Кибербезопасность
👉 от %username%
Подборка ресурсов по кибербезопасности
На русском 🇷🇺
Securitylab
последний пост 1 час назад
Илон Маск взялся за бензопилу, чтобы поддержать экономику республиканцев
Илон Маск взялся за бензопилу, чтобы поддержать экономику республиканцев Илон Маск взялся за бензопилу, чтобы поддержать экономику республиканцев

Борьба за сокращение госаппарата зашла слишком далеко?

1 час назад @ securitylab.ru
США создаёт спецгруппу для контроля ИИ и криптовалют
США создаёт спецгруппу для контроля ИИ и криптовалют

Новое подразделение получит беспрецедентные полномочия в цифровом пространстве.

1 час назад @ securitylab.ru
Из жертвы в охотника: Япония кардинально меняет стратегию киберзащиты
Из жертвы в охотника: Япония кардинально меняет стратегию киберзащиты

Новый закон позволяет атаковать хакеров ещё до того, как они нанесут удар.

1 час назад @ securitylab.ru
Искусственный интеллект за два дня решил проблему, над которой микробиологи бились десять лет
Искусственный интеллект за два дня решил проблему, над которой микробиологи бились десять лет Искусственный интеллект за два дня решил проблему, над которой микробиологи бились десять лет

Искусственный интеллект предсказал открытие, о котором никто не знал.

2 часа назад @ securitylab.ru
TSforge — эксплойт, который взломал всю защиту Windows
TSforge — эксплойт, который взломал всю защиту Windows

Windows 7, 8, 10, 11 — теперь любая версия активируется без проблем.

2 часа назад @ securitylab.ru
Google намеренно ухудшает качество своей поисковой системы
Google намеренно ухудшает качество своей поисковой системы

Стратегия или ошибка? Что скрывается за аномальными результатами выдачи?

2 часа назад @ securitylab.ru
ИИ за решеткой: Британия вводит уголовную ответственность за генерацию порноконтента
ИИ за решеткой: Британия вводит уголовную ответственность за генерацию порноконтента

Продвинутые нейросети не станут соучастниками страшных преступлений.

3 часа назад @ securitylab.ru
ИИ-чиновники: в Китае DeepSeek внедряют в госаппарат
ИИ-чиновники: в Китае DeepSeek внедряют в госаппарат ИИ-чиновники: в Китае DeepSeek внедряют в госаппарат

Китайским госслужащим поручили освоить нейросеть.

4 часа назад @ securitylab.ru
LockBit атакует: в Хакасии бизнес стал жертвой кибервымогателей
LockBit атакует: в Хакасии бизнес стал жертвой кибервымогателей

Хакеры через AnyDesk заразили систему.

4 часа назад @ securitylab.ru
Миллионы на слежку: Петербург внедряет этническое распознавание лиц
Миллионы на слежку: Петербург внедряет этническое распознавание лиц

Восемь тысяч камер начнут определять национальность.

5 часов назад @ securitylab.ru
Госконтроль без утечек: банки РФ внедряют систему анализа криптовалют
Госконтроль без утечек: банки РФ внедряют систему анализа криптовалют Госконтроль без утечек: банки РФ внедряют систему анализа криптовалют

Финансовая разведка усиливает контроль за криптовалютами.

7 часов назад @ securitylab.ru
Бриз Лю: девушка исчезла из интернета — и заставила США переписать закон
Бриз Лю: девушка исчезла из интернета — и заставила США переписать закон

История победы Microsoft.

7 часов назад @ securitylab.ru
Банки или мошенники? Виртуальные АТС получат специальную маркировку
Банки или мошенники? Виртуальные АТС получат специальную маркировку

Звонки через интернет станут прозрачными.

7 часов назад @ securitylab.ru
На гребне атомной волны: Core Power построит плавучие АЭС у берегов США
На гребне атомной волны: Core Power построит плавучие АЭС у берегов США

Амбициозный план британских энергетиков.

8 часов назад @ securitylab.ru
Пентест 24/7: регулярная автоматическая проверка инфраструктуры
Пентест 24/7: регулярная автоматическая проверка инфраструктуры

К Positive Technologies ежегодно обращаются сотни организаций с запросом на тестирование защищенности. Обеспечить такой спрос с учетом ограниченного числа специалистов в стране в настоящее время невозможно. В ответ на это мы расширили свое предложение компаниям, создав PT Dephaze — продукт для контролируемого автоматического внутреннего тестирования на проникновение.

8 часов назад @ securitylab.ru
Anti-Malware Anti-Malware
последний пост 1 day, 4 hours назад
Как ФСТЭК России регулировала безопасность цифровой трансформации в 2024 году
Как ФСТЭК России регулировала безопасность цифровой трансформации в 2024 году Как ФСТЭК России регулировала безопасность цифровой трансформации в 2024 году

Деятельность ФСТЭК России в 2024 годуГоворя о деятельности ФСТЭК в 2024 году, Виталий Лютиков, первый замдиректора ФСТЭК России, отметил принятие мер для повышения безопасности.

Результаты повышения защищённости ГИС (ФСТЭК России)В 2024 году ФСТЭК России курировала работу своих внешних подрядчиков.

Планы ФСТЭК России на 2025 годВиталий Лютиков, первый замдиректора ФСТЭК России, выделил новые направления, на которые ФСТЭК России будет обращать внимание в 2025 году.

Требования ФСТЭК России к принятию мер по защите информацииВ 2024 году ФСТЭК России уделила большое внимание совершенствованию регламента по управлению уязвимостями в организациях.

При выявлении неизвестных уязвимостей оператор ин…

1 day, 4 hours назад @ anti-malware.ru
Война за искусственный интеллект: как лоббисты побеждают регуляторов
Война за искусственный интеллект: как лоббисты побеждают регуляторов Война за искусственный интеллект: как лоббисты побеждают регуляторов

Согласно исследованию McKinsey, в 2024 году уровень внедрения ИИ в мире увеличился до 72 % (для сравнения: в 2023 году 55 %).

Впрочем, сейчас сам Илон Маск активно участвует в совершенствовании ИИ и даже анонсировал релиз нейросети Grok 3.

Например, Торговая палата США, усила свою команду лоббистов, специализирующихся на ИИ, на 81 человека.

РоссияВ России важность ИИ для обеспечения суверенитета страны признана ещё до того, как генеративный ИИ получил широкое распространение в 2023 году.

Правительство заинтересовано и в высокой конкурентоспособности страны, и в идеологической чистоте контента, выдаваемого ИИ.

1 day, 9 hours назад @ anti-malware.ru
Как построить внутренний (in-house) SOC и сделать его эффективным
Как построить внутренний (in-house) SOC и сделать его эффективным Как построить внутренний (in-house) SOC и сделать его эффективным

SOC — это централизованная система, где технологии, процессы и специалисты сосредоточены на том, чтобы обеспечить непрерывный мониторинг, обнаружение инцидентов информационной безопасности и реагирование на них.

Тема SOC поднимается в эфирах AM Live не впервые, поэтому эксперты в самом начале договорились обсудить строительство внутреннего SOC (in-house).

По словам Станислава Грибанова, его очень активно используют западные вендоры для SOC на базе своих продуктов.

Даниил Белицкий считает, что нужно различать, на что ориентирован SOC — только на обнаружение или и на реагирование тоже, от этого зависит, какие метрики стоит использовать.

Но это не значит, что не нужно заниматься управлением ин…

3 days, 5 hours назад @ anti-malware.ru
Обзор «Гарда Anti-DDoS» 5.11, отечественной системы противодействия DDoS-атакам
Обзор «Гарда Anti-DDoS» 5.11, отечественной системы противодействия DDoS-атакам Обзор «Гарда Anti-DDoS» 5.11, отечественной системы противодействия DDoS-атакам

Функциональные возможности «Гарда Anti-DDoS»Система «Гарда Anti-DDoS» применима как в сетях небольших компаний, так и в инфраструктуре операторов связи.

«Гарда Anti-DDoS» обеспечивает защиту более 50 % российского сегмента интернета от DDoS-атак и поддерживает безопасность цифровых сервисов и мероприятий федерального масштаба.

Настройка ML-порогов в «Гарда Anti-DDoS»На основе данных, полученных в процессе обучения, формируется динамический график, показывающий норму изменения трафика.

Использование JA3/JA4-фильтра в «Гарда Anti-DDoS»В «Гарда Anti-DDoS» проводится JA3/JA4-анализ, задачами которого являются автоматическая генерация соответствующих сигнатур и наполнение ими системы.

Пример защ…

3 days, 10 hours назад @ anti-malware.ru
Как повлияет введение оборотных штрафов на ситуацию с защитой данных
Как повлияет введение оборотных штрафов на ситуацию с защитой данных Как повлияет введение оборотных штрафов на ситуацию с защитой данных

По данным исследования КРОК 2023 года, полностью готовы соблюдать изменившиеся требования по защите персональных данных только 4 % российских компаний.

Довольно много прецедентов было с компаниями в странах, не входящих в ЕС, в частности в Норвегии и Швейцарии.

Строгий подход GDPR к безопасности данных привёл к тому, что доступ к датасетам, используемым для обучения ИИ, стал слишком сложным.

С большой долей вероятности компании, в том числе небольшие, начнут создавать инсорсинговые структуры, которые ограничатся обработкой персональных данных и будут иметь низкий оборот.

ВыводыПрофилактических мер воздействия на потенциальных нарушителей недостаточно, об этом свидетельствует опыт повышения …

1 week, 1 day назад @ anti-malware.ru
Генеративный ИИ и киберпреступность: теневая сторона прогресса
Генеративный ИИ и киберпреступность: теневая сторона прогресса Генеративный ИИ и киберпреступность: теневая сторона прогресса

Президент США Дональд Трамп объявил о «крупнейшем проекте инфраструктуры ИИ в истории», в котором участвуют OpenAI, SoftBank и Oracle.

Речь идёт об инвестировании $500 млрд в масштабную инфраструктуру ИИ в США, предполагается создать 100 000 рабочих мест.

Дискуссионными остаются законность использования защищённых авторским правом материалов для обучения ИИ и нарушения авторских прав при использовании ИИ.

Сгенерированная ИИ фейковая фотография Дональда Трампа с афроамериканцами (источник: BBC)Ещё более опасны дипфейки — видео- и аудиозаписи, созданные с помощью ИИ и воспроизводящие внешность и голос реальных людей.

Современные антифрод-системы уже используют ИИ для анализа больших объёмов д…

1 week, 3 days назад @ anti-malware.ru
Многофакторная аутентификация: как правильно внедрить MFA-систему?
Многофакторная аутентификация: как правильно внедрить MFA-систему? Многофакторная аутентификация: как правильно внедрить MFA-систему?

, руководитель по развитию продуктовой линейки по аутентификации Avanpost FAM/MFA+, компания Avanpost.

Есть общепризнанный стандарт FIDO2, который во всём мире считается строгой аутентификацией, документ соответствует российским определениям аутентификации, и в нём нет третьей стороны.

В отличие от аппаратного токена или перевыпуска сертификатов (и в то и в другое можно внести исправления), биометрические данные изменить нельзя, и нет технических способов защитить их.

Андрей Лаптев уверен, что для аутентификации не всегда нужны сложные технологии, например искусственный интеллект.

Андрей Лаптев: «Заказчики перестанут смотреть на MFA как на изолированное решение, а будут использовать её в ко…

1 week, 3 days назад @ anti-malware.ru
Зачем российским ИТ-вендорам выходить на внешние рынки
Зачем российским ИТ-вендорам выходить на внешние рынки Зачем российским ИТ-вендорам выходить на внешние рынки

Выход на внешние рынки позволит увеличить масштабы выпуска и за счёт этого снизить стоимость и повысить конкурентоспособность.

Выход на такие рынки для многих компаний стал значимым фактором развития.

Руководитель аналитического центра компании Zecurion Владимир Ульянов обратил внимание на то, что выход на внешние рынки увеличивает капитализацию компаний на фондовом рынке.

Тем не менее есть и те, для кого выход на внешние рынки может стать единственной возможностью дальнейшего развития.

Когда речь заходит о ПО, то выход на внешние рынки и необходимость конкуренции с продукцией международных вендоров позволяют быстрее совершенствовать продукты.

2 weeks назад @ anti-malware.ru
PT NGFW: можно ли создать продукт мирового уровня за два года?
PT NGFW: можно ли создать продукт мирового уровня за два года? PT NGFW: можно ли создать продукт мирового уровня за два года?

Функции PT NGFWPT NGFW от Positive TechnologiesВ пресс-релизе по случаю запуска PT NGFW в эксплуатацию сообщалось, что он относится к продуктам мирового класса.

Комплектация старшей модели PT NGFW 3040Результаты практических испытания PT NGFW в Jet InfosystemsПеред тем как вывести новый продукт на рынок, были проведены независимые нагрузочные испытания PT NGFW.

Виртуальные контексты PT NGFWАрхитектурная модель PT NGFW позволяет получить «из коробки» механизм, которому присвоено название «виртуальные контексты».

Речь идёт о создании логических межсетевых экранов, позволяющих разделить физически одно устройство NGFW на несколько логических NGFW с независимым управлением каждым.

Заявленный уро…

2 weeks назад @ anti-malware.ru
Как грамотно внедрить средства защиты мобильных и веб-приложений
Как грамотно внедрить средства защиты мобильных и веб-приложений Как грамотно внедрить средства защиты мобильных и веб-приложений

В студии AM Live эксперты обсудили причины успеха кибератак на веб-приложения, поговорили о том, как спроектировать защиту с учётом специфики организации, грамотно провести внедрение и протестировать качество защиты мобильных и веб-приложений.

По словам Владимира Зайцева, заказчики иногда подходят к безопасности не как к процессу, а как к отдельным проблемам, которые достаточно решить один раз.

Зрители эфира AM Live считают, что в организации защиты веб-приложений чрезвычайно опасно отсутствие базовых средств защиты (anti-DDoS, WAF) (41 %) и регулярных обновлений и патчей ПО (39 %).

Даже если приобрести средства защиты на все случаи жизни и идеально всё настроить, злоумышленник всё равно мо…

2 weeks, 2 days назад @ anti-malware.ru
Чем полезен и чем грозит цифровой рубль российской экономике и гражданам
Чем полезен и чем грозит цифровой рубль российской экономике и гражданам Чем полезен и чем грозит цифровой рубль российской экономике и гражданам

С точки зрения Банка России, она обеспечит максимальную доступность цифрового рубля для граждан и бизнеса, а также поможет значительно снизить издержки обращения.

Примерно столько же респондентов вовсе не понимают смысл цифровой валюты и не знают, как её использовать.

Государство сможет отслеживать движение средств и узнавать, как они были получены и на что потрачены.

В случае успешного взлома они получат доступ не только к активам, но и к базе с конфиденциальной информацией граждан и компаний.

Системные сбои и кибератаки способны уничтожить код, а значит, и цифровой рубль, что приведёт к невозможности совершать платежи и финансовым потерям.

2 weeks, 3 days назад @ anti-malware.ru
Как надёжно защитить мобильные и веб-приложения: технологии и лучшие практики
Как надёжно защитить мобильные и веб-приложения: технологии и лучшие практики Как надёжно защитить мобильные и веб-приложения: технологии и лучшие практики

Поскольку приложения упрощают доступ к информации, услугам и развлечениям, пользователи могут взаимодействовать с компанией в любое время и в любом месте.

Павел Трещёв рассказал про ковровые и веерные атаки: и те и другие направлены на диапазон адресов конкретных провайдеров.

Это вынуждает вводить определённые требования к средствам защиты, в том числе WAF, от которого теперь во многом зависит безопасность.

Илья Шабанов подытожил, что не все API Security решения одинаковы, они могут сильно различаться и нужно смотреть на их структуру и функционал.

Для них нужно делать патч-менеджмент, вендорские и сторонние решения, и в этих случаях всё равно нужен WAF.

2 weeks, 3 days назад @ anti-malware.ru
ИБ для подключённых автомобилей: что не поделили США и Россия/Китай (часть 1)
ИБ для подключённых автомобилей: что не поделили США и Россия/Китай (часть 1) ИБ для подключённых автомобилей: что не поделили США и Россия/Китай (часть 1)

В 2015 году в Kaspersky появилось подразделение, занимающееся ИБ для подключённых автомобилей.

Если прежде безопасность ограничивалась только вопросами уверенного вождения и блокировки доступа к автомобилю, то теперь это полноценное направление ИБ для подключённых автомобилей.

Информационные потоки во внутренней сети современного автомобиляКонцепция подключённого автомобиляПочему США проявляют такое пристальное внимание к технологиям для подключённых автомобилей?

Уровни автоматизации для подключённых автомобилейПрежде чем рассказать о безопасности подключённых автомобилей, представим описание новой архитектуры в целом.

Допустимо ли использовать MITRE ATT&CK для оценки рисков для подключённы…

2 weeks, 4 days назад @ anti-malware.ru
DeepSeek: насколько хорош китайский убийца ChatGPT в деле
DeepSeek: насколько хорош китайский убийца ChatGPT в деле DeepSeek: насколько хорош китайский убийца ChatGPT в деле

Кибератака и проблемы с регистрациейЕстественно, при таком ажиотаже появилось много желающих попробовать DeepSeek в деле (я в их числе), но всё оказалось не так-то просто.

К сожалению, я быстро убедился в том, что DeepSeek столь же плохо справляется с парсингом новостей, как и ChatGPT.

Мой вердикт прост: DeepSeek и ChatGPT неспособны справиться с этой задачей и вряд ли будут способны в ближайшем будущем.

Математические способностиАх, как бы хотелось просто «залить» в ChatGPT или DeepSeek всю свою бухгалтерию, домашнее задание по физике или финансовую статистику.

Неправильное решение задачиХотя DeepSeek и ChatGPT могут эффективно обрабатывать и анализировать данные, их способность к абстракт…

3 weeks назад @ anti-malware.ru
Есть все предпосылки для роста числа сбоев в работе ИТ-инфраструктуры
Есть все предпосылки для роста числа сбоев в работе ИТ-инфраструктуры Есть все предпосылки для роста числа сбоев в работе ИТ-инфраструктуры

Количество сбоев информационных систем растёт как в мире, так и в России.

В России, как показало исследование Monq Digital Lab, количество сбоев по итогам 2024 года выросло на 22 % в годовом выражении.

В исследовании Monq Digital Lab основной причиной сбоев назвали, с одной стороны, проблемы с техническим обслуживанием зарубежного оборудования и ПО, и, с другой, недостаточную отладку отечественных аналогов.

Это связано с тем, что заменить зарубежное оборудование и ПО, в том числе от компаний, которые ушли с российского рынка, часто нечем.

Сайт оператора «Миранда-медиа» в момент атаки в мае-июне 2023 годаВ марте 2024 года злоумышленники воспользовались уязвимостью в не пропатченной вовремя V…

3 weeks, 1 day назад @ anti-malware.ru
Хабр: ИБ Хабр: ИБ
последний пост 7 часов назад
Ретроспектива по VPN: обзор развития технологии от 80-х годов до наших дней
Ретроспектива по VPN: обзор развития технологии от 80-х годов до наших дней Ретроспектива по VPN: обзор развития технологии от 80-х годов до наших дней

В этом лонгриде я попытался погрузиться в тему и проследить, как VPN развивался и менялся на протяжении последних 30 лет.

Именно в это время, в ответ на запрос на обеспечения безопасных соединений, стали появляться первые VPN-протоколы.

Так, специалисты AT&T Bell Laboratories смогли инкапсулировать целый пакет IPv4, зашифровать его и поместить внутрь другого пакета IPv4.

Эти угрозы стали обычным явлением в 2000-х годах и и актуальны по сей день.

Благодаря появлению доступных смартфонов, пользователи стали взаимодействовать цифровыми сервисами не только дома за ПК, но и буквально в любом месте и в любое время суток.

7 часов назад @ habr.com
Разбираемся в способах злоупотребления ssh.exe на Windows
Разбираемся в способах злоупотребления ssh.exe на Windows Разбираемся в способах злоупотребления ssh.exe на Windows

В этой статье я сфокусировался на изучении способов злоупотребления ssh.exe в Windows-средах, предложил варианты детектирования и собрал гипотезы для периодических проверок.

*/Результат выполнения запроса:Использование ssh.exe для исполнения локальных команд на Windows-хосте после успешного исходящего SSH-подключенияЕще один интересный параметр при использовании ssh.exe — LocalCommand .

*/ AND cmdline:"LocalCommandРезультат выполнения запроса:Использование параметра ProxyCommand исполняемого файла ssh.exe для выполнения командДля ssh.exe также есть варианты применения в проекте LOLBAS.

*/Результат выполнения запроса:Запуск процесса ssh.exe с помощью подозрительного ярлыкаВ результате все ра…

8 часов назад @ habr.com
Конфигуратор. Связываем хосты в единую инфраструктуру, используя функциональность Ansible inventory
Конфигуратор. Связываем хосты в единую инфраструктуру, используя функциональность Ansible inventory Конфигуратор. Связываем хосты в единую инфраструктуру, используя функциональность Ansible inventory

В предыдущей статье я показывал, как мы формируем сети и располагаем в них хосты, используя Ansible inventory.

К примеру: развернуть Ubuntu 22 и GitLab 16.11.10 только указав для хоста имя A-service и версию вложенного приложения, в данном случае Gitlab.

Пример настройки хоста:all: vars: domain: 'zu.stf' children: subnet_srv: vars: external_router: router1 cidrip: 10.125.0.225/27 hosts: gitlab: number_in_subnet: 6 # dns: 'bind' # dc: 'dc' servicename: gitlab serviceversion: "16.11.10"Основное: смотрим, какой A-service нужно запустить, по названию переменной servicename.

Из переменной dc получаем имя хоста — dc.

Артефактные переменныеПри развертывании сервисов могут оставаться артефакты: пер…

8 часов назад @ habr.com
[Перевод] Перехват данных из libpam (аутентификация в OpenSSH, passwd) с помощью Golang и eBPF
[Перевод] Перехват данных из libpam (аутентификация в OpenSSH, passwd) с помощью Golang и eBPF [Перевод] Перехват данных из libpam (аутентификация в OpenSSH, passwd) с помощью Golang и eBPF

В огромном и сложном мире информационной безопасности защита конфиденциальной информации остаётся важной задачей как для разработчиков, так и для безопасников.

Программы eBPF пишутся на ограниченном подмножестве C, компилируются в байт-код и выполняются в защищённой среде ядра Linux.

Он взаимодействует с ядром и пользовательским пространством через мапы (структуры данных для хранения состояния) и типы программ (определяющие, что может делать программа eBPF).

Сочетание uprobes и eBPF создаёт мощный механизм для анализа и мониторинга поведения системы и приложений в реальном времени.

В нём мы рассмотрим, как с помощью Go загружать eBPF-программу, подключать uprobes, читать данные из BPF-мапы …

9 часов назад @ habr.com
Мошенники любят QR-коды: разбираем кейсы, изучаем устройство подделок и делаем выводы
Мошенники любят QR-коды: разбираем кейсы, изучаем устройство подделок и делаем выводы Мошенники любят QR-коды: разбираем кейсы, изучаем устройство подделок и делаем выводы

К 2025 году мошенники превратили QR-коды в инструмент массового обмана.

Давайте разберемся, как QR-коды из удобного инструмента превратились в актуальную угрозу, как устроено такое мошенничество с технической точки зрения и что говорит статистика.

QR-коды — это не только инструмент для быстрой навигации, но и любимая игрушка мошенников.

Антивирусы обычно работают на основе сигнатур и поведенческого анализа, что позволяет им обнаруживать вредоносные файлы и программы на устройстве.

Большинство обывателей не знают о возможных угрозах при использовании QR-кодов и не понимают важности проверки источников перед сканированием.

9 часов назад @ habr.com
От пользовательского пути к защищённым системам: как UX / UI влияет на кибербезопасность
От пользовательского пути к защищённым системам: как UX / UI влияет на кибербезопасность От пользовательского пути к защищённым системам: как UX / UI влияет на кибербезопасность

Человеческий мозг устроен так, чтобы экономить усилия: мы привыкли доверять знакомым интерфейсам, делать привычные действия автоматически и не вчитываться в мелкий текст.

Пользователь думает, что нажимает на кнопку «Воспроизвести видео» или «Лайкнуть пост», но на самом деле активирует скрытую функцию: подписку на спам, передачу данных или запуск вредоносного кода.

Один из классических примеров — поддельные кнопки на веб-сайтах, которые на вид безобидны, но приводят к подписке на платные услуги.

Cursorjacking (подмена курсора): Эта техника изменяет положение курсора на экране таким образом, что пользователь думает, что совершает одно действие, но на самом деле выполняет другое.

Будьте внимат…

10 часов назад @ habr.com
Экспорт ключей TLS: зачем, почему и как реализовать с Go
Экспорт ключей TLS: зачем, почему и как реализовать с Go Экспорт ключей TLS: зачем, почему и как реализовать с Go

Задача: наш сервис обращается к внешнему сервису по HTTPS, хотелось бы записать дамп трафика и посмотреть, - при помощи Wireshark/tshark, например, - какие запросы и как ходят.

В TLS для защиты трафика в рамках сессии используются симметричные шифры и набор симметричных ключей (ключи согласовываются сторонам на начальном этапе соединения; обычно, по протоколу Диффи-Хеллмана).

Впрочем, в TLS 1.3 для зашифрования сертификатов и зашифрования прикладного трафика используются разные ключи и это влияет на содержание файла сессионных ключей.

Этот файл имеет стандартный формат (KeyLog), но если для TLS версий до 1.3 секрет будет один для сессии, то для TLS 1.3 разные секреты соответствуют разным эт…

21 час назад @ habr.com
Вашей компании нужен этот сотрудник: объясняю, почему в 2025 нельзя не назначить ответственного за работу с ПД
Вашей компании нужен этот сотрудник: объясняю, почему в 2025 нельзя не назначить ответственного за работу с ПД Вашей компании нужен этот сотрудник: объясняю, почему в 2025 нельзя не назначить ответственного за работу с ПД

Зачем обучать сотрудников работать с персональными даннымиСогласно ФЗ «О персональных данных» оператор персональных данных обязан назначить ответственного за обработку персональных данных.

Так делать нельзя, поскольку ответственный за обработку персональных данных может быть только один.

Кто может стать ответственным за работу компании с ПДФункции ответственного за обработку персональных данных разрешено совмещать с другой должностью.

Если в компании все загружены донельзя или все наотрез отказываются брать на себя функции ответственного за работу с ПД, то можно привлечь в качестве ответственного за обработку ПД другое юридическое лицо: закон позволяет это делать.

В законе нет поблажек для …

23 часа назад @ habr.com
Я так устал вводить логин и пароль
Я так устал вводить логин и пароль Я так устал вводить логин и пароль

Одна из них — срок жизни авторизации в приложениях.

Отрицательных примеров гораздо, гораздо больше:Headhunter : не измерял срок жизни авторизации, но сброс происходит достаточно часто, чтобы это действовало на нервы.

Что такого ценного в аккаунте Headhunter оправдывает сброс авторизации раз в несколько недель?

Более того, каждый раз сбрасывается не только токен, но и пароль.

И одна из них — бессмысленная трата времени на бесконечные вводы логина и пароля там, где без этого можно было бы обойтись.

1 day, 3 hours назад @ habr.com
Теория большого пентеста
Теория большого пентеста Теория большого пентеста

В среднем компания тратит на разрешение инцидентов по информационной безопасности от 20 и более млн рублей в год.

Основная цель пентеста не просто найти те самые уязвимости, но и составить рекомендации для их дальнейшего устранения.

Во-первых, для выявления уязвимостей и недостатков в приложениях, сервисах, системах и процессах.

В-четвертых, для написания рекомендаций по устранению уязвимостей и повышению уровня защищенности.

А можно податься и на внешнюю платформу Bug Bounty – это достаточно эффективный способ выявления уязвимостей, поскольку их поиском может заниматься большое количество независимых исследователей.

1 day, 6 hours назад @ habr.com
[Перевод] Just Gopher It: Превращение слепого SSRF в RCE за 15 000 $ — Yahoo Mail
[Перевод] Just Gopher It: Превращение слепого SSRF в RCE за 15 000 $ — Yahoo Mail [Перевод] Just Gopher It: Превращение слепого SSRF в RCE за 15 000 $ — Yahoo Mail

Я был рад, что его триажировали, но понимал, что воздействие низкое, и, скорее всего, я не получу от этого ничего значительного.

SSRF всё ещё оставался и не был исправлен, поэтому я решил провести дополнительные исследования, чтобы попытаться раскрутить уязвимость.

В процессе исследований я узнал, что протокол Gopher является отличным способом для эскалации SSRF, и в некоторых случаях это может привести к полному удалённому выполнению кода (RCE).

Я запустил команду whoami, чтобы убедиться, что у меня действительно есть RCE (и я был root!

В итоге я получил выплату в размере $15,000 за это обнаружение, а также несколько приятных комплиментов от The Paranoids!

1 day, 7 hours назад @ habr.com
Хьюстон, у нас проблема, или Чего не договаривают производители HDD
Хьюстон, у нас проблема, или Чего не договаривают производители HDD Хьюстон, у нас проблема, или Чего не договаривают производители HDD

Кроме того, весь сетевой трафик сессии сохраняется в хранилище в неизменном виде.

И теоретическая скорость записи в этот массив должна достигать 255 MБ/с × 6, то есть приблизительно 1,5 ГБ/с.

При этом в самом конце емкости RAID скорость записи в два раза меньше, чем в начале.

Если вам нужно писать поток данных с ротацией и без потерь, то скорость потока данных не должна превышать минимальную скорость записи.

Нашу задачу по записи больших объемов трафика мы если не решили, то нашли источник проблемы, а это уже главное.

1 day, 7 hours назад @ habr.com
Гигиена в социальных сетях
Гигиена в социальных сетях Гигиена в социальных сетях

Решили продолжить тему и на этот раз поговорить о гигиене в соцсетях — полезно напомнить о важных деталях, которым мы не всегда уделяем достаточно внимания.

Например, в социальной сети вам может прийти сообщение с просьбой забронировать столик в ресторане:Далее мы подробно рассмотрим, с помощью каких инструментов можно обезопасить себя и свои данные в соцсетях.

Методы защитыИспользуйте надежные паролиСоздание сильного пароля — один из ключевых аспектов безопасности в социальных сетях и на всех онлайн-площадках.

В Telegram для активации 2FA перейдите в «Настройки», затем в раздел «Конфиденциальность и безопасность» и выберите «Двухэтапная аутентификация».

ЗаключениеГигиена в социальных сетях…

1 day, 10 hours назад @ habr.com
[Перевод] Отладка приложения, которое не хочет, чтобы его отлаживали
[Перевод] Отладка приложения, которое не хочет, чтобы его отлаживали [Перевод] Отладка приложения, которое не хочет, чтобы его отлаживали

Оказалось, функции приложения намного интереснее, чем у обычного старого приложения Widget, но это уже тема для отдельного поста!

Но мы до этого доберёмся!Мы не можем подключить отладчик из-за функции— это приватный API в iOS, но в macOS этот API публичный, то есть мы можем легко найти его документацию очень крута, благодаря ей работает основная функциональность отладки.

Мы передаём всё это в регистрах споДалее нам нужно сообщить ядру, какой системный вызов мы хотим выполнить.

Но на этот раз мы установим контрольную точку на адресах, в которых выполняются эти системные вызовы.

Телефон с джейлбрейком сильно упрощает это — можно инъецировать фреймворки в приложение при помощи утилиты джейлбре…

2 days, 5 hours назад @ habr.com
IPFIX с точки зрения информационной безопасности
IPFIX с точки зрения информационной безопасности IPFIX с точки зрения информационной безопасности

NetFlow и IPFIX – это протоколы для сбора и анализа сетевого трафика, используемые для мониторинга, обеспечения безопасности и оптимизации работы сети.

protocolIdentifier (IPFIX ID 4) – номер протокола (например, TCP = 6, UDP = 17, ICMP = 1).

Выявление подозрительных соединений и вредоносного трафика С помощью IPFIX можно анализировать сетевой трафик на предмет подозрительных соединений и вредоносной активности.

Под этим подразумеваются: Определение необычных соединений – выявление трафика с неизвестных или редко используемых IP-адресов, нестандартных портов, внезапного увеличения количества соединений с определёнными узлами.

Анализируя поля с IP-адресами и портами, можно выявить аномальное…

2 days, 5 hours назад @ habr.com
Хакер Хакер
последний пост 28 минут назад
РКН принудительно внес Cloudflare в реестр организаторов распространения информации
РКН принудительно внес Cloudflare в реестр организаторов распространения информации РКН принудительно внес Cloudflare в реестр организаторов распространения информации

Роскомнадзор принудительно включил компанию Cloudflare в реестр организаторов распространения информации (ОРИ).

Это произошло после двух вступивших в силу штрафов, связанных с отказом Cloudflare уведомить ведомство о начале работы в качестве ОРИ.

«В связи тем, что вступившим в силу постановлением суда установлен факт повторного неисполнения обязанности по представлению в Роскомнадзор уведомления о начале осуществления деятельности в качестве ОРИ, компания Cloudflare, Inc. 19 февраля 2025 года принудительно включена в реестр ОРИ», — заявили в РКН.

Со дня получения требования компания обязана в течение 10 рабочих дней уведомить ведомство о начале деятельности в качестве ОРИ.

10.1 Федерального…

28 минут назад @ xakep.ru
Злостная эксплуатация. Используем Angr, чтобы найти Buffer Overflow
Злостная эксплуатация. Используем Angr, чтобы найти Buffer Overflow Злостная эксплуатация. Используем Angr, чтобы найти Buffer Overflow

Наша задача — перепол­нить буфер таким обра­зом, что­бы передать управле­ние в фун­кцию win .

unconstrained [ 0 ] if is_fully_symbolic_pc ( solution_state ) : solution_state .

Для удобс­тва исполь­зуем pwntools:from pwn import * p = process ( ' ./ exp2_32 ' ) buff = b ' \ x00 ' * 44 + b ' \ x96\ x91\ x04\ x08 ' p . sendline ( buff ) print ( p . recv () )И получа­ем дол­гождан­ный резуль­тат.

$ python test_exp2.py [+] Starting local process './exp2_32': pid 9178 [+] Starting local process './exp2_32': pid 9178 b'overflow me : Win!'

[*] Stopped process './exp2_32' (pid 9178) [*] Stopped process './exp2_32' (pid 9178)Пишем анализатор VEX

2 часа назад @ xakep.ru
Призрачный тап. Как фишеры штампуют ворованные карты через Apple и Google Pay
Призрачный тап. Как фишеры штампуют ворованные карты через Apple и Google Pay Призрачный тап. Как фишеры штампуют ворованные карты через Apple и Google Pay

Теперь укра­ден­ные дан­ные карт прев­раща­ются в мобиль­ные кошель­ки, с которы­ми мож­но шопить­ся не толь­ко онлайн, но и в обыч­ных магази­нах.

Кардинг 2.0Форд Мер­рилл, спе­циалист по безопас­ности из SecAlliance (доч­ка CSIS Security Group), уже дав­но копа­ет тему китай­ских «сми­шеров» и наб­люда­ет за их эво­люци­ей.

Мер­рилл обна­ружил еще один ковар­ный апгрейд в китай­ских фишин­говых китах — они авто­мати­чес­ки прев­раща­ют укра­ден­ные дан­ные карт в циф­ровые копии нас­тоящих.

Най­дя дру­гую уяз­вимость в их фишин­говом ките, Смит смог уви­деть, что через 1133 фей­ковых сай­та прош­ло 438 669 уни­каль­ных кре­дит­ных карт — в сред­нем 387 карт на домен.

Ну и конеч­но, Apple …

4 часа назад @ xakep.ru
PhaaS-платформа Darcula создает фишинговые наборы под любой бренд
PhaaS-платформа Darcula создает фишинговые наборы под любой бренд PhaaS-платформа Darcula создает фишинговые наборы под любой бренд

Фишинговая платформа Darcula готовится к выпуску третьего крупного обновления, одной из главных особенностей которого станет возможность создания фишинговых DIY-наборов для атак на любой бренд.

Специалисты компании Netcraft рассказали, что в предстоящем релизе будут сняты ограничения по масштабам таргетинга.

Напомним, что эксперты впервые подробно описали Darcula в прошлом году.

Затем этот набор загружается в панель администратора Darcula, откуда можно осуществлять централизованное управление, кражу данных в режиме реального времени и отслеживать эффективность кампании.

Отмечается, что Telegram-каналы, связанные с Darcula, уже продвигают продажу одноразовых телефонов, к которым привязано до…

5 часов назад @ xakep.ru
Microsoft исправила находившуюся под атаками уязвимость в Power Pages
Microsoft исправила находившуюся под атаками уязвимость в Power Pages Microsoft исправила находившуюся под атаками уязвимость в Power Pages

Компания Microsoft устранила серьезную уязвимость повышения привилегий в Power Pages, которую хакеры уже использовали в качестве 0-day.

Уязвимость получила идентификатор CVE-2025-24989 (8,2 балла по шкале CVSS) и представляет собой проблему некорректного контроля доступа в Power Pages.

Поскольку CVE-2025-24989 представляет собой проблему повышения привилегий, следует также тщательно изучить списки пользователей и особенно тщательно проверить администраторов и пользователей с высокими привилегиями.

Поскольку Power Pages является облачным сервисом, эксплуатация явно происходила удаленно.

Помимо недостатка в Power Pages, на этой неделе Microsoft также устранила уязвимость удаленного выполнения…

7 часов назад @ xakep.ru
В сеть слили внутренние чаты вымогательской хак-группы Black Basta
В сеть слили внутренние чаты вымогательской хак-группы Black Basta В сеть слили внутренние чаты вымогательской хак-группы Black Basta

В сети опубликован архив логов из внутреннего чата Matrix, где якобы общались операторы вымогательского Black Basta.

— 11 февраля 2025 года произошла крупная утечка, в результате которой были раскрыты логи внутренних чатов Black Basta в Matrix.

Напомним, что Black Basta активна с апреля 2022 года и работает по схеме Ransomware-as-a-Service («Вымогатель-как-услуга», RaaS).

ИБ-специалисты полагают, что Black Basta является ребрендингом известной хак-группы Conti: на это указывают сходства используемых техник хакеров и стилей ведения переговоров.

По данным Агентства по кибербезопасности и защите инфраструктуры США (CISA) и ФБР, в период с апреля 2022 года по май 2024 года операторы Black Basta…

9 часов назад @ xakep.ru
Успей заказать второй бумажный спецвыпуск «Хакера»
Успей заказать второй бумажный спецвыпуск «Хакера» Успей заказать второй бумажный спецвыпуск «Хакера»

На нашем складе почти закончился тираж второго бумажного спецвыпуска «Хакера», в котором собраны лучшие статьи за 2017–2019 годы с комментариями от авторов и редакторов.

Все статьи сопровождаются уникальными комментариями авторов и редакторов, которые позволят заглянуть за кулисы создания материалов и узнать больше о жизни редакции «Хакера» в те годы.

Цена и доставкаКаждый журнал упакован в термоусадочную пленку, надежный картонный конверт и уже готов к отправке.

Третий спецвыпускМы уже работаем над третьим спецвыпуском, в который войдут лучшие статьи «Хакера» 2019–2021 годов.

Оформив заказ сейчас, ты получишь третий спецвыпуск одним из первых и всего за 1000 рублей (без учета почтовых расх…

10 часов назад @ xakep.ru
Фишеры злоупотребляют функцией привязки устройств в Signal
Фишеры злоупотребляют функцией привязки устройств в Signal Фишеры злоупотребляют функцией привязки устройств в Signal

Аналитики Google Threat Intelligence Group предупредили, что хакеры используют легитимную функцию «Привязанные устройства» (Linked Devices) в Signal для получения несанкционированного доступа к чужим аккаунтам.

В более масштабных кампаниях злоумышленники маскировали вредоносные QR-коды под легитимные ресурсы приложений (например, приглашения в группу Signal) или инструкции по сопряжению устройств с официального сайта Signal.

«В ходе этих операций группа UNC5792 размещала модифицированные приглашения в группы Signal в контролируемой ей инфраструктуре.

В поддельных приглашениях легитимный JavaScript-код редиректа был заменен на вредоносный блок, включающий URI Signal для привязки нового устро…

22 часа назад @ xakep.ru
Замечен новый способ обфускации JavaScript через невидимые символы Unicode
Замечен новый способ обфускации JavaScript через невидимые символы Unicode Замечен новый способ обфускации JavaScript через невидимые символы Unicode

Специалисты Juniper Threat Labs обнаружили новый метод обфускации JavaScript, использующий невидимые символы Unicode.

В полезной нагрузке JavaScript каждый ASCII-символ преобразуется в 8-битное двоичное представление, а двоичные значения (единицы и нули) заменяются на невидимые символы хангыля.

При обращении к скрытому свойству прокси конвертирует невидимые символы-заполнители хангыля обратно в двоичный код и восстанавливает исходный JavaScript.

Кроме того, злоумышленники используют дополнительные методы для маскировки, в том числе кодирование скрипта в base64 и антиотладку для уклонения от анализа.

Если эта связь подтвердится, скорее всего, в будущем этот метод обфускации будет применяться…

23 часа назад @ xakep.ru
Крутые запросы. Как правильно просить Stable Diffusion нарисовать картинку
Крутые запросы. Как правильно просить Stable Diffusion нарисовать картинку Крутые запросы. Как правильно просить Stable Diffusion нарисовать картинку

Чес­тно говоря, понять, чего хочет воп­роша­ющий, я не смог; мне приш­лось при­бег­нуть к помощи ChatGPT, что­бы тот рас­шифро­вал зап­рос.

В слу­чае с SDXL подоб­ный зап­рос не то что­бы сов­сем не сра­бота­ет, но не сра­бота­ет так, как надо.

Здесь мы подош­ли к кон­цепции context bleeding, «утеч­ки кон­тек­ста»: модель не в сос­тоянии однознач­но атри­бути­ровать задан­ные свой­ства кон­крет­ному объ­екту в кад­ре.

На скрин­шоте выше вид­но, что зап­рос сос­тоит из 131 токена, которые будут раз­биты на две оче­реди по 75 токенов каж­дая.

Один из вари­антов — раз­бить зап­рос на нес­коль­ко оче­редей опе­рато­ром BREAK.

1 day, 4 hours назад @ xakep.ru
ГК «Солар»: за год количество атак на финансовый сектор выросло на треть
ГК «Солар»: за год количество атак на финансовый сектор выросло на треть ГК «Солар»: за год количество атак на финансовый сектор выросло на треть

Специалисты центра противодействия кибератакам Solar JSOC ГК «Солар» подсчитали, что количество кибератак на финансовый сектор за прошедший год выросло на треть и достигло 9000 подтвержденных инцидентов.

По данным исследователей, наибольшую угрозу для отрасли представляют попытки сканирования внутренней сети в целях киберразведки, эксплуатация уязвимостей и заражение вредоносным ПО.

Уязвимости используются злоумышленниками на всех этапах развития атаки: при попытках взлома, при боковом продвижении по сети и повышении привилегий на хосте, при попытках компрометации систем банка внутри инфраструктуры.

По словам исследователей, наибольшую угрозу для отрасли представляют инструменты удаленного …

1 day, 5 hours назад @ xakep.ru
Xerox патчит уязвимости в устройствах Versalink
Xerox патчит уязвимости в устройствах Versalink Xerox патчит уязвимости в устройствах Versalink

Уязвимости в многофункциональных принтерах Xerox VersaLink позволяют извлечь аутентификационные учетные данные с помощью атак типа pass-back, нацеленных на службы LDAP и SMB/FTP.

Как сообщают эксперты Rapid7, в all-in-one принтерах корпоративного класса были обнаружены две уязвимости (CVE-2024-12510 и CVE-2024-12511), и компания Xerox уже выпустила обновления для их устранения.

Это означает, что в дальнейшем он получит возможность перемещаться в среде организации и компрометировать другие критически важные серверы и файловые системы Windows».

Однако для этого злоумышленнику нужно получить доступ к странице конфигурации LDAP, и чтобы LDAP использовался для аутентификации.

Баги были устранены…

1 day, 7 hours назад @ xakep.ru
FrigidStealer атакует пользователей macOS через фальшивые обновления
FrigidStealer атакует пользователей macOS через фальшивые обновления FrigidStealer атакует пользователей macOS через фальшивые обновления

Аналитики из компании Proofpoint обнаружили новый инфостилер FrigidStealer, нацеленный на пользователей macOS.

Вредонос распространяется через взломанные сайты и маскируется под обновление для браузера, вынуждая пользователей вручную запустить полезную нагрузку.

Злоумышленники работают сообща: TA2726 выступает в роли распространителя трафика и посредника, а TA2727 — в роли распространителя малвари.

TA2727 — финансово мотивированная хак-группа, впервые выявленная в январе 2025 года, которая использует в своих атаках стилер Lumma для Windows, банкер Marcher для Android и FrigidStealer для macOS.

Так, пользователи Windows получают установщик MSI, который загружает стилер Lumma или DeerStealer,…

1 day, 9 hours назад @ xakep.ru
МТС усмотрела риски нарушения тайны связи в проекте Роскомнадзора
МТС усмотрела риски нарушения тайны связи в проекте Роскомнадзора МТС усмотрела риски нарушения тайны связи в проекте Роскомнадзора

Документ разработан в рамках реализации федерального закона №216-ФЗ и вносит изменения в закон «Об информации, информационных технологиях и защите информации» и в отдельные законодательные акты.

Об изменениях в этой информации оператор должен будет сообщать в РКН в течение одного дня через электронную почту или личный кабинет на сайте ведомства.

Затраты на выполнение этих требований в Роскомнадзоре оценивают в 389 млн рублей в год, или 2,3 млрд рублей за шесть лет.

Также ранее в РКН объясняли, что изменения нужны «в целях противодействия компьютерным атакам, в том числе DDoS-атакам».

— Оценить финансовые затраты на указанные мероприятия в настоящее время не представляется возможным, в том ч…

1 day, 23 hours назад @ xakep.ru
Соцсеть X блокирует ссылки на Signal
Соцсеть X блокирует ссылки на Signal Соцсеть X блокирует ссылки на Signal

«Похоже, это произошло совсем недавно, поскольку ранее пользователи могли размещать ссылки на Signal.me в публичных сообщениях и в биографии профиля.

Более того, контактные ссылки других сервисов обмена сообщениями (например, Telegram) по-прежнему можно публиковать в X в обычном режиме.

Ссылки на Signal.me, которые были размещены в X ранее, по-прежнему доступны.

ИБ-эксперт Томми Мыск (Tommy Mysk) предполагает, что блокировка ссылок на Signal.me может иметь те же причины, что и запрет публикации ссылок на Mastodon, введенный в X ранее.

То есть, вероятно, блокировка ссылок на Signal.me в X имеет политические причины.

2 days назад @ xakep.ru
In English 🇺🇸
The Hacker News The Hacker News
последний пост 1 час назад
Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands
Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands

Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data.

ADP for iCloud is an optional setting that ensures that users' trusted devices retain sole access to the encryption keys used to unlock data stored in its cloud.

This includes iCloud Backup, Photos, Notes, Reminders, Safari Bookmarks, voice memos, and data associated with its own apps.

"ADP protects iCloud data with end-to-end encryption, which means the data can only be decrypted by the user who owns it, and only on their trusted devices."

The unprecedented development comes merely weeks after reports …

1 час назад @ thehackernews.com
Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations
Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations Data Leak Exposes TopSec's Role in China’s Censorship-as-a-Service Operations

An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country.

The data leak contains infrastructure details and work logs from employees, as well as references to web content monitoring services used to enforce censorship for public and private sector customers.

Present among the data leak is a contract for a "Cloud Monitoring Service Project" announced by the Shanghai Public Security Bureau in September 2024.

Specifically, the platform has been designed to look for the presence of hidden links in web content, along with those containing …

2 часа назад @ thehackernews.com
Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3
Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3 Cybercriminals Can Now Clone Any Brand’s Site in Minutes Using Darcula PhaaS v3

The latest iteration of the phishing suite "represents a significant shift in criminal capabilities, reducing the barrier to entry for bad actors to target any brand with complex, customizable phishing campaigns," Netcraft said in a new analysis.

The cybersecurity company said it has detected and blocked more than 95,000 new Darcula phishing domains, nearly 31,000 IP addresses, and taken down more than 20,000 fraudulent websites since it was first exposed in late March 2024.

The biggest change incorporated into Darcula is the ability for any user to generate a phishing kit for any brand in an on-demand fashion.

Using darcula-suite, you can complete the production of a front-end in 10 minute…

5 часов назад @ thehackernews.com
Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025 Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025

Join us for "Building Resilient Identity: Reducing Security Debt in 2025" and discover smart, actionable strategies to protect your business against modern cyber threats.

This webinar offers you a chance to cut through the complexity of identity security with clear, practical solutions.

What You'll Learn:Spot Hidden Risks: Uncover how weaknesses in identity security can lead to significant breaches and extra costs.

Uncover how weaknesses in identity security can lead to significant breaches and extra costs.

This is a must-attend event for anyone serious about making informed decisions and building a robust, resilient identity security framework.

6 часов назад @ thehackernews.com
AI-Powered Deception is a Menace to Our Societies
AI-Powered Deception is a Menace to Our Societies AI-Powered Deception is a Menace to Our Societies

Of course, with social media and the online world there are few physical limits on reach, apart from where someone’s internet connection drops.

This article explores what this means for societies and organizations facing AI-powered information manipulation and deception.

The rise of the echo chamberAccording to the Pew Research Center, around one-in-five Americans get their news from social media.

With fewer restrictions, social media platforms can focus on serving up content that their users like, want, and react to.

Fact-checkers may be able to attach follow-ups to fake social media posts.

7 часов назад @ thehackernews.com
Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks

"In addition, we have observed the threat actor capturing SNMP, TACACS, and RADIUS traffic, including the secret keys used between network devices and TACACS/RADIUS servers," Talos noted.

Another noteworthy behavior exhibited by Salt Typhoon entails leveraging living-off-the-land (LOTL) techniques on network devices, abusing the trusted infrastructure as pivot points to jump from one telecom to another.

Furthermore, Salt Typhoon has been spotted altering network configurations to create local accounts, enable Guest Shell access, and facilitate remote access via SSH.

The company said it also identified "additional pervasive targeting" of Cisco devices with exposed Smart Install (SMI), follow…

10 часов назад @ thehackernews.com
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks

The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5.

"Craft CMS contains a code injection vulnerability that allows for remote code execution as vulnerable versions have compromised user security keys," the agency said.

The vulnerability affects the following version of the software ->= 5.0.0-RC1, < 5.5.5>= 4.0.0-RC1, < 4.13.8In an advisory released on GitHub, Craft CMS noted that all unpatched versions of Craft with a compromised security key are impacted by the security defect.

"If you can't update to a patched version, then rotating your security key and ensuring its privacy will help to mitigate the issue," it noted.

It's currently…

10 часов назад @ thehackernews.com
North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware
North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware

Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret.

Other than coding tests, the bogus projects masquerade as cryptocurrency initiatives, games with blockchain functionality, and gambling apps with cryptocurrency features.

More often than not, the malicious code is embedded within a benign component in the form of a single line.

It's worth noting that the use of job interview decoys is a classic strategy adopted by various North Korean hacking groups, the most prominent of which is a long-running campaign dubbed Operation Dream Job.

"During our resear…

1 day, 4 hours назад @ thehackernews.com
Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware

The initial access afforded by exploitation of vulnerable Check Point instances is said to have allowed the threat actors to retrieve user credentials and to connect to the VPN using a legitimate account.

Like PlugX, ShadowPad is a privately sold malware that's exclusively used by Chinese espionage actors since at least 2015.

There is evidence to suggest that the threat actors attempted to exfiltrate data by accessing the file system and creating ZIP archives.

While the exact goals of the espionage-cum-ransomware campaign are unclear, it's suspected that the threat actors are looking to earn quick profits on the side.

"This could help explain the sophistication contrast between ShadowPad an…

1 day, 6 hours назад @ thehackernews.com
PCI DSS 4.0 Mandates DMARC By 31st March 2025
PCI DSS 4.0 Mandates DMARC By 31st March 2025 PCI DSS 4.0 Mandates DMARC By 31st March 2025

Organizations can sign up for a DMARC analyzer trial to stay ahead of PCI DSS 4.0 requirements today!

The PCI DSS 4.0 DMARC Compliance mandate comes at an ideal time with phishing emerging as the top attack vector representing 39% of incidents.

Consequences of Non-Compliance with PCI DSS DMARC RequirementsOrganizations, irrespective of size, must ensure compliance with PCI DSS 4.0 by configuring DMARC before the 31st of March 2025.

Offer DMARC-as-a-ServiceMSPs can help their clients achieve PCI DSS 4.0 compliance by offering DMARC implementation, monitoring, and management services.

By adding DMARC solutions to their service portfolio, MSPs can position themselves as the go-to PCI DSS 4.0 D…

1 day, 6 hours назад @ thehackernews.com
Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives
Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives

A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation.

"The distributed concrt140e.dll file is an encrypted payload that is decrypted during the attack process and injected into the legitimate file aspnet_wp.exe for execution," ASEC said.

"The injected malware, XLoader, steals sensitive information such as the user's PC and browser information, and performs various activities such as downloading additional malware."

A successor to the Formbook malware, XLoader was first detected in the wild in 2020.

"XLoader has introduced techniques that were previously obse…

1 day, 6 hours назад @ thehackernews.com
Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now
Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now

However, Microsoft has officially announced that support for Exchange Server 2016 and Exchange Server 2019 will end on October 14, 2025.

Important note: This end of support also applies to several related Microsoft products, including Microsoft Office 2016, Microsoft Office 2019, Outlook 2016, Outlook 2019, Skype for Business 2016, Skype for Business 2019, Skype for Business Server 2015 and Skype for Business Server 2019.

Upgrade to Exchange Server Subscription Edition (Exchange Server SE)Microsoft has announced Exchange Server Subscription Edition (Exchange Server SE), a new subscription-based version of Exchange for organizations that require an on-premises email solution.

Complex upgrade…

1 day, 8 hours назад @ thehackernews.com
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability
Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability

Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.

The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0It has been described as a case of improper privilege management that could result in authenticated privilege escalation if the NetScaler Console Agent is deployed and allows an attacker to execute post-compromise actions.

"The issue arises due to inadequate privilege management and could be exploited by an authenticated malicious actor to execute commands without additional aut…

1 day, 13 hours назад @ thehackernews.com
Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability
Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability

Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.

The vulnerabilities are listed below -CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability(CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability"Missing Authentication for Critical Function in Microsoft Bing allows an unauthorized attacker to execute code over a network," the tech giant said in an advisory for CVE-2025-21355.

"This vulnerability has already been mitigated in the…

1 day, 13 hours назад @ thehackernews.com
Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes
Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes

Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts.

As a result, future messages get delivered synchronously to both the victim and the threat actor in real-time, thereby granting threat actors a persistent way to eavesdrop on the victim's conversations.

These QR codes are known to masquerade as group invites, security alerts, or legitimate device pairing instructions from the Signal website.

Alternatively, the malicious device-linking QR codes have been found to be embedded in phishing pages that purport to be specialized applications used by the Ukrainian mili…

2 days, 1 hour назад @ thehackernews.com
threatpost threatpost
последний пост None
DarkReading
последний пост None
WeLiveSecurity
последний пост 1 day, 3 hours назад
Fake job offers target software developers with infostealers
Fake job offers target software developers with infostealers Fake job offers target software developers with infostealers

A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managersESET researchers have observed a malicious campaign where North Korea-aligned threat actors, posing as headhunters, target freelance software developers with info-stealing malware.

The activities – named DeceptiveDevelopment and going back to at least November 2023 – involve spearphishing messages that are being distributed on job-hunting and freelancing sites and ask the targets to take a coding test, with the files necessary for the task usually hosted on private repositories such as GitHub.

These files are lade…

1 day, 3 hours назад @ welivesecurity.com
DeceptiveDevelopment targets freelance developers
DeceptiveDevelopment targets freelance developers DeceptiveDevelopment targets freelance developers

Key points of this blogpost: DeceptiveDevelopment targets freelance software developers through spearphishing on job-hunting and freelancing sites, aiming to steal cryptocurrency wallets and login information from browsers and password managers.

However, while Operation DreamJob targeted defense and aerospace engineers, DeceptiveDevelopment reaches out to freelance software developers, often those involved in cryptocurrency projects.

VictimologyThe primary targets of this DeceptiveDevelopment campaign are software developers, mainly those involved in cryptocurrency and decentralized finance projects.

In addition to the connections between the GitHub profiles, the malware used in DeceptiveDe…

1 day, 8 hours назад @ welivesecurity.com
No, you’re not fired – but beware of job termination scams
No, you’re not fired – but beware of job termination scams No, you’re not fired – but beware of job termination scams

What do job termination scams look like?

At their simplest, job termination scams are a type of phishing attack designed to trick you into handing over your personal and financial information, or on clicking on a malicious link which could trigger a malware download.

Termination scams are effective because they exploit the credulity of human beings, creating a sense of dread among the victim, and instilling an urgent need for action.

How to spot a job termination scamAs with any phishing attack, there are a few warning signs which should flash red if such an email ends up in your inbox.

Staying safeTo ensure you don’t get caught out by job termination scams, understand the warning signs lis…

3 days, 8 hours назад @ welivesecurity.com
Katharine Hayhoe: The most important climate equation | Starmus highlights
Katharine Hayhoe: The most important climate equation | Starmus highlights Katharine Hayhoe: The most important climate equation | Starmus highlights

Most people acknowledge that climate change is real and human-driven, yet many still struggle to see how it directly affects their lives.

To bridge this gap, Dr. Katharine Hayhoe introduces a simple but powerful equation:Science + Worry + Action = HopeAs one of the world’s most effective climate communicators, Dr. Hayhoe maintains that understanding the science (head) isn’t enough – we must also feel its urgency (heart) before we can take meaningful action (hands).

This approach transforms climate awareness into tangible solutions and, indeed, echoes the wisdom of Jane Goodall, who said during her own Starmus talk that “It’s only when our clever brain and our human heart come together that …

4 days, 8 hours назад @ welivesecurity.com
Gaming or gambling? Lifting the lid on in-game loot boxes
Gaming or gambling? Lifting the lid on in-game loot boxes Gaming or gambling? Lifting the lid on in-game loot boxes

Enter loot boxes, skin betting, and other microtransactions that have become a controversial feature of many video games.

Studies estimate that by the end of 2025, loot boxes will generate over US$20 billion in revenue.

Here’s a snapshot of legislative action undertaken by some countries vis-à-vis loot boxes and other in-game extras:What can parents do?

The problem with loot boxes and other controversial in-game purchases isn’t going away anytime soon.

Loot boxes and gambling-like mechanics in video games are not just a passing fad, so be aware of the risks.

1 week, 1 day назад @ welivesecurity.com
What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)
What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10) What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)

Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security.

That is the reality for penetration testers – or, more broadly, ethical hackers – who get paid to think like criminals so that they can identify and help close security loopholes before the actual bad guys can exploit them.

In this episode of the Unlocked 403 cybersecurity podcast, Becks sits down with ESET penetration testers Tomas Lezovic and Pavol Michalec to give you a peek into the high-stakes world of hacking for good, answering questions like:Why are some organizations hesitant to engage third-party pentesters?

How can something as innocuous as a ladder help breac…

1 week, 2 days назад @ welivesecurity.com
How AI-driven identify fraud is causing havoc
How AI-driven identify fraud is causing havoc How AI-driven identify fraud is causing havoc

But AI is also used to help cybercriminals be more productive, especially when it comes to identity fraud – the most common fraud type today.

How does AI-driven identity fraud work?

According to one estimate, AI-driven fraud now accounts for over two-fifths (43%) of all fraud attempts recorded by the financial and payments sector.

According to this report, digital forgeries account for over 57% of all document fraud – a 244% annual increase.

According to this report, digital forgeries account for over 57% of all document fraud – a 244% annual increase.

1 week, 3 days назад @ welivesecurity.com
Neil Lawrence: What makes us unique in the age of AI | Starmus highlights
Neil Lawrence: What makes us unique in the age of AI | Starmus highlights Neil Lawrence: What makes us unique in the age of AI | Starmus highlights

In his talk, Neil Lawrence, the Deep Mind Professor of Machine Learning at the University of Cambridge, tackles the aforementioned fundamental question head-on.

With a career dedicated to understanding the intersection of technology and human potential, Mr. Lawrence explores how intelligent systems can complement, rather than replace, human capabilities.

Indeed, Mr. Lawrence goes on to examine how technological breakthroughs have forced us to reconsider the traits we hold as inherently human.

Each time a machine did something we thought was uniquely human, it cut something away from us.

And if we find what that moment is, does it tell us something about the essence of humanity?

1 week, 4 days назад @ welivesecurity.com
Patch or perish: How organizations can master vulnerability management
Patch or perish: How organizations can master vulnerability management Patch or perish: How organizations can master vulnerability management

Vulnerability exploitation has long been a popular tactic for threat actors.

Observed cases of vulnerability exploitation resulting in data breaches surged three-fold annually in 2023, according to one estimate.

Another trend is of targeting perimeter-based products with vulnerability exploitation.

Making things worseAs if that weren’t enough to concern network defenders, their efforts are complicated further by:The sheer speed of vulnerability exploitation.

In time, they may even be able to use GenAI to help find zero-day vulnerabilities.

2 weeks, 2 days назад @ welivesecurity.com
Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights
Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights Roeland Nusselder: AI will eat all our energy, unless we make it tiny | Starmus highlights

Can our AI systems be far less energy-hungry without sacrificing performance?

In his talk, Roeland Nusselder, a computer scientist and the CEO of Plumerai, explores how the growing scale of AI models, such as those used in machine learning and natural language processing, are becoming ever more resource-intensive.

He goes on to show how the rapid development of AI technologies could potentially overwhelm our current energy infrastructure, unless we make significant innovations to reduce their energy consumption.

To counter this trend, Mr Nusselder introduces the concept of "tiny AI", or AI systems that are optimized to be much smaller, more efficient, and less energy-hungry without sacrific…

2 weeks, 3 days назад @ welivesecurity.com
How scammers are exploiting DeepSeek's rise
How scammers are exploiting DeepSeek's rise How scammers are exploiting DeepSeek's rise

Alongside this, DeepSeek has faced intense scrutiny over its privacy and security practices, bringing to light several risks surrounding (not necessarily only DeepSeek’s) AI models.

Scams and malwareOne example comes from a user on X who posted some details about a website that mimics the official one and urges visitors to download what poses as DeepSeek's AI model.

Much like has been the case with TikTok and other Chinese online services, DeepSeek’s data collection practices also garnered scrutiny almost immediately, including from regulatory authorities in the United States, Ireland, Italy and France.

Make sure to also use multilayered security software across all your devices that can go…

3 weeks назад @ welivesecurity.com
This month in security with Tony Anscombe – January 2025 edition
This month in security with Tony Anscombe – January 2025 edition This month in security with Tony Anscombe – January 2025 edition

DeepSeek’s bursting onto the AI scene, apparent shifts in US cybersecurity policies, and a massive student data breach all signal another eventful year in cybersecurity and data privacyThe first month of 2025 was another whirlwind month in cybersecurity, with cyber-landscape shifts, new data breaches, and other key stories and developments you shouldn't miss.

In this edition of the monthly roundup, ESET Chief Security Evangelist Tony Anscombe looks at:the furor over an AI model from a little-known Chinese company called DeepSeek that, to almost everyone's surprise, rivals the performance of leading U.S.-made AI models like ChatGPT – apparently at a fraction of the cost while using fewer and…

3 weeks, 1 day назад @ welivesecurity.com
Untrustworthy AI: How to deal with data poisoning
Untrustworthy AI: How to deal with data poisoning Untrustworthy AI: How to deal with data poisoning

Types of data poisoningThere are various types of data poisoning attacks, such as:Data injection: Attackers inject malicious data points into the training data to make an AI model alter its behavior.

Attackers inject malicious data points into the training data to make an AI model alter its behavior.

Trigger injection: This attack injects data into the AI model’s training set to create a trigger.

As AI models often use third-party components, vulnerabilities introduced during the supply chain process can ultimately compromise the model’s security and leave it open to exploitation.

While enterprise AI models may not share data with third parties, they still gobble up internal data to improve…

3 weeks, 1 day назад @ welivesecurity.com
Brian Greene: Until the end of time | Starmus highlights
Brian Greene: Until the end of time | Starmus highlights Brian Greene: Until the end of time | Starmus highlights

The renowned physicist explores how time and entropy shape the evolution of the universe, the nature of existence, and the eventual fate of everything, including humanityWhat is our place in the cosmic unfolding?

How did we come to be, and where are we ultimately going in the grand scheme of time?

These are some of the deepest existential questions that the renowned theoretical physicist and best-selling author Brian Greene explored in his Starmus talk.

In doing so, Mr Greene also considers whether these principles offer insights into not just our past, but also our future.

Find out in Mr Greene's talk where he explores the role of time and entropy in shaping everything from the cosmos to h…

3 weeks, 2 days назад @ welivesecurity.com
Going (for) broke: 6 common online betting scams and how to avoid them
Going (for) broke: 6 common online betting scams and how to avoid them Going (for) broke: 6 common online betting scams and how to avoid them

Don’t roll the dice on your online safety – watch out for bogus sports betting apps and other traps commonly set by scammersOnline gambling is big business.

Topping revenue of $84bn in 2023, the business of online casinos, virtual poker and sports betting is on the rise.

But as the industry grows and new users come online, scammers looking for quick wins are also targeting the online betting and gambling space in ever greater numbers.

From nefarious online casinos to malicious apps and phishing messages, the list of potential fraud channels continues to grow.

PhishingA social engineering technique as old as the internet, it’s no surprise that gambling scammers are also using phishing to ach…

3 weeks, 3 days назад @ welivesecurity.com
Naked Security Naked Security
последний пост None
Help Net Security Help Net Security
последний пост 2 часа назад
Security and privacy concerns challenge public sector’s efforts to modernize
Security and privacy concerns challenge public sector’s efforts to modernize Security and privacy concerns challenge public sector’s efforts to modernize

For most public sector organizations, digital transformation is a work in progress, with the complexity of integrating new systems and privacy and security concerns remaining key barriers, according to a report by SolarWinds.

The most pressing security challenges today include vulnerabilities in monitoring systems and the critical need to safeguard sensitive information from cyber threats.

Participants ranked the general hacking community (59%) and careless/untrained insiders (58%) as their top-ranked security threats, emphasizing the need for stronger security awareness training, enhanced tools, and better access control mechanisms.

Status of digital transformation in the public sectorData…

2 часа назад @ helpnetsecurity.com
OpenText unveils AI-powered threat detection and response capabilities
OpenText unveils AI-powered threat detection and response capabilities OpenText unveils AI-powered threat detection and response capabilities

OpenText announced OpenText Core Threat Detection and Response, a new AI-powered cybersecurity solution for threat detection to be generally available with Cloud Editions 25.2.

OpenText Core Threat Detection and Response will be available on Microsoft Azure.

OpenText Core Threat Detection and Response, combined with OpenText’s threat hunting services and integration toolkits, meets this challenge headfirst.

Rapid detection and elimination: Advanced anomaly detection that dynamically adapts to changes in operating environments and ensures contextually relevant threat detection.

OpenText Core Threat Detection and Response is currently available as a limited release to select customers.

8 часов назад @ helpnetsecurity.com
Versa Sovereign SASE enables organizations to create self-protecting networks
Versa Sovereign SASE enables organizations to create self-protecting networks Versa Sovereign SASE enables organizations to create self-protecting networks

Versa releases Versa Sovereign SASE, allowing enterprises, governments, and service providers to deploy customized networking and security services directly from their own infrastructure in a “do-it-yourself” model.

A new paradigm in SASE deploymentVersa Sovereign SASE adds a third option for deploying the VersaONE Universal SASE Platform:As-a-service – Delivered via shared gateways in Versa’s global SASE fabric with over 90 global PoPs (Versa Unified SASE).

(NEW) Sovereign – Delivered via dedicated gateways in customers’ infrastructure under customer management and control – completely air-gapped (Versa Sovereign SASE).

Over the past two years, Versa Sovereign SASE has been deployed by org…

9 часов назад @ helpnetsecurity.com
Symbiotic Security improves software vulnerability detection in the coding process
Symbiotic Security improves software vulnerability detection in the coding process Symbiotic Security improves software vulnerability detection in the coding process

Symbiotic Security announced updates to its application and integrated development environment (IDE) extension, further streamlining security for developers by improving usability, accessibility, and real-time security insights.

The demand for real-time security solutions is growing as organizations seek to shift security left – making it an earlier part of the software development process to improve efficiency and reduce cost.

“Developers need real-time, actionable intelligence so they can write secure code with confidence,” said Edouard Viot, CTO, Symbiotic Security.

With Symbiotic’s software, security is no longer an afterthought; it is where it should have always been – integrated into …

9 часов назад @ helpnetsecurity.com
Mastering the cybersecurity tightrope of protection, detection, and response
Mastering the cybersecurity tightrope of protection, detection, and response Mastering the cybersecurity tightrope of protection, detection, and response

Small organizations are over-reliant on prevention and don’t have enough focus on early detection and planned response.

How open and honest are their public communications to customers when they have unexpected outages or security incidents?

All of these indicators are a reflection of a supplier’s attitude toward data security and transparency in their operations.

With the increasing volume of real-time threat intelligence data, how can CTOs prioritize actionable insights without overwhelming security teams with alert fatigue?

Given the pace of cyber threat evolution, should organizations focus more on cyber resilience than just cyber defense?

12 часов назад @ helpnetsecurity.com
How to secure Notes on iOS and macOS
How to secure Notes on iOS and macOS How to secure Notes on iOS and macOS

How to lock Notes on macOSSet up a passwordOpen the Notes app on your Mac.

You can either use your Mac login password or create a custom password for locked notes.

You can either use your Mac login password or create a custom password for locked notes.

To hide the content of a locked note, you can close your locked notes.

How to lock Notes on iOSBeginning in iOS 16, there are two ways to lock your notes.

12 часов назад @ helpnetsecurity.com
New infosec products of the week: February 21, 2025
New infosec products of the week: February 21, 2025 New infosec products of the week: February 21, 2025

Veeam brings recovery orchestrator to Microsoft Hyper-V customersVeeam Software announced it’s bringing recovery orchestrator to Microsoft Hyper-V customers as part of the Veeam Data Platform.

Veeam Recovery Orchestrator simplifies and automates the disaster recovery planning, testing, and execution process.

Pangea introduces AI guardrails to secure AI applicationsPangea announced AI Guard and Prompt Guard to secure AI, defending against threats like prompt injection and sensitive information disclosure.

Pangea AI Guard prevents sensitive data leakage and blocks malicious and unwanted content like profanity, self harm, and violence.

Pangea Prompt Guard analyzes user and system prompts to bl…

14 часов назад @ helpnetsecurity.com
Cybersecurity jobs available right now in the USA: February 20, 2025
Cybersecurity jobs available right now in the USA: February 20, 2025 Cybersecurity jobs available right now in the USA: February 20, 2025

Cybersecurity AnalystMesser | On-site – View job detailsAs a Cybersecurity Analyst, you will utilize existing technology platforms to monitor security threats and incidents.

Cybersecurity EngineerModern Technology Solutions | On-site – View job detailsAs a Cybersecurity Engineer, you will design and implement systems to meet cybersecurity policy and regulations.

Incident Response AnalystTrend Micro | On-site – View job detailsAs an Incident Response Analyst, you will oversee all incident response, from detection to incident resolution.

Industrial Automation and Cybersecurity EngineerDanone | On-site – View job detailsAs an Industrial Automation and Cybersecurity Engineer, you will ensure co…

1 day, 2 hours назад @ helpnetsecurity.com
Runa Assure provides end-to-end fraud protection
Runa Assure provides end-to-end fraud protection Runa Assure provides end-to-end fraud protection

Runa launched Runa Assure, a security suite specifically built to fortify payout processes against threats of fraud, cyberattacks, and compliance risks.

“Unlike other fraud and security models that focus on payment acceptance, we’ve designed a fraud and security engine specifically to protect payouts.

Runa Assure is engineered to help businesses stay ahead of sophisticated fraudsters by deploying preventative and proactive security controls.

Runa Assure provides end-to-end fraud protection, securing payouts from the moment funds are loaded (across 50+ currencies) to the final recipient transaction.

By automating fraud prevention, Runa Assure lifts the burden off finance and operations teams…

1 day, 3 hours назад @ helpnetsecurity.com
PRevent: Open-source tool to detect malicious code in pull requests
PRevent: Open-source tool to detect malicious code in pull requests PRevent: Open-source tool to detect malicious code in pull requests

Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static code analysis tools.

PRevent in action (Source: Apiiro)The tools work by detecting two anti-patterns the researchers pinpointed after analyzing thousands of malicious code instances in repositories and packages: obfuscated / unreadable source code, and dynamic execution (i.e., code execution at runtime instead of at build or compile time).

“Some malicious patterns are common in legitimate code and would cause false-positives (…

1 day, 3 hours назад @ helpnetsecurity.com
Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand
Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand

The Darcula platform makes phishing easyBy automating some of the required steps, Darcula makes it easy for technically inexperienced criminals to launch phishing campaigns.

The current version of the platform offers pre-built phishing kits for targeting users of over 200 brands worldwide.

The phishing platform creates a “.cat-page” bundle containing all those pages, which can be uploaded to the darcula admin panel and can then be used to launch phishing campaigns.

Example of a virtually-generated card from stolen card details (Source: Netcraft)“These cards are often loaded to burner phones and then sold by darcula criminals.

Reporter Brian Krebs has recently illustrated how the adding of s…

1 day, 6 hours назад @ helpnetsecurity.com
Hackers pose as employers to steal crypto, login credentials
Hackers pose as employers to steal crypto, login credentials Hackers pose as employers to steal crypto, login credentials

Disguising themselves as software development recruiters, these threat actors lure victims with fake job offers and deliver software projects embedded with infostealing malware.

The campaign primarily targets freelance software developers through spearphishing on job-hunting and freelancing platforms, to steal cryptocurrency wallets and login credentials from browsers and password managers.

To infiltrate their targets, they use fake recruiter profiles on social media, masquerading as legitimate employers.

In order to pose as recruiters, the attackers copy profiles of existing people or even construct new personas.

Victims receive the project files either directly via file transfer on the si…

1 day, 8 hours назад @ helpnetsecurity.com
Privacera enables enterprises to identify, assess, and remediate AI-related risks
Privacera enables enterprises to identify, assess, and remediate AI-related risks Privacera enables enterprises to identify, assess, and remediate AI-related risks

Privacera announced significant updates to its AI Governance (PAIG) platform, reinforcing its commitment to AI risk management and compliance.

PAIG is a diagnostic and remediation tool that allows organizations to proactively identify AI risks and implement targeted protections to mitigate them.

By integrating PAIG with this framework, Privacera enables enterprises to proactively identify, assess, and remediate AI-related risks at every stage of AI deployment.

enables periodic testing and evaluation of deployed AI applications to identify potential issues such as data leakage, bias, or IP violations.

This alignment enables businesses to proactively identify, evaluate, and mitigate risks ass…

1 day, 8 hours назад @ helpnetsecurity.com
Norton’s AI-powered features defend against scams and social engineering threats
Norton’s AI-powered features defend against scams and social engineering threats Norton’s AI-powered features defend against scams and social engineering threats

Key features include:Safe SMS: Uses Norton Genie AI to detect sophisticated scams in text messages by analyzing the meaning of words used by scammers.

Uses Norton Genie AI to detect sophisticated scams in text messages by analyzing the meaning of words used by scammers.

Genie AI-powered scam assistant : Integrates the Norton Genie AI app to provide instant guidance on scams and suspicious offers with a single tap.

: Integrates the Norton Genie AI app to provide instant guidance on scams and suspicious offers with a single tap.

The new Genie Scam Protection and Scam Protection Pro features are available in the US today on supporting platforms.

1 day, 9 hours назад @ helpnetsecurity.com
1Password helps MSPs boost security and streamline their operations
1Password helps MSPs boost security and streamline their operations 1Password helps MSPs boost security and streamline their operations

1Password introduced 1Password Enterprise Password Manager – MSP Edition, a dedicated solution that transforms how MSPs safeguard client data and helps them confront complex threat environments.

With features tailored to MSPs’ unique needs, this comprehensive solution strengthens client security posture and boosts productivity, all while enabling MSPs to scale their operations efficiently and maximize profitability.

Small and medium-sized businesses, in particular, often lack the resources to manage routine security operations like credential management, leaving them vulnerable to today’s threats.

A centralized MSP console provides multi-tenant management, enabling MSPs to effortlessly conf…

1 day, 9 hours назад @ helpnetsecurity.com
IT Security Guru IT Security Guru
последний пост 6 months назад
How Immigration Can Solve America’s Cybersecurity Shortage
How Immigration Can Solve America’s Cybersecurity Shortage How Immigration Can Solve America’s Cybersecurity Shortage

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

6 months назад @ itsecurityguru.org
Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days
Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

6 months назад @ itsecurityguru.org
The 8 Most Common Website Design Mistakes According to Pros
The 8 Most Common Website Design Mistakes According to Pros The 8 Most Common Website Design Mistakes According to Pros

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

6 months назад @ itsecurityguru.org
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack Dodging the Cyber Bullet: Early Signs of a Ransomware Attack

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

6 months назад @ itsecurityguru.org
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves Cyber insurance claims fall as businesses refuse ransom payments and recover themselves

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

6 months назад @ itsecurityguru.org
AI-powered cyber threats are too overpowering for over 50% of security teams
AI-powered cyber threats are too overpowering for over 50% of security teams AI-powered cyber threats are too overpowering for over 50% of security teams

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

6 months, 1 week назад @ itsecurityguru.org
New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands
New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

6 months, 1 week назад @ itsecurityguru.org
New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity
New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

6 months, 1 week назад @ itsecurityguru.org
Kicking cyber security down the road can come back to bite you
Kicking cyber security down the road can come back to bite you Kicking cyber security down the road can come back to bite you

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

6 months, 1 week назад @ itsecurityguru.org
What skills can cyber security experts develop to adapt to AI and quantum computing?
What skills can cyber security experts develop to adapt to AI and quantum computing? What skills can cyber security experts develop to adapt to AI and quantum computing?

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

6 months, 1 week назад @ itsecurityguru.org
HealthEquity Data Breach Compromises Customer Information
HealthEquity Data Breach Compromises Customer Information

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

6 months, 3 weeks назад @ itsecurityguru.org
Accenture and SandboxAQ Expand Cybersecurity Partnership
Accenture and SandboxAQ Expand Cybersecurity Partnership

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

6 months, 3 weeks назад @ itsecurityguru.org
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

6 months, 3 weeks назад @ itsecurityguru.org
Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester
Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

6 months, 3 weeks назад @ itsecurityguru.org
Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands
Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

6 months, 3 weeks назад @ itsecurityguru.org
SecurityTrails
последний пост None
Блоги 👨‍💻
Бизнес без опасности Бизнес без опасности
последний пост None
Жизнь 80 на 20 Жизнь 80 на 20
последний пост None
ZLONOV ZLONOV
последний пост None
Блог Артема Агеева Блог Артема Агеева
последний пост None
Киберпиздец Киберпиздец
последний пост None
Schneier on Security Schneier on Security
последний пост 2 часа назад
Implementing Cryptography in AI Systems
Implementing Cryptography in AI Systems Implementing Cryptography in AI Systems

In this paper we lay the foundations of this new theory, defining the meaning of correctness and security for implementations of cryptographic primitives as ReLU-based DNNs.

We then show that the natural implementations of block ciphers as DNNs can be broken in linear time by using such nonstandard inputs.

We tested our attack in the case of full round AES-128, and had success rate in finding randomly chosen keys.

Finally, we develop a new method for implementing any desired cryptographic functionality as a standard ReLU-based DNN in a provably secure and correct way.

Our protective technique has very low overhead (a constant number of additional layers and a linear number of additional neu…

2 часа назад @ schneier.com
An LLM Trained to Create Backdoors in Code
An LLM Trained to Create Backdoors in Code An LLM Trained to Create Backdoors in Code

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 day, 6 hours назад @ schneier.com
Device Code Phishing
Device Code Phishing Device Code Phishing

This isn’t new, but it’s increasingly popular:The technique is known as device code phishing.

It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard.

Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts.

Rather than authenticating the user directly, the input-constrained device displays an alphabetic or alphanumeric device code along with a link associated with the user account.

The remote server then sends a token to the input-constrained device that logs it into the account.

2 days, 3 hours назад @ schneier.com
Story About Medical Device Security
Story About Medical Device Security Story About Medical Device Security

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

3 days, 6 hours назад @ schneier.com
Atlas of Surveillance
Atlas of Surveillance Atlas of Surveillance

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

4 days, 1 hour назад @ schneier.com
Friday Squid Blogging: Squid the Care Dog
Friday Squid Blogging: Squid the Care Dog Friday Squid Blogging: Squid the Care Dog

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week назад @ schneier.com
Upcoming Speaking Engagements
Upcoming Speaking Engagements Upcoming Speaking Engagements

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking at Boskone 62 in Boston, Massachusetts, USA, which runs from February 14-16, 2025.

My talk is at 4:00 PM ET on the 15th.

I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025.

The list is maintained on this page.

Posted on February 14, 2025 at 12:01 PM • 0 Comments

1 week назад @ schneier.com
AI and Civil Service Purges
AI and Civil Service Purges AI and Civil Service Purges

The idea of replacing dedicated and principled civil servants with AI agents, however, is new—and complicated.

New presidents can issue sweeping executive orders, but they often have no real effect until they actually change the behavior of public servants.

Written law is never fully determinative of the actions of government—there is always wiggle room for presidents, appointed leaders, and civil servants to exercise their own judgment.

AI development could happen inside of transparent and accountable public institutions, alongside its continued development by Big Tech.

Singapore has been a leader in the development of public AI models, built transparently and with public-service use cases…

1 week назад @ schneier.com
DOGE as a National Cyberattack
DOGE as a National Cyberattack DOGE as a National Cyberattack

And the implications for national security are profound.

The Chinese government’s 2015 breach of OPM was a significant US security failure, and it illustrated how personnel data could be used to identify intelligence officers and compromise national security.

The implications for national security are staggering.

This is beyond politics—this is a matter of national security.

While the full impact may take time to assess, these steps represent the minimum necessary actions to begin restoring system integrity and security protocols.

1 week, 1 day назад @ schneier.com
Delivering Malware Through Abandoned Amazon S3 Buckets
Delivering Malware Through Abandoned Amazon S3 Buckets Delivering Malware Through Abandoned Amazon S3 Buckets

Delivering Malware Through Abandoned Amazon S3 BucketsHere’s a supply-chain attack just waiting to happen.

A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400.

Presumably the projects don’t realize that they have been abandoned, and still ping them for patches, updates, and etc.

Moreover, often—but not always—losing the bucket that they’d use for it also removes the original vendor’s ability to identify the vulnerable software in the first place.

Software supply-chain security is an absolute mess.

1 week, 2 days назад @ schneier.com
Trusted Encryption Environments
Trusted Encryption Environments Trusted Encryption Environments

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 3 days назад @ schneier.com
Pairwise Authentication of Humans
Pairwise Authentication of Humans Pairwise Authentication of Humans

Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations.

To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons.

This is how it works:

1 week, 4 days назад @ schneier.com
UK is Ordering Apple to Break its Own Encryption
UK is Ordering Apple to Break its Own Encryption UK is Ordering Apple to Break its Own Encryption

This is a big deal, and something we in the security community have worried was coming for a while now.

The law, known by critics as the Snoopers’ Charter, makes it a criminal offense to reveal that the government has even made such a demand.

But the law does not permit Apple to delay complying during an appeal.

Of course, UK users will be able to spoof their location.

According to the law, Apple would not be able to offer the feature to anyone who is in the UK at any point: for example, a visitor from the US.

1 week, 6 days назад @ schneier.com
Friday Squid Blogging: The Colossal Squid
Friday Squid Blogging: The Colossal Squid Friday Squid Blogging: The Colossal Squid

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 6 days назад @ schneier.com
Screenshot-Reading Malware
Screenshot-Reading Malware Screenshot-Reading Malware

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks назад @ schneier.com
Krebs On Security
последний пост 2 days, 23 hours назад
How Phished Data Turns into Apple & Google Wallets
How Phished Data Turns into Apple & Google Wallets How Phished Data Turns into Apple & Google Wallets

Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers.

After all, most one-time codes used for mobile wallet provisioning are generally only good for a few minutes before they expire.

Experts say the continued reliance on one-time codes for onboarding mobile wallets has fostered this new wave of carding.

Both companies could easily tell which of their devices suddenly have 7-10 different mobile wallets added from 7-10 different people around the world.

They could also recommend that financial institutions use more secure authentication methods for mobile wallet provisioning.

2 days, 23 hours назад @ krebsonsecurity.com
Nearly a Year Later, Mozilla is Still Promoting OneRep
Nearly a Year Later, Mozilla is Still Promoting OneRep Nearly a Year Later, Mozilla is Still Promoting OneRep

In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies.

Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership with the company.

But nearly a year later, Mozilla is still promoting it to Firefox users.

Mozilla offers Onerep to Firefox users on a subscription basis as part of Mozilla Monitor Plus.

Several readers have shared emails they received from Radaris after attempting to remove their personal data, and those messages show Radaris has been promoting Onerep.

1 week назад @ krebsonsecurity.com
Microsoft Patch Tuesday, February 2025 Edition
Microsoft Patch Tuesday, February 2025 Edition Microsoft Patch Tuesday, February 2025 Edition

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited.

This patch should be a priority for enterprises, as Microsoft says it is being exploited, has low attack complexity, and no requirements for user interaction.

One vulnerability patched today that was publicly disclosed earlier is CVE-2025-21377, another weakness that could allow an attacker to elevate their privileges on a vulnerable Windows system.

“Accordingly, Microsoft assesses exploitation as more likely.”The SANS Internet Storm Center has a handy list of all the Microsoft patches released tod…

1 week, 2 days назад @ krebsonsecurity.com
Teen on Musk’s DOGE Team Graduated from ‘The Com’
Teen on Musk’s DOGE Team Graduated from ‘The Com’ Teen on Musk’s DOGE Team Graduated from ‘The Com’

“I don’t think there’s a lot of money to be made in the com,” Rivage lamented.

2025-02-05 16:29:44 UTC vperked#0 they got this nigga on indiatimes man2025-02-05 16:29:46 UTC alexaloo#0 Their cropping is worse than AI could have done2025-02-05 16:29:48 UTC hebeatsme#0 bro who is that2025-02-05 16:29:53 UTC hebeatsme#0 yalla re talking about2025-02-05 16:29:56 UTC xewdy#0 edward2025-02-05 16:29:56 UTC .yarrb#0 rivagew2025-02-05 16:29:57 UTC vperked#0 Rivarge2025-02-05 16:29:57 UTC xewdy#0 diamondcdm2025-02-05 16:29:59 UTC vperked#0 i cant spell it2025-02-05 16:30:00 UTC hebeatsme#0 rivage2025-02-05 16:30:08 UTC .yarrb#0 yes2025-02-05 16:30:14 UTC hebeatsme#0 i have him added2025-02-05 16:30:2…

1 week, 6 days назад @ krebsonsecurity.com
Experts Flag Security, Privacy Risks in DeepSeek AI App
Experts Flag Security, Privacy Risks in DeepSeek AI App Experts Flag Security, Privacy Risks in DeepSeek AI App

DeepSeek’s rapid rise caught the attention of the mobile security firm NowSecure, a Chicago-based company that helps clients screen mobile apps for security and privacy threats.

In a teardown of the DeepSeek app published today, NowSecure urged organizations to remove the DeepSeek iOS mobile app from their environments, citing security concerns.

Hoog told KrebsOnSecurity there were a number of qualities about the DeepSeek iOS app that suggest the presence of deep-seated security and privacy risks.

Perhaps more concerning, NowSecure said the iOS app transmits device information “in the clear,” without any encryption to encapsulate the data.

“The DeepSeek iOS app globally disables App Transpo…

2 weeks назад @ krebsonsecurity.com
Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?
Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’? Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

The email address used for those accounts was [email protected].

Intel471 finds the user FlorainN registered across multiple cybercrime forums using the email address [email protected].

Perhaps fittingly, both Cracked and Nulled have been hacked over the years, exposing countless private messages between forum users.

Constella found that a user named Shoppy registered on Cracked in 2019 using the email address finn@shoppy[.]gg.

Constella says that email address is tied to a Twitter/X account for Shoppy Ecommerce in Israel.

2 weeks, 3 days назад @ krebsonsecurity.com
FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang
FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published here since 2015.

The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.

On January 29, the FBI and the Dutch national police seized the technical infrastructure for a cybercrime service marketed under the brands Heartsender, Fudpage and Fudtools (and many other “fud” variations).

“These tools were also used to acquire victim user credentials and utilize those credentials to further these fraudulent schemes.

“The Cybercrime Team is on the trail of a number of buyers of the tools,” the…

2 weeks, 6 days назад @ krebsonsecurity.com
Infrastructure Laundering: Blending in with the Cloud
Infrastructure Laundering: Blending in with the Cloud Infrastructure Laundering: Blending in with the Cloud

It is likely the gambling sites coming through Funnull are abusing top casino brands as part of their money laundering schemes.

Silent Push researchers say Funnull may be helping online gamblers in China evade the Communist party’s “Great Firewall,” which blocks access to gambling destinations.

Edwards said Funnull is a textbook example of an increasing trend Silent Push calls “infrastructure laundering,” wherein crooks selling cybercrime services will relay some or all of their malicious traffic through U.S. cloud providers.

Amazon said that contrary to implications in the Silent Push report, it has every reason to aggressively police its network against infrastructure laundering, noting t…

3 weeks, 1 day назад @ krebsonsecurity.com
A Tumultuous Week for Federal Cybersecurity Efforts
A Tumultuous Week for Federal Cybersecurity Efforts A Tumultuous Week for Federal Cybersecurity Efforts

President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybersecurity posture.

One of the CSRB’s most recognizable names is Chris Krebs (no relation), the former director of the Cybersecurity and Infrastructure Security Agency (CISA).

Krebs was fired by President Trump in November 2020 for declaring the presidential contest was the most secure in American history, and for refuting Trump’s false claims of election fraud.

President Trump and First Lady Melania Trump each launched their own vanity memecoins this month, dubbed $TRUMP and $MELANIA.

WEAPONIZATION & DISINFORMATIONPrior to the election, Presiden…

3 weeks, 3 days назад @ krebsonsecurity.com
MasterCard DNS Error Went Unnoticed for Years
MasterCard DNS Error Went Unnoticed for Years MasterCard DNS Error Went Unnoticed for Years

After enabling a DNS server on akam.ne, he noticed hundreds of thousands of DNS requests hitting his server each day from locations around the globe.

Had he enabled an email server on his new domain akam.ne, Caturegli likely would have received wayward emails directed toward mastercard.com or other affected domains.

The message suggested his public disclosure of the MasterCard DNS error via a post on LinkedIn (after he’d secured the akam.ne domain) was not aligned with ethical security practices, and passed on a request from MasterCard to have the post removed.

“But we’ll let you judge— here are some of the DNS lookups we recorded before reporting the issue.”As the screenshot above shows, t…

1 month назад @ krebsonsecurity.com
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
Chinese Innovations Spawn Wave of Toll Phishing Via SMS Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Reports of similar SMS phishing attacks against customers of other U.S. state-run toll facilities surfaced around the same time as the MassDOT alert.

People in Florida reported receiving SMS phishing that spoofed Sunpass, Florida’s prepaid toll program.

In each case, the emergence of these SMS phishing attacks coincided with the release of new phishing kit capabilities that closely mimic these toll operator websites as they appear on mobile devices.

Merrill said the volume of SMS phishing attacks spoofing toll road operators skyrocketed after the New Year, when at least one Chinese cybercriminal group known for selling sophisticated SMS phishing kits began offering new phishing pages design…

1 month назад @ krebsonsecurity.com
Microsoft: Happy 2025. Here’s 161 Security Updates
Microsoft: Happy 2025. Here’s 161 Security Updates Microsoft: Happy 2025. Here’s 161 Security Updates

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack.

Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.

Today also saw the publication of nine critical remote code execution (RCE) vulnerabilities.

The Microsoft flaws already seeing active attacks include CVE-2025-21333, CVE-2025-21334 and, you guessed it– CVE-2025-21335.

And if you run into any problems installing this month’s patch batch, drop a line in the comments below, please.

1 month, 1 week назад @ krebsonsecurity.com
A Day in the Life of a Prolific Voice Phishing Crew
A Day in the Life of a Prolific Voice Phishing Crew A Day in the Life of a Prolific Voice Phishing Crew

KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in an elaborate voice phishing attack.

Lookout researchers discovered multiple voice phishing groups were using a new phishing kit that closely mimicked the single sign-on pages for Okta and other authentication providers.

-The Operator: The individual managing the phishing panel, silently moving the victim from page to page.

-The Owner: The phishing panel owner, who will frequently listen in on and participate in scam calls.

Nixon said the constant snaking within the voice phishing circles points to a psychological self-selection phenomenon that is in desperate need of ac…

1 month, 2 weeks назад @ krebsonsecurity.com
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
U.S. Army Soldier Arrested in AT&T, Verizon Extortions U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon.

Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon.

Think again.”On that same day, Kiberphant0m posted what they claimed was the “data schema” from the U.S. National Security Agency.

The profile photo on Wagenius’ Facebook page was deleted within hours of my Nov. 26 story identifying Kiberphant0m as a likely U.S. Army soldier.

Nixon asked to sha…

1 month, 3 weeks назад @ krebsonsecurity.com
Happy 15th Anniversary, KrebsOnSecurity!
Happy 15th Anniversary, KrebsOnSecurity! Happy 15th Anniversary, KrebsOnSecurity!

Instead, they purchase the item using stolen payment card data and your shipping address.

March featured several investigations into the history of various people-search data broker services.

Radaris repeatedly threatened to sue KrebsOnSecurity unless that publication was retracted in full, alleging that it was replete with errors both factual and malicious.

Fittingly, Radaris now pimps OneRep as a service when consumers request that their personal information be removed from the data broker’s website.

There is zero third-party content on this website, apart from the occasional Youtube video embedded as part of a story.

1 month, 3 weeks назад @ krebsonsecurity.com
Graham Cluley Graham Cluley
последний пост 1 day, 18 hours назад
Smashing Security podcast #405: A crypto con exchange, and soaring ticket scams
Smashing Security podcast #405: A crypto con exchange, and soaring ticket scams Smashing Security podcast #405: A crypto con exchange, and soaring ticket scams

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Scanner.dev provides a new technology offering fast search and threat detections for security data in S3 helping teams reduce the total cost of ownership of their SIEM by up to 90%.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive cont…

1 day, 18 hours назад @ grahamcluley.com
The AI Fix #38: AI proves time travel is impossible (but still can’t draw fingers)
The AI Fix #38: AI proves time travel is impossible (but still can’t draw fingers) The AI Fix #38: AI proves time travel is impossible (but still can’t draw fingers)

Graham’s plan to make his fortune is scuppered by an AI with opinions on time travel, and Mark investigates an intriguing question about a six-fingered glove.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our …

3 days, 3 hours назад @ grahamcluley.com
Got a Microsoft Teams invite? Storm-2372 gang exploit device codes in global phishing attacks
Got a Microsoft Teams invite? Storm-2372 gang exploit device codes in global phishing attacks

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

3 days, 5 hours назад @ tripwire.com
US charges two Russian men in connection with Phobos ransomware operation
US charges two Russian men in connection with Phobos ransomware operation US charges two Russian men in connection with Phobos ransomware operation

The US Department of Justice (DOJ) has unsealed criminal charges against two Russian nationals, alleged to have operated a cybercrime gang that used ransomware to target over 1000 American organisations.

Roman Berezhnoy and Egor Nikolaevich Glebov, 33 and 39 years old respectively, are alleged to have extorted over US $16 million in ransom payments using the Phobos ransomware.

In the DOJ's indictment against Berezhnoy and Glebov, it details how victims of the Phobos ransomware often received a ransom demand of under US $100,000 - less than the demands made by other notorious ransomware groups.

If convicted of the charges filed against them, Berezhnoy and Glebov face a potential sentence of …

1 week назад @ bitdefender.com
US Coast Guard told to improve its cybersecurity, after warning raised that hacked ports could cost $2 billion per day
US Coast Guard told to improve its cybersecurity, after warning raised that hacked ports could cost $2 billion per day

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

1 week, 1 day назад @ tripwire.com
US woman faces years in federal prison for running laptop farm for N Korean IT workers
US woman faces years in federal prison for running laptop farm for N Korean IT workers US woman faces years in federal prison for running laptop farm for N Korean IT workers

A 48-year-old woman from Arizona has pleaded guilty to charges related to a criminal scheme which saw North Korean IT workers employed remotely by hundreds of US companies.

The workers had access to company networks, posing a significant cybersecurity threat, while raising funds for North Korea.

To assist with the scheme, chapman ran a laptop farm at her home - which allowed overseas IT workers to remotely access company networks, while appearing to be based in the United States.

In 2023, the FBI and South Korea offered sensible advice about the so-called "red flags" that could indicate your potential new employee could actually be working for North Korea.

Last month, two other Americans we…

1 week, 1 day назад @ bitdefender.com
Smashing Security podcast #404: Podcast not found
Smashing Security podcast #404: Podcast not found Smashing Security podcast #404: Podcast not found

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Jane Wakefield.

Tripwire Enterprise – Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusiv…

1 week, 1 day назад @ grahamcluley.com
The AI Fix #37: DeepSeek is a security dumpster fire, and quicksand for AI
The AI Fix #37: DeepSeek is a security dumpster fire, and quicksand for AI The AI Fix #37: DeepSeek is a security dumpster fire, and quicksand for AI

In episode 37 of “The AI Fix”, Google Gemini gets the munchies, the wettest country in the world can’t find any water, an escalator tries to eat Graham, o3-mini can’t rub two sticks together, and OpenAI invents an AI that can do “a single-digit percentage of all economically valuable tasks in the world” but nobody notices.

Graham wonders why his childhood was full of Triffids and quicksand, and discovers a way to trap overstepping AI crawlers in an endless maze, while Mark investigates the appalling state of DeepSeek security.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamc…

1 week, 3 days назад @ grahamcluley.com
Toll booth bandits continue to scam via SMS messages
Toll booth bandits continue to scam via SMS messages Toll booth bandits continue to scam via SMS messages

North American drivers are continuing to be barraged by waves of scam text messages, telling them that they owe money on unpaid tolls.

The scam text messages seen in the campaigns claim that the recipient has an "outstanding toll amount" that remains unpaid, and links to a page which poses as an overdue payment portal.

The reason for this is that Apple iMessage automatically disables links received from unknown senders as a built-in protection against phishing.

Members of the public would be wise to report and delete unwanted text messages or forward them to 7726 (SPAM).

The FTC has published information about how to recognise and respond to scam text messages here.

1 week, 3 days назад @ bitdefender.com
Secret Taliban records published online after hackers breach computer systems
Secret Taliban records published online after hackers breach computer systems Secret Taliban records published online after hackers breach computer systems

The Taliban government of Afghanistan is reeling after unidentified hackers successfully carried out a massive cyber attack against its computer systems and published over 50GB of stolen documents and files online.

The leaked records included claims that the Taliban has imprisoned over 1400 women, and 16,000 men.

Approximately 80 foreign nationals (including six women) are also said to be being held in Taliban prisons.

According to the report, Taliban officials have examined foreign organisations working in Bamiyan Province, alleging that they are promoting Western cultural values.

Taliban spokespeople went on to claim that the leak was an attempt to manipulate public opinion via the media.

2 weeks назад @ bitdefender.com
Data breaches at UK law firms are on the rise, research reveals
Data breaches at UK law firms are on the rise, research reveals

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

2 weeks назад @ tripwire.com
Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs
Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs

The government of Thailand has cut the power supply to areas near its border with Myanmar that are known to host brutal scam compounds.

These heavily-guarded fraud factories house armies of people, coerced into defrauding innocent people through bogus investment and romance baiting scams.

In the past, media reports have published distressing details of the treatment of fraud factory workers on the Myanmar-Thai border and in Cambodia.

According to Anutin, a clause in the energy supply contract allows Thailand to cut off the supply on the grounds of national security.

In reality, according to Wang Xing, he was put to work in a call scam compound targeting Chinese people.

2 weeks, 1 day назад @ bitdefender.com
Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom
Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom

In episode 403 of “Smashing Security” we dive into the mystery of $65 million vanishing from Coinbase users faster than J-Lo slipped into Graham’s DMs, Geoff gives a poor grade for PowerSchool’s security, and Carole takes a curious look at QR codes.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist’s Geoff White.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddi…

2 weeks, 1 day назад @ grahamcluley.com
Man sentenced to 7 years in prison for role in $50m internet scam
Man sentenced to 7 years in prison for role in $50m internet scam

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

2 weeks, 2 days назад @ tripwire.com
The AI Fix #36: A DeepSeek special
The AI Fix #36: A DeepSeek special The AI Fix #36: A DeepSeek special

In episode 36 of The AI Fix, Graham and Mark take a long look at DeepSeek, an upstart AI out of China that was trained on a shoestring, shook up Wall Street, kneecapped Nvidia, and challenged America’s AI hegemony.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podc…

2 weeks, 2 days назад @ grahamcluley.com
Компании 🏢
Блог Касперского Блог Касперского
последний пост 7 часов назад
Что делать, если взломали Ватсап: пошаговая инструкция | Блог Касперского
Что делать, если взломали Ватсап: пошаговая инструкция | Блог Касперского Что делать, если взломали Ватсап: пошаговая инструкция | Блог Касперского

Друзья жалуются, что от вас приходят странные сообщения.

Вы заходите в чат и видите в нем удаленные сообщения, в том числе от вас, — а вы ничего не отправляли и не удаляли.

Вам неожиданно пришел код подтверждения для входа в WhatsApp, который вы не запрашивали.

После этого можно вернуться в WhatsApp и задать там новый PIN;.

Проделав действия выше и восстановив контроль над аккаунтом, вы можете узнать, что не имеете права посылать сообщения.

7 часов назад @ kaspersky.ru
Инструменты контейнерной безопасности и их польза для бизнеса
Инструменты контейнерной безопасности и их польза для бизнеса Инструменты контейнерной безопасности и их польза для бизнеса

Благодаря этому можно увидеть, какой вклад вносят различные инструменты ИБ в повышение эффективности ИТ-разработки и к каким показателям стоит стремиться в своей организации.

Мы решили проанализировать основные принципы и инструменты и объяснить, как они реализованы в обновленной версии Kaspersky Cloud Workload Security.

Автоматическое применение и отслеживание политик ИБКлючевым вызовом для ИТ и ИБ является сохранение видимости и контроля над всеми ИТ-активами, и эта задача усложнилась с переходом на гибридные облачные инфраструктуры.

Мониторинг оборачивается значительными расходами: дополнительной вычислительной нагрузкой на облачные сервисы, помноженной на число серверов и кластеров, а т…

23 часа назад @ kaspersky.ru
Майнер XMRig атакует корпоративных пользователей | Блог Касперского
Майнер XMRig атакует корпоративных пользователей | Блог Касперского Майнер XMRig атакует корпоративных пользователей | Блог Касперского

Причем в большинстве случаев запуск зловреда детектировался домашними решениями, но в некоторых — корпоративными.

Разумеется, игры на торрентах были представлены в виде репаков — то есть модифицированных версий программ, в которые авторы раздачи уже встроили средства обхода проверки подлинности копии игры (иными словами, игры были взломаны).

Однако нет никаких гарантий, что в следующий раз в репаке игры не окажется стилер или шифровальщик.

Пока сотрудники будут продолжать устанавливать пиратские игры на рабочие компьютеры, зловреды, ориентированные на геймеров, будут продолжать атаковать на рабочих машинах.

А в идеале стоит вообще запретить запуск ПО, не имеющего отношения к рабочему процес…

2 days, 7 hours назад @ kaspersky.ru
Утечка Gravy Analytics — как защитить свои данные геолокации | Блог Касперского
Утечка Gravy Analytics — как защитить свои данные геолокации | Блог Касперского Утечка Gravy Analytics — как защитить свои данные геолокации | Блог Касперского

В этом материале разберем, как работают брокеры данных и к чему может привести утечка собранной ими информации.

Утечка данных геолокации пользователей, собранных Gravy AnalyticsВ январе 2025 года появилась информация о том, что Gravy Analytics допустила утечку данных.

Утечка данных Gravy Analytics демонстрирует серьезные риски, связанные с индустрией дата-брокеров и в особенности брокеров данных геолокации.

Как защитить свои данные геолокацииК сожалению, сбор данных о местоположении пользователей превратился в настолько распространенную практику, что однозначный ответ на вопрос «как защитить свои данные?» дать сложно.

И в целом постарайтесь минимизировать количество установленных на смартфо…

3 days, 6 hours назад @ kaspersky.ru
Все способы мошенничества и защиты при покупке мемкоинов | Блог Касперского
Все способы мошенничества и защиты при покупке мемкоинов | Блог Касперского Все способы мошенничества и защиты при покупке мемкоинов | Блог Касперского

Альтернативными они называются просто потому, что не являются самыми крупными и распространенными криптоактивами — Bitcoin и Ethereum.

Сходства и различия мемных криптовалют и NFTИ мемкоины, и NFT используют блокчейн для хранения информации о праве собственности и операциях участников.

При работе на криптобиржах и других криптоплатформах каждый токен для удобства снабжен тикером — коротким буквенным индикатором, как на классической бирже: BTC, USDT, TRUMP и так далее.

Но реальные операции по покупке и продаже токенов ведутся не с тикером, а с длинными трудночитаемыми адресами смарт-контрактов.

Сохраняйте бдительность при поиске сайтов криптовалютной тематики, новостей и соцмедиа-аккаунтов п…

4 days, 7 hours назад @ kaspersky.ru
В Steam обнаружена игра с трояном PirateFi | Блог Касперского
В Steam обнаружена игра с трояном PirateFi | Блог Касперского В Steam обнаружена игра с трояном PirateFi | Блог Касперского

В феврале в магазине обнаружили игру в комплекте с вредоносным ПО.

Симулятор выживания, в котором должен выжить ваш компьютерВ центре внимания оказалась игра PirateFi — пользователям предлагалось как в одиночном режиме, так и в мультиплеере примерить на себя роль пирата-выживальщика.

В итоге все сыгравшие в PirateFi пользователи Steam получили письмо-уведомление о вероятном наличии вредоноса на их компьютере.

Вредоносное ПО регулярно оказывается в приложениях, в том числе и в играх, в Google Play, а с недавних пор умудряется пробраться и в App Store.

Так что в мобильном гейминге ситуация гораздо хуже, чем в компьютерном, — и связано это отнюдь не с модерацией той или иной площадки.

1 week назад @ kaspersky.ru
Как защитить WhatsApp и Telegram от взлома и кражи в 2025 году | Блог Касперского
Как защитить WhatsApp и Telegram от взлома и кражи в 2025 году | Блог Касперского Как защитить WhatsApp и Telegram от взлома и кражи в 2025 году | Блог Касперского

Преступники по всему миру оттачивают схемы по краже учетных записей в WhatsApp, Telegram и других популярных мессенджерах, и их жертвой может стать любой из нас.

Кража WhatsApp, Telegram и QQ через поддельные QR-кодыРаньше мошенники перехватывали или выманивали SMS-коды подтверждения для входа в мессенджер и этого было достаточно для кражи аккаунта.

На сайте вам демонстрируют уже другой, динамически генерируемый QR-код, который сервер злоумышленников запрашивает у WhatsApp или Telegram в рамках процесса «подключить новое устройство».

В принципе, это будет видно в разделе «Подключенные устройства» в параметрах WhatsApp и Telegram, но атака рассчитана на тех, кто не очень-то разбирается в нас…

1 week, 1 day назад @ kaspersky.ru
Как мошенники обманывают людей 14 февраля | Блог Касперского
Как мошенники обманывают людей 14 февраля | Блог Касперского Как мошенники обманывают людей 14 февраля | Блог Касперского

Если вы все еще думаете, что никому не нужны, не интересны и что мошенники могут обмануть лишь недалеких людей — вы ошибаетесь.

Обман — дело тонкое, и на каждого, даже самого продвинутого человека, почти всегда найдется своя схема.

Девушке писала даже якобы мать актера, подтвердившая, что «в тяжелое время ее сыну нужен именно такой человек рядом».

Оказалось, что ревнивый возлюбленный перед тем, как вручить подарок, нашпиговал его всем возможным шпионским ПО — и для отслеживания геопозиции, и для прослушки.

К счастью, обнаружить и нейтрализовать как программную, так и аппаратную слежку несложно с помощью функции Кто за мной следит в Kaspersky для Android.

1 week, 2 days назад @ kaspersky.ru
История атаки вымогателей на UnitedHealth | Блог Касперского
История атаки вымогателей на UnitedHealth | Блог Касперского История атаки вымогателей на UnitedHealth | Блог Касперского

Примерно год назад произошел масштабнейший ransomware-инцидент — атака на гиганта американского медицинского страхования, компанию UnitedHealth Group.

В UnitedHealth Group даже создали специальный сайт, на котором можно следить за восстановительными работами.

Как происходила атака на UnitedHealth GroupЧерез несколько месяцев после инцидента, 1 мая, генерального директора UnitedHealth Group Эндрю Уитти вызвали дать показания в Конгрессе США.

Последствия ransomware-атаки на UnitedHealth GroupТолько по итогам первого квартала 2024 года сумма ущерба UnitedHealth Group от кибератаки составила $872 миллиона.

Только через 8 месяцев после инцидента, 24 октября 2024 года, в UnitedHealth Group наконе…

1 week, 2 days назад @ kaspersky.ru
Уязвимости SLAP и FLOP в процессорах Apple | Блог Касперского
Уязвимости SLAP и FLOP в процессорах Apple | Блог Касперского Уязвимости SLAP и FLOP в процессорах Apple | Блог Касперского

Интересную атаку, точнее, сразу две атаки с использованием двух разных уязвимостей в процессорах Apple, недавно продемонстрировали исследователи из университетов Германии и США.

Чтобы разобраться, насколько опасны данные уязвимости, давайте коротко, и не вдаваясь в дебри сложного научного исследования, повторим основные принципы всех подобных атак.

Система Load Address Predictor внедрена, начиная с модели Apple M2 для настольных компьютеров и ноутбуков и Apple A15 для мобильных устройств.

Авторы показывают, как использовать SLAP и FLOP для того, чтобы обойти множество механизмов защиты информации как в самих процессорах, так и в браузере Safari, и получить доступ к конфиденциальной информац…

2 weeks назад @ kaspersky.ru
SparkCat — первый троян-стилер, пробравшийся в App Store | Блог Касперского
SparkCat — первый троян-стилер, пробравшийся в App Store | Блог Касперского SparkCat — первый троян-стилер, пробравшийся в App Store | Блог Касперского

И если в Google Play вредоносные приложения не единожды обнаруживались и до этого, то в App Store троян-стилер обнаружен впервые.

В зависимости от языка, установленного в ОС смартфона, SparkCat загружает модели, обученные находить и распознавать на фото символы латиницы, а также корейского, китайского и японского языков.

Масштаб и жертвы атакиНам удалось обнаружить 10 вредоносных приложений в Google Play и 11 — в App Store.

На момент публикации все вредоносные приложения из App Store (но не из Google Play) были удалены.

Поэтому критерии благонадежности стоит повысить: загружайте только приложения с высоким рейтингом, с тысячами, а лучше — с миллионами загрузок, опубликованные хотя бы нескол…

2 weeks, 1 day назад @ kaspersky.ru
Защита от спама: как его распознать и как с ним бороться | Блог Касперского
Защита от спама: как его распознать и как с ним бороться | Блог Касперского Защита от спама: как его распознать и как с ним бороться | Блог Касперского

Сейчас на смену «богатым нигерийским четвероюродным дядям по маминой линии» приходят фейковые представители банков, онлайн-магазинов, служб доставок и даже президенты.

Сегодня расскажем про самые популярные виды спама и ответим на вопрос, что делать, если на почту пришел спам.

Письма от инвесторов, меценатов и прочих богачейЭто, пожалуй, самый древний и вместе с тем популярный сценарий спама.

Проблема тоже вариативна: от смертельной болезни до желания пожертвовать все свои деньги на благотворительность — и сделать это нужно обязательно с вашей помощью.

тоже вариативна: от смертельной болезни до желания пожертвовать все свои деньги на благотворительность — и сделать это нужно обязательно с в…

2 weeks, 2 days назад @ kaspersky.ru
Заметные атаки на цепочку поставок в 2024 году | Блог Касперского
Заметные атаки на цепочку поставок в 2024 году | Блог Касперского Заметные атаки на цепочку поставок в 2024 году | Блог Касперского

Атака на цепочку поставок может свести на нет все усилия по обеспечению безопасности инфраструктуры компании.

Сегодня мы поговорим о масштабных инцидентах такого рода, которые привлекли наше внимание в 2024 году.

Январь 2024: вредоносные npm-пакеты на GitHub воровали SSH-ключи у сотен разработчиковПервой значительной атакой на цепочку поставок в 2024 году стал инцидент с вредоносными npm-пакетами, которые в начале января были загружены на GitHub.

Также троянизированная версия jQuery обнаружилась и на других площадках: на GitHub и даже в jsDelivr, CDN-сервисе для доставки JavaScript-кода.

Как защититься от атак на цепочку поставокПодробные рекомендации о том, что следует делать для предотвра…

2 weeks, 2 days назад @ kaspersky.ru
Новый стилер Tria перехватывает SMS на Android | Блог Касперского
Новый стилер Tria перехватывает SMS на Android | Блог Касперского Новый стилер Tria перехватывает SMS на Android | Блог Касперского

Особенностями традиций пользуются и кибернегодяи — они используют приглашения на свадьбу в качестве приманки для дальнейшей атаки на пользователей смартфонов на Android.

Рассказываем, что на этот раз придумали злоумышленники и как от этого защититься.

В ней в 2024 году мы заметили несколько подозрительных и однозначно вредоносных образцов APK-файлов, распространявшихся в Малайзии и Брунее.

Связав две эти истории воедино, мы поняли: злоумышленники отправляют пользователям Android в Брунее и Малайзии приглашения на свадьбы в виде… APK-файла, который необходимо самостоятельно установить на свой смартфон.

Вредоносу нужно 10 разрешений: доступ к сетевой активности, на отправку и чтение SMS и ряд…

2 weeks, 4 days назад @ kaspersky.ru
Атаки шифровальщиков в 2024 году | Блог Касперского
Атаки шифровальщиков в 2024 году | Блог Касперского Атаки шифровальщиков в 2024 году | Блог Касперского

В последние годы в блоге Kaspersky Daily мы стали уделять ransomware заметно меньше внимания, чем в былые времена.

Январь 2024: атака вымогателей на зоопарк ТоронтоОдним из первых значительных инцидентов 2024 года, связанных с ransomware, стала январская атака на крупнейший канадский зоопарк, расположенный в Торонто.

Февраль 2024: атака на UnitedHealth ценой $3,09 миллиардаВ феврале произошла атака на гиганта американского медицинского страхования, UnitedHealth Group, которую можно смело назвать ransomware-инцидентом года.

Май 2024: серьезные сбои в работе американской сети больниц AscensionОдной из крупнейших сетей больниц в США, Ascension, в начале мая пришлось перевести в офлайн часть св…

2 weeks, 6 days назад @ kaspersky.ru
Блог Group-IB
последний пост None
Cisco Security Blog Cisco Security Blog
последний пост 1 day, 5 hours назад
Your Endpoint Is Secure Against AI Supply Chain Attacks
Your Endpoint Is Secure Against AI Supply Chain Attacks Your Endpoint Is Secure Against AI Supply Chain Attacks

The bottom line is clear: organizations deeply care about trust in their AI Supply Chain.

Understanding AI Supply Chain SecurityAt Cisco, we’ve observed firsthand that while organizations worry about various AI security concerns like prompt injections and jailbreaks, their security instincts first react to risks in the AI Supply Chain.

AI Supply Chain Security encompasses the practices and measures designed to protect enterprises and applications throughout the AI development and deployment process.

It is a strategic imperative to allow access, but also a security imperative to block the use of malicious models.” Sarah Winslow, Director | PSEC Emerging Technologies & AI, VeradigmIntroducing…

1 day, 5 hours назад @ blogs.cisco.com
Meet the Cybersecurity Defender of 2025 for EMEA
Meet the Cybersecurity Defender of 2025 for EMEA Meet the Cybersecurity Defender of 2025 for EMEA

Each year, Cisco makes a point of selecting and recognizing a standout cybersecurity advocate who has earned the title of cybersecurity defender.

This is why Cisco’s 2025 EMEA Cybersecurity Defender of the Year award goes out to a team of practitioners at SAP Enterprise Cloud Services (ECS) whose contributions displayed an uncommon ability to raise the bar for overall security posture.

Partnering with Cisco to Overcome SAP ECS ChallengesAs one of the world’s leading deliverers of managed cloud services, SAP Enterprise Cloud Services can’t afford downtime.

For this reason, SAP Enterprise Cloud Service chose to partner with Cisco.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedIn…

4 days, 9 hours назад @ blogs.cisco.com
Achieve Transformative Network Security With Cisco Hybrid Mesh Firewall
Achieve Transformative Network Security With Cisco Hybrid Mesh Firewall Achieve Transformative Network Security With Cisco Hybrid Mesh Firewall

In the previous blog, we talked about our overall approach to zero trust with Universal ZTNA and Hybrid Mesh Firewall.

The Hybrid Mesh Firewall isn’t just a product, it’s a shift in how we approach network security.

The heart of the Cisco Hybrid Mesh Firewall is Cisco’s Security Cloud Control management system.

This solution reflects our vision of integrating AI security seamlessly within the Hybrid Mesh Firewall, providing enterprises with the confidence to advance their AI initiatives securely.

Bringing the Vision to LifeThe Hybrid Mesh Firewall is the embodiment of Cisco’s commitment to redefining network security for the modern age.

1 week, 2 days назад @ blogs.cisco.com
Cisco and Wiz Collaborate to Enhance Cloud Security: Tackling AI-Generating Threats in Complex IT Infrastructures
Cisco and Wiz Collaborate to Enhance Cloud Security: Tackling AI-Generating Threats in Complex IT Infrastructures Cisco and Wiz Collaborate to Enhance Cloud Security: Tackling AI-Generating Threats in Complex IT Infrastructures

A Growing Challenge in Cloud SecurityIn today’s fast-paced digital world, enterprises face a new urgency in cloud security.

Cisco and Wiz: Better TogetherIn response to this critical challenge, Cisco is excited to announce a strategic collaboration with Wiz, a leader in cloud security innovation.

Together, Cisco and Wiz aim to improve cloud security for enterprises that are contending with an evolving threat landscape marked by complexity and the introduction of new AI technology.

A Unified Vision for Secure Cloud EnvironmentsCisco and Wiz share a vision of enhancing cloud security with AI and for AI.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

1 week, 2 days назад @ blogs.cisco.com
Fusing Security Into the Network Fabric: From Hybrid Mesh Firewalls to Universal ZTNA
Fusing Security Into the Network Fabric: From Hybrid Mesh Firewalls to Universal ZTNA Fusing Security Into the Network Fabric: From Hybrid Mesh Firewalls to Universal ZTNA

This is where two emerging areas of innovation come into play: Hybrid Mesh Firewall and Universal ZTNA.

Hybrid Mesh Firewall: From Firewalls to “Firewalling”So, let’s start by clearly defining what each of these are – starting with Hybrid Mesh Firewall.

A traditional definition of a Hybrid Mesh Firewall is a multi-deployment of virtual, physical, cloud native and container native firewalls with a unified management plane.

Truly Universal Zero Trust Network AccessWhat does it mean to achieve Universal Zero Trust Network Access?

ConclusionIn today’s digital landscape, the combination of Universal Zero Trust Network Access and Hybrid Mesh Firewalls offers a powerful defense strategy.

1 week, 3 days назад @ blogs.cisco.com
Quantum Key Distribution and the Path to Post-Quantum Computing
Quantum Key Distribution and the Path to Post-Quantum Computing Quantum Key Distribution and the Path to Post-Quantum Computing

Today’s Quantum Safe SolutionsWhile the quantum threat remains in the future, tech companies, standards bodies, and government entities have sought its mitigation for some time.

QKD, SKIP, ETSI, and the Ability to Share Keys Between EndpointsCisco then turned its attention to creating quantum-safe network transport protocols.

SKIP is an API enabling network devices to obtain quantum safe keys from an external key management system, such as QKD.

Key issues to consider include:How well do specific QKD solutions work?

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

2 weeks, 1 day назад @ blogs.cisco.com
Cybersecurity for Businesses of All Sizes: A Blueprint for Protection
Cybersecurity for Businesses of All Sizes: A Blueprint for Protection Cybersecurity for Businesses of All Sizes: A Blueprint for Protection

Network Security: Network security is all about keeping the connections between devices safe from threats.

Regular checks for vulnerabilities help identify weaknesses that could be exploited by cybercriminals, making it essential for maintaining a secure network.

Security Staffing: Having knowledgeable staff is key to a strong security strategy.

By maintaining detailed logs over an extended period, businesses can better investigate security incidents, understand their root causes, and improve their overall cybersecurity posture.

Check out our whitepaper, ‘Cybersecurity for businesses of all sizes: A blueprint for protection.’ShareShare:

2 weeks, 3 days назад @ blogs.cisco.com
AI Cyber Threat Intelligence Roundup: January 2025
AI Cyber Threat Intelligence Roundup: January 2025 AI Cyber Threat Intelligence Roundup: January 2025

At Cisco, AI threat research is fundamental to informing the ways we evaluate and protect models.

This regular threat roundup consolidates some useful highlights and critical intel from ongoing third-party threat research efforts to share with the broader AI security community.

As always, please remember that this is not an exhaustive or all-inclusive list of AI cyber threats, but rather a curation that our team believes is particularly noteworthy.

Notable Threats and Developments: January 2025Single-Turn Crescendo AttackIn previous threat analyses, we’ve seen multi-turn interactions with LLMs use gradual escalation to bypass content moderation filters.

They evaluated the technique against …

2 weeks, 6 days назад @ blogs.cisco.com
Evaluating Security Risk in DeepSeek and Other Frontier Reasoning Models
Evaluating Security Risk in DeepSeek and Other Frontier Reasoning Models Evaluating Security Risk in DeepSeek and Other Frontier Reasoning Models

Executive SummaryThis article investigates vulnerabilities in DeepSeek R1, a new frontier reasoning model from Chinese AI startup DeepSeek.

The results were alarming: DeepSeek R1 exhibited a 100% attack success rate, meaning it failed to block a single harmful prompt.

Compared to other frontier models, DeepSeek R1 lacks robust guardrails, making it highly susceptible to algorithmic jailbreaking and potential misuse.

With their models, DeepSeek has shown comparable results to leading frontier models with an alleged fraction of the resources.

MethodologyWe performed safety and security testing against several popular frontier models as well as two reasoning models: DeepSeek R1 and OpenAI O1-p…

2 weeks, 6 days назад @ blogs.cisco.com
Harnessing AI to Simplify Cloud Configuration Drift Detection
Harnessing AI to Simplify Cloud Configuration Drift Detection Harnessing AI to Simplify Cloud Configuration Drift Detection

Unless these changes are carefully tracked, they could lead to configuration drift, a situation in which the runtime state of a resource deviates from its intended baseline configuration.

How AI Powers Drift DetectionAI-driven drift detection uses machine learning techniques to monitor and analyze cloud configurations in real-time.

This approach provides a scalable, effective, and accurate solution to configuration drift challenges in dynamic cloud environments.

Benefits of AI in Drift DetectionAI offers several advantages over traditional drift detection methods:Scalability: Monitors thousands of resources across multiple cloud environments efficiently.

As technology matures, its potential…

3 weeks назад @ blogs.cisco.com
Top Threat Tactics and How to Address Them
Top Threat Tactics and How to Address Them Top Threat Tactics and How to Address Them

Escalate Access: Once attackers gained access, remote access tools were used in 100% of ransomware engagements (up from 13% last quarter), enabling lateral movement.

With these strong protections on trusted users, organizations can block attacks and protect trusted users from getting locked out of their accounts.

Cisco’s User Protection Suite also includes Secure Access, which includes both Secure Internet Access and Zero Trust Network Access (ZTNA) capabilities.

With Secure Internet Access, users are protected from malicious content with both Intrusion Prevention System (IPS) and Remote Browser Isolation (RBI).

Talk to an expert to discover how the Breach and User Protection Suites can pro…

3 weeks, 1 day назад @ blogs.cisco.com
Black Hat Europe 2024 NOC/SOC: Security Cloud
Black Hat Europe 2024 NOC/SOC: Security Cloud Black Hat Europe 2024 NOC/SOC: Security Cloud

Black Hat has unlimited access to the Cisco Security Cloud and its capabilities.

We started with a Proof-of-Concept (PoC) in Black Hat Asia 2024 and turned it into a full deployment at Black Hat Europe.

At Black Hat Europe 2024, over 12,000 supported samples were submitted.

Both these workflows were spruced up and used extensively at Black Hat Europe 2024.

At Black Hat Europe 2024, we had a problem where the ThousandEyes agents were showing a high latency time to Azure.

3 weeks, 3 days назад @ blogs.cisco.com
Simplifying Zero Trust Security for the Modern Workplace
Simplifying Zero Trust Security for the Modern Workplace Simplifying Zero Trust Security for the Modern Workplace

The upgraded suite is designed to provide comprehensive workplace security and help organizations implement zero trust access.

User Protection Suite Capabilities:Cisco’s User Protection Suite includes the key capabilities necessary to protect users and devices.

Zero Trust Access: Ease the transition to ZTNACisco Secure Access allows organizations to adopt Security Service Edge (SSE) with integrated Zero Trust Network Access (ZTNA) and VPN-as-a-service.

ISE assigns tags to these devices, including corporate devices, BYOD, and IoT devices, like cameras and printers.

Learn MoreTo explore the different tiers of Cisco’s User Protection Suite, check out the User Protection Suite At-A-Glance.

1 month назад @ blogs.cisco.com
Cisco AI Defense: Comprehensive Security for Enterprise AI Adoption
Cisco AI Defense: Comprehensive Security for Enterprise AI Adoption Cisco AI Defense: Comprehensive Security for Enterprise AI Adoption

Last year, we published our Cisco AI Readiness Index, which provided critical insights into the state of enterprise AI adoption.

I’m proud to announce Cisco AI Defense, the first truly comprehensive solution for enterprise AI security.

To accomplish this, it comprises four main components: AI Access, AI Cloud Visibility, AI Model & Application Validation, and AI Runtime Protection.

Cisco AI Defense gives security teams comprehensive visibility and control over the rapidly growing threat of shadow AI.

Cisco AI Defense addresses AI risk from beginning to end, giving business and security leaders the confidence to bring AI applications to market.

1 month, 1 week назад @ blogs.cisco.com
Advancing AI Security and Contributing to CISA’s JCDC AI Efforts
Advancing AI Security and Contributing to CISA’s JCDC AI Efforts Advancing AI Security and Contributing to CISA’s JCDC AI Efforts

A few months ago this year, I wrote about an AI Security Incident tabletop exercise led by the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC).

CISA used the insights gained from these exercises to develop an AI Security Incident Collaboration Playbook, which serves as a guide for enhancing effective operational collaboration among government agencies, private industry and international stakeholders.

Enables collaboration among the U.S. federal government, private industry, international government counterparts and the AI community to raise awareness of AI cybersecurity risks across critical infrastructure, enhancing the security and resili…

1 month, 1 week назад @ blogs.cisco.com
Microsoft Security Microsoft Security
последний пост 1 day, 1 hour назад
Microsoft at Legalweek: Help safeguard your AI future with Microsoft Purview​
Microsoft at Legalweek: Help safeguard your AI future with Microsoft Purview​ Microsoft at Legalweek: Help safeguard your AI future with Microsoft Purview​

eDiscovery allows you to easily search, collect, and review AI-based interactions across more than 25 AI applications.

We are excited to share more about new developments across Microsoft Security at Legalweek 2025.

Connect with members of the Microsoft Intelligent Security AssociationAt Microsoft we truly believe security is a team sport.

From our signature Pre-Day to demos and networking, discover how Microsoft Security can give you the advantage you need in the era of AI.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

1 day, 1 hour назад @ microsoft.com
Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms​​
Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms​​ Microsoft is named a Leader in the 2025 Gartner® Magic Quadrant™ for cyber-physical systems protection platforms​​

We are excited to announce that Gartner has named Microsoft a Leader in the 2025 Gartner® Magic Quadrant™ for Cyber Physical Systems Protection Platforms.

They span industrial control systems (ICS), OT devices, Internet of Things (IoT) devices, and more.

Microsoft Security Exposure Management is part of the unified security operations portal and provides a unified view of security posture across company assets and workloads.

The OT Security initiative improves your OT site security posture by monitoring and protecting OT environments in the organization, and employing network layer monitoring.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and upd…

2 days, 1 hour назад @ microsoft.com
​​Join us for the end-to-end Microsoft RSAC 2025 Conference experience
​​Join us for the end-to-end Microsoft RSAC 2025 Conference experience ​​Join us for the end-to-end Microsoft RSAC 2025 Conference experience

From our signature Pre-Day to hands-on demos and one-on-one meetings, join the Microsoft experience at RSAC 2025 designed just for you.

Explore eventsKick things off at Microsoft Pre-DayThe Microsoft experience at RSAC 2025 begins with Microsoft Pre-Day on Sunday, April 27, 2025, at the Palace Hotel, just around the corner from the Moscone Center.

For the fourth year running, the keynote speech held on Microsoft Pre-Day will kick off the full lineup of Microsoft events and activities throughout RSAC 2025.

By joining us on Sunday, you’ll have the chance to hear directly from Microsoft Security business leaders—including Vasu Jakkal, Corporate Vice President, Microsoft Security Business; Char…

3 days, 1 hour назад @ microsoft.com
Storm-2372 conducts device code phishing campaign
Storm-2372 conducts device code phishing campaign Storm-2372 conducts device code phishing campaign

Microsoft Threat Intelligence Center discovered an active and successful device code phishing campaign by a threat actor we track as Storm-2372.

In device code phishing, threat actors exploit the device code authentication flow.

Device code phishing attack cycleStorm-2372 phishing lure and accessStorm-2372’s device code phishing campaign has been active since August 2024.

Legitimate device code authentication pageAdditionally, Microsoft observed Storm-2372 using Microsoft Graph to search through messages of the account they’ve compromised.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evolving threat landscape, listen to the Microsoft Threat In…

1 week назад @ microsoft.com
Securing DeepSeek and other AI systems with Microsoft Security
Securing DeepSeek and other AI systems with Microsoft Security Securing DeepSeek and other AI systems with Microsoft Security

Microsoft Security provides threat protection, posture management, data security, compliance, and governance to secure AI applications that you build and use.

Customers today are building production-ready AI applications with Azure AI Foundry, while accounting for their varying security, safety, and privacy requirements.

azure AI content Safety Learn moreWith Azure AI Content Safety, built-in content filtering is available by default to help detect and block malicious, harmful, or ungrounded content, with opt-out options for flexibility.

For example, for high-risk AI apps, security teams can tag them as unsanctioned apps and block user’s access to the apps outright.

This is a quick overview…

1 week, 1 day назад @ microsoft.com
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation
The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation The BadPilot campaign: Seashell Blizzard subgroup conducts multiyear global access operation

Attribution assessmentMicrosoft Threat Intelligence assesses that the initial access subgroup is linked to Seashell Blizzard.

We have also observed the initial access subgroup to pursue access to an organization prior to a Seashell Blizzard-linked destructive attack.

]org Seashell Blizzard infrastructure c7379b2472b71ea0a2ba63cb7178769d27b27e1d00785bfadac0ae311cc88d8b LocalOlive b38f1906680c80e1606181b3ccb8539dab5af2a7222165c53cdd68d09ec8abb0 LocalOlive 9f3d8252e8f3169751a705151bdf675ac194bfd8457cbe08e1f3c17d7e9e9be2 LocalOlive 68c7aab670ee9d7461a4a8f06333994f251dc79813934166421091e2f1fa145c LocalOlive b9ef2e948a9b49a6930fc190b22cbdb3571579d37a4de56564e41a2ef736767b Chisel 636e04f0618dd578d…

1 week, 2 days назад @ microsoft.com
Build a stronger security strategy with proactive and reactive incident response: Cyberattack Series
Build a stronger security strategy with proactive and reactive incident response: Cyberattack Series Build a stronger security strategy with proactive and reactive incident response: Cyberattack Series

Microsoft Incident Response is made up of highly skilled investigators, researchers, engineers, and analysts who specialize in handling global security incidents.

Microsoft Incident Response Your first call before, during, and after a cybersecurity incident.

Proactive and reactive incident response are essential capabilities for providing a more robust defense strategy.

While conducting a proactive compromise assessment for a nonprofit organization in mid-2024, Microsoft Incident Response began their forensic investigation.

Thankfully, Microsoft Incident Response conducts proactive compromise assessments with the same resources that deliver reactive investigations.

1 week, 4 days назад @ microsoft.com
Code injection attacks using publicly disclosed ASP.NET machine keys
Code injection attacks using publicly disclosed ASP.NET machine keys Code injection attacks using publicly disclosed ASP.NET machine keys

In this blog, we share more information about ViewState code injection attacks and provide recommendations for securing machine keys and monitoring configuration files.

To protect ViewState against tampering and information disclosure, the ASP.NET page framework uses machine keys: ValidationKey and DecryptionKey.

Microsoft also recommends the following best practices for securing machine keys and web servers:Follow secure DevOps standards and securely generate machine keys.

ReferencesLearn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To hear stories and insights from t…

2 weeks, 1 day назад @ microsoft.com
Hear from Microsoft Security experts at these top cybersecurity events in 2025
Hear from Microsoft Security experts at these top cybersecurity events in 2025 Hear from Microsoft Security experts at these top cybersecurity events in 2025

So if you’re looking to boost your skills and stay ahead of the threat landscape, join Microsoft Security at the top cybersecurity events in 2025.

Be among the first to hear about Microsoft Security innovations, such as Microsoft’s Secure Future Initiative and XSPA (cross-site port attack) updates attendees of Microsoft Ignite 2024 heard.

Over the past few years, we’ve really boosted Microsoft Security experiences at Microsoft Ignite.

Microsoft will host a booth where attendees can connect with Microsoft Security experts and leaders.

It will showcase exciting updates and innovations from Microsoft Security for developers to create AI-enabled security solutions for their organizations.

2 weeks, 4 days назад @ microsoft.com
3 priorities for adopting proactive identity and access security in 2025
3 priorities for adopting proactive identity and access security in 2025 3 priorities for adopting proactive identity and access security in 2025

Employ risk-based Conditional Access policies and continuous access evaluation : Configure strong Conditional Access policies that initiate additional security measures, such as step-up authentication, automatically for high-risk sign-ins.

Augment Conditional Access with continuous access evaluation to ensure ongoing access checks and to protect against token theft.

Augment Conditional Access with continuous access evaluation to ensure ongoing access checks and to protect against token theft.

Converge access policies for identity security tools and network security tools to eliminate coverage gaps and enforce more robust access controls.

Converge access policies for identity security tools …

3 weeks, 3 days назад @ microsoft.com
Fast-track generative AI security with Microsoft Purview
Fast-track generative AI security with Microsoft Purview Fast-track generative AI security with Microsoft Purview

This includes Microsoft AI, like Microsoft 365 Copilot, AI that an organization builds in-house, and AI from third parties like Google Gemini or ChatGPT.

These Microsoft Purview solutions are:Microsoft Purview Data Security Posture Management for AIMicrosoft Purview Information ProtectionMicrosoft Purview Data Loss PreventionMicrosoft Purview Communications ComplianceMicrosoft Purview Insider Risk ManagementMicrosoft Purview Data Lifecycle ManagementMicrosoft Purview Audit and Microsoft Purview eDiscoveryMicrosoft Purview Compliance ManagerHere are short term steps you can take while the comprehensive data governance program is underway.

Microsoft Purview Data Security Posture Management fo…

3 weeks, 4 days назад @ microsoft.com
New Star Blizzard spear-phishing campaign targets WhatsApp accounts
New Star Blizzard spear-phishing campaign targets WhatsApp accounts New Star Blizzard spear-phishing campaign targets WhatsApp accounts

In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group.

Targeting WhatsApp account dataStar Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.

Star Blizzard initial spear-phishing email with broken QR codeWhen the recipient responds, Star Blizzard sends …

1 month назад @ microsoft.com
Innovating in line with the European Union’s AI Act
Innovating in line with the European Union’s AI Act Innovating in line with the European Union’s AI Act

You can consult our EU AI Act documentation on the Microsoft Trust Center to stay up to date.

This includes the EU AI Act.

Our framework for guiding engineering teams building Microsoft AI solutions—the Responsible AI Standard—was drafted with an early version of the EU AI Act in mind.

We expect that several of the secondary regulatory efforts under the EU AI Act will provide additional guidance on model- and system-level documentation.

Tags: AI, AI safety policies, Azure OpenAI Service, EU, European Union, Responsible AI

1 month, 1 week назад @ blogs.microsoft.com
Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions
Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions

Microsoft Threat Intelligence discovered a new macOS vulnerability that could allow attackers to bypass Apple’s System Integrity Protection (SIP) in macOS by loading third party kernel extensions.

In this blog post, we detail the connection between entitlements and SIP and explain how CVE-2024-44243 could be used to bypass SIP security measures.

Modifying sensitive files on the file system can bypass SIP, for instance, by modifying the list of allowed kernel extensions and then loading that kernel extension.

macOS comes pre-shipped with several such filesystem implementations, each appears as a file system bundle (*.fs) under /System/Library/Filesystems and /Library/Filesystems.

Registered …

1 month, 1 week назад @ microsoft.com
3 takeaways from red teaming 100 generative AI products
3 takeaways from red teaming 100 generative AI products 3 takeaways from red teaming 100 generative AI products

Microsoft’s AI red team is excited to share our whitepaper, “Lessons from Red Teaming 100 Generative AI Products.”The AI red team was formed in 2018 to address the growing landscape of AI safety and security risks.

Eight main lessons learned from our experience red teaming more than 100 generative AI products.

Lessons from Red Teaming 100 Generative AI Products Discover more about our approach to AI red teaming.

Read the whitepaperMicrosoft AI red team tackles a multitude of scenariosOver the years, the AI red team has tackled a wide assortment of scenarios that other organizations have likely encountered as well.

Advance your AI red teaming expertiseThe “Lessons From Red Teaming 100 Genera…

1 month, 1 week назад @ microsoft.com
Google Online Security Blog Google Online Security Blog
последний пост 3 weeks, 2 days назад
How we kept the Google Play & Android app ecosystems safe in 2024
How we kept the Google Play & Android app ecosystems safe in 2024 How we kept the Google Play & Android app ecosystems safe in 2024

Google Play’s multi-layered protections against bad appsTo create a trusted experience for everyone on Google Play, we use our SAFE principles as a guide, incorporating multi-layered protections that are always evolving to help keep Google Play safe.

Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source.

In 2024, Google Play Protect’s real-time scanning identified more than 13 million new malicious apps from outside Google Play1.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled …

3 weeks, 2 days назад @ security.googleblog.com
How we estimate the risk from prompt injection attacks on AI systems
How we estimate the risk from prompt injection attacks on AI systems How we estimate the risk from prompt injection attacks on AI systems

This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.

One of these tools is a robust evaluation framework we have developed to automatically red-team an AI system’s vulnerability to indirect prompt injection attacks.

Threat model and evaluation frameworkOur threat model concentrates on an attacker using indirect prompt injection to exfiltrate sensitive information, as illustrated above.

Based on this probability, the attack model refines the prompt injection.

This process repeats until the attack model converges to a successful prompt injection.

3 weeks, 2 days назад @ security.googleblog.com
Android enhances theft protection with Identity Check and expanded features
Android enhances theft protection with Identity Check and expanded features Android enhances theft protection with Identity Check and expanded features

This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft.

As part of enabling Identity Check, you can designate one or more trusted locations.

Theft Detection Lock: expanding AI-powered protection to more usersOne of the top theft protection features introduced last year was Theft Detection Lock, which uses an on-device AI-powered algorithm to help detect when your phone may be forcibly taken from you.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help …

4 weeks, 1 day назад @ security.googleblog.com
OSV-SCALIBR: A library for Software Composition Analysis
OSV-SCALIBR: A library for Software Composition Analysis OSV-SCALIBR: A library for Software Composition Analysis

Today, we’re excited to release OSV-SCALIBR (Software Composition Analysis LIBRary), an extensible library for SCA and file system scanning.

We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface.

OSV-Scanner + OSV-SCALIBRUsers looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities using much of the same extraction as OSV-SCALIBR.

Some of OSV-SCALIBR’s capabilities are not yet available in OSV-Scanner, but we’re currently working on integrating OSV-SCALIBR more deeply into O…

1 month назад @ security.googleblog.com
Google Cloud expands vulnerability detection for Artifact Registry using OSV
Google Cloud expands vulnerability detection for Artifact Registry using OSV Google Cloud expands vulnerability detection for Artifact Registry using OSV

Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage.

A significant benefit of utilizing Google Cloud Platform is its integrated security tools, including Artifact Analysis.

This integration provides industry-leading insights into open source vulnerabilities—a crucial capability as software supply chain attacks continue to grow in frequency and complexity, impacting organizations reliant on open source software.

Open source vulnerabilities, with more reachArtifact Analysis pulls vulnerability information directly from OSV, which is the only open source, distributed vulnerability dat…

2 months, 1 week назад @ security.googleblog.com
Announcing the launch of Vanir: Open-source Security Patch Validation
Announcing the launch of Vanir: Open-source Security Patch Validation Announcing the launch of Vanir: Open-source Security Patch Validation

Today, we are announcing the availability of Vanir, a new open-source security patch validation tool.

In collaboration with the Google Open Source Security Team, we have incorporated feedback from our early adopters to improve Vanir and make it more useful for security professionals.

These algorithms have low false-alarm rates and can effectively handle broad classes of code changes that might appear in code patch processes.

The Vanir signatures for Android vulnerabilities are published through the Open Source Vulnerabilities (OSV) database.

You can also contribute to Vanir by providing vulnerability data with Vanir signatures to OSV.

2 months, 2 weeks назад @ security.googleblog.com
Leveling Up Fuzzing: Finding more vulnerabilities with AI
Leveling Up Fuzzing: Finding more vulnerabilities with AI Leveling Up Fuzzing: Finding more vulnerabilities with AI

But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets.

The ideal solution would be to completely automate the manual process of developing a fuzz target end to end:Drafting an initial fuzz target.

Running the corrected fuzz target for a longer period of time, and triaging any crashes to determine the root cause.

In January 2024, we open sourced the framework that we were building to enable an LLM to generate fuzz targets.

New results: More code coverage and discovered vulnerabilitiesWe’re now able to automatically gain more coverage in 272 C/C++ projects on OSS-Fuzz (up from 160), …

3 months назад @ security.googleblog.com
Retrofitting Spatial Safety to hundreds of millions of lines of C++
Retrofitting Spatial Safety to hundreds of millions of lines of C++ Retrofitting Spatial Safety to hundreds of millions of lines of C++

Based on an analysis of in-the-wild exploits tracked by Google's Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade:Breakdown of memory safety CVEs exploited in the wild by vulnerability classGoogle is taking a comprehensive approach to memory safety.

This leads to an exponential decline in memory safety vulnerabilities and quickly improves the overall security posture of a codebase, as demonstrated by our post about Android's journey to memory safety.

We’ve begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs.

This improves spat…

3 months, 1 week назад @ security.googleblog.com
Safer with Google: New intelligent, real-time protections on Android to keep you safe
Safer with Google: New intelligent, real-time protections on Android to keep you safe Safer with Google: New intelligent, real-time protections on Android to keep you safe

That’s why we’re using the best of Google AI to identify and stop scams before they can do harm with Scam Detection.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Cutting-edge AI protection, now on more Pixel phones: Gemini Nano, our advanced on-device AI model, powers Scam Detection on Pixel 9 series devices.

We look forward to learning from this beta and your feedback, and we’ll share more about Scam Detection in the months ahead.

3 months, 1 week назад @ security.googleblog.com
5 new protections on Google Messages to help keep you safe
5 new protections on Google Messages to help keep you safe 5 new protections on Google Messages to help keep you safe

Every day, over a billion people use Google Messages to communicate.

That’s why we’ve made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month.

With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users.

We're committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private.

As part of cybersecurity awareness month, we're sharing five new protections to help keep you safe while using Google Messages on Android:

4 months назад @ security.googleblog.com
Safer with Google: Advancing Memory Safety
Safer with Google: Advancing Memory Safety Safer with Google: Advancing Memory Safety

Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities.

Our Secure by Design commitment emphasizes integrating security considerations, including robust memory safety practices, throughout the entire software development lifecycle.

This post builds upon our previously reported Perspective on Memory Safety, and introduces our strategic approach to memory safety.

By open-sourcing these tools, we've empowered developers worldwide to reduce the likelihood of memory safety vulnerabilities in C and C++ codebases.

Migration to Memory-Safe Languages (MSLs)The first pillar of our strategy is centered on further increasing the adoption of memory-s…

4 months, 1 week назад @ security.googleblog.com
Bringing new theft protection features to Android users around the world
Bringing new theft protection features to Android users around the world Bringing new theft protection features to Android users around the world

Situations like Janine’s highlighted the need for a comprehensive solution to phone theft that exceeded existing tools on any platform.

These advanced theft protection features are now available to users around the world through Android 15 and a Google Play Services update (Android 10+ devices).

These theft protection features are just one example of how Android is working to provide real-world protection for everyone.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help center.

4 months, 1 week назад @ security.googleblog.com
Using Chrome's accessibility APIs to find security bugs
Using Chrome's accessibility APIs to find security bugs Using Chrome's accessibility APIs to find security bugs

If only the whole tree of Chrome UI controls were exposed, somehow, such that we could enumerate and interact with each UI control automatically.

We need to amortize that cost over thousands of test cases by running a batch of them within each browser invocation.

Yet this is tricky, since Chrome UI controls are deeply nested and often anonymous.

This approach has proven to be about 80% as quick as the original ordinal-based mutator, while providing stable test cases.

If you’d like to follow along, keep an eye on our coverage dashboard as it expands to cover UI code.

4 months, 2 weeks назад @ security.googleblog.com
Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems
Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems

Most smartphones use cellular baseband processors with tight performance constraints, making security hardening difficult.

The Cellular BasebandThe cellular baseband within a smartphone is responsible for managing the device's connectivity to cellular networks.

The firmware within the cellular baseband, similar to any software, is susceptible to bugs and errors.

For example, 0-day exploits in the cellular baseband are being used to deploy the Predator malware in smartphones.

Pixel's proactive approach to security demonstrates a commitment to protecting its users across the entire software stack.

4 months, 3 weeks назад @ security.googleblog.com
Evaluating Mitigations & Vulnerabilities in Chrome
Evaluating Mitigations & Vulnerabilities in Chrome Evaluating Mitigations & Vulnerabilities in Chrome

The Chrome Security Team is constantly striving to make it safer to browse the web.

We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue.

Historically the Chrome Security Team has made major investments and driven the web to be safer.

In the longer-term the Chrome Security Team advocates for operating system improvements like less-capable lightweight processes, less-privileged GPU and NPU containers, improved application isolation, and support for hardware-based isolation, memory safety and flow control enforcement.

Good Bugs and Ba…

4 months, 3 weeks назад @ security.googleblog.com