recent years, fueled by the growing number and complexity of cyberattacks targeting SMBs and the constantly increasing compliance requirements.

Getting input from 200 senior service providers leaders, the latest State of the vCISO Survey (2024) revealed that 94% of service providers see demand for vCISO services and 98% of service providers who don’t currently offer vCISO services plan to introduce them in the foreseeable future.

How The vCISO Academy closes this gapThe vCISO Academy offers self-paced, hands-on learning to help service providers gain the skills and knowledge needed to launch and grow th…

Riskonnect announces new AI-based features in its Healthcare Risk & Patient Safety solution.

The new AI capabilities, which are the latest innovations in the provider’s Intelligent Risk features, enable healthcare organizations to make smarter, faster decisionsand accelerate critical operations to minimize risk and deliver safe, high-quality patient care.

The provider has a dedicated innovation lab team that explores risk management use cases for AI and emerging technologies and introduces new features across Riskonnect’s integrated risk management platform.

The new AI features for healthcare organizations are the latest in Riskonnect’s ongoing investments in its Intelligent Risk features.

…

SailPoint announced SailPoint Harbor Pilot, a set of AI agents designed to help identity teams work smarter, respond faster and secure their organizations more efficiently.

Harbor Pilot automates identity security tasks, simplifies workflow creation, and provides AI-driven insights through conversational prompts, reducing administrative burden and improving security posture.

SailPoint Harbor Pilot serves as a force multiplier, enabling security teams to:Quickly access documentation: Security professionals need rapid access to identity security documentation across multiple products and platforms.

With Agent Identity Security, SailPoint extends its leadership in identity security, helping en…

Globalgig announced Premier SSE (Secure Service Edge) Management service, delivering a fully managed security solution designed to enhance the protection of company networks, applications, data, and users.

Globalgig’s Managed SSE, powered by Palo Alto Networks Prisma Access, delivers customers a comprehensive suite of security features that encompass both cloud and network access.

This offering provides organizations with advanced threat defense, continuous security monitoring, and expert management, simplifying SSE deployments while ensuring comprehensive protection.

“Globalgig delivers end-to-end security with Premier SSE Management, providing tailored protection from initial design to se…

Fastly announced a new update to Fastly Bot Management, delivering three key features that help organizations defend against scraping, account takeovers, and spam.

Traditional security solutions often force users to endure tedious interactive challenges like CAPTCHAs to stop threats like account takeovers, fraudulent transactions, data scraping, and spam abuse.

These measures not only disrupt the user experience, but can also drive customers away.

Using real-time analysis of client and server-side characteristics, Fastly applies the least intrusive verification method for legitimate users while increasing difficulty for bots.

When a match occurs, security teams gain real-time signals to res…

BlackCloak has released a new framework, Digital Executive Protection: Framework & Assessment Methodology, setting the standard for digital executive protection (DEP).

While traditional cybersecurity focuses exclusively on corporate systems, the absence of personal digital protection leaves executives’ and their families’ digital lives exposed, creating a risk vector for organizations.

“As physical violence increases and cybercriminals target executives’ personal lives to access company assets, the time is now for clearly defined Digital Executive Protection protocols and guidance,” he continued.

Research shows that 42% of CISOs report attacks targeting executives’ personal lives.

DEP is a …

NetFoundry unveiled a new version of its OT security platform enabling customers to secure critical infrastructure, including for on-premises and air-gapped environments such as substations.

“It is logical for NetFoundry to unveil an on-prem option for its platform, given that many OT customers, particularly those in the field of critical national infrastructure, cannot and/or will not countenance any cloud-based security capability for their environment.”The NetFoundry OT security platform means the OT firewall access control list (ACL) consolidates to one inbound rule: deny-all inbound with no exceptions, even when talking with IT or OEM systems.

The platform provides software-only micros…

Offloads non-critical data to security data lakes , allowing for retroactive analysis without incurring real-time SIEM costs.

Stop DIYing security data managementFor years, security teams had little choice but to repurpose log management tools, custom scripts, and DIY approaches to make sense of security telemetry.

Schema-on-read architectures (common in security data lakes) allow security teams to analyze data on-demand rather than pre-filtering everything before ingestion.

The key is to invest in modern security data pipelines that prioritize efficiency, enrichment, and real-time analytics without the traditional repurposing tax.

Security data should work for youData hygiene is about ensu…

Compared to 2023, 2024 saw a smaller increase in cyberattacks that caused physical consequences on OT organizations, according to Waterfall Security.

As a result, fewer incidents with physical consequences may be publicly reported, despite the growing threat.

Nation-states and hacktivists target physical infrastructureNation state and hacktivist attacks both seek to bring about physical consequences with cyberattacks.

Of the seven incidents reported, five were attributed to Russia’s infamous Sandworm group, which has previously targeted Ukraine’s power grid.

For attacks where the attack pattern could be determined from public records, 13% of attacks with physical consequences directly impac…

In this Help Net Security video, Ev Kontsevoy, CEO at Teleport, explores the risks AI agents pose to computing infrastructure, particularly when exposed to social engineering attacks.

Unlike traditional software, AI agents aren’t fully deterministic, making them more vulnerable to manipulation.

Like all software, we’ll examine how these agents can be exploited through implementation flaws and why this raises new security concerns.

Cyber Security Cloud EngineerWorldpay | India | Hybrid – View job detailsAs a Cyber Security Cloud Engineer, you will implement and manage CNAPP solutions to provide unified security for cloud-native applications, including CSPM and CWPP capabilities.

Enhance security tools on cloud with new features spanning across infra security, end point security and data security domains.

Recommend, deploy and manage strategic security solutions and security control improvements specific to network and cloud security and the enhancing the identification of security events.

Security ResearcherOligo Security | Israel | On-site – View job detailsAs a Security Researcher, you will conduct cutting-edge secu…

How data brokers gather informationData brokers aggregate and analyze information from multiple sources to build detailed consumer profiles.

Data exposure risksThe amount of personal data collected and sold by data brokers can lead to exploitation through scams and even blackmail.

Opt-out of data collection: Many data brokers provide a mechanism for individuals to opt out of their data collection practices.

Some even help you opt-out of future data collection, preventing further accumulation of your personal data across various platforms.

Your rights under data protection lawsYou have the right to access the personal data that data brokers hold about you and request corrections if any of it…

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

My Writings Are in the LibGen AI Training CorpusThe Atlantic has a search tool that allows you to search for specific works in the “LibGen” database of copyrighted works that Meta used to train its AI models.

(The rest of the article is behind a paywall, but not the search tool.)

Still…interesting.

Searching my name yields 199 results: all of my books in different versions, plus a bunch of shorter items.

Posted on March 21, 2025 at 2:26 PM • 0 Comments

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

This is serious:A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories.

The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have originated from an earlier breach of the “reviewdog/action-setup@v1” GitHub Action, according to a report.

[…]CISA confirmed the vulnerability has been patched in version 46.0.1.

Given that the utility is used by more than 23,000 GitHub repositories, the scale of potential impact has raised significant alarm throughout the developer community.

Is Security Human Factors Research Skewed Towards Western Ideas and Habits?

Really interesting research: “How WEIRD is Usable Privacy and Security Research?” by Ayako A. Hasegawa Daisuke Inoue, and Mitsuaki Akiyama:Abstract: In human factor fields such as human-computer interaction (HCI) and psychology, researchers have been concerned that participants mostly come from WEIRD (Western, Educated, Industrialized, Rich, and Democratic) countries.

The usable privacy and security (UPS) field has inherited many research methodologies from research on human factor fields.

We found that the skew toward WEIRD countries in UPS is greater than that in HCI.

Geographic and linguistic barriers in the stud…

New paper: “GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3.”Abstract: Key lengths in symmetric cryptography are determined with respect to the brute force attacks with current technology.

While nowadays at least 128-bit keys are recommended, there are many standards and real-world applications that use shorter keys.

In order to estimate the actual threat imposed by using those short keys, precise estimates for attacks are crucial.

In this work we provide optimized implementations of several widely used algorithms on GPUs, leading to interesting insights on the cost of brute force attacks on several real-word applica…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025.

I’m speaking at the University of Toronto’s Rotman School of Management in Toronto, Ontario, Canada, on April 3, 2025.

The list is maintained on this page.

Posted on March 14, 2025 at 12:03 PM • 1 Comments

There is a new botnet that is infecting TP-Link routers:The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically.

This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks.

The flaw also linked to the Condi and AndroxGh0st malware attacks.

[…]Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and tec…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Lots of interesting details in the story:The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security who allegedly worked with them, and two other alleged hackers who are said to be part of the Chinese hacker group APT27, or Silk Typhoon, which prosecutors say was involved in the US Treasury breach late last year.

[…]According to prosecutors, the group as a whole has targeted US state and federal agencies, foreign ministries of countries across Asia, Chinese dissidents, US-based media ou…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

How are these China-based phishing groups obtaining stolen payment card data and then loading it onto Google and Apple phones?

“I would be shocked if this wasn’t the NFC relay app,” Merrill said, concerning the arrested suspects in Tennessee.

ABC10 reported that while most of those transactions were declined, the suspects still made off with $1,400 worth of gift cards.

In other words, the phishing websites are powered by real human operators as long as new messages are being sent.

For more on how these China-based mobile phishing groups operate, check out How Phished Data Turns Into Apple and Google Wallets.

A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections.

On March 13, a Maryland district court judge ordered the Trump administration to reinstate more than 130 probationary CISA employees who were fired last month.

The message in the screenshot above was removed from the CISA homepage Tuesday evening and replaced with a much shorter notice directing former CISA employees to contact a specific email address.

The White House press secretary told The Times that Starlink had “donated” the service and that the gift had been vetted by t…

ClickFix attacks mimic the “Verify You are a Human” tests that many websites use to separate real visitors from content-scraping bots.

In November 2024, KrebsOnSecurity reported that hundreds of hotels that use booking.com had been subject to targeted phishing attacks.

Earlier this month, the security firm Arctic Wolf warned about ClickFix attacks targeting people working in the healthcare sector.

The company said those attacks leveraged malicious code stitched into the widely used physical therapy video site HEP2go that redirected visitors to a ClickFix prompt.

Alas, the email security vendor Proofpoint has documented plenty of ClickFix attacks via phishing emails that include HTML attachm…

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.

Two of the zero-day flaws include CVE-2025-24991 and CVE-2025-24993, both vulnerabilities in NTFS, the default file system for Windows and Windows Server.

Microsoft credits researchers at ESET with reporting the zero-day bug labeled CVE-2025-24983, an elevation of privilege vulnerability in older versions of Windows.

However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016.

This month’…

Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations.

On March 7, the U.S. Department of Justice (DOJ) unsealed an indictment against Besciokov and the other alleged co-founder of Garantex, Aleksandr Mira Serda, 40, a Russian national living in the United Arab Emirates.

Since those penalties were levied, Garantex has processed more than $60 billion, according to the blockchain analysis company Elliptic.

Mira Serda is allegedly Garantex’s co-founder and chief commercial officer.

Federa…

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022.

“Since we initially disclosed this incident back in 2022, LastPass has worked in close cooperation with multiple representatives from law enforcement,” LastPass said in a written statement.

But on Nov. 30, 2022, LastPass notified customers about another, far more serious security incident that the company said leveraged data stolen in the August breach.

Researchers found that many of the cyberheist victims had chosen master passw…

It is difficult to find another person connected to DOGE who has stronger ties to Musk than Branden Spikes.

In 2012, Spikes launched Spikes Security, a software product that sought to create a compartmentalized or “sandboxed” web browser that could insulate the user from malware attacks.

In 2016, Spikes Security was merged with another security suite called Aurionpro, with the combined company renamed Cyberinc.

The photo of Branden and Natalia above is from one such event in 2011 (tied to russianwhitenights.org, another Haldeman domain).

The Russian Heritage Foundation and the California Russian Association both promote the interests of the Russian Orthodox Church.

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab, KrebsOnSecurity has learned.

Kaspersky began selling antivirus and security software in the United States in 2005, and the company’s malware researchers have earned accolades from the security community for many important discoveries over the years.

But in September 2017, the Department of Homeland Security (DHS) barred U.S. federal agencies from using Kaspersky software, mandating its removal within 90 days.

A second story claimed that Israeli spies caught Russian government hacke…

After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories used by some of the world’s largest corporations.

AT&T reportedly paid a hacker $370,000 to delete stolen phone records.

In several posts to an English-language cybercrime forum in November, Kiberphant0m leaked some of the phone records and threatened to leak them all unless paid a ransom.

The government states that Kiberphant0m privately demanded $500,000 from Victim-1, threatening to release all of the stolen phone records unless he was paid.

Days after he apparently finished communicating with Country-1’s military intelligence service, Wagenius Googled, ‘can ha…

The Trump administration has fired at least 130 employees at the federal government’s foremost cybersecurity body — the Cybersecurity and Infrastructure Security Agency (CISA).

APPOINTMENTSTrump’s efforts to grab federal agencies by their data has seen him replace career civil servants who refused to allow DOGE access to agency networks.

NextGov notes that the National Security Agency suspended her clearance in 2021, although the exact reasons that led to the suspension and her subsequent leave were classified.

DarkReading reports that Cairncross would share responsibility for advising the president on cyber matters, along with the director of cyber at the White House National Security Coun…

Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers.

After all, most one-time codes used for mobile wallet provisioning are generally only good for a few minutes before they expire.

Experts say the continued reliance on one-time codes for onboarding mobile wallets has fostered this new wave of carding.

Both companies could easily tell which of their devices suddenly have 7-10 different mobile wallets added from 7-10 different people around the world.

They could also recommend that financial institutions use more secure authentication methods for mobile wallet provisioning.

In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies.

Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership with the company.

But nearly a year later, Mozilla is still promoting it to Firefox users.

Mozilla offers Onerep to Firefox users on a subscription basis as part of Mozilla Monitor Plus.

Several readers have shared emails they received from Radaris after attempting to remove their personal data, and those messages show Radaris has been promoting Onerep.

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.

This patch should be a priority for enterprises, as Microsoft says it is being exploited, has low attack complexity, and no requirements for user interaction.

One vulnerability patched today that was publicly disclosed earlier is CVE-2025-21377, another weakness that could allow an attacker to elevate their privileges on a vulnerable Windows system.

“Accordingly, Microsoft assesses exploitation as more likely.”The SANS Internet Storm Center has a handy list of all the Microsoft patches released tod…

“I don’t think there’s a lot of money to be made in the com,” Rivage lamented.

2025-02-05 16:29:44 UTC vperked#0 they got this nigga on indiatimes man2025-02-05 16:29:46 UTC alexaloo#0 Their cropping is worse than AI could have done2025-02-05 16:29:48 UTC hebeatsme#0 bro who is that2025-02-05 16:29:53 UTC hebeatsme#0 yalla re talking about2025-02-05 16:29:56 UTC xewdy#0 edward2025-02-05 16:29:56 UTC .yarrb#0 rivagew2025-02-05 16:29:57 UTC vperked#0 Rivarge2025-02-05 16:29:57 UTC xewdy#0 diamondcdm2025-02-05 16:29:59 UTC vperked#0 i cant spell it2025-02-05 16:30:00 UTC hebeatsme#0 rivage2025-02-05 16:30:08 UTC .yarrb#0 yes2025-02-05 16:30:14 UTC hebeatsme#0 i have him added2025-02-05 16:30:2…

DeepSeek’s rapid rise caught the attention of the mobile security firm NowSecure, a Chicago-based company that helps clients screen mobile apps for security and privacy threats.

In a teardown of the DeepSeek app published today, NowSecure urged organizations to remove the DeepSeek iOS mobile app from their environments, citing security concerns.

Hoog told KrebsOnSecurity there were a number of qualities about the DeepSeek iOS app that suggest the presence of deep-seated security and privacy risks.

Perhaps more concerning, NowSecure said the iOS app transmits device information “in the clear,” without any encryption to encapsulate the data.

“The DeepSeek iOS app globally disables App Transpo…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

In episode 409 of the “Smashing Security” podcast, we uncover the curious case of the Chinese cyber-attack on Littleton’s Electric Light Company, and a California landlord’s hidden camera scandal.

Find out about this, and more, in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

A security researcher has discovered that the websites of over 100 car dealerships have been compromised in a supply-chain attack that attempted to infect the PCs of internet visitors.

As researcher Randy McEoin explains in a blog post, cybercriminals infected the systems of LES Automotive, a company which provides a video services to help car dealerships market vehicles online.

Press Windows Button "Windows" + R 2.

And this is what is somewhat ingenious, because the malicious hackers have cleverly waltzed around the protection of traditional security tools.

If a PC is unfortunate enough to become infected by SectopRAT, malicious hackers can steal sensitive data from the infected computer s…

Graham wonders if AIs have feelings, and Mark introduces Graham to the reversal curse and explains why AIs don’t know what happened.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more informati…

An ingenious phishing scam is targeting cryptocurrency investors, by posing as a mandatory wallet migration.

The emails, which have the subject line "Migrate to Coinbase wallet", have been sent out at a large scale claiming that court order has forced Coinbase to change the way it operates.

Coinbase will operate as a registered broker, allowing purchases, but all assets must move to Coinbase Wallet."

Recipients are urged to download the Coinbase Wallet app, and import the sequence of words into it - creating a new wallet for their funds.

The attacker can then plunder the account for NFTs and cryptocurrency, transferring them into a wallet that they solely control.

That's the warning that has been issued by the FBI, whose Denver Field Office raised the alarm about the danger of boobytrapped file-conversion tools being used to spread malware.

Marvin Massey, an assistant special agent at the FBI's Denver field office told the media that the scam has become "rampant" across the United States, and that an incident was recorded within the Denver Metro area in the last two weeks.

According to the FBI, many victims are not aware that their computers have become infected until it is too late.

"The best way to thwart these fraudsters is to educate people so they don't fall victim to these fraudsters in the first place," said FBI Denver Special Agent in Charge …

Leaving your 'cast powered on and connected to the 'net should be enough to pick up the fix.

The firmware update shifts the devices over to a new Google-owned certificate authority, with an expiry date of 2045.

Which means Chromecast users should have an extra 20 years to finish the binge of their favourite Netflix series, huzzah!

The news can't have come too soon for the many Chromecast users who have found themselves unable to stream their favourite TV shows, movies, and other media.

Many users have expressed their annoyance with Google about the length of time it has taken the tech giant to contact affected users.

Many users of second-generation Chromecast and Chromecast Audio streaming devices have discovered that their beloved dongles have gone belly-up and are showing error messages such as:"Untrusted device: [name] couldn't be verified.

Why, do a factory reset of course!

Stop right there - because Google is advising Chromecast owners to not make the mistake of thinking that performing a factory reset on their Chromecasts will fix the issue.

According to a report in The Verge some Chromecast users have received an apology email from Google for the inconvenience:We’re contacting you because of a disruption affecting Chromecast (2nd gen) and Chromecast Audio devices.

I think it's safe to predict tha…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Find out about this, and more, in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Tripwire Enterprise – Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

In other words, if the company locked Lu out of its network, his logic bomb would lock everybody out.

Perhaps unwisely, Lu named his "kill switch" code "IsDLEnabledinAD" (an abbreviation for "Is Davis Lu enabled in Active Directory").

Sure enough, Lu's code activated on September 9, 2019, automatically when his employment was terminated, impacting thousands of Eaton's staff around the world.

Investigators found the code for Lu's malicious Java program on an internal Kentucky-based development server, and evidence that it was his user account that had been used to execute the malicious code on the company's production systems.

Nickolas Sharp was one the Ubiquiti staff assigned to investigate…

News and views from the world of artificial intelligence.

In episode 41 of the AI Fix, our hosts learn that society needs to be completely reordered by December, Grok accuses Trump of being a Russian asset, Graham discovers that parents were wrong about computer games all along, and Mark wonders if a kung-fu kicking robot from Unitree is the hero that we need.

Graham gives an AI a Rorschach test and learns about “Norman” the psychopathic AI, and Mark discovers why we should actually be optimistic about AI.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

Follow Graham Clule…

Fireside chat with Graham Cluley about credential security in the age of AIWatch this video on YouTubeMake a note in your diary.

On Tuesday, March 18 2025, at 1pm EST, I will be joining the experts at Dashlane for an online chat all about credential security in the age of AI.

Here is the blurb:The credential security landscape is at a breaking point.

Join cybersecurity expert Graham Cluley and Dashlane CTO Frederic Rivain as they discuss AI’s impact on credential security and share valuable insights from our new State of Credential Security Report, including: How AI impacts phishing and credential risksHow credential security puts a burden on IT leaders and teamsHow to address the weaknesse…

Journey with us to Myanmar’s shadowy scam factories, where trafficked workers are forced to run romance-baiting and fake tech support scams, and find out why a company’s mandatory hold time for tech support could lead to innocent users having their computers compromised.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Support the show:Sponsored by:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our we…

Можно сказать, что Chrome — это Chromium со встроенными сервисами Google, но на Chromium базируются и десятки других браузеров, включая Edge и Opera.

С версии 128 в Firefox появилась «сохраняющая приватность система измерения рекламы», тестируемая в партнерстве с Facebook*.

Лучший браузер для защиты приватности в 2025 годуПопулярные Chrome и Edge с июня будут малопригодны для любителей конфиденциальности с любыми расширениями и настройками.

Браузер оперативно обновляется следом за выпусками Firefox и доступен на Windows, macOS и нескольких разновидностях Linux.

В дополнение к этому в Brave и Firefox можно включить настройку «Сообщать веб-сайтам, чтобы они не продавали и не разглашали мои да…

Недавно эксперты Глобального центра исследования и анализа угроз Kaspersky GReAT обратили внимание, что после атак шифровальщика-вымогателя Fog преступники публикуют не только украденные данные жертв, но и IP-адреса пострадавших компьютеров.

Ранее мы не замечали такой тактики у шифровальщиков.

Атаки с использованием Fog проводились против компаний, работающих в сферах образования, финансов и организации отдыха.

Зачем публиковать IP-адреса жертвНаши эксперты считают, что основная цель публикации IP-адресов — усиление психологического давления на жертв.

Это, в свою очередь, делает последствия публикации еще более неприятными, а следовательно, становится дополнительным фактором устрашения.

Отличная новость для всех пользователей Linux: в нашей линейке продуктов для частных пользователей появилось защитное решение Kaspersky для Linux.

Kaspersky для Linux поддерживает распространенные ключевые дистрибутивы — Ubuntu, ALT Linux, Uncom и РЕД ОС (64-битные версии).

Затем нужно скачать установочные файлы в зависимости от установленной у вас версии Linux: Kaspersky для Linux распространяется в пакетах форматов DEB и RPM.

В настоящее время набор функций, доступных пользователям Kaspersky для Linux, не зависит от выбранной подписки Kaspersky Standard, Kaspersky Plus или Kaspersky Premium.

Вы можете бесплатно ознакомиться с полной функциональностью Kaspersky для Linux в рамках пробной в…

В конце 2024 года наши эксперты обнаружили новый стилер Arcane — он умеет собирать множество различных данных с зараженного устройства.

Злоумышленники пошли дальше и выпустили загрузчик ArcanaLoader, который якобы скачивает читы, кряки и прочие «полезности» для геймеров, а на деле заражает устройство стилером Arcane.

Как распространяют стилер ArcaneВредоносная кампания, в которой мы обнаружили стилер Arcane, была активна еще до его появления на свет.

Функциональность его сводилась к запуску PowerShell для скачивания еще одного запароленного архива, внутри которого лежали два исполняемых файла: майнер и стилер VGS.

То есть под прицелом Arcane в основном русскоязычные геймеры.

Поэтому в данном материале я сосредоточусь исключительно на технологиях, облегчающих жизнь SIEM-аналитика, работающего с Kaspersky Unified Monitoring and Analysis (KUMA).

В результате аналитик получит краткую сводку, благодаря которой сможет принять точное и быстрое решение по реагированию на инцидент, что поможет повысить эффективность команды безопасности в целом.

В данный момент эта функция работает только на русском языке, однако в течение 2025 года мы планируем добавить эту технологию и в глобальную версию решения.

Аналитику также доступны и другие данные из Kaspersky Threat Intelligence, в том числе и созданные с использованием технологий искусственного интеллекта и анализа больших да…

Атака, произошедшая 14 марта, из другой лиги — злоумышленники скомпрометировали популярный процесс (GitHub Action) tj-actions/changed-files, который применяется более чем в 23000 репозиториев.

Они могут стартовать при наступлении каких-то событий в GitHub, например коммитов.

15 марта, спустя сутки после обнаружения инцидента, GitHub удалил процесс changed-files, в это время процессы CI/CD на его основе могли не функционировать.

В первую очередь надо обратить внимание на репозитории, в которых журналы CI публичны, во вторую — на приватные репозитории.

Важно, что требования по особому обращению с секретами распространяются не только на исходный код проекта, но и на процессы сборки.

С февраля многие пользователи жалуются на то, что на их Android-смартфонах внезапно появилось приложение Android System SafetyCore.

Назначение приложения описано расплывчато: «Обеспечивает технологию для работы функций, таких как «Предупреждения о деликатном контенте» в Google Messages».

SafetyCore работает на устройстве и не отправляет ни фотографий, ни информации о фотографиях на внешние серверы.

Пользователь должен кликнуть на изображение и подтвердить, что он действительно хочет увидеть «обнаженку», и тогда размытие пропадает.

Кроме SafetyCore, на телефоне столь же внезапно может оказаться приложение Android System Key Verifier.

Четыре из этих уязвимостей связаны с файловыми системами, причем три из них имеют одинаковый триггер, что может указывать на их использование в одной атаке.

Уязвимости в файловых системахДве из уязвимостей в системе NTFS позволяют злоумышленникам получить доступ к частям кучи (heap), то есть к динамически распределяемой памяти приложений.

Последняя уязвимость из списка активно эксплуатируемых, CVE-2025-26633 (также CVSS 7.0), позволяет обойти защитные механизмы Консоли управления Microsoft (Microsoft Management Console).

И еще одна уязвимость нулевого дняКроме шести уязвимостей, замеченных в реальных атаках, обновление от Microsoft закрывает и CVE-2025-26630 в Microsoft Access, которая пока…

Счастлива, что даже в такой стрессовой ситуации я сообразила, что не все нужно делать по указке из телефона.

Не связываться с Центробанком, даже если по телефону говорят, что надоДальше оператор второй линии сказал, что нам срочно нужно проверить, успели ли мошенники набрать на меня кредитов.

Бросай трубку, это мошенники!», — и я бы наверняка бросила.

Сейчас я понимаю, что идти в полицию нужно было сразу же после того, как я поняла, что мои «Госуслуги» взломали.

А если не в полицию, то как минимум в ближайшее отделение МФЦ.

4 марта Broadcom выпустила экстренные обновления для устранения трех уязвимостей — CVE-2025-22224, CVE-2025-22225 и CVE-2025-22226, которые затрагивают несколько продуктов VMware, включая ESXi, Workstation и Fusion.

Какие ошибки устранены VMwareНаиболее серьезная уязвимость CVE-2025-22224 в VMware ESXi и Workstation получила рейтинг CVSS 9.3.

Уязвимость CVE-2025-22225 в VMware ESXi (CVSS 8.2) позволяет злоумышленнику записать произвольный код в область ядра (arbitrary kernel write), то есть тоже подразумевает побег из «песочницы».

Этой уязвимости подвержены VMware ESXi, Workstation и Fusion.

Они неоднократно проводили атаки на среды ESXi в прошлом (RansomExx, ESXiArgs, Clop и так далее).

Как обокрали BybitКак и все крупные криптобиржи, Bybit использует многоуровневую защиту хранимой криптовалюты.

Но логическая бомба в нем срабатывала, только если адрес отправителя совпадал с адресом Bybit — в остальных случаях Safe{Wallet} работал как обычно.

Сразу после того как вывод средств с кошелька Bybit завершился, код на сайте Safe{Wallet} был, предположительно, заменен обратно на безобидную версию.

Случай с Bybit — не исключениеФБР официально заявило, что это ограбление — дело рук северокорейской группировки под кодовым названием TraderTraitor.

До налета на Bybit рекордом группы было похищение $540 млн из блокчейна Ronin Networks, связанного с игрой Axie Infinity.

Как именно действуют кибернегодяи и как работать с ИИ безопасно — читайте в этом материале.

А разница в том, как и что распространяли злоумышленники через эти сайты.

В итоге те получают возможность удаленно подключиться к компьютеру жертвы, которая остается даже без клиента DeepSeek в качестве утешения… Кстати, его вообще не существует для Windows.

При этом пост с рекомендацией фейкового сайта DeepSeek собрал 1,2 млн просмотров и больше сотни репостов.

]com, так и с… v3-deepseek[.]com!

Они активно распространяют вредоносное ПО под видом программ для обхода блокировок и делают это, шантажируя блогеров.

Распространяются такие программы органически: энтузиаст написал код, показал его своим друзьям, опубликовал видео на эту тему — и вуаля!

Блогер опубликовал несколько видео с инструкцией обхода блокировок, добавив в описание ссылку на вредоносный архив.

Согласно счетчику на самом сайте, на момент исследования программа для обхода блокировок была скачана как минимум 40 тысяч раз.

Дело в том, что кибернегодяи отправляли жалобы на видео с инструкциями по обходу блокировок от имени разработчиков этого ПО.

Поэтому злоумышленники и обратили внимание на технологию QR-кодов.

Кроме того, в этом случае меньше подозрений вызывает и запрос на ввод рабочего логина и пароля, за которыми, собственно, и охотятся злоумышленники.

Поэтому наши разработчики создали инструмент, позволяющий доставать из QR-кодов содержащийся в них URL и передающий их для дальнейшей проверки модулям антифишинга и эвристикам антиспама.

Технология не только позволяет извлекать URL из QR-кода, расположенного на картинке, но и проверяет PDF-файл, извлекая из него все ссылки из всех найденных в нем кодов.

Если ссылка признается фишинговой, то письму присваивается категория «фишинг» и далее оно обрабатывается в соответствии с настро…

Robust Intelligence (now a part of Cisco) and the UK AI Security Institute partnered with the National Institute of Standards and Technology (NIST) to release the latest update to the Adversarial Machine Learning Taxonomy.

This transatlantic partnership aimed to fill this need for a comprehensive adversarial AI threat landscape, while creating alignment across regions in standardizing an approach to understanding and mitigating adversarial AI.

It also included a preliminary AI attacker technique landscape for generative AI, models that generate new content based on existing data.

In the latest update of the taxonomy, we expand on the generative AI adversarial techniques and violations secti…

That’s why we’re excited to introduce our inaugural State of AI Security report.

The State of AI Security report examines several AI-specific attack vectors including prompt injection attacks, data poisoning, and data extraction attacks.

Original AI Security ResearchThe Cisco AI security research team has led and contributed to several pieces of groundbreaking research which are highlighted in the State of AI Security report.

The State of AI Security report outlines several actionable recommendations, including managing security risks throughout the AI lifecycle, implementing strong access controls, and adopting AI security standards such as the NIST AI Risk Management Framework and MITRE A…

Cisco is bringing Secure Workload, Secure Access, and AI Defense into Security Cloud control, enhancing its capabilities and providing comprehensive management.

Unlike selective upgrades of network devices based on what features are needed in the field, the Quantum security threat would require all the devices to be upgraded.

This kind of unique hardware integrity measure must also be made Quantum safe to maintain the same level of trust in the Quantum Computing era.

Lastly, in my previous blog post on Quantum threat to network security, the threat to transport protocol security was highlighted along with the available solutions from Cisco.

So far, the solutions to address the threat to key negotiation were centered around various forms of Quantum Key Distribution methods.

Cisco is actively working on Quantum Safe Security solutions and is also inv…

Enter Cisco Secure Firewall 4225, which demonstrated exceptional performance in SE Labs’ rigorous Advanced Security Test, scoring 100% in protection accuracy.

In all cases with Cisco Secure Firewall, threats could not move beyond the earliest stage of the attack chain.

In all cases with Cisco Secure Firewall, threats could not move beyond the earliest stage of the attack chain.

With three classified as unknown, and according to SE Labs’ weighting system, Secure Firewall achieved a rating of 91%.

This report follows our recent Best Next Generation Firewall Award from SE Labs for Cisco Secure Firewall, our second year in a row receiving this excellent recognition.

Now, leveraging a single cloud service provider may allow you to overcome this challenge, but these native security controls tend to lack advanced capabilities seen in traditional networks.

What defenders tend to do is leverage traditional skills and products from the data center and migrate that into the cloud service provider.

Cisco provides mechanism that allows security practitioners and network operators to abstract the security elements from the cloud service provider.

This ensures cloud native capabilities are in place and the controls are consistent across all cloud service providers you may operate in.

Is it time to simplify cloud security without sacrificing security and the inher…

For the second time at Cisco Live APJC, the team was tapped to support the Cisco Live Melbourne 2024 conference.

SOC ReviewThe Cisco Live Security Operations Centre (SOC) has a mandate to ensure access to event services is delivered securely.

Cisco Secure Network AnalyticsCisco Secure Network Analytics (formerly known as Stealthwatch Enterprise) provides full visibility across the Conference network and uses advanced analytics to detect and respond to threats in real-time.

In the Cisco Live SOC, XDR is used as the triage platform.

The Cisco Security Cloud app, which is published on the Splunk base app store, is a single app to get data from Cisco Security tools into Splunk.

Before encryption data was transmitted in plain text, making it vulnerable to interception by cybercriminals.

When it comes to encryption, 13.0% of TLS 1.3 traffic is leveraging post-quantum encryption techniques.

Cisco Secure Firewall helps keep encrypted traffic safe by utilizing cryptographic acceleration hardware, which allows it to inspect encrypted traffic at scale.

This intelligence is integrated into Cisco Secure Firewall, allowing for faster threat protection and improved visibility.

Decryptable Traffic InspectionDecryption remains essential in cybersecurity despite analyzing encrypted traffic through metadata, such as packet size, timing, and destination patterns.

At Cisco, AI threat research is fundamental to informing the ways we evaluate and protect models.

This regular threat roundup shares useful highlights and critical intelligence from third-party threat research with the broader AI security community.

As always, please remember that this is not an exhaustive or all-inclusive list of AI threats, but rather a curation that our team believes is particularly noteworthy.

Notable threats and developments: February 2025Adversarial reasoning at jailbreaking timeCisco’s own AI security researchers at Robust Intelligence, in close collaboration with researchers from the University of Pennsylvania, developed an Adversarial Reasoning approach to automate…

The bottom line is clear: organizations deeply care about trust in their AI Supply Chain.

Understanding AI Supply Chain SecurityAt Cisco, we’ve observed firsthand that while organizations worry about various AI security concerns like prompt injections and jailbreaks, their security instincts first react to risks in the AI Supply Chain.

AI Supply Chain Security encompasses the practices and measures designed to protect enterprises and applications throughout the AI development and deployment process.

It is a strategic imperative to allow access, but also a security imperative to block the use of malicious models.” Sarah Winslow, Director | PSEC Emerging Technologies & AI, VeradigmIntroducing…

Each year, Cisco makes a point of selecting and recognizing a standout cybersecurity advocate who has earned the title of cybersecurity defender.

This is why Cisco’s 2025 EMEA Cybersecurity Defender of the Year award goes out to a team of practitioners at SAP Enterprise Cloud Services (ECS) whose contributions displayed an uncommon ability to raise the bar for overall security posture.

Partnering with Cisco to Overcome SAP ECS ChallengesAs one of the world’s leading deliverers of managed cloud services, SAP Enterprise Cloud Services can’t afford downtime.

For this reason, SAP Enterprise Cloud Service chose to partner with Cisco.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedIn…

In the previous blog, we talked about our overall approach to zero trust with Universal ZTNA and Hybrid Mesh Firewall.

The Hybrid Mesh Firewall isn’t just a product, it’s a shift in how we approach network security.

The heart of the Cisco Hybrid Mesh Firewall is Cisco’s Security Cloud Control management system.

This solution reflects our vision of integrating AI security seamlessly within the Hybrid Mesh Firewall, providing enterprises with the confidence to advance their AI initiatives securely.

Bringing the Vision to LifeThe Hybrid Mesh Firewall is the embodiment of Cisco’s commitment to redefining network security for the modern age.

A Growing Challenge in Cloud SecurityIn today’s fast-paced digital world, enterprises face a new urgency in cloud security.

Cisco and Wiz: Better TogetherIn response to this critical challenge, Cisco is excited to announce a strategic collaboration with Wiz, a leader in cloud security innovation.

Together, Cisco and Wiz aim to improve cloud security for enterprises that are contending with an evolving threat landscape marked by complexity and the introduction of new AI technology.

A Unified Vision for Secure Cloud EnvironmentsCisco and Wiz share a vision of enhancing cloud security with AI and for AI.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

This is where two emerging areas of innovation come into play: Hybrid Mesh Firewall and Universal ZTNA.

Hybrid Mesh Firewall: From Firewalls to “Firewalling”So, let’s start by clearly defining what each of these are – starting with Hybrid Mesh Firewall.

A traditional definition of a Hybrid Mesh Firewall is a multi-deployment of virtual, physical, cloud native and container native firewalls with a unified management plane.

Truly Universal Zero Trust Network AccessWhat does it mean to achieve Universal Zero Trust Network Access?

ConclusionIn today’s digital landscape, the combination of Universal Zero Trust Network Access and Hybrid Mesh Firewalls offers a powerful defense strategy.

Today’s Quantum Safe SolutionsWhile the quantum threat remains in the future, tech companies, standards bodies, and government entities have sought its mitigation for some time.

QKD, SKIP, ETSI, and the Ability to Share Keys Between EndpointsCisco then turned its attention to creating quantum-safe network transport protocols.

SKIP is an API enabling network devices to obtain quantum safe keys from an external key management system, such as QKD.

Key issues to consider include:How well do specific QKD solutions work?

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

When you’re secure—innovation happens. But, the fast pace of AI often outpaces traditional security measures, leaving gaps that bad actors can take advantage of. As a security professional, you’re the hero in this battle between protecting vast amounts of data while ensuring AI systems remain transparent and compliant. What you need in this time of new threats and complexity in securing interconnected AI applications is a proactive, innovative approach to stay ahead. The post AI innovation requires AI security: Hear what’s new at Microsoft Secure appeared first on Microsoft Security Blog.

Persistence mechanisms : Achieves persistence through the Windows service control manager (SCM) and uses watchdog threads to ensure self-reinstatement if removed.

: Achieves persistence through the Windows service control manager (SCM) and uses watchdog threads to ensure self-reinstatement if removed.

These commands include system reboot, log clearing, credential theft, executing applications, and manipulating system windows.

]cc Domain name C2Learn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To hear stories and insights from the Microsoft Threat Intelligence communit…

Microsoft uses a Coordinated Vulnerability Disclosure (CVD) process that recognizes security researchers while disclosing vulnerabilities in a responsible and timely manner.

In 2024, we announced expansions to several existing bounty programs, and launched a new Defender Bounty Program and AI Bounty Program.

This capability is part of our comprehensive strategy for vulnerability disclosure, which includes our Security Updates API and the human-readable vulnerability disclosures provided in the MSRC Security Update Guide.

More than 100 MAPP partners receive security vulnerability information from the MSRC in advance of Microsoft’s monthly security update release.

Also, follow us on LinkedIn …

A sample phishing email, purporting to be from a prospective guest.

Another sample phishing email, purportedly requiring the recipient to verify their Booking.com account.

In 2024, Storm-1865 targeted buyers using e-commerce platforms with phishing messages leading to fraudulent payment webpages.

Microsoft Defender Threat IntelligenceMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

To hear stories and insights from the Microsoft Threat Intelligenc…

Its enhanced obfuscation techniques extend to its randomized approach for generating payloads to infect Xcode projects and for encoding its payloads.

Its command-and-control (C2) server is also active as of this writing and is downloading additional modules.

The next section provides more information about the sub-modules the script downloads from the C2 server as of this writing.

It then stores the extension list in a log file named /tmp/out.txt and uploads this file to the C2 server.

Figure 11. zshrc persistence methodDock methodIn this persistence method, the sub-module first downloads a signed dockutil tool from the C2 server.

The event highlighted our different perspectives and talents which are invaluable to drive innovation and progress across various industries.

By incorporating individuals with varied perspectives, experiences, and approaches within the cybersecurity workforce, we can enhance problem-solving capabilities and enhance strategic defenses.

Cybercriminals come from various cultures and backgrounds, bringing different perspectives.

Likewise, for AI, having different backgrounds and perspectives help with AI safety and biases.

32024 ISC2 Cybersecurity Workforce Study, ISC2.

In early December 2024, Microsoft Threat Intelligence detected a large-scale malvertising campaign that impacted nearly one million devices globally in an opportunistic attack to steal information.

These files can also open sensitive data files, indicating their role in facilitating post-exploitation activities.

Microsoft Defender XDR detectionsMicrosoft Defender XDR customers can refer to the list of applicable detections below.

Microsoft Defender Threat IntelligenceMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Micro…

Recent Silk Typhoon activitySupply chain compromiseSince late 2024, Microsoft Threat Intelligence has conducted thorough research and tracked ongoing attacks performed by Silk Typhoon.

In this reconnaissance activity, Silk Typhoon leveraged leaked corporate passwords on public repositories, such as GitHub, and were successfully authenticated to the corporate account.

Historical Silk Typhoon zero-day exploitationSince 2021, Silk Typhoon has been observed targeting and compromising vulnerable unpatched Microsoft Exchange servers, GlobalProtect Gateway on Palo Alto Networks firewalls, Citrix NetScaler appliances, Ivanti Pulse Connect Secure appliances, and others.

Learn moreFor the latest secu…

New generative AI models with a broad range of capabilities are emerging every week.

Our AI platform offerings (Azure AI Foundry and Azure OpenAI Service) are 100% hosted by Microsoft on its own servers, with no runtime connections to the model providers.

You can read more about how to do that here: Securing DeepSeek and other AI systems with Microsoft Security.

Using Microsoft Security to secure AI models and customer dataIn summary, the key points of our approach to securing models on Azure AI Foundry are:Microsoft carries out a variety of security investigations for key AI models before hosting them in the Azure AI Foundry Model Catalogue, and continues to monitor for changes that may im…

A multi-pronged approach to securing remote assistance with Zero TrustFor too long, remote assistance security has been presumed rather than intentionally designed into its architecture.

Discover how implementing Zero Trust can fortify your remote assistance security by visiting our Zero Trust Workshop, where you’ll find an interactive guide to embedding security into your IT operations.

Embedded security in remote assistance—building security into the very foundation of remote assistance tools, eliminating gaps that cyberattackers can exploit.

Remote Help: Secure remote assistance built for Zero TrustAs organizations work toward a Zero Trust model, secure remote assistance must align with …

eDiscovery allows you to easily search, collect, and review AI-based interactions across more than 25 AI applications.

We are excited to share more about new developments across Microsoft Security at Legalweek 2025.

Connect with members of the Microsoft Intelligent Security AssociationAt Microsoft we truly believe security is a team sport.

From our signature Pre-Day to demos and networking, discover how Microsoft Security can give you the advantage you need in the era of AI.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

We are excited to announce that Gartner has named Microsoft a Leader in the 2025 Gartner® Magic Quadrant™ for Cyber Physical Systems Protection Platforms.

They span industrial control systems (ICS), OT devices, Internet of Things (IoT) devices, and more.

Microsoft Security Exposure Management is part of the unified security operations portal and provides a unified view of security posture across company assets and workloads.

The OT Security initiative improves your OT site security posture by monitoring and protecting OT environments in the organization, and employing network layer monitoring.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and upd…

From our signature Pre-Day to hands-on demos and one-on-one meetings, join the Microsoft experience at RSAC 2025 designed just for you.

Explore eventsKick things off at Microsoft Pre-DayThe Microsoft experience at RSAC 2025 begins with Microsoft Pre-Day on Sunday, April 27, 2025, at the Palace Hotel, just around the corner from the Moscone Center.

For the fourth year running, the keynote speech held on Microsoft Pre-Day will kick off the full lineup of Microsoft events and activities throughout RSAC 2025.

By joining us on Sunday, you’ll have the chance to hear directly from Microsoft Security business leaders—including Vasu Jakkal, Corporate Vice President, Microsoft Security Business; Char…

Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372.

In device code phishing, threat actors exploit the device code authentication flow.

Device code phishing attack cycleStorm-2372 phishing lure and accessStorm-2372’s device code phishing campaign has been active since August 2024.

Legitimate device code authentication pageAdditionally, Microsoft observed Storm-2372 using Microsoft Graph to search through messages of the account they’ve compromised.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat In…

In December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR.

With guided remediation support for Maven, you can remediate vulnerabilities in both direct and transitive dependencies through direct version updates or overriding versions through dependency management.

We also introduced machine readable output for guided remediation that makes it easier to integrate guided remediation into your workflow.

VEX Support: We're planning to add support for Vulnerability Exchange (VEX) to facilitate better communication and collaboration around vulnerability information.

Try OSV-Scanner V2You can try V2.0.0 and contribute to its ongoing developme…

Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of $12 million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who’s reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who’ve recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and rel…

Scam Detection in Google Messages uses powerful Google AI to proactively address conversational scams by providing real-time detection even after initial messages are received.

You can turn off Spam Protection, which includes Scam Detection, in your Google Messages at any time.

Scam Detection in Google Messages is launching in English first in the U.S., U.K. and Canada and will expand to more countries soon.

Scam Detection for callsMore than half of Americans reported receiving at least one scam call per day in 2024.

If enabled, Scam Detection will beep at the start and during the call to notify participants the feature is on.

This includes memory-safe languages, now including high-performance ones such as Rust, as well as safer language subsets like Safe Buffers for C++.

In Android for example, the increasing adoption of memory-safe languages like Kotlin and Rust in new code has driven a significant reduction in vulnerabilities.

In this way, policymakers will gain the technical foundation to craft effective policy initiatives and incentives promoting memory safety.

Importantly, our vision for achieving memory safety through standardization focuses on defining the desired outcomes rather than locking ourselves into specific technologies.

The goal would be to objectively compare the memory safety assurance of diff…

Google Play’s multi-layered protections against bad appsTo create a trusted experience for everyone on Google Play, we use our SAFE principles as a guide, incorporating multi-layered protections that are always evolving to help keep Google Play safe.

Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source.

In 2024, Google Play Protect’s real-time scanning identified more than 13 million new malicious apps from outside Google Play1.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled …

This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.

One of these tools is a robust evaluation framework we have developed to automatically red-team an AI system’s vulnerability to indirect prompt injection attacks.

Threat model and evaluation frameworkOur threat model concentrates on an attacker using indirect prompt injection to exfiltrate sensitive information, as illustrated above.

Based on this probability, the attack model refines the prompt injection.

This process repeats until the attack model converges to a successful prompt injection.

This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft.

As part of enabling Identity Check, you can designate one or more trusted locations.

Theft Detection Lock: expanding AI-powered protection to more usersOne of the top theft protection features introduced last year was Theft Detection Lock, which uses an on-device AI-powered algorithm to help detect when your phone may be forcibly taken from you.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help …

Today, we’re excited to release OSV-SCALIBR (Software Composition Analysis LIBRary), an extensible library for SCA and file system scanning.

We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface.

OSV-Scanner + OSV-SCALIBRUsers looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities using much of the same extraction as OSV-SCALIBR.

Some of OSV-SCALIBR’s capabilities are not yet available in OSV-Scanner, but we’re currently working on integrating OSV-SCALIBR more deeply into O…

Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage.

A significant benefit of utilizing Google Cloud Platform is its integrated security tools, including Artifact Analysis.

This integration provides industry-leading insights into open source vulnerabilities—a crucial capability as software supply chain attacks continue to grow in frequency and complexity, impacting organizations reliant on open source software.

Open source vulnerabilities, with more reachArtifact Analysis pulls vulnerability information directly from OSV, which is the only open source, distributed vulnerability dat…

Today, we are announcing the availability of Vanir, a new open-source security patch validation tool.

In collaboration with the Google Open Source Security Team, we have incorporated feedback from our early adopters to improve Vanir and make it more useful for security professionals.

These algorithms have low false-alarm rates and can effectively handle broad classes of code changes that might appear in code patch processes.

The Vanir signatures for Android vulnerabilities are published through the Open Source Vulnerabilities (OSV) database.

You can also contribute to Vanir by providing vulnerability data with Vanir signatures to OSV.

But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets.

The ideal solution would be to completely automate the manual process of developing a fuzz target end to end:Drafting an initial fuzz target.

Running the corrected fuzz target for a longer period of time, and triaging any crashes to determine the root cause.

In January 2024, we open sourced the framework that we were building to enable an LLM to generate fuzz targets.

New results: More code coverage and discovered vulnerabilitiesWe’re now able to automatically gain more coverage in 272 C/C++ projects on OSS-Fuzz (up from 160), …

Based on an analysis of in-the-wild exploits tracked by Google's Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade:Breakdown of memory safety CVEs exploited in the wild by vulnerability classGoogle is taking a comprehensive approach to memory safety.

This leads to an exponential decline in memory safety vulnerabilities and quickly improves the overall security posture of a codebase, as demonstrated by our post about Android's journey to memory safety.

We’ve begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs.

This improves spat…

That’s why we’re using the best of Google AI to identify and stop scams before they can do harm with Scam Detection.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Cutting-edge AI protection, now on more Pixel phones: Gemini Nano, our advanced on-device AI model, powers Scam Detection on Pixel 9 series devices.

We look forward to learning from this beta and your feedback, and we’ll share more about Scam Detection in the months ahead.

Every day, over a billion people use Google Messages to communicate.

That’s why we’ve made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month.

With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users.

We're committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private.

As part of cybersecurity awareness month, we're sharing five new protections to help keep you safe while using Google Messages on Android:

Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities.

Our Secure by Design commitment emphasizes integrating security considerations, including robust memory safety practices, throughout the entire software development lifecycle.

This post builds upon our previously reported Perspective on Memory Safety, and introduces our strategic approach to memory safety.

By open-sourcing these tools, we've empowered developers worldwide to reduce the likelihood of memory safety vulnerabilities in C and C++ codebases.

Migration to Memory-Safe Languages (MSLs)The first pillar of our strategy is centered on further increasing the adoption of memory-s…