Искусственный интеллект улучшил белки, продлевающие молодость.

Учёные нашли способ быстро нейтрализовать токсины.

Микронасекомые продолжают удивлять науку своими способностями.

Откуда берутся заблуждения и что говорит наука.

Поднебесная впервые сталкивается со столь серьезным вызовом.

Как студентка MIT пошатнула вековую математическую традицию.

Исчерпывающий гайд по лицензированию открытого ПО. Разбор популярных лицензий, их применение в крупных проектах и современные тренды в сфере Open Source.

Мошенники обманывают детей и родителей.

Необычная мошенническая схема была раскрыта исследователями Imperva.

Бизнесу предстоят проверки без прямого взаимодействия с ведомством.

Microsoft 365 оказался под прицелом нового хакерского инструмента.

NFT-дрейнеры похищают криптовалюту через коллекционные подарки.

Проект требует тестирования и координации с МЧС, МВД и другими ведомствами.

Прольем свет на темную сторону интернета.

Правительство США готовится к беспрецедентному шагу в цифровой экономике.

Однако пользователи платных подписок на сервисы «Яндекс 360» могут развернуть новые «Яндекс Документы» внутри контура корпоративной сети.

Он минималистичный, но при этом эргономичный и не перегруженный.

Вот тут разница с прежней версией на ядре «Р7-Офиса» разительная, и не в пользу разработки «Яндекса».

Однако многие из недостатков (или, скорее, недоделок) можно простить за высокое быстродействие, даже с объемными документами и при одновременной работе нескольких человек.

Продукт быстро работает, в том числе с объемными документами, но он серьезно несбалансирован и в нем не хватает востребованных функций.

Одним из наиболее перспективных методов является так называемое «право второй руки», позволяющее блокировать переводы и запрашивать дополнительное подтверждение у клиента.

Он был запущен «Сбером» в декабре 2021 года и стал доступен как в мобильном приложении, так и в интернет-банке.

«Допускаю, что право второй руки если не в январе, то в феврале будет узаконено», — заявил он.

Сильные и слабые стороны права второй рукиКак и у любого подхода, у права второй руки есть свои преимущества и недостатки.

Сервис «Защита Близких»Хорошим примером «правила второй руки» может послужить бесплатный сервис «Т-Банка» под названием «Защита близких».

Стандартная схема использования WAF Dallas LockВ шлюзе безопасности WAF Dallas Lock разграничены три роли ― администратор, аудитор и внутренний пользователь.

Логика интеграции WAF Dallas Lock c ЕЦУРешение интегрируется с Единым центром управления (ЕЦУ) Dallas Lock.

АрхитектураАрхитектура WAF Dallas Lock включает в себя два ключевых компонента, которые лицензируются отдельно: WAF и UTM.

Основные программные модули в WAF Dallas LockОсновными программными модулями шлюза безопасности WAF Dallas Lock являются «Информационная панель», «Журналы и статистика», «Настройки» и «Сеть».

Меню «Инспекция WAF» в консоли WAF Dallas LockДалее необходимо перейти в раздел «Ресурсы WAF», где непосредственно мож…

Вынужденный отказ от их использования недопустим, потому что на NGFW возложены фундаментальные функции современной защиты.

Новые устройства UserGate DCFW (UserGate, 13.11.2024)Для новой линейки UserGate DCFW представлены программно-аппаратные комплексы (ПАК) E1010, E3010, F8010 и FG.

Управление нодами осуществляется централизованно через UserGate Management Center, что позволяет рассматривать устройства UserGate NGFW как часть единой экосистемы продуктов UserGate SUMMA (NGFW, DCFW, SIEM, Log Analyzer, Client) с общей консолью управления.

Аппаратный FPGA-ускоритель для UserGate DCFWВ настоящее время FPGA-подсистема умеет обрабатывать функции Stateful Firewall (FW L3 / L4) — осуществлять пров…

Среди продуктов на платформе Security Vision — Security Vision VM, комплексное программное обеспечение для управления уязвимостями.

Схема процесса управления уязвимостями в Security Vision VMРассмотрим подробнее Security Vision 5 VM и её функциональные возможности, отметим особенности, архитектуру и системные требования продукта.

Функциональные возможности Security Vision VMБазовые функции системы Security Vision VM можно разделить на четыре блока.

Автоматизация процессов управления уязвимостями в Security Vision VMАдминистратору системы доступны сотни различных действий в рамках автоматизации управления.

Пример интерактивных дашбордов в Security Vision VMСистема Security Vision VM также вз…

Подводя итоги 2024 года, на AM Live проанализировали тенденции на российском рынке информационных технологий в 2024 году, дали оценку главным вызовам и ключевым рискам.

Ключевые тренды и события 2024 годаПо мнению Максима Мораря, фокусировка на безопасности в разработке продуктов в 2024 году усилилась.

В эфире прозвучало, что в условиях рыночной турбулентности и ограничений компании находят не только риски, но и возможности для прорыва.

ВыводыВ ходе эфира были рассмотрены ключевые тенденции и проблемы, с которыми столкнулись ИТ-компании в России в 2024 году.

Участники эфира выразили оптимизм относительно перспектив ИТ-сектора в 2025 году, равно как и потенциала для развития и экспорта иннов…

BILLmanager 6 Enterprise — платформа для автоматизации управления ИТ-инфраструктурой из «одного окна», обеспечивающая оркестровку и анализ.

Интерфейс доступен на русском и английском языках, что делает взаимодействие с платформой комфортным как для локальных организаций, так и для международных.

Организация внутреннего сервис-провайдераBILLmanager 6 Enterprise предоставляет всё необходимое для организации полноценного внутреннего сервис-провайдера, объединяя ключевые инструменты для автоматизации и управления услугами.

Центр поддержкиАнализ использования имеющихся сервисов и внедрения новыхПри добавлении новых сервисов бизнесу часто требуется привлечение дополнительных ресурсов — виртуальны…

Авторитетные эксперты отметили основные тенденции на рынке ИБ в России и сделали прогнозы о развитии киберугроз и средств защиты на будущий 2025 год.

Мы задали экспертам два вопроса:Какое событие на российском рынке ИБ в 2025 году в вашей компании оценивают как наиболее вероятное?

Она попала в том числе и в «невероятные» события: несколько экспертов сказали, что вряд ли в 2025 году мы увидим удовлетворение кадрового голода.

В 2025 году регуляторы продолжат ужесточать требования к процессам и методам в разработке средств защиты информации.

В 2025 году мы ожидаем подобного в наиболее востребованном на российском ИБ-рынке сегменте — средств защиты информации (СЗИ) для сетевой безопасности.

Архитектура RT Protect TIАрхитектура RT Protect TI разрабатывалась с учётом первостепенных потребностей современных MSS-провайдеров в тесном взаимодействии с RT Protect EDR.

Схема взаимодействия RT Protect TI с другими системамиПри внедрении RT Protect TI возможна реализация множества интеграций в различных сценариях:Взаимодействие с широким спектром решений: EDR, SIEM, IRP, EASM.

Основная страница артефактаСистема RT Protect TI содержит в своём составе собственную библиотеку тегов, созданную аналитиками команды RT Protect.

Выпуск токена клиента в RT Protect TIРолевая модель пользователей каждой организации включает в себя три основные роли: «Администратор», «Аналитик», «Пользователь».

Созд…

И в бизнесе, и в государственных организациях утечки приводят не только к нарушениям законодательства, но и к значительным репутационным и финансовым потерям.

Функциональные возможности «Гарда DBF»Основная функция системы «Гарда DBF» — обеспечивать безопасность СУБД и независимый аудит операций с базами данных и бизнес-приложениями.

Контроль доступа к СУБДКонтроль доступа к СУБД в «Гарда DBF» осуществляется путём мониторинга сетевого трафика непосредственно к серверам БД, а также анализа SQL-запросов.

При работе в режиме сетевого экрана система защиты баз данных «Гарда DBF» позволяет контролировать обращения к СУБД по различным признакам.

Архитектурная схема «Гарда DBF» в режиме развёртыван…

В этом эфире в двух частях мы подводим итоги уходящего года, изучаем ключевые тренды и события в мире информационной безопасности.

Первый опрос показал, что для 48 % зрителей уходящий год был позитивным в плане работы, а для 39 % — тяжёлым.

Регуляторика остаётся важным драйвером, но это не значит, что не надо заниматься результативной безопасностью.

Рынок будет стремительно расти в среднем и малом бизнесе, и в целом претерпит значительные изменения».

Результаты третьего опроса показали, как изменится бюджет на ИБ в организациях в 2025 году.

Рассмотрим на примере работы с MaxPatrol VM, системы для управления уязвимостями, как правильно выстроить процесс Vulnerability Management.

Из чего состоит управление уязвимостямиПроцесс работы в MaxPatrol VM строится из следующих шагов: выявление уязвимостей, их анализ и приоритизация, устранение и контроль недостатков безопасности.

Очень важно, чтобы служба ИБ понятно доносила информацию о своих действиях и их причинах коллегам, с которыми ведётся совместная работа: ИТ, DevOps и другим.

Очень важно, чтобы служба ИБ понятно доносила информацию о своих действиях и их причинах коллегам, с которыми ведётся совместная работа: ИТ, DevOps и другим.

Кроме того, данные о трендовых уязвимостях, экс…

Kaspersky SD-WAN 2.3 помогает проектировать и оперативно развёртывать современные высокопроизводительные отказоустойчивые сети с централизованным управлением, обеспечивая надлежащую безопасность соединений и непрерывность бизнес-процессов.

Мы уже публиковали подробный обзор Kaspersky SD-WAN версии 2.0, а также рассматривали возможности Kaspersky SD-WAN 2.1 на базе популярных кейсов.

Возможности Kaspersky SD-WAN версии 2.2Весной 2024 г. был представлен релиз Kaspersky SD-WAN 2.2.

Поддержка управления IP-адресами позволяет автоматизировать и ускорить процесс развёртывания и администрирования сети SD-WAN.

Новейшие возможности Kaspersky SD-WAN 2.3В начале ноября 2024 г. вендор анонсировал Kaspe…

Бизнес Selectel и технологическая независимостьПодходы Selectel к бизнесу удачно вписываются в нынешнюю политику импортозамещения.

Разработанная в Selectel серверная плата поддерживает новейшие процессоры XeonТак, было объявлено о доступности серверной платформы Selectel на базе 144-ядерной модели Intel Xeon 6 (Sierra Forest), выведенной производителем на рынок в июне 2024 года.

Серверная платформа Selectel была разработана за два годаУслуги Bare Metal и Bare Metal CloudДавайте попробуем разобраться в пользе от разработки серверной платформы Selectel.

Более того, прогнозы аналитиков указывают на ожидаемый рост этого сегмента в будущем, причём как в РФ, так и в мире в целом.

Олег Любимов отм…

Управление и мониторинг«Континент TLS 2.6» предоставляет удобные и современные инструменты для управления и мониторинга, обеспечивая прозрачность и контроль за работой системы.

Системные требования «Континента TLS 2.6»Минимальные требования для установки системы «Континент TLS 2.6» зависят от типа используемой платформы.

Удалённый доступ к корпоративным ресурсамУдалённый доступ к корпоративным ресурсам является неотъемлемой частью современной бизнес-среды, обеспечивая сотрудникам возможность работать из любой точки мира.

Удалённый доступ к корпоративным ресурсамЗащищённый доступ к веб-приложениюЭто актуально для тех веб-приложений, доступ к которым требует высокой степени защиты — особенно …

Прежде чем поделиться результатами своих исследований, давайте попробуем понять откуда взялись эти коды из смс.

Немного теорииКод из смс это есть ни что иное как одноразовый пароль (он же one-time password или otp).

Лично меня, как разработчика, больше интересует другой вопрос – как так получается, что код из смс превращается в «открывашку» для банковских продуктов клиента?

Нам всем это знакомо – в большей части банковских приложений при определенных условиях с нас могут потребовать ввести код из смс или push-уведомления.

Да, в 2025 году есть как минимум один банк, который упорно продолжает просить коды из смс у своих клиентов.

В этом рейтинге мы собрали топ-5 VPN-сервисов для пользователей из России на 2025 год.

Возможность обхода блокировокЭто ключевой критерий для пользователей из России.

В 2025 году Windscribe остаётся одним из лучших решений для пользователей из России, благодаря своей способности работать даже в условиях сложных интернет-ограничений.

Это делает сервис одним из лучших для пользователей из России.

Это делает его надёжным инструментом для пользователей из России, особенно в условиях усиленной цензуры.

Это позволяет провести аудит клиентской и серверной сторон приложения.

Перед аудитом можно самостоятельно оценить состояние безопасности приложения, чтобы заранее найти и устранить очевидные уязвимости.

Есть очень классный сайт, называется Open Worldwide Application Security Project или OWASP - это международная некоммерческая организация, которая занимается вопросами безопасности веб-приложений.

По сути, это отраслевой стандарт безопасности приложения.

MASWE (Mobile Application Security Weakness Enumeration) — список слабых мест в безопасности мобильных приложений.

МессенджерыСкомпрометированные данные: личные и служебные переписки, файлы, контактные данные и другая чувствительная информация.

Онлайн-кинотеатры и сервисы потокового вещанияСкомпрометированные данные: персональные данные пользователей, история просмотров и данные для оплаты.

Учетные данные стилер упаковывает в простой и понятный документ по формату: веб-ресурс, почта или логин, пароль.

После запуска Epsilon создает в папке C:\User\AppData\Local\Temp папку со случайным названием, например «2Z5EMzgNnZUDO8E61245f5K9BRc», и распаковывает в нее само тело вредоноса и вспомогательные файлы и библиотеки.

Persistence (T1547 Boot or Logon Autostart Execution)В качестве закрепления данный стилер ис…

Хотя я и был уже женат, но детей еще не было, и я мог выкраивать время для творчества.

Если сложить все мои посты в соцсетях, в Telegram, блоге и так далее, счет пойдет на десятки тысяч, и это не преувеличение.

И самое главное, что вокруг обнаружения угроз возникло очень много смежных тем: это и threat hunting, и threat intelligence, и security operation center, и автоматизация, и detection engineering, и прочее.

А я не мог и отказывал в этом, так как это не мой текст.

И вопреки распространенному мнению, что это сложно, могу сказать, что это не так.

Особенности P2P-маркетплейсовP2P-маркетплейсы (peer-to-peer) позволяют пользователям напрямую покупать и продавать товары или услуги друг другу, выступая одновременно в роли продавцов и покупателей.

Вы выкупаете товар у бизнеса, а не у частного лица.

В случае с P2P-сделками участников могут ждать следующие риски:Рассмотрим, какие инструменты и функции мы предлагаем, как ​​компания с опытом разработки маркетплейсов.

Например, после каждой завершенной сделки обеим сторонам будет предложено поставить оценку или написать комментарий, что понравилось или не понравилось во взаимодействии.

Так все потенциальные покупатели смогут узнать все детали о предложениях продавца и не дублировать свои вопро…

И в связи с тем, что я потратил столько времени, я хотел бы высказать свое мнение относительно полезности этого.

В данном разделе я лишь поделился своими впечатлениями от проведенного в академии времени и я бы сказал, что ни о чем не жалею.

Однако, в действительности оказалось что их два, причем обычный пользователь смотрел почту, а администратор открывал наши нагрузки - все это ввело в заблуждение и результировало в том, что этап был пройден еще одним "выстрелом в небо".

Оценивая в целом, мне понравилось время, которое я провел в академии и на самом экзамене - свою дозу быстрого дофамина я получил, о чем не жалею.

В случае с администратором - уязвимость гарантировано в панели администратор…

Для успешного применения данного метода требуется чёткое понимание механизмов ценообразования, умение быстро принимать решения и грамотно учитывать различные комиссии и риски.

Сдуру в голове рисуются сложные схемы по получению доступа к API бирж, мониторинга, нахождения спреда, оценки комиссий и возможного проскальзывания.

Знакомьтесь: каналы "Арбитраж Криптовалюты [Bybit]" и "АРБИТРАЖ КРИПТЫ | Bybit" , с поддержкой в лице "aleksey_oficial" и "Timur_oficial" соответсвенно - можете им писать по любым вопросам!

Да, ребята пользуются только проверенными, быстрыми, анонимными и не требующими регистрации обменниками.

К слову, оставшиеся сотрудники имели аналогичный опыт вложений в мемкоины и/или…

Внимательно и пристально нужно проверять все входные параметры, все данные невозможно проверить, но можно отловить ошибки на стадии исследования входящего сообщения и данных.

Общие ошибки в TONПожалуй, можно начать с самого очевидного: не отправляйте приватные данные в блокчейн (пароли, ключи и так далее).

Она возникает из-за того, что в TON отсутствует понятие одноразовых номеров у адреса (как nonce в Ethereum), которые позволяют делать уникальные подписи.

Тщательно рассчитывайте расходы на газ и проверяйте, достаточно ли газа для работы и хранения контракта в блокчейне.

Следуя этому контрольному списку , вы сможете систематически оценивать безопасность и надежность смарт-контрактов TON, в…

Схема алгоритма ГровераПредварительные сведенияНе буду останавливаться на деталях, касающихся квантовых компьютеров и квантовых вычислений.

«Практическое осуществление квантового компьютера основано на манипулировании на микроскопическом уровне и с грандиозной точностью многоэлементной физической системой с непрерывными степенями свободы.

Порассуждаем далее на тему, является ли неотвратимым процесс создания квантовых и гибридных компьютеров и насколько срочно требуется осуществлять переход на постквантовые асимметричные криптоалгоритмы.

Таким образом, на мой взгляд, ответ на поставленный выше вопрос, пора ли переходить на постквантовые криптоалгоритмы уже сейчас, выглядит так: «однозначно п…

Пример:SELECT * FROM users WHERE username = '$username' AND password = '$password';Обычный пользователь введёт логин и пароль, и запрос выполнится корректно.

Пример уязвимого кода (PHP):$username = $_POST['username']; $password = $_POST['password']; $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'"; $result = mysql_query($query); // УЯЗВИМО!

Использование ошибок для извлечения данных: Злоумышленник может использовать ошибки для посимвольного извлечения данных из базы данных, используя подзапросы и функции, такие как SUBSTRING() или MID() .

Кейс для начинающих (MongoDB):Представим себе функцию, которая ищет пользователя в базе данных MongoDB:function find…

Туннель IPv6 через IPv4Для настройки нужно зарегистрироваться у туннельного брокера, использующего 6in4, и получить данные для подключения.

Преимущество туннеля в том, что другие устройства в сети не требуют дополнительной настройки, а работа Android TV и сайтов не нарушается.

Настройка подключения IPv6 через IPv4: Перейдите в Интернет → Другие подключения → Подключения IPv6 через IPv4 → Добавить подключение и включите его.

Проверка подключения: Проверьте, пингуется ли версия сайта по IPv6 через интерфейс роутера и с помощью терминала.

Рекомендуемые DNS-серверы:Google DNS: 8.8.8.8 и 8.8.4.4Cloudflare DNS: 1.1.1.1 и 1.0.0.1Как изменить DNS на ПК:Откройте настройки сети на компьютере.

Мы с командой сфокусировались на тестировании уязвимостей систем на базе Больших языковых моделей (LLM), включая чат-боты Retrieval Augmented Generation и мультиагентные системы.

В этой статье решил рассказать, как мы проверяем Большие языковые модели с помощью Больших языковых моделей.

Giskard — мощный инструмент, сочетающий в себе и статические, и динамические тесты, использующий LLM для атак и судейства по принципу LLM-as-a-judge.

LLAMATOR может взаимодействовать с тестируемой системой и атакующей LLM как посредством клиентов LangChain или OpenAI API, так и с помощью отдельно написанной оболочки.

Выводите большие языковые модели на чистую воду вместе с нами, ждём ваши вопросы и предложен…

О том, как все прошло, вы можете узнать сами и решить, насколько это важно или полезно, по турнирным таблицам и по покрытию матрицы MITRE ATT&CK.

Механика кибербитвы не предполагала автоматизации реагирования, а некоторые запреты не могли быть наложены навсегда, по правилам состязаний это было запрещено.

Топ-30 техник атакующих в рамках Standoff 13Эти атаки актуальны и для реальных условий, все техники и тактики используют злоумышленники «из дикой природы».

Это было и в случае MaxPatrol EDR 6.0, релиза, который мы старались представить в срок, специально к кибербитве Standoff 13.

И это получилось.

Принципы автора при настройке и работе сервера и не только, которые будут фигурировать в течении цикла:Безопасность системы и сетиБыстрый ответ системы и ее службМинимальное количество пакетов (программ), только нужноеУнификация, зависимость приложений.

Оглавление статьиРынок и выборДля большинства людей идея «self-hosted» решений сводится к созданию личного облака, точнее, хранилища для синхронизации данных.

В этом контексте существует два основных варианта:NAS (Network Attached Storage): хост (то есть компьютер), предназначенный для хранения данных как для личного, так и для коммерческого использования.

Встроенный GPU: не хватка только если в планах ставить ollama для "self-hosted" IA.

Же…

Компания Microsoft предупреждает, что накопительные обновления для Windows 11 и Windows 10 за январь 2025 года могут не работать, если на устройстве установлен Citrix Session Recording Agent (SRA) версии 2411.

В рамках январского «вторника обновлений» Microsoft выпустила обновления для Windows 11 (KB5050009) и Windows 10 (KB5049981), устранив многочисленные уязвимости, включая несколько проблем нулевого дня.

Citrix и Microsoft сообщают, что уже работают над решением этой проблемы, а Citrix опубликовала отдельный бюллетень, в котором описывает возможный способ временного устранения ошибки.

Для этого рекомендуется остановить службу Session Recording Monitoring, установить обновление от Micros…

Уязвимость в плагине W3 Total Cache, который установлен на более чем миллионе сайтов под управлением WordPress, позволяет злоумышленникам получить доступ к различной информации, включая метаданные облачных приложений.

Плагин W3 Total Cache использует несколько методов кэширования и применяется для оптимизации скорости работы сайтов, сокращения времени загрузки страниц и улучшения SEO-рейтинга.

И хотя разработчики плагина уже выпустил патч, сотни тысяч сайтов все еще не обновлены до исправленной версии.

Это позволяет получить доступ к nonce плагина и выполнить несанкционированные действия.

В настоящее время, согласно статистике wordpress.org, около 150 000 сайтов уже установили обновление, н…

Мое вни­мание прив­лекла Yersinia — ути­лита, в которую вхо­дят инс­тру­мен­ты для про­веде­ния атак на про­токо­лы L2, в том чис­ле и на DHCP.

Мо­жет быть, ата­ки на DHCP с Yersinia при некото­рых усло­виях про­вер­нуть и мож­но, но ата­ки на дру­гие про­токо­лы каналь­ного уров­ня не работа­ли вов­се!

Как я уже говорил, DHCP-сер­вер не реаги­рует на сооб­щения DHCP, в которых в качес­тве MAC-адре­са источни­ка ука­зан груп­повой MAC.

В сле­дующем бло­ке кода непос­редс­твен­но генери­руют­ся сооб­щения DHCP DISCOVER:discover_packet = Ether ( src = client_mac , dst = " ff: ff: ff: ff: ff: ff " ) / \ IP ( src = " 0.

options for i , item in enumerate ( options ) : if item [ 0 ] == ' server_i…

Уязвимость обхода UEFI Secure Boot (CVE-2024-7344), связанная с подписанным Microsoft приложением, может использоваться для установки буткитов, несмотря на включенную защиту Secure Boot.

В этом контексте reloader.efi «вручную» расшифровывает и загружает в память бинарники из cloak.dat, где содержится зашифрованный XOR PE-образ.

Как пишут аналитики компании ESET, уязвимы следующие продукты:Howyar SysReturn (до версии 10.2.023_20240919);Greenware GreenGuard (до версии 10.2.023-20240927);Radix SmartRecovery (до версии 11.2.023-20240927);Sanfong EZ-back System (до версии 10.3.024-20241127);WASAY eRecoveryRX (до версии 8.4.022-20241127);CES NeoImpact (до версии 10.1.024-20241127);SignalComputer …

Новый ботнет, в которых входят 13 000 устройств MikroTik, эксплуатирует проблемы в настройках DNS-записей, чтобы обходить защиту и доставлять малварь, используя спуфинг примерно 20 000 доменов.

По информации специалистов компании Infoblox, злоумышленники используют неправильные настройки DNS SPF (Sender Policy Framework) — механизме, который определяет серверы, имеющие право отправлять письма от имени домена.

Тогда-то и стало ясно, что мы раскрыли огромную сеть из 13 000 зараженных устройств MikroTik, являющихся частью крупного ботнета», — объясняют в Infoblox.

Точный способ заражения устройств пока неясен, но специалисты Infoblox пишут, что в ботнет входят устройства с разными версиями про…

Представители Роскомнадзора сообщили, что за прошедший год ведомство зафиксировало 135 случаев утечек баз данных, в которых суммарно содержалось более 710 млн записей о российских гражданах.

Как ранее отмечал заместитель руководителя Роскомнадзора Милош Вагнер, самая крупная утечка 2024 года произошла в феврале, когда в сеть попали сразу 500 млн строк данных о россиянах.

Для сравнения: за весь 2023 год Роскомнадзор зафиксировал 168 утечек персональных данных, при этом в сеть попали порядка 300 млн записей о россиянах.

А в 2022 году сеть утекли 600 млн записей о гражданах РФ, и тогда ведомство зафиксировало более 140 утечек.

Напомним, что в конце ноября 2024 года президент РФ подписал закон,…

Аналитики SpearTip заметили, что злоумышленники используют Go-библиотеку FastHTTP для проведения высокоскоростных брутфорс-атак на учетные записи Microsoft 365 по всему миру.

По информации исследователей, атаки начались 6 января 2025 года и направлены на Azure Active Directory Graph API.

FastHTTP представляет собой высокопроизводительную Go-реализацию HTTP-сервера и клиента, оптимизированную для быстрой обработки HTTP-запросов (с низкой задержкой и высокой эффективностью даже при использовании множества одновременных соединений).

Около 65% вредоносного трафика при этом исходит из Бразилии, где для атак используется широкий спектр ASN-провайдеров и IP-адресов, а также из Турции, Аргентины, У…

Праздники подошли к концу, а футболки «Хакера» все еще в продаже.

Яркий принт на классическом темно-стальном фоне покажет всем, что ты в теме, а 100% хлопок высшего качества выдержит множество стирок.

Все футболки сделаны из плотного хлопка, а изоб­ражения нанесе­ны спо­собом шелкографии, что гарантирует долговечность картинки.

Добавь уникальный мерч ][ в свой гардероб или подари футболку другу, коллеге и своей девушке-реверсерше!

Также возможна доставка в другие страны (по этим вопросам пиши на [email protected]).

Ча­ще все­го люди отка­зыва­ются ста­вить сер­вер дома или в офи­се потому, что для него нуж­но обес­печить надеж­ный источник резер­вно­го питания.

Сам понима­ешь, 400 Вт (а 80% — это 320 Вт) — не наш вари­ант, малова­то.

Нес­мотря на то что этот ИБП сто­ечный, он подой­дет толь­ко для питания обыч­ного (не игро­вого) ком­па.

Наша задача — обес­печить питание нашей мини‑сер­верной, а в качес­тве бонуса мы получим резер­вное питание для все­го помеще­ния.

Мы уста­нови­ли DC-авто­мат на 100 А. Умно­жаем 100 А на 24 В, и мы получим те же 2400 Вт.

Специалисты Malwarebytes предупреждают, что хакеры начали использовать рекламу в Google для продвижения фишинговых сайтов, которые воруют учетные данные от аккаунтов Google Ads.

Злоумышленники размещают свои объявления в поисковой выдаче Google, притворяясь рекламой Google Ads.

Такие ссылки приводят пользователей на поддельные страницы входа, размещенные на Google Sites.

Если пользователь не отреагирует на это предупреждение, атакующие добавят нового администратора в Google Ads, используя другой адрес Gmail.

Она затрагивает саму основу бизнеса Google и может угрожать тысячам клиентов компании по всему миру.

Группировка Belsen Group опубликовала в даркнете конфигурационные файлы, IP-адреса и учетные данные VPN для 15 000 устройств FortiGate, предоставив другим преступникам свободный доступ к этой конфиденциальной информации.

Ради саморекламы группа создала сайт в даркнете, где бесплатно опубликовала дамп с информацией устройств FortiGate, теперь свободно доступный другим преступникам.

«Я изучил одно из устройств в пострадавшей организации, и артефакты на нем указывали на эксплуатацию CVE-2022-40684.

Напомним, что в 2022 году Fortinet предупреждала, что злоумышленники используют CVE-2022-40684, чтобы скачивать конфигурационные файлы с устройств FortiGate и создавать новые учетные записи super_ad…

Специалисты компании FACCT сообщили, что после новогодних праздников APT-группировка Sticky Werewolf (она же PhaseShifters) пыталась атаковать российские научно-производственные предприятия, выдавая себя за представителей Минпромторга РФ.

Одно из фишинговых писем было перехвачено экспертами вечером 13 января 2025 года, и специалисты провели анализ рассылки.

Вредоносные письма сдержали «поручение» проработать вопрос о необходимости размещения заказов предприятий оборонно-промышленного комплекса в учреждениях уголовно-исправительной системы с привлечением осужденных.

В качестве приманки Sticky Werewolf использовали поддельное письмо от Минпромторга.

Дополнительный анализ обнаружил и другое фи…

Исследователи предупреждают, что обнаруженные в Rsync уязвимости можно объединить в цепочку, что приведет к полной к удаленной компрометации системы.

CVE-2024-12084 (9,8 балла по шкале CVSS) — переполнение буфера хипа в Rsync, связанное некорректной обработкой длины контрольной суммы.

(9,8 балла по шкале CVSS) — переполнение буфера хипа в Rsync, связанное некорректной обработкой длины контрольной суммы.

C VE-2024-12087 (6,5 балла по шкале CVSS) — обход пути (path traversal) через --inc-recursive.

CVE-2024-12747 (5,6 балла по шкале CVSS) — уязвимость, вызванная состоянием гонки, возникающим при обработке символических ссылок.

Обнаружена новая вредоносная кампания, жертвами которой уже стали более 5000 сайтов под управлением WordPress.

]xyz для «слива» украденных данных и уже взломали более 5000 сайтов.

Пока неизвестно, какой вектор заражения используют злоумышленники, и как они исходно компрометируют WordPress-сайты.

Затем скрипт устанавливает вредоносный плагин (plugin.php), который скачивает с того же домена, и активирует его на зараженном сайте.

Также исследователи советуют усилить защиту от CSRF с помощью генерации уникальных токенов и проверок на стороне сервера.

Исследователи Trufflesecurity обнаружили проблему в функции Google OAuth «Войти с помощью Google».

Баг позволяет злоумышленникам, регистрирующим домены уже прекративших свое существование стартапов, получать доступ к конфиденциальным данным аккаунтов их бывших сотрудников на различных SaaS-платформах.

Исходно исследователи уведомили Google об этой ошибке еще 30 сентября 2024 года, однако тогда специалисты Google отнесли проблему к категории «мошенничество и злоупотребления», не согласившись, что уязвимость связана с OAuth.

Эксперт объясняет, что в Google OAuth есть claim «sub», призванный обеспечить уникальный и неизменяемый ID для каждого пользователя и служащий для идентификации пользоват…

Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices.

"These switches are widely used in building and home automation systems for a variety of networking applications," Claroty's Tomer Goldschmidt said in a Thursday report.

"An attacker who is able to remotely control one of these devices can use them to further exploit devices in an internal network and do lateral movement."

The operational technology security firm, which carried out an extensive analysis of the firmware used in these switches using the QEMU framework, said the vuln…

Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia.

"These attacks appear tied to the proliferation of gambling-related sites, potentially as a response to the heightened government scrutiny."

The attack chains particularly involve attempts to deploy GSocket by leveraging web pre-existing web shells installed on already compromised servers.

A majority of the attacks have been found to single out servers running a popular learning management system (LMS) called Moodle.

The exact initial access vector used to deploy the JavaScript malware on these sites is presently not known.

Challenges in Wi-Fi Security TodayDistributed organizations implementing guest Wi-Fi networks face increasingly sophisticated security challenges.

Benefits of a Zero Trust Captive Portal SolutionThe implementation of Zero Trust Architecture represents a paradigm shift in securing guest Wi-Fi networks, moving away from traditional perimeter-based security to a more comprehensive verification model.

Integrating Zero Trust principles with cloud-based management platforms enables distributed organizations to effortlessly scale their guest Wi-Fi security efficiently.

ConclusionThe transformation of guest Wi-Fi security through cloud-captive portals and Zero Trust Architecture marks a significant…

"These IT workers obfuscate their identities and locations to fraudulently obtain freelance employment contracts from clients around the world for IT projects, such as software and mobile application development," the Treasury Department said.

The activity cluster is tracked by the cybersecurity community under the monikers Famous Chollima, Nickel Tapestry, UNC5267, and Wagemole.

Recent analyses have found that North Korean IT workers have been increasingly infiltrating cryptocurrency and Web3 companies and "compromising their networks, operations, and integrity."

That having said, the IT worker operation is just one of the many methods North Korea employs to illegally generate revenue.

"Th…

Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024.

The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December.

Nearly 100 domains hosting Sneaky 2FA phishing pages have been identified as of this month, suggesting moderate adoption by threat actors.

"The Sneaky 2FA phishing kit employs several blurred images as the background for its fake Microsoft authentication pages," Sekoia explained.

This indicates that only customers with a valid …

Austrian privacy non-profit None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users' data to China.

"Given that China is an authoritarian surveillance state, it is crystal clear that China doesn't offer the same level of data protection as the E.U.," Kleanthi Sardeli, data protection lawyer at noyb, said.

It also said none of the companies responded to its access requests under the General Data Protection Regulation (GDPR) to seek clarity on the nature of data transfers, and if they are transmitted to China or any other country…

The Russian threat actor known as Star Blizzard has been linked to a new spear-phishing campaign that targets victims' WhatsApp accounts, signaling a departure from its longstanding tradecraft in a likely attempt to evade detection.

Star Blizzard (formerly SEABORGIUM) is a Russia-linked threat activity cluster known for its credential harvesting campaigns.

Should the email recipient reply, Star Blizzard sends a second message, asking them to click on a t[.

"However, this QR code is actually used by WhatsApp to connect an account to a linked device and/or the WhatsApp Web portal."

Individuals who belonging to sectors targeted by Star Blizzard are advised to exercise caution when it comes to …

IoT devices are multiplying like rabbits, certificates are piling up faster than you can count, and compliance requirements are tightening by the day.

Stress-Free Compliance: Keep auditors happy with advanced reporting tools that ensure you meet even the toughest compliance requirements without breaking a sweat.

Whether you're dealing with IoT security, enterprise IT, or fast-paced DevOps workflows, trust is at the heart of your digital operations.

The DigiCert ONE Webinar will show you how to take back control—scaling security with confidence while cutting down on complexity.

This is your opportunity to gain clarity, learn from industry experts, and see how DigiCert ONE delivers trust like…

The world of murky intelligence on stolen credentials, and how to cut through the noise to find the true positives.

Stolen credential-based attacks are on the riseThere's clear evidence that identity attacks are now the #1 cyber threat facing organizations.

In October, Microsoft's ServiceNow tenant was hacked using stolen credentials acquired online, accessing thousands of support ticket descriptions and attachments, and 250k+ employee emails.

Threat intelligence on stolen credentials is plentiful — many commercially available feeds can be acquired and ingested by security teams.

Using Push, you can:Immediately check whether the Push extension has observed employee usage of the breached app.

Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems.

Successful exploitation of the flaw can lead to the execution of untrusted code during system boot, thereby enabling attackers to deploy malicious UEFI bootkits on machines that have Secure Boot on, irrespective of the operating system installed.

"As a result, the application allows the loading of any UEFI binary – even an unsigned one – from a specially crafted file named cloak.dat, during system start, regardless of the UEFI Secure Boot state."

An attacker who weaponizes CVE-2024-7344 could, therefore, sidestep UEFI…

Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration.

"A simple misconfiguration in on-premise applications can override the Group Policy, effectively negating the Group Policy designed to stop NTLMv1 authentications," Silverfort researcher Dor Segal said in a report shared with The Hacker News.

"The Group Policy mechanism is Microsoft's solution to disable NTLMv1 across the network," Segal explained.

However, Silverfort's investigation found that it's possible to circumvent the Group Policy and still use NTLMv1 authentication by taking advantage of a setting …

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns.

"In both campaigns, attackers hid malicious code in images they uploaded to archive[.

VIP Keylogger shares functional overlaps with Snake Keylogger and 404 Keylogger.

"Indeed, threat actors stand to gain numerous benefits from GenAI, from scaling attacks and creating variations that could increase their infection rates, to making attribution by network defenders more difficult."

Threat actors have been spotted creating GitHub repositories advertising video game cheat and modification tools in order to deploy the Lumma Stealer ma…

Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network.

The threat actor then proceeded to deliver the backdoor to other machines located in the same network during lateral movement via RDP sessions.

"This tunnel allows the threat actor to move laterally in the compromised network using the victim system as a proxy."

The activity has been attributed to a threat actor dubbed Codefinger.

"Threat actor Codefinger abuses publicly disclosed AWS keys with permissions to write and read S3 obj…

Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager (EPM), including four critical bugs that could lead to information disclosure.

All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale, are rooted in EPM, and concern absolute path traversal flaws that allow a remote unauthenticated attacker to leak sensitive information.

The flaws are listed below -CVE-2024-10811CVE-2024-13161CVE-2024-13160, andCVE-2024-13159The shortcomings affect EPM versions 2024 November security update and prior, and 2022 SU6 November security update and prior.

They have been addressed in EPM 2024 January-…

Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google.

The newly identified campaign specifically singles out users who search for Google Ads on Google's own search engine to serve bogus ads for Google Ads that, when clicked, redirect users to fraudulent sites hosted on Google Sites.

"The fake ads for Google Ads come from a variety of individuals and businesses (including a regional airport), in various locations," Segura said.

Malwarebytes said the harvested credentials are subsequently abused to sign in to the victim's Google Ads …

To limit any possible confusion, we will use the following terms consistently throughout the text: RedLine malware : The RedLine Stealer malware or a sample thereof.

RedLine backend : Collection of modules that provide authentication and functionality for the RedLine panel.

This includes the RedLine malware, the RedLine panel, and the RedLine backend modules.

This includes the RedLine malware, the RedLine panel, and the RedLine backend modules.

Builder tab of the RedLine panelRedLine backendThe RedLine backend we analyzed in 2023 consists of two modules.

ESET APT Activity Report Q2 2024–Q3 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from April 2024 until the end of September 2024.

Additionally, China-aligned APT groups have been relying increasingly on the open-source and multiplatform SoftEther VPN to maintain access to victims’ networks.

For the first time, we saw an APT group – specifically ScarCruft – abusing Zoho cloud services.

Malicious activities described in ESET APT Activity Report Q2 2024–Q3 2024 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers.

Attack s…

The trailblazing scientist shares her reasons for hope in the fight against climate change and how we can tackle seemingly impossible problems and keep going in the face of adversityRenowned ethologist and conservationist Jane Goodall offers a sobering, but hopeful reflection on the precarious state of our planet.

With ecosystems worldwide facing unprecedented threats from climate change, biodiversity loss, intensive farming, deforestation, and pollution, Earth is undergoing what scientists call the sixth mass extinction.

Unlike in the past, however, this one is driven by human activity, accelerating species loss at rates much faster than typical evolutionary processes.

Yet, Ms. Goodall – w…

Each month, ESET's Chief Security Evangelist Tony Anscombe will bring you a roundup of the latest cybersecurity news and insights – all in five or so minutes.

Let's cut to the chase now and review some of the most impactful cybersecurity stories of October 2024.

Recent weeks have also seen a number of damaging hacks and breaches, including one hitting American Water, the largest US water utility, and two incidents targeting The Internet Archive.

Meanwhile, lawmakers have also been busy this month, as Australia introduced its first cybersecurity legislation.

In the US, the Cybersecurity and Infrastructure Security Agency (CISA) proposed new security requirements to protect personal and gover…

If not, consider requesting the removal of your personal information from search results.

What shows up in Google Search?

Unsurprisingly, the search results become more specific, showcasing how powerful search engines are at pinpointing someone’s data.

How to use Google’s “Results about you”To use this feature, you need to have a Google account.

For the browser version, follow these steps:Log into your Google account and click on your profile avatar.

The dark web is thrivingFirst things first: Contrary to popular assumption, the dark web is not illegal and it’s not populated solely by cybercriminals.

Even worse, 700 of these emails had passwords associated with them stored in plain text and exposed on dark web sites.

There are various ways your own data could end up in a dark web forum or site.

If you’re signed up to an identity protection or dark web monitoring service, it should flag any PII or other data it finds on the dark web.

See what’s lurking out there on the dark web right now and it may never get to that stage.

So what's the real story with methane and how exactly do the emissions of this powerful greenhouse gas accelerate climate change?

Increased awareness of methane’s potent warming effect and the urgency of reducing methane emissions have prompted a slew of methane-reducing initiatives.

To get a grip on the problem, however, the world first needs to identify emission sources with pinpoint accuracy.

This is where state-of-the-art satellite technology comes in.

In his talk, the legendary engineer and entrepreneur Tony Fadell talks about MethaneSAT, a pioneering satellite that orbits the planet in order to map and track the sources of methane emissions primarily from oil and gas operations, which…

The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies.

CloudScout utilizes stolen cookies, provided by MgBot plugins, to access and exfiltrate data stored at various cloud services.

In February 2023, CloudScout modules and the Nightdoor implant were detected at what we suspect is a Taiwanese government entity.

The CloudScout module obtains a new configuration by continuously monitoring its working directory, looking for files with .dat extensions.

This package is stored in the resources section of CloudScout modules and is loaded at the beginning of the ModuleStart function.

Then there are threat actors like CosmicBeetle – they lack the necessary skills set, write crude malware, yet still compromise interesting targets, and achieve “stealth” by using odd, impractical and overcomplicated techniques.

Discussing further with ESET Research Podcast host and Distinguished Researcher Aryeh Goretsky, Jakub shared his view of CosmicBeetle’s encryption routine, information about their victimology, and details of their “involvement” with high-profile gangs such as LockBit and RansomHub.

For details on how this crude and clumsy threat actor, whose malicious tools are “riddled with bugs”, achieved to penetrate any of its targets, listen to this ESET Research Podcast episode…

ESET researchers have discovered new Rust-based tooling leading to the deployment of Embargo ransomware.

C:\Windows\Debug\a.cacheRC4-encrypted Embargo ransomware.

C:\Windows\Debug\pay.exeDecrypted Embargo ransomware.

Tactic ID Name Description Resource Development T1587.001 Develop Capabilities: Malware Embargo group develops its custom toolkit – MDeployer, MS4Killer, and Embargo ransomware.

T1486 Data Encrypted for Impact Embargo ransomware encrypts files on compromised machines.

The classic Google Voice scam goes something like this:Setting up a Google Voice account .

The fraudster downloads the Google voice app and links it to a Google account, much like anyone else does..

The fraudster downloads the Google voice app and links it to a Google account, much like anyone else does.

Then they may do one of several things:Sell your Google Voice number and account to other scammersPlace vishing calls designed to scam victims, using your Google Voice accountEmbed your Google Voice number into email phishing or smishing messagesUse the Google Voice voicemail feature to record messages posing as legitimate authorities, in order to further their scamsUse the Google Voice num…

The rest of the software flaws under review were exploited as n-days; i.e., vulnerabilities first exploited after patches are made available (versus zero days, which are abused before patches are released).

The average time to exploit a software flaw has been shrinking considerably over the years – from 63 days in 2018-2019 all the way to only five days last year.

These and other figures in the report underscore a disconcerting trend: threat actors are rapidly getting better at spotting and weaponizing software vulnerabilities, which clearly poses an escalating threat to businesses and individuals alike.

What else did the report find and how does the market for zero-day exploits factor into…

“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online and even be the start of a predatory relationship“Hey, wanna chat?” What sounds like a casual and innocent phrase between adults can take a sinister turn when it comes from an adult to a child online – and even be the start of a predatory relationship.

Grooming, where an adult uses psychological tactics to gain a child’s trust in order to manipulate, exploit, or abuse them, is a pervasive problem these days.

It often occurs online, where predators may use social media, gaming platforms, or messaging apps to contact minorsIn this episode of Unlocked 403, Becks sat down with ch…

Although QR codes have been around since the 90s, quishing as a threat really started to appear during the pandemic.

Fraudsters leapt into action, sticking fake QR codes over the real ones.

There have been a number of reports about scammers targeting motorists via malicious QR codes stuck to parking meters.

If you’re uncomfortable scanning a QR code, consider using one of these alternatives to avoid the risk of interacting with a fraudulent code.

News of the latest QR quishing campaign will only increase calls for codes to be banned from public places.

In this blog, we’ll explore cybersecurity internships, scholarships and apprenticeships as three great pathways, especially for young people, to jump-start their careers in this exciting and rewarding field.

For example, ESET currently runs Women in Cybersecurity scholarships for female undergraduates looking to pursue a career in cybersecurity in the UK , US, Canada and Australia.

Some cybersecurity apprenticeships prepare you for industry certifications that validate the training and expertise learned, enhancing employability further down the line.

Job security: Almost all industries require cybersecurity, including health, government, education, law, financial services, and manufacturing…

Star Blizzard, a threat actor tied to the Russian Federal Security Service (FSB), was spotted attempting to compromise targets’ WhatsApp accounts through a clever phishing campaign.

“You can join us using this QR code below.”The QR code doesn’t work, though, pushing the victim to reply to say as much.

Then, the attackers send a second email, with a shortened link instead of a QR code.

The spoofed WhatsApp page, with the QR code obscured (Source: Microsoft Threat Intelligence)“However, this QR code is actually used by WhatsApp to connect an account to a linked device and/or the WhatsApp Web portal,” Microsoft’s threat analysts explained.

They’ve also been known to target Russian citizens res…

In an exciting development for organizations struggling with data security, 1touch.io has announced its Sensitive Data Intelligence platform as a Software-as-a-Service (SaaS) solution.

The SaaS deployment enhances 1touch.io’s existing deployment options—air-gapped, on-premises, virtual private cloud (VPC), and hybrid—providing unmatched flexibility to adapt to diverse operational environments and scale with organizational growth.

Transforming data security with SaaS accessibility1touch.io’s SaaS offering delivers enterprise-grade security without the complexity of on-prem infrastructure or manual deployment.

A trusted partner for your data journeyAlready protecting the sensitive data of ove…

Dynatrace has extended its existing compliance capabilities to support the Digital Operational Resilience Act (DORA) EU regulation.

As part of this, Dynatrace is introducing the Compliance Assistant app, purpose-built to provide organizations with the visibility, insights, and automation to mitigate risk and reduce time-consuming compliance configuration checks associated with DORA.

“DORA is a major regulation that profoundly impacts organizations’ resilience and security requirements across any organization doing business in the EU.

With its new Compliance Assistant app, teams benefit from a dedicated view of this information that’s tailored for DORA compliance.

With its new Compliance Ass…

Bitwarden announced Bitwarden native mobile applications for iOS and Android.

Elevating the mobile user experienceThe evolution to native app development allows Bitwarden to deliver enhanced features and a superior mobile experience.

Developed natively in Swift for iOS and Kotlin for Android, the mobile apps now ensure faster performance, quicker updates, and greater access to platform-specific innovations.

The native apps deliver improved UI interactions, smoother navigation, and more responsive button actions, all optimized for iOS and Android devices.

Download and availabilityThe Bitwarden native mobile apps are available for download on the Apple App Store and Google Play Store.

What is the scale of identity-based attacks today?

Identity-based attacks are becoming a bigger problem each year.

Phishing attacks are now reliably bypassing MFA when it is in place, and attackers are leveraging session-stealing infostealers on an industrial scale.

The fact that so many of these breaches involve high-profile companies shows just how serious the scale of identity-based attacks has become.

Targeted security training can be useful but generally you want to reduce the human dependency as much as possible.

MSSqlPwner is an open-source pentesting tool tailored to interact with and exploit MSSQL servers.

MSSqlPwner begins its operations with recursive enumeration, analyzing linked servers and potential impersonation paths to uncover possible command-execution chains.

It also supports NTLM relay attacks by leveraging MSSQL functions such as xp_dirtree , xp_subdirs , and xp_fileexist , making it versatile in penetration testing scenarios.

A key strength of MSSqlPwner lies in its ability to facilitate lateral movement and assess linked servers.

Even when the authenticated MSSQL user lacks the necessary permissions for specific operations, the tool can identify and construct a viable execution chai…

Homeowners are increasingly concerned about data privacy in smart home products, according to Copeland.

Hence, there’s an increase in ownership of smart doorbells, smart home security systems, smart smoke detectors and smart door locks.

Ownership of smart thermostats, smart TVs and appliances are also significantly more this year compared to 2022.

Both owners and nonowners of smart thermostats expressed less confidence in whether the manufacturers of smart thermostats use their data responsibly in 2024 compared to 2022.

Only 14% of homeowners who owned smart thermostats said they researched a manufacturer’s data privacy policy before purchasing a smart thermostat.

The Commission has presented an EU action plan aimed at strengthening the cybersecurity of hospitals and healthcare providers.

The initiative builds on the broader EU framework to strengthen cybersecurity across critical infrastructure and marks the first sector-specific initiative to deploy the full range of EU cybersecurity measures.

EU action plan centers on four critical prioritiesEnhanced prevention.

The Action Plan will be implemented hand in hand with healthcare providers, Member States, and the cybersecurity community.

First step toward stronger healthcare cybersecurityThe action plan is the start of a process to improve cybersecurity in the healthcare sector.

Cisco AI Defense safeguards against the misuse of AI toolsCisco AI Defense is purpose-built for enterprises to develop, deploy and secure AI applications with confidence.

This AI-driven algorithmic red team identifies potential vulnerabilities and recommends guardrails in AI Defense for security teams to use.

Meanwhile, the Architect AI empowers users with tailored guidance on cybersecurity products, leveraging IT-Harvest’s in-depth analysis of over 11,300 products.

Commvault strengthens Microsoft Active Directory protectionCommvault brings a new level of resilience to Active Directory by enabling automated, rapid recovery of the Active Directory forest, which includes users, groups, permis…

If you’re an organization using SimpleHelp for your remote IT support/access needs, you should update or patch your server installation without delay, to fix security vulnerabilities that may be exploited by remote attackers to execute code on the underlying host.

About SimpleHelp and the vulnerabilitiesSimpleHelp is relatively popular remote support/access software that has also occasionally been used by cyber attackers.

For Windows servers, an attacker could overwrite executables or libraries used by SimpleHelp to get to remote code execution,” the researchers explained.

A Shodan search has revealed nearly 3,500 internet-facing SimpleHelp servers, the researchers noted, but how many are s…

Concentric AI introduced new Private Scan Manager functionality in its Semantic Intelligence data security governance platform, which enables data scans to be processed within organizations’ own environments.

With this launch, organizations now for the first time have the flexibility to leverage AI-driven data security governance with data processing onsite for greater control, or in the Concentric AI cloud for speed and scalability.

“With Concentric AI, organizations with this requirement can now leverage our AI-powered data security governance platform to gain a complete understanding of their data and protect their sensitive data without using multiple tools or manual processes.

With thi…

Contrast Security released Application Vulnerability Monitoring (AVM), a new capability of Application Detection and Response (ADR).

AVM works within applications to find application and API vulnerabilities in production and correlate those vulnerabilities with attacks.

“Traditionally, application and API security testing happened before production, without any insight into real attacks or how software actually runs in production.

Solve for application risk blind spots : Organizations struggle to prioritize application vulnerabilities.

Contrast’s managed service, Contrast One, is also available for both AVM and ADR, for organizations that want expert assistance running their application sec…

A threat actor has leaked configuration files (aka configs) for over 15,000 Fortinet Fortigate firewalls and associated admin and user credentials.

The leaked 1.6 GB archive contains folders ordered by country, and inside each there are folders named after IP addresses.

Inside those are full configuration files and a txt file with a list of admin VPN user credentials.

They posit that the Belsen Group has used the leaked information themselves or sold it on to other attackers prior to leaking it.

They were likely part of a threat group that exploited a zero day in 2022, although direct affiliations have not been established yet,” they concluded.

ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot.

The issue was found in a UEFI application signed with Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party certificate.

Exploiting this vulnerability enables the execution of untrusted code during system boot, allowing attackers to deploy malicious UEFI bootkits, such as Bootkitty or BlackLotus, even on systems with UEFI Secure Boot enabled, regardless of the operating system.

The vulnerability is caused by the use of a custom PE loader instead of using the standard and secure UEFI functions LoadImage and StartImage.

All UEFI systems …

Cisco announced Cisco AI Defense, a pioneering solution to enable and safeguard AI transformation within enterprises.

Cisco AI Defense is purpose-built for enterprises to develop, deploy and secure AI applications with confidence.

AI Defense enables enterprises’ AI transformations by addressing two urgent risks:Developing and deploying secure AI applications: As AI becomes ubiquitous, enterprises will use and develop hundreds if not thousands of AI applications.

“Cisco AI Defense represents a significant leap forward in AI security, providing full visibility of an enterprise’s AI assets and protection against evolving threats.”AI Defense is the latest in a series of AI-driven security innov…

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

According to the FBI, at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.

It was that very server that allowed the FBI to finally kill this pesky bit of malicious software.

First, they tapped the know-how of French intelligence agencies, which had recently discovered a technique for getting PlugX to self-destruct.

Then, the FBI gained access to the hackers’ command-and-control server and used it to request all the IP addresses of machines that were actively infected by PlugX.

Then it sent a command via the server that causes PlugX to delete itself from its victims’ computers.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking on “AI: Trust & Power” at Capricon 45 in Chicago, Illinois, USA, at 11:30 AM on February 7, 2025.

I’m also signing books there on Saturday, February 8, starting at 1:45 PM.

I’m speaking at Boskone 62 in Boston, Massachusetts, USA, which runs from February 14-16, 2025.

I’m speaking at the Rossfest Symposium in Cambridge, UK, on March 25, 2025.

Posted on January 14, 2025 at 12:05 PM • 0 Comments

It was created in 1973 by Peter Kirstein:So from the beginning I put password protection on my gateway.

This had been done in such a way that even if UK users telephoned directly into the communications computer provided by Darpa in UCL, they would require a password.

In fact this was the first password on Arpanet.

It proved invaluable in satisfying authorities on both sides of the Atlantic for the 15 years I ran the service ­ during which no security breach occurred over my link.

I also put in place a system of governance that any UK users had to be approved by a committee which I chaired but which also had UK government and British Post Office representation.

Not sure this will matter in the end, but it’s a positive move:Microsoft is accusing three individuals of running a “hacking-as-a-service” scheme that was designed to allow the creation of harmful and illicit content using the company’s platform for AI-generated content.

The foreign-based defendants developed tools specifically designed to bypass safety guardrails Microsoft has erected to prevent the creation of harmful content through its generative AI services, said Steven Masada, the assistant general counsel for Microsoft’s Digital Crimes Unit.

They then compromised the legitimate accounts of paying customers.

They combined those two things to create a fee-based platform people could us…

News:A sponge made of cotton and squid bone that has absorbed about 99.9% of microplastics in water samples in China could provide an elusive answer to ubiquitous microplastic pollution in water across the globe, a new report suggests.

[…]The study tested the material in an irrigation ditch, a lake, seawater and a pond, where it removed up to 99.9% of plastic.

It addressed 95%-98% of plastic after five cycles, which the authors say is remarkable reusability.

The sponge is made from chitin extracted from squid bone and cotton cellulose, materials that are often used to address pollution.

Cost, secondary pollution and technological complexities have stymied many other filtration systems, but …

404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics:The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS.

Because much of the collection is occurring through the advertising ecosystem­—not code developed by the app creators themselves—­this data collection is likely happening both without users’ and even app developers’ knowledge.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Reports of similar SMS phishing attacks against customers of other U.S. state-run toll facilities surfaced around the same time as the MassDOT alert.

People in Florida reported receiving SMS phishing that spoofed Sunpass, Florida’s prepaid toll program.

In each case, the emergence of these SMS phishing attacks coincided with the release of new phishing kit capabilities that closely mimic these toll operator websites as they appear on mobile devices.

Merrill said the volume of SMS phishing attacks spoofing toll road operators skyrocketed after the New Year, when at least one Chinese cybercriminal group known for selling sophisticated SMS phishing kits began offering new phishing pages design…

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack.

Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.

Today also saw the publication of nine critical remote code execution (RCE) vulnerabilities.

The Microsoft flaws already seeing active attacks include CVE-2025-21333, CVE-2025-21334 and, you guessed it– CVE-2025-21335.

And if you run into any problems installing this month’s patch batch, drop a line in the comments below, please.

KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in an elaborate voice phishing attack.

Lookout researchers discovered multiple voice phishing groups were using a new phishing kit that closely mimicked the single sign-on pages for Okta and other authentication providers.

-The Operator: The individual managing the phishing panel, silently moving the victim from page to page.

-The Owner: The phishing panel owner, who will frequently listen in on and participate in scam calls.

Nixon said the constant snaking within the voice phishing circles points to a psychological self-selection phenomenon that is in desperate need of ac…

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon.

Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon.

Think again.”On that same day, Kiberphant0m posted what they claimed was the “data schema” from the U.S. National Security Agency.

The profile photo on Wagenius’ Facebook page was deleted within hours of my Nov. 26 story identifying Kiberphant0m as a likely U.S. Army soldier.

Nixon asked to sha…

Instead, they purchase the item using stolen payment card data and your shipping address.

March featured several investigations into the history of various people-search data broker services.

Radaris repeatedly threatened to sue KrebsOnSecurity unless that publication was retracted in full, alleging that it was replete with errors both factual and malicious.

Fittingly, Radaris now pimps OneRep as a service when consumers request that their personal information be removed from the data broker’s website.

There is zero third-party content on this website, apart from the occasional Youtube video embedded as part of a story.

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds.

Silent Push also learned Araneida bundles its service with a robust proxy offering, so that customer scans appear to come from Internet addresses that are randomly selected from a large pool of available traffic relays.

Silent Push said Araneida is being advertised by an eponymous user on multiple cybercrime forums.

“They are constantly bragging with their community about the crimes that are being committed, how it’s making criminals money,” said Zach Edwards, a senior threat researcher at Silent P…

At the same time, he received an email that came from a google.com email address, warning his Google account was compromised.

Unbeknownst to him at the time, Google Authenticator by default also makes the same codes available in one’s Google account online.

“I made mistakes due to being so busy and not thinking correctly,” Tony told KrebsOnSecurity.

Comparing notes, they discovered the fake Google security alerts they received just prior to their individual bitcoin thefts referenced the same phony “Google Support Case ID” number.

Daniel told Junseth he and his co-conspirators had just scored a $1.2 million theft that was still pending on the bitcoin investment platform SwanBitcoin.

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds.

These platforms are built for Russian speakers, and they each advertise the ability to anonymously swap one form of cryptocurrency for another.

“Purportedly, the purpose of these platforms is for companies to accept cryptocurrency payments in exchange for goods or services,” Sanders told KrebsOnSecurity.

Their inquiry found 422 Richards St. was listed as the registered address for at least 76 foreign currency dealers, eight MSBs, and six cryptocurrency exchanges.

SANCTIONS E…

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks.

The security firm Rapid7 notes there have been a series of zero-day elevation of privilege flaws in CLFS over the past few years.

“Ransomware authors who have abused previous CLFS vulnerabilities will be only too pleased to get their hands on a fresh one,” wrote Adam Barnett, lead software engineer at Rapid7.

System admins should keep an eye on AskWoody.com, which usually has the details if any of the Patch Tuesday fixes are causing problems.

In the meantime, if you run into any problems applying this month’s fixe…

The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest.

Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.

Love your country, and you will always get away with everything.”Still, Wazawaka may not have always stuck to that rule.

The men were among 14 suspected REvil members rounded up by Russia in the weeks before Russia invaded Ukraine in 2022.

Earlier this year, Russian authorities arrested at least two men for allegedly operating the short-lived Sugarlocker ransomware program in 2021.

Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG).

The study finds that while .com and .net domains made up approximately half of all domains registered in the past year (more than all of the other TLDs combined) they accounted for just over 40 percent of all cybercrime domains.

Interisle says an almost equal share — 37 percent — of cybercrime domains were registered through new gTLDs.

Levine said adding more TLDs without a much stricter registration policy will likely further expand…

Kiberphant0m’s identities on cybercrime forums and on Telegram and Discord chat channels have been selling data stolen from customers of the cloud data storage company Snowflake.

After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories for some of the world’s largest corporations.

On BreachForums, Kiberphant0m has sold the source code to “Shi-Bot,” a custom Linux DDoS botnet based on the Mirai malware.

The Vars_Secc telegram handle also has claimed ownership of the BreachForums member “Boxfan,” and Intel 471 shows Boxfan’s early posts on the forum had the Vars_Secc Telegram account in their signature.

Reached via Telegr…

The five men, aged 20 to 25, are allegedly members of a hacking conspiracy dubbed “Scattered Spider” and “Oktapus,” which specialized in SMS-based phishing attacks that tricked employees at tech firms into entering their credentials and one-time passcodes at phishing websites.

The phishing kits used for these campaigns featured a hidden Telegram instant message bot that forwarded any submitted credentials in real-time.

Evans, Elbadawy, Osiebo and Urban were all charged with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft.

Buchanan, who is named as an indicted co-conspirator, was charged with conspiracy to commit wire fraud, c…

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned.

On November 8, 2024, Finastra notified financial institution customers that on Nov. 7 its security team detected suspicious activity on Finastra’s internally hosted file transfer platform.

Finastra also told customers that someone had begun selling large volumes of files allegedly stolen from its systems.

“There is no direct impact on customer operations, our customers’ systems, or Finastra’s ability to serve our customers currently,” the notice continued.

However, it did reference many of the same banks called out as Fin…

Mr. Shefel, who recently changed his legal surname to Lenin, was the star of last year’s story, Ten Years Later, New Clues in the Target Breach.

Mr. Golubov could not be reached for comment, and Shefel says he no longer has the laptop containing evidence to support that claim.

“My nickname was MikeMike, and I worked with Dmitri Golubov and made technologies for him,” Shefel said.

“Helkern was my friend, I [set up a] meeting with Golubov and him in 2013,” Shefel said.

Incredibly, the day after our initial interview via Telegram, Shefel proposed going into business together.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by The Cyberwire’s Dave Bittner.

Tripwire Enterprise – Set up a demo of Tripwire Enterprise to see how you can simultaneously harden your systems and automate compliance.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to re…

In episode 33 of The AI Fix, our hosts watch a robot fall over, ChatGPT demonstrates that it can’t draw a watch face but it can fire a gun, a man without a traffic cone gets trapped in his Waymo taxi, Graham discovers what social robots are, and both hosts watch horrified as somebody rips a robot’s face off.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts o…

Pinillo is alleged to have falsely claimed that his Solano Fi cryptocurrency scheme was risk-free, and promised a 34.9% monthly return.

The indictment further alleges that he implemented a pyramid scheme, encouraging investors to recruit others with promises of additional returns for each new member.

In all, 1515 people are suspected of falling victim to the scam scheme which totalled at least US $5.9 million.

Inevitably investors in the scheme attempted to withdraw their funds, and Pinillo is alleged to have made a number of excuses (including marketing volatility and technical issues).

“Cryptocurrency fraudsters often quickly route funds to international accounts, which presents new chall…

He chose to use Kraken, a well-known US-based cryptocurrency exchange, and having made the investment left it alone for two years.

One way in which Art might have better defended himself was by using a password manager.

Password managers like Bitdefender Password Manager offer to enter your sign-in information when it's on a website it recognises.

If Art had been using a password manager, he might have realised it wasn't the real Kraken website when his password manager failed to enter his password for him.

Kraken users can also make it more difficult for hackers to breach their accounts by protecting them with two-factor authentication (2FA).

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Get a free demo to how your organization can reduce data risk and accelerate the adoption of generative AI.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky, Mastodon, or Threads to read more of the exclusive content we post.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

The United Nations' aviation agency has confirmed that hackers have compromised its systems, and accessed thousands of records stored in its internal recruitment database.

Furthermore, ICAO emphasised that the hack was limited to its recruitment data, and had not impacted any systems related to aviation safety or security operations.

The aviation agency, which is headquartered in Montreal, says that it is determining who had been impacted by the data breach, and would be notifying affected individuals.

This is not the first time that the UN's aviation agency has suffered at the hands of hackers.

In November 2016, hackers linked to China hacked the ICAO, stealing employee data, and spreading…

In episode 32 of The AI Fix, our hosts learn the meaning of “poronkusema”, Mark discovers his dream job, a school tries using AI instead of teachers, the “Godfather of AI” says AI will see us as toddlers, and Graham lifts the lid on the hidden threat of killer robot fridges.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the …

Fireside chat with Graham Cluley about risks of AI adoption in 2025Watch this video on YouTubeChances are that your organisation is one of the many businesses that are adopting AI.

And while artificial intelligence can bring opportunities for enhanced productivity, increase your innovation, or streamline processes… it can also introduce risk.

Without proper safeguarding, AI assistants and models can unintentionally expose sensitive data to unauthorized users, leading to increased risk of a security breach.

Join me, and the experts from Rubrik, on Weds January 15 2025, where we’ll be having a fireside chat with Dark Reading all about the known and unknown risks of adopting AI, learning how o…

Mark and I took a break for the new year, but we’ll be back for a new episode of “The AI Fix” podcast at the usual time next week.

The very first episode from April 2024…Graham attempts to convince Mark that AI doesn’t, in fact, exist.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

Follow Grah…

In episode 30 of The AI Fix, AIs are caught lying to avoid being turned off, Apple’s AI flubs a headline, ChatGPT is available to people who haven’t left the 1970s, our hosts regret to inform you that an AI artist now has a personality, and ant-like robots join forces to lob each other over things.

Graham discovers that Google Gemini is checking its homework by asking unskilled humans to simply take a punt at the right answer, and Mark uses an AI to reveal the devastating truth about Santa.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stock…

And to top it off, we uncover the sticky situation of Krispy Kreme facing a ransomware attack.

All this and more is discussed in the latest jam-packed edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of “The AI Fix” podcast.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky, Mastodon, or Threads to read more of the exclusive content we …

Online romance and investment scams are painful enough without its victims being described as "pigs."

And yet, for some years we've called fraud related to such frauds as "pig butchering."

"Pig butchering" is a term coined by fraudsters to describe the process by which they build a relationship with their intended victim ("fattening them up") before tricking ("butchering") them into making an unsound investment, often related to cryptocurrency.

The term "pig butchering" is said to have originated from a Mandarin phrase shazhupan (杀猪盘).

As part of its "Think Twice" campaign against cyber-related and financial crimes, INTERPOL has produced a video calling for the "pig butchering" term to be d…

In episode 29 of The AI Fix, an AI company makes the bold step of urging us to “stop hiring humans”, Graham is wrong about GB AI, parents prepare their kids for the imminent Moxie-mageddon, Google releases Gemini 2.0, and a robot is found dead at work and nobody knows why.

Graham inspects the AI Miss World competition for research purposes and wonders if our hosts should start an OnlyFans, and Mark meets an “evolving” AI that wants to be a billionaire.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode lin…

На Consumer Electronics Show уделяют внимание и кибербезопасности, но она, мягко скажем, не является первым и главным вопросом повестки дня.

Bosch Revol не только автоматически укачивает младенца, но и ведет за ним непрерывное видеонаблюдение и звукозапись, одновременно с помощью миллиметрового радара сканируя пульс и частоту дыхания малыша.

Но, в отличие от компьютеров и смартфонов, в поток информации с очков попадут голоса, фото и видео всех окружающих.

BenjiLock: амбарный замок с биометриейТеперь пристегнуть свой велосипед или запереть дверь сарая можно, не запоминая коды и не плодя ключи.

Устройство устойчиво к влаге и пыли и, по заявлению производителя, работает на одной зарядке до год…

В реальности ситуация и спокойней, и сложней, но в медиа об этом писать не так интересно.

Компания прогнозировала, что в 2009 году можно будет арендовать квантовый компьютер для вычислений через облако, применяя его для анализа рисков в страховом деле, для моделирования в химии и материаловедении, а также для «правительственных и военных нужд».

Интернет-гигантыКвантовыми вычислениями интересуются (и инвестируют в них) многие крупные IT-компании, в том числе Google и IBM.

Авторы утверждают, что в чипе удалось решить одну из ключевых проблем масштабирования квантовых вычислений — коррекцию ошибок.

Добро пожаловать в реальностьОставляя в стороне математическую и техническую сторону дела, подыт…

Но мошенники могут выманить ваш пароль от почты, сервисов госуслуг, банковских сервисов или соцсетей, сымитировав форму ввода логина-пароля известного сервиса на своем (постороннем) сайте.

Не попадайтесь — пароль от почты может проверять только сам почтовый сервис и никто другой!

Это самый простой вариант, но нужно убедиться, что вы действительно заходите на легитимный сайт и в его адресе нет никакой ошибки.

На рисунке ниже — примеры оригинальных страниц входа на разные сервисы, на которых можно смело вводить имя и пароль от этого сервиса.

Схема работает так: внешний сервис проверяет, что вы — это вы, и подтверждает это сайту, на который вы входите.

Сразу после католического Рождества стало известно о многоэтапной атаке на разработчиков популярных расширений Google Chrome.

Атака на разработчиков: злоупотребление OAuthЧтобы внедрить троянскую функциональность в популярные расширения Chrome, преступники разработали оригинальную систему фишинга.

Эта стандартная процедура проходит на легитимных страницах Google, только приложение Privacy Policy Extension запрашивает права на публикацию расширений в Web Store.

Они просто злоупотребляют системой Google по делегированию прав, чтобы выманить у разработчика разрешение на обновление его расширения.

Вредоносные функции в принципе позволяют похищать данные и от других сайтов, поэтому стоит провери…

Уязвимости в роботах-пылесосах и газонокосилках EcovacsИзначально об уязвимостях, обнаруженных в роботах-пылесосах и автономных газонокосилках производства компании Ecovacs, стало известно в августе 2024 года.

Взлом роботов-пылесосов Ecovacs в реальной жизниСудя по всему, доклад на DEF CON вызвал заметный интерес в сообществе хакеров.

И похоже, что кто-то из них доработал атаку на роботы-пылесосы Ecovacs и действительно провел серию атак на роботы, принадлежащие другим людям.

После этого его владелец посмотрел в приложение Ecovacs и увидел в нем, что кто-то запустил видеотрансляцию и удаленное управление.

О третьем подобном случае сообщали из Техаса — еще один робот Ecovacs поздним вечером …

Нет, наши коллеги не достают хрустальные шары или колоды таро и не открывают быстрые курсы по улучшению магических способностей.

Их прогнозы основаны на анализе трендов и угроз со всего мира, с которыми мы сталкиваемся каждый день.

Поэтому мы призываем с особой осторожностью пользоваться ИИ — ведь уже в 2024 году мы не раз рассказывали об исходящих от него угрозах.

Об опасности загрузки игр с торрентов мы даже и не говорим — тут все и так предельно ясно.

Политики конфиденциальности, например GDPR (Евросоюз) и CPRA (Калифорния, США), стимулируют аналогичные реформы в остальных штатах США и в Азии.

У любого современного бизнеса — десятки и сотни поставщиков и подрядчиков, которые в свою очередь пользуются услугами и товарами других поставщиков и подрядчиков.

Для бизнес-лидеров и руководителей ИБ и ИТ очень важно понимать риски, связанные с атаками на цепочку поставок, чтобы эффективно управлять этими рисками.

Выгоды атак на цепочку поставок для преступниковАтаки на цепочку поставок имеют для злоумышленника несколько преимуществ.

Особо отметим случаи, которые формально не являются атакой на цепочку поставок, — атаку на важных технологических провайдеров конкретной индустрии.

Только применяя превентивные меры в масштабе всей организации и стратегически подходя к партнерству с поставщика…

Не отправлять в ИИ личную информацию.

Учитывая, что эти данные могут храниться длительное время, использоваться для дообучения ИИ и в результате утекать на сторону, лучше их просто не отправлять.

Поначалу дипфейки применялись, чтобы призвать к участию в финансовых пирамидах или фальшивой благотворительности, но теперь в ход пошли адресные схемы.

Сначала арест основателя Telegram Павла Дурова поставил вопрос о том, какие спецслужбы и на каких условиях в дальнейшем будут получать доступ к перепискам в Telegram.

Данные с телефона и компьютера резервировать в облачном хранилище, а данные, хранящиеся в облачных сервисах, загружать для локального хранения.

Secure Encrypted Virtualization, равно как и аналогичная технология Intel, известная как Trust Domain Extensions, используют, по сути, отдельный процессор.

Этот чип анонсирует присутствие модуля в системе и передает процессору ключевые параметры, включая, например, оптимальную частоту работы чипов памяти и их объем.

Они взяли модуль памяти на 32 гигабайта, перепрошили чип SPD и прописали туда объем в два раза больший — 64 гигабайта.

Даже в таком «параноидальном режиме» трудно избежать ошибок, что и показала работа BadRAM.

Ее авторы говорят о том, что разработчики TEE-систем слишком полагаются на сложность извлечения данных из оперативной памяти.

Выглядело это подозрительно: едва ли даже новичок в мире криптовалют поделился своей сид-фразой со всем миром.

«С меня — сид-фраза, с вас — помощь в переводе моих денег в другой кошелек»Начнем с азов.

И когда кто-то делится своей сид-фразой, то есть фактически ключом к собственному кошельку, — это выглядит очень и очень подозрительно.

Мы обнаружили однотипные комментарии, в каждом из которых была эта самая восстановительная фраза и просьба о помощи в переводе денег на другую платформу.

Открыв кошелек, он с удивлением обнаруживает его набитым USDT — это токен TRC20 в сети TRON, привязанный к стоимости доллара США.

Такая оценка нужна не только для расчета необходимого аппаратного обеспечения, но и для оценки стоимости лицензии.

И еще один важный аспект — при выборе SIEM-системы важно проверить, как именно вендор считает количество событий для лицензирования.

Ядро является обязательным компонентом и может быть установлено как в единственном экземпляре, так и в виде отказоустойчивого кластера.

Система хранения KUMA SIEM гибкая, она позволяет распределить поток событий по нескольким спейсам и для каждого спейса указать свою глубину хранения.

Также для обработки такого количества событий может потребоваться три сервера коллекторов, которые будут установлены в офисах с максимальным потоком событий.

До Нового года и Рождества остаются считаные дни, а перегруженные службы доставки могут опоздать и не привезти нужные подарки вовремя.

Поэтому годовая подписка на сервис, повышающий приватность, может стать ценным подарком и в денежном выражении.

Microsoft в последние годы стремится наверстать упущенное, включая даже в офлайновый Office целый набор спорных функций: автосохранение в OneDrive, «необязательные сетевые функции«, «функции LinkedIn».

Функции по защите приватности будут доступны не только на компьютерах, но и на смартфонах.

Ну и, разумеется, Kaspersky Premium включает в себя и менеджер паролей Kaspersky Password Manager, и определитель номера Kaspersky Who Calls, и даже год защиты…

Рекомендации документа нужно индивидуально оценивать для каждого внедрения ИИ, поскольку их применимость зависит от разновидности ИИ и модели внедрения.

Аспекты безопасного внедренияДля внедрения ИИ организациям потребуется принять организационные и технические меры, варьирующиеся от обучения сотрудников и регулярных аудитов регуляторного соответствия до исследования корректности ИИ на тестовых данных и систематического устранения программных уязвимостей.

Важно не только обучить сотрудников общим правилам использования ИИ, но и ознакомить руководство с конкретными рисками применения ИИ и инструментами управления рисками;Важно не только обучить сотрудников общим правилам использования ИИ, но…

По факту же вместо трекинговой утилиты жертве подсовывают троян, служащий для перехвата финансовых учетных данных, пуш-уведомлений и другой важной информации.

Для покупки жертве предлагают присоединиться к закрытому чату в мессенджере Telegram, где размещены инструкции по размещению заказа.

По сути эти инструкции сводятся к тому, что жертве нужно написать личное сообщение менеджеру.

В сообщении дополнительно подчеркивается, что для оплаты заказа после получения необходимо ввести код и дождаться загрузки заказа (которая может занимать более 30 минут).

Это особенно актуально, если телефон используется не только для личных нужд, но и для работы.

За последние несколько лет приложения практически всех российских банков исчезли из магазина App Store.

Свято место пусто не бывает, и в App Store завелись мошеннические приложения онлайн-банкинга.

Это заблуждение: на самом деле в App Store пользователей подстерегают точно такие же опасности, как и в других магазинах.

Так, в конце 2023 года мы посвятили большой пост теме фейковых инвестиционных приложений в App Store — прочитать его можно по ссылке, да и раньше не раз писали про поддельные приложения в App Store.

Абсолютно каждое приложение в App Store, равно как и в других популярных магазинах приложений, должно пройти внутреннюю модерацию.

Last year, we published our Cisco AI Readiness Index, which provided critical insights into the state of enterprise AI adoption.

I’m proud to announce Cisco AI Defense, the first truly comprehensive solution for enterprise AI security.

To accomplish this, it comprises four main components: AI Access, AI Cloud Visibility, AI Model & Application Validation, and AI Runtime Protection.

Cisco AI Defense gives security teams comprehensive visibility and control over the rapidly growing threat of shadow AI.

Cisco AI Defense addresses AI risk from beginning to end, giving business and security leaders the confidence to bring AI applications to market.

A few months ago this year, I wrote about an AI Security Incident tabletop exercise led by the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC).

CISA used the insights gained from these exercises to develop an AI Security Incident Collaboration Playbook, which serves as a guide for enhancing effective operational collaboration among government agencies, private industry and international stakeholders.

Enables collaboration among the U.S. federal government, private industry, international government counterparts and the AI community to raise awareness of AI cybersecurity risks across critical infrastructure, enhancing the security and resili…

By providing comprehensive visibility and actionable insights across entire networks, Cisco XDR empowers organizations to detect and respond to threats more effectively and efficiently.

Why Cisco XDR MattersCisco XDR isn’t just another security tool.

When every second counts, Cisco XDR can automatically respond to identified threats, significantly reducing the time to mitigate security incidents.

From safeguarding critical systems to helping protect sensitive data, Cisco XDR provides a holistic approach to cybersecurity.

Discover how Cisco XDR can address the unique challenges in your industry:We’d love to hear what you think.

However, the rapid proliferation and wide adoption of Docker technology has increased a number of serious security vulnerabilities.

The items below enumerate some key approaches towards optimal security in Docker containers.

Key security areas in DockerImage security:Base images are the foundation of Docker containers, and ensuring their integrity is paramount.

Network security:Without proper network segmentation, lateral movement can quickly occur with attackers inside containerized environments, creating a significant security risk.

Docker Security Best Practices: A Holistic Approach to Container ProtectionConclusionWhile Docker scales up and deploys just about any application, you can’t …

This blog, the third in a series on post-quantum computing, takes on the important issue of U.S. government regulation and its impact on PQC product availability.

CSfC solutions align with the NSA’s Commercial National Security Algorithm (CNSA) requirements.

However, they cannot be used in certain U.S. government applications until the certification requirements are updated to allow CNSA 2.0 capabilities.

The government is taking action to speed up the creation of new certification requirements for CC and CSfC.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

The platform for microsegmentation has taken a significant leap forward with the launch of its 3.10 release earlier this month.

Harnessing eBPF: Elevating Secure Workload visibility and efficiencyAs part of its commitment to scalability and resilience, the Secure Workload 3.10 release introduces a major innovation by replacing the traditional “libpcap” method with the cutting-edge eBPF technology.

Secure Workload Agent architectureFrom task-centric to outcome-centric: Unlocking GenAI with Secure Workload 3.10The Secure Workload 3.10 release takes a bold step forward by integrating GenAI, transforming the platform from task-focused to outcome-driven.

Secure Workload 3.10 sets the stage for G…

1: Observability and network troubleshooting with Isovalent Enterprise, Amazon CloudWatch Network Monitoring and SplunkThe deep integration in practiceLet’s see how the Cisco and AWS integration would work in the real world.

Their network team had sophisticated tools for monitoring on-premises performance but found that they had gaps in their network visibility when traffic moved to the cloud.

When users complained about performance, the network team couldn’t tell if the problem was their application, the AWS network or somewhere in between.

This new solution extends ThousandEyes’ well known path visualization capabilities into the AWS network and also correlates how traffic flow impacts ap…

At Cisco, we have integrated the Isovalent platform into our infrastructure to ensure our cloud workloads are protected without compromising on performance.

The Isovalent platform is based on the eBPF (extended Berkeley Packet Filter) technology that offers a very modern approach to securing cloud-native environments.

Isovalent embeds security at the kernel level to provide identity-based security, network segmentation, and traffic visibility without the overhead that’s usually associated with legacy solutions.

That means Cisco can better protect our workloads and scale with seamless network policy enforcement in our growing cloud infrastructure.

ConclusionIntegrating the Isovalent platform…

This blog post explores the customer adoption journey of Cisco Secure Workload, highlighting key stages and best practices for successful implementation.

Evaluation: Exploring Cisco Secure Workload capabilitiesOnce aware of the need for a comprehensive workload security solution, the next step is evaluating Cisco Secure Workload.

Implementation: Deploying Cisco Secure WorkloadAfter selecting Cisco Secure Workload, the deployment phase begins.

Customer Journey Map to MicrosegmentationScaling: Expanding workload security across the organizationAs businesses grow and their workloads expand, Cisco Secure Workload scales seamlessly.

The customer adoption journey of Cisco Secure Workload is a ste…

Cisco Secure Workload is at the forefront of this shift, offering solutions to help organizations reach segmentation maturity.

Segmentation maturity is about how effectively an organization isolates its critical systems through workload segmentation to prevent lateral movement in case of a breach.

Cisco Secure Workload accelerates an organization’s journey to segmentation maturity, making it an essential component of a zero-trust strategy.

Cisco Secure Workload simplifies compliance by providing detailed visibility and fine-grained control over workload segmentation.

Cisco Secure Workload enables organizations to achieve and sustain segmentation maturity, adapting to their evolving needs.

Incorporating PQC algorithms into transport protocolsTo accommodate the new algorithms, it will be necessary to create new, or modify existing, transport protocols.

Making hardware quantum safe will therefore mean updating a variety of hardware components and functions that rely on cryptography.

For example, the Unified Extensible Firmware Interface (UEFI) needs to be adapted so it can handle PQC algorithms and keys.

PQC hardware availabilityCisco has offered quantum-safe hardware since 2013.

New quantum-safe editions of Secure Boot and Cisco Trust Anchor Technologies will be coming out soon, implementing the new NIST PQC standards.

It is hard to believe that this November, we will be celebrating the third anniversary of the launch of Secure MSP Center.

We have come a long way from having MSPs buy single products to offering a streamlined, comprehensive program and dashboard for MSPs through Secure MSP Center and MSP Hub.

We took this feedback to heart and built Secure MSP Center.

You can learn more about the benefits of this dashboard from my previous blog: Up your Quality of Life with Secure MSP Hub and Secure MSP Center.

To learn more visit Secure MSP Center or email us at MSP Sales.

While there are many benefits of help desk tickets, there are also hidden costs.

How to reduce help desk ticketsOne way to reduce help desk tickets is to implement technology solutions that make access easy for end users.

And by improving the user experience for remote access, this proactively reduces the creation of help desk tickets.

Impact of User Protection Suite toolsCustomers who are using Cisco’s User Protection Suite tools have seen the positive impact of reducing help desk tickets, and the burden on the IT team.

Overall, help desk tickets are an important tool to enable organizations to operate.

Here’s how to ensure your microsegmentation project is a success, without getting lost in the technical details.

Microsegmentation is a long-term investment in your organization’s security, providing not only protecting today but also adaptability for tomorrow’s challenges.

Gathering the ingredients: Preparation is keyA successful microsegmentation project requires more than just your IT or security department — it needs a cross-functional team.

For this initiative to truly work, the project team must include voices from across the organization: IT, security, application owners, key business leaders and project sponsors.

This knowledge, held by teams across the business, is critical to a su…

Cisco is excited to share that Robust Intelligence, a recently acquired AI security startup, has been mentioned in the first ever 2024 Gartner Cool Vendors for AI Security report.

The responsibility of AI security is shared by those developing AI applications and the security and governance teams protecting sensitive data at an organizational level.

As a pioneer in this space, Robust Intelligence introduced the first-ever AI Firewall to the market as part of their comprehensive AI security platform.

Robust Intelligence continues to be at the forefront of AI security innovation, from creating the industry’s first AI Firewall to conducting breakthrough AI research.

Gartner, Cool Vendors for A…

In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group.

Targeting WhatsApp account dataStar Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.

Star Blizzard initial spear-phishing email with broken QR codeWhen the recipient responds, Star Blizzard sends …

You can consult our EU AI Act documentation on the Microsoft Trust Center to stay up to date.

This includes the EU AI Act.

Our framework for guiding engineering teams building Microsoft AI solutions—the Responsible AI Standard—was drafted with an early version of the EU AI Act in mind.

We expect that several of the secondary regulatory efforts under the EU AI Act will provide additional guidance on model- and system-level documentation.

Tags: AI, AI safety policies, Azure OpenAI Service, EU, European Union, Responsible AI

Microsoft Threat Intelligence discovered a new macOS vulnerability that could allow attackers to bypass Apple’s System Integrity Protection (SIP) in macOS by loading third party kernel extensions.

In this blog post, we detail the connection between entitlements and SIP and explain how CVE-2024-44243 could be used to bypass SIP security measures.

Modifying sensitive files on the file system can bypass SIP, for instance, by modifying the list of allowed kernel extensions and then loading that kernel extension.

macOS comes pre-shipped with several such filesystem implementations, each appears as a file system bundle (*.fs) under /System/Library/Filesystems and /Library/Filesystems.

Registered …

Microsoft’s AI red team is excited to share our whitepaper, “Lessons from Red Teaming 100 Generative AI Products.”The AI red team was formed in 2018 to address the growing landscape of AI safety and security risks.

Eight main lessons learned from our experience red teaming more than 100 generative AI products.

Lessons from Red Teaming 100 Generative AI Products Discover more about our approach to AI red teaming.

Read the whitepaperMicrosoft AI red team tackles a multitude of scenariosOver the years, the AI red team has tackled a wide assortment of scenarios that other organizations have likely encountered as well.

Advance your AI red teaming expertiseThe “Lessons From Red Teaming 100 Genera…

Our proven service brings together in-house security professionals and industry-leading protection with Microsoft Defender XDR to help security teams rapidly stop cyberthreats and keep their environments secure.2Frost & Sullivan names Microsoft Defender Experts for XDR a leader in the Frost Radar™ Managed Detection and Response for 2024.1Microsoft Defender Experts for XDR Give your security operations center team coverage with end-to-end protection and expertise.

Microsoft Defender Experts for XDR reinforces your security team with Microsoft security professionals to help reduce talent gap concerns.

Microsoft Defender Experts for XDR is a managed extended detection and response service (MXD…

The Cybersecurity Infrastructure Security Agency (CISA) Zero Trust Maturity Model (ZTMM) assists agencies in development of their Zero Trust strategies and continued evolution of their implementation plans.

And now, we are excited to share new Microsoft Guidance for CISA Zero Trust Maturity Model.

We’ll also share the Microsoft Zero Trust platform and relevant solutions that help meet CISA’s Zero Trust requirements, and close with two examples of real-world deployments.

CISA Zero Trust Maturity Model Use this guidance to help meet the goals for ZTMM functions and make progress through maturity stages.

Establishing it as your organization’s Zero Trust identity provider lets you configure, en…

You can read up on the full results in the e-book The unified security platform era is here.

The unified security platform era is here Read the e-book to gain research-driven insights into securing your organization with a unified security platform.

Setting out on your unified security platform journeyReducing and consolidating security tools around a unified security platform is no small feat, either technologically or culturally.

Moving to a unified security platform is not just about improving defenses, so don’t forget to lend some of your time to maintaining positive employee experiences.

Learn moreLearn more about the Microsoft unified security operations platform.

In the ever-evolving landscape of cloud security, Microsoft continues to assert its dominance with its comprehensive and innovative solutions. The Frost Radar™: Cloud-Native Application Protection Platforms, 2024 report underscores Microsoft’s leadership in both – the innovation and growth index, highlighting several key strengths that set it apart from the competition. Frost and Sullivan states in […]

The post Microsoft Defender for Cloud named a Leader in Frost Radar™ for CNAPP for the second year in a row! appeared first on Microsoft Security Blog.

AI security and Zero Trust Agile security for agile businesses.

This means you need a Zero Trust approach to effectively secure AI.

Key strategies to help manage AI security risksThese strategies from the whitepaper illustrate how to manage the risks associated with AI.

Zero Trust and AI: A symbiotic relationshipWe have found that there is a symbiotic relationship between Zero Trust and Generative AI where:AI requires a Zero Trust approach to effectively protect data and AI applications.

The Zero Trust approach to security helps you keep up with continuously changing threats as well as the rapid evolution of technology that AI represents.

To make sure we got our passkey experience right, we adopted a simple methodology: Start small, experiment, then scale like crazy.

Step 3: ScaleAs our users began to enroll passkeys at scale, our sign-in experience needed to behave more intelligently to encourage passkey use.

As we redesigned the experience, we followed these guiding principles:Secure : A great sign-in experience should prioritize security without sacrificing usability.

Learning from our experienceHere are a few suggestions based on our learnings:Don’t be shy about inviting users to enroll passkeys.

Together, we can convince billions and billions of users to enroll passkeys for trillions of accounts!

Delivering industry-leading detection for a sixth consecutive yearFor the sixth year in a row, Microsoft Defender XDR demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE ATT&CK® Evaluations: Enterprise.

Diagram of Microsoft Defender XDR’s MITRE Tactics, Techniques, and Procedures (TTP) coverage for all cyberattack stages in Detection.

Defender XDR accurately alerted on and blocked only malicious activity every time so the SOC can focus their limited time and resources on responding to real cyberthreats at hand.

Defender XDR accurately alerted on and blocked only malicious activity every time so the SOC can focus their limited time and re…

This information was encrypted using the same RC4 function and transmitted to the previously referenced Secret Blizzard C2 server at hxxps://citactica[.]com/wp-content/wp-login.php.

Secret Blizzard Actor activity detectedHunting queriesMicrosoft Defender XDRSurface instances of the Secret Blizzard indicators of compromise file hashes.

]com/wp-content/wp-login.php C2 domain Survey Tool and Amadey dropper Secret Blizzard April 2024 a56703e72f79b4ec72b97c53fbd8426eb6515e3645cb02e7fc99aaaea515273e Tavdig payload (rastls.dll) Secret Blizzard April 2024 hxxps://icw2016.coachfederation[.

]br/wp-includes/fonts/icons/ Tavdig C2 domain Secret Blizzard April 2024 f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd…

Today, Microsoft Purview delivers rich data security capabilities through Microsoft Purview Data Loss Prevention, Microsoft Purview Information Protection, and Microsoft Purview Insider Risk Management, enhanced with AI-powered Adaptive Protection.

Microsoft Purview also addresses your data governance needs with the newly reimagined Microsoft Purview Unified Catalog.

Introducing Microsoft Purview Data Security Posture ManagementMicrosoft Purview Data Security Posture Management (DSPM) provides visibility into data security risks and recommends controls to protect that data.

This integration, currently in preview, includes Microsoft Purview Audit for auditing ChatGPT Enterprise interactions,…

Security information and event management (SIEM) solutions have long served as the indispensable nerve center for the security operations center (SOC).

Microsoft Sentinel Transform SecOps with Microsoft Sentinel, powered by the cloud and AI.

Learn moreLearn more about Microsoft Sentinel, and read the Microsoft Sentinel datasheet.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

2Generative AI and Security Operations Center Productivity: Evidence from Live Operations, Microsoft study by James Bono, Alec Xu, Justin Grana.

Delivering on identity and access management for customersWe believe our 2024 Gartner® Magic Quadrant™ recognition validates our commitment to delivering a comprehensive, AI-powered and automated identity portfolio to customers, with Microsoft Entra.

Provide only the access necessary with right-size permissions, access lifecycle management, and least-privilege access for any identity.

Learn moreYou can learn more by reading the full 2024 Gartner® Magic Quadrant™ for Access Management report.

Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact.

Gartner, Magic Quadrant for Access Management, 2 December 2024…

Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage.

A significant benefit of utilizing Google Cloud Platform is its integrated security tools, including Artifact Analysis.

This integration provides industry-leading insights into open source vulnerabilities—a crucial capability as software supply chain attacks continue to grow in frequency and complexity, impacting organizations reliant on open source software.

Open source vulnerabilities, with more reachArtifact Analysis pulls vulnerability information directly from OSV, which is the only open source, distributed vulnerability dat…

Today, we are announcing the availability of Vanir, a new open-source security patch validation tool.

In collaboration with the Google Open Source Security Team, we have incorporated feedback from our early adopters to improve Vanir and make it more useful for security professionals.

These algorithms have low false-alarm rates and can effectively handle broad classes of code changes that might appear in code patch processes.

The Vanir signatures for Android vulnerabilities are published through the Open Source Vulnerabilities (OSV) database.

You can also contribute to Vanir by providing vulnerability data with Vanir signatures to OSV.

But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets.

The ideal solution would be to completely automate the manual process of developing a fuzz target end to end:Drafting an initial fuzz target.

Running the corrected fuzz target for a longer period of time, and triaging any crashes to determine the root cause.

In January 2024, we open sourced the framework that we were building to enable an LLM to generate fuzz targets.

New results: More code coverage and discovered vulnerabilitiesWe’re now able to automatically gain more coverage in 272 C/C++ projects on OSS-Fuzz (up from 160), …

Based on an analysis of in-the-wild exploits tracked by Google's Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade:Breakdown of memory safety CVEs exploited in the wild by vulnerability classGoogle is taking a comprehensive approach to memory safety.

This leads to an exponential decline in memory safety vulnerabilities and quickly improves the overall security posture of a codebase, as demonstrated by our post about Android's journey to memory safety.

We’ve begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs.

This improves spat…

That’s why we’re using the best of Google AI to identify and stop scams before they can do harm with Scam Detection.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Cutting-edge AI protection, now on more Pixel phones: Gemini Nano, our advanced on-device AI model, powers Scam Detection on Pixel 9 series devices.

We look forward to learning from this beta and your feedback, and we’ll share more about Scam Detection in the months ahead.

Every day, over a billion people use Google Messages to communicate.

That’s why we’ve made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month.

With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users.

We're committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private.

As part of cybersecurity awareness month, we're sharing five new protections to help keep you safe while using Google Messages on Android:

Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities.

Our Secure by Design commitment emphasizes integrating security considerations, including robust memory safety practices, throughout the entire software development lifecycle.

This post builds upon our previously reported Perspective on Memory Safety, and introduces our strategic approach to memory safety.

By open-sourcing these tools, we've empowered developers worldwide to reduce the likelihood of memory safety vulnerabilities in C and C++ codebases.

Migration to Memory-Safe Languages (MSLs)The first pillar of our strategy is centered on further increasing the adoption of memory-s…

Situations like Janine’s highlighted the need for a comprehensive solution to phone theft that exceeded existing tools on any platform.

These advanced theft protection features are now available to users around the world through Android 15 and a Google Play Services update (Android 10+ devices).

These theft protection features are just one example of how Android is working to provide real-world protection for everyone.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help center.

If only the whole tree of Chrome UI controls were exposed, somehow, such that we could enumerate and interact with each UI control automatically.

We need to amortize that cost over thousands of test cases by running a batch of them within each browser invocation.

Yet this is tricky, since Chrome UI controls are deeply nested and often anonymous.

This approach has proven to be about 80% as quick as the original ordinal-based mutator, while providing stable test cases.

If you’d like to follow along, keep an eye on our coverage dashboard as it expands to cover UI code.

Most smartphones use cellular baseband processors with tight performance constraints, making security hardening difficult.

The Cellular BasebandThe cellular baseband within a smartphone is responsible for managing the device's connectivity to cellular networks.

The firmware within the cellular baseband, similar to any software, is susceptible to bugs and errors.

For example, 0-day exploits in the cellular baseband are being used to deploy the Predator malware in smartphones.

Pixel's proactive approach to security demonstrates a commitment to protecting its users across the entire software stack.

The Chrome Security Team is constantly striving to make it safer to browse the web.

We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue.

Historically the Chrome Security Team has made major investments and driven the web to be safer.

In the longer-term the Chrome Security Team advocates for operating system improvements like less-capable lightweight processes, less-privileged GPU and NPU containers, improved application isolation, and support for hardware-based isolation, memory safety and flow control enforcement.

Good Bugs and Ba…

Memory safety vulnerabilities remain a pervasive threat to software security.

We’ll also share updated data on how the percentage of memory safety vulnerabilities in Android dropped from 76% to 24% over 6 years as development shifted to memory safe languages.

This decision was driven by the increasing cost and complexity of managing memory safety vulnerabilities.

We first reported this decline in 2022, and we continue to see the total number of memory safety vulnerabilities dropping3.

As the number of memory safety vulnerabilities have dropped, the overall security risk has dropped along with it.

Arm Product Security and GPU TeamsArm has a central product security team that sets the policy and practice across the company.

Working together to secure Android devicesGoogle’s Android Security teams and Arm have been working together for a long time.

So “application ⇒ kernel ⇒ firmware ⇒ kernel” is a known attack flow in this area.

The Arm Product Security Team is actively involved in security-focused industry communities and collaborates closely with its ecosystem partners.

The Android Red Team and Arm continue to work together to proactively raise the bar on GPU security.

We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients.

The hybrid key exchange used both the pre-quantum X25519 algorithm, and the new post-quantum algorithm Kyber.

As a result, the codepoint in TLS for hybrid post-quantum key exchange is changing from 0x6399 for Kyber768+X25519, to 0x11EC for ML-KEM768+X25519.

Post-quantum cryptography is too big to be able to offer two post-quantum key share predictions at the same time.

Longer term, we hope to avoid the chicken-and-egg problem for post-quantum key share predictions through our emerging IETF draft for key share prediction.