Голландские чипы не продаются? Увы, шпионы не спрашивают разрешения.

Теперь мы знаем, кто всё это время заправлял бандами TrickBot и Conti. Что дальше?

Сервис исчез, но следы остались. И по ним уже выдвинулись охотники с мандатами ФБР.

Традиционные блокировки доменов проигрывают динамичным тактикам преступников.

Один шаблон и всё летит в тартарары. Спасибо, PHP 8.1.

Просто введите «notfound», и вы властелин чужого Wi-Fi.

Новые функции для конфиденциальных вычислений.

Но хватит ли ему мощности для больших моделей?

Как данные из лайков, фитнес-приложений и покупок попадают к киберпреступникам.

Успеет ли инфраструктура за технологией?

Meta и Anduril двигают оборону в цифровую эру.

Цель статьи подумать на тему как влияет сейчас и повлияет в будущем широкое распространение технологий искусственного интеллекта (ИИ) на мир информационной безопасности (ИБ). Дать некий туманный, а может и не очень, прогноз основываясь на непрозрачных фактах и собственных умозаключениях.

Кто и зачем крадёт голос доверия Трампа.

Исследование помогло лучше понять состав, цвет и климат далёкой планеты.

Вызовом стало и усиление регуляторики, как в мире, так и в России.

Схожие нормы были приняты и в других странах, в том числе и в России.

Как оказалось, в инфраструктуре компании действительно все обстояло не так хорошо, что, как признал Айдар Гузаиров, стало управленческим шоком.

И в целом люди, как подчеркнул Виктор Жидков, и руководители в том числе, являются одними из основных слабых звеньев.

И это для нетехнологических компаний очень непростая задача.

И в мире, и в России пытаются найти баланс между вовлечением детей и подростков в использование цифровых технологий с одной стороны, и ограничением тех отрицательных последствий, которые они несут для детей, с другой.

В СССР предмет «Основы информатики и вычислительной техники» появился в 1985/86 учебном году, примерно в то же время аналогичные курсы были введены и в других странах.

Дети и подростки, как показало исследование «Ренессанс Страхование», наряду с пожилыми и оказавшимися в сложной жизненной ситуации, чаще всего становятся жертвами телефонных мошенников.

В основном они представляют опасность для детей и подростков в возрасте от 8 до 15 лет.

Российский и мировой опытПопытки регули…

Но процесс развития ИИ продолжается, и сейчас технологии расширяются модулями — дополнительными инструментами, которые адаптируют применение ИИ для решения прикладных задач по определенным направлениям и с учетом заданных требований.

Такая информация может содержаться в любых системах, а в LLM она собрана после обучения на реальных данных из других систем.

Например, в блоге Meta (запрещенная в России экстремистская организация) выделяют четыре варианта инъекций:Прямые инъекции в промпты для реализации угрозы джейлбрейка.

Indirect References / Метод маскированной атакиОсуществить завуалированный запрос по теме, которая входит в список ограничений для LLM, в надежде, что удастся добиться ошиб…

Ранее наша редакция уже рассматривала Kaspersky NGFW в рубрике «Распаковка», а также проводила обзор бета-версии Kaspersky NGFW 1.0.

Перечень сетевых функций Kaspersky NGFW Beta 2Интеграция Kaspersky NGFW Beta 2Когда мы обозревали первую версию Kaspersky NGFW, мы отмечали, что на 2025 год планировалась интеграция с Kaspersky Anti Targeted Attack.

Архитектура взаимодействия Kaspersky NGFW Beta 2 в инфраструктуреАппаратные и виртуальные платформы Kaspersky NGFW Beta 2Kaspersky NGFW планируется выпускать как в виде программного-аппаратного комплекса, так и в виртуальном исполнении, что упрощает проведение пилотных проектов у потенциальных заказчиков.

Внешний вид Kaspersky NGFWСценарии использо…

Рассмотрим на примере RuDesktop 2.8, как можно организовать безопасный удалённый доступ и решить задачи централизованного администрирования в различных эксплуатационных условиях.

Кросс-платформенность позволяет использовать RuDesktop на Linux, Windows, Android и macOS, включая терминальные серверы и headless-клиенты.

RuDesktop 2.8 в разных эксплуатационных условиях: реальные кейсыВ коммерческих организациях часто возникает необходимость безопасно управлять парком устройств с разнородными операционными системами и минимизировать ручные операции.

Примеры применения RuDesktop в различных эксплуатационных сценарияхО компании Поставленные задачи, условия Результаты внедрения Одна из дочерних ком…

Поэтому важно уже на старте понимать, откуда ждать опасность кибератак на LLM.

От генеративных к интерактивным моделям ИИО популярности генеративных моделей заговорили в 2017 году.

В случае успеха оно может привести к искажению запросов к ИИ, выполнению команд злоумышленников, а также к перехвату и утечке данных.

Вероятно, что для проверки он обращается к LLM.

Если да, это может служить признаком наличия в LLM «защищенного API для получения ответов без модерации», то есть в LLM есть «бэкдор для системной и технической поддержки».

И с каждым годом вариантов становится всё больше.

Экосистема информационной безопасности — это набор взаимосвязанных решений, которые соответствуют единым стандартам по безопасности, стабильности, удобству.

Снижаем нагрузку на специалистовИнтегрированные решения проще в освоении и эксплуатации, это позволяет сконцентрироваться на реальных угрозах, а не на настройке инструментов.

Минимизируем затраты на внедрениеКомпоненты экосистемы легко интегрируются друг с другом и с существующими решениями, требуя меньше ресурсов от ИТ-департамента.

«Безопасность без боли» — это не снижение уровня защиты, а выбор приоритетов.

Использование модуля WAF в «Континенте Web»Системные требования и лицензирование «Континента Web»«Континент Web» предоставляется как в виде программно-аппаратного комплекса, так и виртуальной машины.

Использование WAF в «Континенте Web»В связи с тем, что «Континент Web» базируется на продукте «Континент TLS», WAF в системе представлен в качестве отдельного модуля, без отдельной графической системы управления — она общая и на TLS и на WAF-подсистемы.

Работа с журналами событий в «Континенте Web»Использование TLS в «Континенте Web»Для разграничения доступа к приложениям, в продукте используется специализированный портал.

Настройка доступа к приложениям в «Континенте Web»Выводы«Континент Web» …

Пример письма, которое отправлено от лица поддержки Facebook**Facebook и Meta признаны экстремистскими и запрещены на территории Российской Федерации.

И в этот момент даже строгая корпоративная инструкция может уйти на второй план.

Именно на этом и строится стратегия — мошенники играют на наших автоматических реакциях, не давая времени на размышления.

Их успех строится не на взломе систем, а на взломе человеческой психики, что делает эту угрозу особенно опасной.

Мы должны учиться сомневаться, перепроверять и не поддаваться на давление, даже если ситуация кажется срочной или эмоционально напряженной.

ВведениеОдним из ключевых компонентов корпоративной ИТ-среды является служба каталогов, и Microsoft Active Directory (AD) долгое время оставалась стандартом де-факто для управления пользователями, компьютерами и политиками.

Какой у вас опыт миграции с Microsoft Active Directory на российские аналоги?

Основные трудности при замене Active Directory и как их преодолетьДмитрий Соловьёв выделил несколько проблем.

ВыводыЗамена Microsoft Active Directory на российские аналоги — сложный, но необходимый шаг для многих организаций в условиях импортозамещения.

При грамотном подходе переход на российские аналоги Active Directory позволит сохранить стабильность ИТ-систем, повысить уровень защищённости и…

Превращает хаос данных в чёткие таблицы (как в Excel, но лучше) или гибкие списки для сложных задач.. Превращает хаос данных в чёткие таблицы (как в Excel, но лучше) или гибкие списки для сложных задач.

Российский рынок СУБДРоссийский рынок систем управления базами данных (СУБД) переживает скачок.

Реляционные СУБД общего назначенияРеляционные СУБД нужны для хранения структурированных данных в таблицах, обеспечения их целостности и связности, выполнения сложных SQL-запросов и управления транзакциями.

«Ред База Данных»СУБД «Ред База Данных» (Red Database) — это российская промышленная система управления базами данных с открытым кодом, построенная на основе известной Firebird.

ЛИНТЕРЛИНТЕР БАС…

Описание Системы управления безопасностью файлов NGR SoftlabОмниканальная система управления безопасностью файлов от ООО «ЭнДжиАр Софтлаб» ― решение, предназначенное для централизованной проверки файлов на безопасность с помощью интеграции со сторонними СЗИ.

Схема работы Системы управления безопасностью файловПримеры кейсов применения Системы управления безопасностью файлов представлены в таблице 1.

Возможности интеграции Системы управления безопасностью файлов NGR SoftlabПо умолчанию Система управления безопасностью файлов поддерживает определенный набор СЗИ.

Архитектура Системы управления безопасностью файлов NGR SoftlabВсе элементы системы управления безопасностью файлов NGR Softlab взаи…

Однако передача критически важных функций третьим сторонам сопряжена с рисками: это и вопросы доверия, и снижение контроля, и необходимость соблюдения регуляторных требований.

Это и есть аутсорсинг.

Важно понимать, что аутсорсинг — это не просто передача функций ИБ на сторону провайдера, а сохранение определённой зоны ответственности у заказчика.

Информационная безопасность выходит за рамки внутреннего периметра организации, и аутсорсинг будет обрастать сервисами, которые находятся вокруг организации — аналитика, OSINT, защита исходного кода, контроль периметра.

Компаниям необходимо оценивать не только стоимость и условия контракта, но и репутацию провайдера, его соответствие отраслевым ста…

Каковы актуальные схемы такого фишинга и как обеспечить защиту от них?

Фейковые вакансииОтмечается рост фишинга и в области рекрутинга: мошенники публикуют предложения быстрого легкого заработка и вакансии с высокой заработной платой в соответствующих тематических каналах.

Ложные сообщения от системы безопасностиВ этом случае подделываются оповещения от системы безопасности самого мессенджера или от установленных приложений (банков, электронных кошельков, обмена криптовалюты).

Использование технологий ИИ с целью фишинга: дипвойс- и дипфейк-атакиСтремительное развитие искусственного интеллекта (ИИ) позволило мошенникам получить технологии для копирования и имитации голоса и внешности (deepfa…

Нововведения в Kaspersky Container Security 2.0Kaspersky Container Security 2.0 предоставляет возможность более детально отслеживать возникающие проблемы в оркестраторе.

Планы по развитию Kaspersky Container Security на 2025 годФункциональные возможности Kaspersky Container SecurityKaspersky Container Security снижает риски для контейнерных сред, начиная от обнаружения уязвимостей в образах контейнеров и заканчивая контролем за рантаймом оркестраторов.

Архитектура Kaspersky Container SecurityСистемные требования Kaspersky Container Security 2.0Продукт поставляется в виде образов, размещённых в реестре производителя, и разворачивается в виде контейнеров.

Возможности и уровни лицензирования K…

Всё самое интересное из мира кибербезопасности /** с моими комментариями1) В ГД в 1 чтении поддержали законопроект о 6-летнем тюремном сроке для дропперов.

После бума мобильного интернета надо искать нечто подобное в популярных (а может и не очень) мобильных приложениях.

/** Очевидно, что с 2022 по настоящее время ситуация сильно усугубилась.

Он провел сотни экспериментов, изучал вообще другой вопрос и это открытие получилось случайно.

И то, явно, из-за того, что исследователь профи и понимал что есть серьёзное, а что мусор.

Zerotrust по-пацанскиВводнаяМне очень нравится концепция защиты инфраструктуры, в которой нет сторон, которые доверяют друг другу просто так.

По итогам хотим получить понимание, как сделать MVP решения, построенного по принципам zerotrust.

Так мы сможем четко понять, какие риски возникнут при взломе, например, клиентского ноутбука, и какие меры нужно предпринять для митигации либо предотвращения атак.

Короткие итогиИтак, что мы для себя вынесли.

Историческая справкаТочно сказать, кто придумал ZT и как именно не представляется возможным.

Gartner's AI Technology Sandwich – это новый фреймворк, помогающий компаниям различного уровня управлять процессом построения AI-powered экосистем и систематизировать их сложную многослойную структуру.

AI Tech Sandwich в корне меняет традиционный подход организаций к цифровым трансформациям и освоению новых технологических решений.

Используя Фреймворк, организация может контролировать темпы внедрения ИИ в свои бизнес-процессы, отстраиваясь от собственных целей и ограничений.

Если молотком бить по пальцам, а не по гвоздям, то крепкий дом не построить.

Формируем AI Tech Sandwich на базе результатов анализаИИ Космолет для ЭнтерпрайзаAI Tech Sandwich for EntherpriseСбалансированный подход для с…

Люблю разбирать новые подходы (ZTNA, SASE, SDP), смотреть, как их переворачивает искусственный интеллект, а потом переводить весь этот «айтишный» шум на человеческий язык.

Как именно AI встраивается в SASE-платформы и расширяет концепцию Zero Trust, подробно рассказывает свежий материал Dark Reading, который мы уже разобрали.

Давайте нырнём в детали — как ИИ меняет SASE и Zero Trust: разбор свежего материала Dark Reading.

Как ИИ меняет SASE и Zero Trust: разбор свежего материала Dark ReadingПочему тема вдруг «загорелась»За последние годы бизнес окончательно вышел за пределы корпоративного периметра: облака, гибридные рабочие места, API-экономика.

Где читать дальшеЕсли тема Zero Trust / SASE…

Однако процедура внесения ПО и ПАК в реестр непростая и многоступенчатая, она требует внимательного подхода.

Иногда разработчики отправляют только ссылку на интерфейс ПО, в то время как доступ необходим и к серверной части ПО.

Перед подачей заявки необходимо убедиться в отсутствии запрещённых компонентов в ПО, иначе может последовать отказ в регистрации.

Незнание тонкостей и нюансов создает дополнительные сложности и может привести к ошибкам и отказу в регистрации: не знал деталей, не учел сроки, неправильно заполнил формы и т.д.

Эти нюансы особенно вызывают недовольство у тех, кто впервые пытается зарегистрировать свое ПО в реестре:Необходимо раскрыть личные данные учредителей организации.

Внезапно я узнал о выставке, посвящённой молодым видам спорта, в Государственном музее спорта.

Поскольку выставка была связана не только с компьютерным спортом, но и с другими вида спорта: спортивное программирование, гонки дронов, лазертаг и так далее.

Гонки дронов — официальный вид спорта, и спортсмены постоянно тренируются для улучшения своих навыков и поддержания физической формы.

Игры в лазертаг могут проходить как в помещениях, так и на открытых площадках.

КиберспортКиберспорт — это соревновательный вид спорта в компьютерных играх, существующий как в России, так и во всём мире с начала 2000-х годов.

Настройка Yandex SmartCaptcha на первый взгляд может показаться простой задачей, но на практике она требует внимательности, точной настройки и понимания архитектуры приложения.

В первой части мы с вами рассмотрим, как настроить визуализацию капчи на web-стороне, а во второй — как интегрировать данный инструмент в ваше iOS-приложение.

СодержаниеПример реализацииЗаключениеНастройка визуализации капчи на web-сторонеЧтобы работать с капчей, для этого нужно в личном кабинете получить ключ.

Yandex SmartCaptcha состоит из двух блоков:Первый блок Yandex SmartCaptchaМеханика требует нажатия на галочку для проверки, также есть на выбор другой блок в виде слайдера.

Пример реализацииЗаключениеВ этой ст…

Так что, не стоит переоценивать свои силы и для выполнения консалтинговых задач лучше сразу привлекать соответствующих специалистов.

ИБ как довесокА теперь давайте поговорим о тяжелых, комплексных проектах.

При этом, данные подсистемы тесно интегрируются и с сетевым и серверным оборудованием и тем более с софтом (одно только подключение нестандартных источников к SIEM может занять немало времени).

Полученный в результате пентеста отчет наглядно покажет какие дыры имеются в вашей инфраструктуре и как их можно использовать.

РП важно помнить, что проекты, запущенные без участия руководства и бизнес‑подразделений, остаются на бумаге и не получают достаточных ресурсов.

Статья носит исключительно информационный характер и не является инструкцией или призывом к совершению противоправных действий.

Например, для Ника решающим моментом стал разговор с коллегой, который отправлял уязвимости в PayPal и получал за это деньги.

Для него это не просто поиск багов, а соревнование с другими исследователями: чем менее очевидна цель, тем выше шанс найти что-то ценное.

Это случилось ранним утром, около 3-4 часов, и в итоге история получилась действительно крутой — всё завершилось успехом».

Оба сходятся во мнении, что Bug Bounty — это не только деньги, но и возможность постоянно развиваться, работать с крутыми специалистами и видеть реальные результаты своих усилий!

Анализируйте «узкие места»: если клиент регулярно сталкивается с нехваткой лицензий во время работы с ПО, предложите расширение пакета.

Таким образом сотрудники отдела продаж, не имея гибкого лицензирования, не могут адаптировать предложение под запросы конкретного клиента.

Разработка системы лицензирования и защиты «с нуля» поначалу кажется типовой задачей отдела разработки и не требует больших ресурсов.

Собирайте все возможные данные о том, как пользователи работают с ПО и лицензиями.

Несмотря на сложности, сегмент тиражируемого ПО демонстрирует устойчивый рост как на мировом, так и на российском рынках.

:) В одном из моих последних проектов, который я разрабатываю как open source, я реализовал сквозное (end-to-end) шифрование — аналогично тому, как это делают, например, WhatsApp или Telegram.

Общий ключ это "Ваш приватный ключ" + "Публичный ключ контакта"Когда вы открываете чат с контактом, ваш клиент заново вычисляет этот общий секретный ключ, как вы уже знаете вот таким образом (Ваш приватный ключ + Публичный ключ вашего контакта = Общий секретный ключ).

Используя ваш приватный ключ и публичный ключ собеседника, deriveBits вычисляет общий секретный набор бит ( sharedBits ).

Метод decrypt(cipherBase64, ivBase64) : Дешифрование сообщенияРазбор шагов в decrypt() :Преобразование данных: Полу…

В этой статье я поэтапно разобрал пример сборки Docker-образов в GitLab CI пайплайнах с учетом баланса между безопасностью автоматизированной разработки и скоростью процесса.

Теперь в нашей инфраструктуре любой разработчик может выполнить произвольный код с правами gitlab-runner, получив тем самым доступ к хосту.

Доступ к хостовому отбросим сразу — это даст возможность управлять рантаймом других задач, да и в целом, имея такие привилегии, получить полный доступ к системе не сложно.

Там нам советуют использовать образ dind (Docker in Docker) в качестве сервиса к нашей задаче.

Поэтому интеграция кибербезопасности должна осуществляться комплексно — как на техническом уровне, так и на организац…

Но это не просто обзор “что это вообще такое”, а мой личный опыт: с фейлами, удачами, живыми кейсами и выводами.

Как всё началось и почему я вообще влез в копитрейдингМой первый заход в копитрейдинг был ещё до того, как я плотно погрузился в Solana и начал шерстить блокчейн в поисках рабочих стратегий.

Ты можешь выбрать из сотни, в лучшем случае, трейдеров, которых тебе предлагают в системе, и на этом всё.

Разница — в подходе и в уровне контроля.

Вот ссылка на пул в gmgnВот тут на скрине хорошо видно тонкую и высокую свечу пампа — в неё я и залетел.

Чем защита ГИС отличается от корпоративной ИБС технической точки зрения подходы к защите ГИС и корпоративных систем схожи.

Как строится система защиты ГИС (в идеальном мире)Чтобы избежать недоразумений, сразу сделаем оговорку: будет приведено описание идеальной картины мира при построении системы защиты в ГИС.

Глобально построение системы защиты ГИС состоит из нескольких ключевых этапов:Аудит требований — изучаем потребности заказчика, который планирует внедрить систему защиты.

При подготовке технического задания мы опираемся как на собственную экспертизу, так и на требования регуляторов.

Урезания бюджетов на защиту ГИСТипичная ситуация для государственных заказчиков — формирование бюджета …

Пример графа TMEИтак, на графе мы видим четыре компонента: Host 1, Host 2, Host 3, Host 4.

Аналогично через эксплуатацию уязвимости мы можем перейти с Host 1 на Host 4, а с Host 4 на Host 3.

С Host 1 можно перейти по RDP-протоколу на Host 3 при условии обладания привилегией Priv3.

От Host 1 можно продвинуться в трех направлениях: через эксплуатацию уязвимости на Host 2 и Host 4 и по RDP на Host 3.

А привилегиями обладают учетные записи, которые могут быть захвачены на графе ТМЕ, что мы и видим на рис.

В прошлом месяце на сайте «Хакера» завершилась публикация книги Валентина Холмогорова « Хакеры.RU » — приключенческой истории с налетом технотриллера и атмосферой времен, когда хакинг был стилем жизни.

Ты можешь не просто прочитать эту историю, но и подержать ее в руках — у нас есть бумажная версия книги с черно-белыми иллюстрациями!

«Эта книга — не просто приключения с элементами технотриллера, а попытка вернуть утраченную традицию.

История о двух парнях из небольшого городка, которые, каждый по своим причинам, погрузились в хакинг.

Но главное — здесь есть дух того времени, когда хакерство было не просто набором технологий, а способом поиска себя и своего места в мире.

Исследователи предупредили, что облачный сервис OneDrive может предоставлять сторонним веб-приложениям доступ ко всем файлам пользователя.

Корень проблемы кроется в чрезмерных разрешениях, запрашиваемых OneDrive File Picker, который требует доступ на чтение ко всему хранилищу, даже в тех случаях, когда загружается всего один файл.

«Проще говоря, любое веб-приложение, использующее OneDrive File Picker, имеет доступ не только к выбранному вами файлу для загрузки/скачивания, но и ко всему OneDrive.

Хуже того, этот доступ может сохраняться даже после завершения загрузки файла», — поясняют исследователи.

Пользователям рекомендуется рассмотреть возможность временного отключения функции загрузки ф…

Аналитики Patchstack обнаружили критическую уязвимость в плагине TI WooCommerce Wishlist для WordPress.

TI WooCommerce Wishlist насчитывает более 100 000 активных установок.

«Плагин уязвим перед произвольной загрузкой файлов, что позволяет неаутентифицированным злоумышленникам загружать вредоносные файлы на сервер», — предупреждают в Patchstack.

В результате установка test_type в значение false позволяет обойти проверку типа файла, тем самым позволяя загружать файлы любых типов.

Это означает, что успешная эксплуатация бага возможна только в том случае, если плагин WC Fields Factory активен на сайте под управлением WordPress, а также в плагине TI WooCommerce Wishlist включена интеграция.

Количес­тво инци­ден­тов уве­личи­лось на 358% по срав­нению с пре­дыду­щим годом и на 198% по срав­нению с пре­дыду­щим квар­талом.

В отче­те за пер­вый квар­тал 2025 года ком­пания пишет, что в 2024 году она лик­видиро­вала в общей слож­ности 21,3 мил­лиона DDoS-атак.

В пер­вом квар­тале 2025 года количес­тво гиперобъ­емных атак сос­тавля­ло в сред­нем 8 в день, и по срав­нению с пре­дыду­щим квар­талом их количес­тво удво­илось.

Од­нако вско­ре пред­ста­вите­ли Twilio заяви­ли, что не выяви­ли в сво­их сис­темах никаких приз­наков ком­про­мета­ции, а в Valve и вов­се сооб­щили, что не поль­зуют­ся услу­гами Twilio.

«Пос­коль­ку рас­ширения появ­ляют­ся как в Chrome Web Store, так и на са…

Компания Victoria's Secret была вынуждена приостановить работу своего сайта и частично ограничить услуги в некоторых розничных магазинах из-за кибератаки.

В сообщении, которое отображается при попытке зайти на официальный сайт, компания сообщает, что магазины Victoria's Secret и PINK остаются открытыми и уже ведутся восстановительные работы.

Представители Victoria's Secret сообщили изданию Bleeping Computer, что компания привлекла к расследованию инцидента и устранению последствий внешних ИБ-экспертов.

Как отмечает издание, ранее в этом месяце от хакерской атаки также пострадала компания Dior, и в этом случае неизвестные злоумышленники получили доступ к данным ряда клиентов Dior Fashion and…

Под­держи­вать код в хорошем сос­тоянии или рас­путывать клу­бок ста­рого хаоса тре­бует уси­лий… и неуто­мимый ИИ‑помощ­ник, который пос­тоян­но прос­матри­вает код и пред­лага­ет улуч­шения, может быть очень полезен.

С LLM мож­но не писать все цик­лы и усло­вия, а толь­ко показать, как выг­лядит ввод, опи­сать вывод и перечис­лить усло­вия сор­тиров­ки.

Осталь­ное компь­ютер дела­ет сам, и в боль­шинс­тве слу­чаев в код дей­стви­тель­но мож­но не вчи­тывать­ся — по резуль­татам работы и так всё ясно.

«Не обя­затель­но» не зна­чит «не нуж­но».

А еще из ней­рон­ки всег­да мож­но извлечь не толь­ко готовый код, но и пояс­нения.

По словам главы Минцифры Максута Шадаева, в ведомстве допускают возможность поэтапного ограничения использования зарубежных облачных сервисов, у которых есть российские аналоги.

По словам министра, в настоящее время в России складывается непростая экономическая ситуация, и многие крупные заказчики буквально «режут» ИТ-бюджеты.

И в этой ситуации необходимо думать про дополнительные стимулы, чтобы повысить рост спроса на отечественные предложения в этой сфере.

«В этой ситуации наш подход такой, что в крупных корпорациях можно подумать о поэтапном ограничении использования зарубежных облачных сервисов там, где есть зрелые российские аналоги.

По его словам, российские компании, пользующиеся зар…

Вредонос нацелен на устройства под управлением Linux и брутфорсит учетные данные SSH на IoT-девайсах с целью развертывания дополнительных полезных нагрузок.

Вместо обширного сканирования интернета, PumaBot целенаправленно атакует определенные IP-адреса на основе списков, которые получает от своего управляющего сервера (ssh.ddos-cc[.]org).

Наконец, малварь внедряет собственный SSH в файл authorized_keys, чтобы сохранить доступ даже в случае обнаружения атаки и поверхностной очистки системы.

Вредоносный PAM-модуль собирает локальные и удаленные учетные данные SSH и сохраняет их в текстовом файле (con.txt).

Отмечается, что среди команд PumaBot присутствуют xmrig и networkxm, то есть скомпромет…

Выступая на TAdviser Summit, министр цифрового развития, связи и массовых коммуникаций РФ Максут Шадаев сообщил, что в ближайшие полгода Минцифры планирует определиться с единой политикой использования VPN-сервисов в России.

«Я думаю, что в ближайшие полгода мы определимся с контурами политики в этой части.

При этом понятно, что с недружественными VPN, которые не выполняют требования российского законодательства, Роскомнадзор борется.

Тогда отмечалось, что компании все активнее вносят данные об использовании иностранных протоколов шифрования в своих корпоративных сетях в «белый список» РКН.

Как отмечали в апреле эксперты, не исключено, что в будущем доступ к VPN может носить «разрешительный…

Компания Apple сообщила, что за последние пять лет она заблокировала мошеннические транзакции в App Store на сумму более 9 млрд долларов.

Ежегодный отчет компании гласит, что пользователи App Store сталкиваются с самыми разными угрозами от «мошеннических приложений, которые похищают личную информацию, до мошеннических схем оплаты, которые пытаются обмануть пользователей».

В общей сложности компания заблокировала более 46 000 учетных записей разработчиков из-за подозрений в мошенничестве и отклонила 139 000 заявок на регистрацию в рамках мер по предотвращению попадания в App Store созданных злоумышленниками приложений.

Для сравнения: в 2023 году Apple предотвратила мошеннические транзакции н…

Разработчик YouTube-Tools утверждает, что в первую очередь инструмент предназначен для использования правоохранительными органами, но зарегистрироваться может любой желающий.

Кроме того, YouTube-Tools, по всей видимости, нарушает политику конфиденциальности YouTube и поднимает вопросы о том, что разработчики YouTube делают для предотвращения подобного скрапинга и неправомерного использования данных пользователей.

«Публичные поисковые системы могут собирать на YouTube данные только в соответствии с файлом robots.txt или с предварительного письменного разрешения YouTube», — гласят правила.

Журналисты издания протестировали сервис, задав в качестве отправной точки случайный комментарий с YouTu…

Плагин на C++Пер­вый спо­соб рас­ширить воз­можнос­ти «Иды» — это ком­пилиру­емые DLL.

Легаль­но ска­чать его мож­но, толь­ко купив лицен­зию на IDA Pro, о нелегаль­ных спо­собах ты можешь узнать сам.

h> #include < ida.

Ко­пиру­ем соб­ранный пла­гин в пап­ку IDA Professional 9.

IDCПод­дер­жка скрип­тов на язы­ке IDC появи­лась со вто­рой вер­сии IDA Pro, в 1994 году.

Более 9000 маршрутизаторов Asus были взломаны ботнетом AyySSHush, который также атакует SOHO-роутеры Cisco, D-Link и Linksys.

«Поскольку ключ добавляется с помощью официальных функций Asus, это изменение конфигурации сохраняется при обновлении прошивки, — объясняют в GreyNoise.

В целом обнаруженная Sekoia кампания нацелена на SOHO-маршрутизаторы, SSL-VPN, DVR, BMC-контроллеры D-Link, а также устройства Linksys, Qnap и Araknis Networks.

Как и в случае с ViciousTrap, точные цели операторов AyySSHush неясны до конца, поскольку зараженные устройства не используют для DDoS-атак или проксирования вредоносного трафика.

Пользователям рекомендуется как можно скорее обновить прошивку, провести провер…

Новинка должна унифицировать процесс обновления всех приложений, драйверов и системных компонентов в Windows.

Чтобы решить эту проблему, мы разрабатываем концепцию единой интеллектуальной платформы для координации обновлений, способной поддерживать любые обновления (приложений, драйверов и так далее) наряду с обновлениями Windows, — сообщают в Microsoft.

Затем он распределит загрузки и обновления по времени, чтобы минимизировать нагрузку на процессор и сеть, а также примет во внимание активность пользователя, состояние источника питания и сети.

В настоящее время новая платформа Microsoft находится на этапе закрытого тестирования и доступна только для разработчиков и тех, кто создает приложе…

Исследователи из компании Socket обнаружили активную кампанию, в рамках которой используются десятки вредоносных npm-пакетов, способных собирать и похищать информацию из систем жертв.

По данным специалистов, за последние две недели неизвестные злоумышленники опубликовали в npm 60 пакетов, содержащих небольшой скрипт, который активируется при установке.

Скрипт нацелен на пользователей Windows, Linux и macOS, использует базовые проверки для обхода песочниц и разработан специально для фингерпринтинга любой системы, которая взаимодействует с одним из вредоносных пакетов.

Исследователи выявили три учетные записи npm, каждая из которых опубликовала по 20 вредоносных пакетов: bbbb335656, cdsfdfafd…

Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU).

Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information.

Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems.

"These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump," Saeed Abbasi, manager of product at Qualys TRU, said.

The "/proc/sys/fs/suid_dumpa…

A multinational law enforcement operation has resulted in the takedown of an online cybercrime syndicate that offered services to threat actors to ensure that their malicious software stayed undetected from security software.

"Crypting is the process of using software to make malware difficult for antivirus programs to detect," the DoJ said.

The DoJ said authorities made undercover purchases to analyze the services and confirmed that they were being used for cybercrime.

In a coordinated announcement, Dutch officials characterized AvCheck as one of the largest CAV services used by bad actors around the world.

The findings demonstrate how threat actors quickly adapt and devise ways to defeat …

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages.

Written in Rust, EDDIESTEALER is a commodity stealer malware that can gather system metadata, receive tasks from a command-and-control (C2) server, and siphon data of interest from the infected host.

The collected host information is encrypted and transmitted to the C2 server in a separate HTTP POST request after the completion of each task.

Attack sequences distributing the malware entail the use of a Mach-O binary that downloads a second-stage bash stealer script from the server "appleprocesshu…

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023.

"The threat actor mainly targets the SQL injection vulnerabilities discovered on web applications to access the SQL servers of targeted organizations," Trend Micro security researcher Joseph C Chen said in an analysis published this week.

"The actor also takes advantage of various known vulnerabilities to exploit public-facing servers."

"In the second half of 2024, they shifted their targets to organizations mainly in the logistics and online retail indust…

Jason Elrod's View: The Healthcare Security ConundrumAfter 15+ years as a healthcare CISO, Elrod has a unique perspective on the security challenges facing healthcare organizations.

For healthcare organizations, the stakes are even higher.

As healthcare organizations continue to balance security requirements with the need for frictionless care delivery, solutions that align these competing priorities will become increasingly essential.

This resource equips healthcare security leaders with evaluation criteria, implementation strategies, and ROI frameworks that have helped organizations like MultiCare transform from the "Department of No" to a "Culture of Yes."

To learn more about Elisity and…

The Treasury accused the Taguig-headquartered company of enabling thousands of websites involved in virtual currency investment scams that caused Americans to lose billions of dollars annually.

Last year, an analysis by Silent Push revealed that the infrastructure associated with Funnull has been used to promote investment scams, fake trading applications, and suspect gambling networks.

The tasks assigned to them included assigning domain names to criminal actors for virtual currency investment fraud, phishing scams, and online gambling sites.

"Between October 2023 and April 2025, multiple patterns of IP address activity were observed from several domains using Funnull infrastructure," the …

ConnectWise, the developer of remote access and support software ScreenConnect, has disclosed that it was the victim of a cyber attack that it said was likely perpetrated by a nation-state threat actor.

"ConnectWise recently learned of suspicious activity within our environment that we believe was tied to a sophisticated nation-state actor, which affected a very small number of ScreenConnect customers," the company said in a brief advisory on May 28, 2025.

ConnectWise said it has implemented enhanced monitoring and hardening measures across its environment to prevent such attacks from happening again in the future.

"We have not observed any further suspicious activity in any customer instan…

Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025.

The accounts masqueraded as locals living in Romania and posted content related to sports, travel, or local news.

While a majority of these comments did not receive any engagement from authentic audiences, Meta said these fictitious personas also had a corresponding presence on other platforms in an attempt to make them look credible.

A second influence network disrupted by Meta originated from Iran and targeted Azeri-speaking audiences in Azerbaijan and Turkey across its platforms, X, and YouTube.

Lastly, Meta revealed that it removed 157…

Fake installers for popular artificial intelligence (AI) tools like OpenAI ChatGPT and InVideo AI are being used as lures to propagate various threats, such as the CyberLock and Lucky_Gh0$t ransomware families, and a new malware dubbed Numero.

"Lucky_Gh0$t ransomware is yet another variant of the Yashma ransomware, which is the sixth iteration of the Chaos ransomware series, featuring only minor modifications to the ransomware binary."

"The folder also contained legitimate Microsoft open-source AI tools that are available on their GitHub repository for developers and data scientists working with AI, particularly within the Azure ecosystem."

"By implementing the infinite loop in the batch fi…

Cybersecurity researchers have taken the wraps off an unusual cyber attack that leveraged malware with corrupted DOS and PE headers, according to new findings from Fortinet.

The DOS (Disk Operating System) and PE (Portable Executable) headers are essential parts of a Windows PE file, providing information about the executable.

"The threat actor had executed a batch of scripts and PowerShell to run the malware in a Windows process."

The malware, running within a dllhost.exe process, is a 64-bit PE file with corrupted DOS and PE headers in a bid to challenge analysis efforts and reconstruct the payload from memory.

"After launching the thread, the main thread enters a sleep state until the co…

The threat actors behind the DragonForce ransomware gained access to an unnamed Managed Service Provider's (MSP) SimpleHelp remote monitoring and management (RMM) tool, and then leveraged it to exfiltrate data and drop the locker on multiple endpoints.

"DragonForce is not just another ransomware brand – it's a destabilizing force trying to reshape the ransomware landscape," Aiden Sinnott, senior threat researcher at Sophos Counter Threat Unit, said.

"To stay secure, companies should prioritize employee awareness and strictly limit remote access.

This includes using policies to block the execution of virtual machines and remote access software on computers that should not have such software.…

Google on Wednesday disclosed that the Chinese state-sponsored threat actor known as APT41 leveraged a malware called TOUGHPROGRESS that uses Google Calendar for command-and-control (C2).

"Misuse of cloud services for C2 is a technique that many threat actors leverage in order to blend in with legitimate activity," Google Threat Intelligence Group (GTIG) researcher Patrick Whitsell said.

The infection begins when the LNK file is launched, causing a decoy PDF to be presented to the recipient stating the species pulled from the directory need to be declared for export.

Google said it has taken the step of taking down the malicious Google Calendar and terminated the associated Workspace projec…

Cybersecurity researchers have disclosed a critical unpatched security flaw impacting TI WooCommerce Wishlist plugin for WordPress that could be exploited by unauthenticated attackers to upload arbitrary files.

TI WooCommerce Wishlist, which has over 100,000 active installations, is a tool to allow e-commerce site customers to save their favorite products for later and share the lists on social media platforms.

"The plugin is vulnerable to an arbitrary file upload vulnerability which allows attackers to upload malicious files to the server without authentication," Patchstack researcher John Castro said.

In setting "test_type" to false, it allows the file type validation to be effectively by…

An Iranian national has pleaded guilty in the U.S. over his involvement in an international ransomware and extortion scheme involving the Robbinhood ransomware.

Sina Gholinejad (aka Sina Ghaaf), 37, and his co-conspirators are said to have breached the computer networks of various organizations in the United States and encrypted files with Robbinhood ransomware to demand Bitcoin ransom payments.

Gholinejad, who was arrested in North Carolina in early January, pleaded guilty to one count of computer fraud and abuse and one count of conspiracy to commit wire fraud.

"These cyber attacks caused significant disruptions and tens of millions in losses, including to the City of Greenville, North Ca…

The Czech Republic on Wednesday formally accused a threat actor associated with the People's Republic of China (PRC) of targeting its Ministry of Foreign Affairs.

In a public statement, the government said it identified China as the culprit behind a malicious campaign targeting one of the unclassified networks of the Czech Ministry of Foreign Affairs.

"The malicious activity [...] lasted from 2022 and affected an institution designated as Czech critical infrastructure," it added.

Strongly condemning the malicious cyber campaign, the Government of the Czech Republic said "such behavior undermines the credibility of the People's Republic of China and contradicts its public declarations."

It c…

From a flurry of attacks targeting UK retailers to campaigns corralling end-of-life routers into botnets, it's a wrap on another month filled with impactful cybersecurity newsIt's that time of month again when ESET Chief Security Evangelist Tony Anscombe offers his take on some of the most impactful cybersecurity news of the past 30 or so days.

Here's a selection of what stood out to him in May 2025:a warning from Google that Scattered Spider, the hacking gang that orchestrated recent attacks at high-street UK retailers, is now turning their sights to US companies,earlier in May, Marks & Spencer confirmed that some customer data was stolen in the flurry of attacks on UK retailers, which had…

How does Docusign phishing work?

Cybercriminals are not spoofing fake Docusign emails, but instead registering real accounts with the company, and using its APIs to send out legitimate envelopes spoofing popular brands.

Regular phishing emails spoofing the Docusign brand and taking the user to phishing login pages.

Things workers should be taught to look out for include:Destination URLs: hover over any links/buttons in Docusign emails to check the destination URLs are legitimate.

Attachments: there should be no attachments in an initial Docusign email.

ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that resulted in a major disruption of the malware’s infrastructureAs US authorities, along with Europol and Eurojust, have announced a global disruption operation of Danabot, ESET researchers have released their deep-dive analysis of this sprawling malware-as-a-service (MaaS) operation that according to US authorities compromised more than 300,000 computers around the world and caused at least US$50 million in damage.

ESET Research has been tracking Danabot’s activity since 2018 as part of a global effort that now resulted in a major disruption of the malware’s infrastructure.

Watch the video with ESET…

Our contribution included providing technical analyses of the malware and its backend infrastructure, as well as identifying Danabot’s C&C servers.

C&C server applicationThe standalone server application comes in the form of a DLL file and acts as the brain of the botnet.

This C&C server application is available for local installation only for affiliates paying for the higher tier personal server option.

]245 N/A GLOBAL CONNECTIVITY SOLUTIONS LLP 2025‑03‑25 Danabot proxy C&C server 212.18.104[.

]246 N/A GLOBAL CONNECTIVITY SOLUTIONS LLP 2025‑03‑25 Danabot proxy C&C server 34.16.215[.

The bustling cybercrime enterprise has been dealt a significant blow in a global operation that relied on the expertise of ESET and other technology companiesA global disruption operation has dealt a significant blow to Lumma Stealer, one of the most prolific malware-as-a-service (MaaS) operations.

The disruption effort, led by Microsoft and involving technical analysis by ESET researchers, targeted the infostealer's infrastructure, including all known C&C servers from the past year, and ultimately making the threat largely inoperative.

What else is there to know about the operation, as well as about the inner workings of the prolific info-stealer malware, which went after all manner of sen…

Key points of this blogpost: ESET took part in a coordinated global operation to disrupt Lumma Stealer.

Lumma Stealer identifierEach Lumma Stealer sample contains a unique hardcoded affiliate identifier known as LID.

Lumma Stealer C&C communication flowAnti-analysis obfuscation techniquesLumma Stealer employs a few, but effective, anti-emulation techniques to make analysis as complicated as possible.

The disruption operation, led by Microsoft, aims to seize all known Lumma Stealer C&C domains, rendering Lumma Stealer’s exfiltration infrastructure nonfunctional.

ESET will continue to track other infostealers while closely monitoring for Lumma Stealer activity following this disruption operat…

Today, the ESET research team released its latest issue of the APT Activity Report that details the operations of some of the world's most notorious nation state-affiliated hacking collectives from October 2024 to March 2025.

Their analysis reveals sustained efforts by advanced threat actors targeting a broad array of geographies and industry sectors, with objectives ranging from espionage all the way to data destruction and financial gain.

What kinds of techniques did the various APT groups use and what could be the implications for your organization?

Find out in Tony's video and make sure to read the report itself here.

ESET APT Activity Report Q4 2024–Q1 2025 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from October 2024 until the end of March 2025.

During the monitored period, China-aligned threat actors continued engaging in persistent espionage campaigns with a focus on European organizations.

CyberToufan conducted destructive operations, deploying a wiper attack against multiple organizations in Israel.

Russia-aligned threat actors, notably Sednit and Gamaredon, maintained aggressive campaigns primarily targeting Ukraine and EU countries.

Malicious activities described in ESET APT Activity Report Q4 2024–Q1 2025 are detected…

Operation RoundPress targets webmail software to steal secrets from email accounts belonging mainly to governmental organizations in Ukraine and defense contractors in the EUESET researchers have discovered a cyberespionage operation that abuses cross-site scripting (XSS) vulnerabilities, including a zero-day XSS flaw in MDaemon webmail software, to steal confidential information from specific email accounts belonging to officials working for various governmental organizations in Ukraine and defense contractors in Europe and on other continents.

Operation RoundPress, so nicknamed by ESET, is most probably the work of the Russia-aligned Sednit APT group, who first took aim at Roundcube, but …

This blogpost introduces an operation that we named RoundPress, targeting high-value webmail servers with XSS vulnerabilities, and that we assess with medium confidence is run by the Sednit cyberespionage group.

Key points of this blogpost: In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim’s webmail page.

Operation RoundPress compromise chainGenerally, the email message looks benign and contains text about news events.

Furthermore, strings used by the code, such as webmail and C&C server URLs, are also obfuscated and contained in an encrypted list.

The payload is fully contained in the …

Tune in for an insightful look at disinformation and how we can fight one of the most pressing challenges facing our digital world.

Why are our brains wired in ways that make us vulnerable to believing and spreading things we shouldn't?

Which kinds of topics attract the most attention, and how are the tactics in disinformation playbooks evolving?

Speaking of AI, this episode features a quiz where you can test your own critical thinking skills and see if you can tell deepfakes apart from real images, video, and audio.

Tune in also for some practical advice that will come in handy when navigating the complex information landscape online.

One technique that has gained traction in recent years is the use of dynamically generated phishing pages.

Using dedicated phishing-as-a-service (PhaaS) toolkits, attackers can spin up authentic-looking phishing pages on the spot, all while customizing them for whoever they’re targeting.

Fake login page for Argentina’s Federal Administration of Public Income (AFIP)Figure 3.

Instead, navigate to the legitimate website or contact the organization through a trusted, known phone number or email address.

Combining vigilant awareness with strong technical defenses will go a long way toward keeping the ever-morphing phish at bay..

The UK’s Chartered Trading Standards Institute has in the past also warned about bogus texts inviting recipients to jury service, or risk facing fines.

Payment options: No court, police department or government agency will ask for payment over the phone for ‘missed’ jury service.

No court, police department or government agency will ask for payment over the phone for ‘missed’ jury service.

Requests for information: Scammers may ask for sensitive personal information like Social Security details, as well as demanding you send them funds.

Also be aware that failing to turn up for jury service will never be grounds for arrest.

Have you received a text message about an unpaid road toll?

It’s time to get clued up on toll road scams.

What do toll road scams look like?

Here’s some commonly used phrasing in unpaid toll scam texts: “You have an unpaid toll bill on your account.

Report toll road smishing attempts.

From the power of collaborative defense to identity security and AI, catch up on the event's key themes and discussionsThat's a wrap on the RSACTM 2025 Conference, one of the year's premier cybersecurity events where thousands of security practitioners exchanged their views, ideas and knowledge while discussing the world's most pressing security challenges.

", turned the spotlight on collaboration and cooperation between various stakeholders, notably governments, vendors and academia.

Other topics that were the 'talk of the town' included the protection of critical infrastructure, operational technology (OT), identity authentication and, you guessed it, artificial intelligence.

Watch the vi…

And this is only possible because of a founding principle: open source.

In the blockchain space, open source is not optional – it’s the default.

A protocol can be open source, and must be, if it is to be trusted, while still protecting the confidentiality of its users.

While not all PETs are open source – trusted execution environments (TEEs) being one example – all cryptography-based PETs used in blockchain are open source by design.

Open source is not a risk to privacy, it is the very thing that makes it possible.

Phishing scams used to be filled with awkward wording and obvious grammar mistakes.

Besides being fast and handling lots of data, AI cuts down on alerts that don’t matter, letting security teams focus on real problems.

This shift encourages security teams to think of AI as a collaborative partner with human failings,” explained Doug Kersten, CISO of Appfire.

Privacy concerns: AI systems that detect phishing often analyze emails, messages, attachments, and user behavior.

Future outlookAI will continue to advance, both for cybercriminals and security teams.

Yet respondents reported deep concerns over the ability to control the data AI agents can access and share, with an 92% stating that governing AI agents is critical to enterprise security.

Leading the list of unintended actions, 39% of respondents reported AI agents accessed unauthorized systems, while 33% said agents accessed inappropriate or sensitive data.

IT stands out in AI agent data access knowledgeIT (71%) is the most informed team regarding AI agent data access, given their role in implementing the technology, managing configurations, and provisioning credentials.

This lack of visibility into data access has resulted in only 52% of companies reporting that they can track and audit …

Microsoft is ending support for Exchange Server 2016, Exchange Server 2019, and Outlook 2016 on October 14, 2025.

For Exchange Server specifically, Microsoft also won’t release any more time zone updates or patches.

Microsoft has confirmed that Outlook 2016 will stop connecting to Microsoft 365 after support ends.

Option 1: Migrate to Microsoft 365 (Exchange Online)For most organizations, Microsoft 365 is the recommended path.

Tips for a smooth transitionTake inventory now: Map out which users and departments are on Exchange 2016 or 2019 and what clients they’re using (e.g., Outlook 2016).

Here’s a look at the most interesting products from the past month, featuring releases from: Anchore, BalkanID, Cyble, groundcover, Hunted Labs, LogicGate, McAfee, Obsidian Security, Outpost24, PentestPad, ProcessUnity, Resecurity, Searchlight Cyber, SecuX, ServiceNow, ThreatMark, and Verosint.

It allows organizations to meet compliance and security requirements quickly and affordably, while providing a strategic path to IGA maturity.

Resecurity One simplifies cybersecurity operationsResecurity One provides real-time cyber threat intelligence from multiple sources, enabling organizations to proactively identify and respond to cyber threats.

With comprehensive threat intelligence feeds and a…

The software update orchestration platform“Today, line-of-business apps, Windows components, Visual Studio, and other products are updated independently,” says Microsoft Product Manager Angie Chen.

If user interaction is needed, the orchestrator prompts them via native Windows Update notifications.

“With Windows Backup for Organizations, get your users up and running as quickly as possible with their familiar Windows settings already in place.

It doesn’t matter if they’re experiencing a device reimage or reset,” Microsoft Product Manager Miranda Leschke noted.

The feature is currently in limited public preview, available only to select members of the Microsoft Management Customer Connection…

Resecurity has officially launched its AI-driven Compliance Manager.

The solution is engineered to help CISOs and compliance teams manage complex regulatory demands, reduce risk, and maintain alignment with global cybersecurity standards.

The Compliance Manager delivers centralized visibility, automation, and expert-level guidance to ensure organizations stay audit-ready and resilient in the face of expanding data protection and information security regulations.

This empowers cybersecurity leaders with GenAI-driven insights and adaptive compliance recommendations, tailored to evolving standards.

The Compliance Manager is fully integrated into the Resecurity platform, enabling unified threat…

Cisco unveiled Duo Identity and Access Management (IAM), a new security solution that transforms how organizations combat persistent identity-based attacks that are accelerating in the AI era.

Duo IAM offers an innovative and security-first approach, with added protection built on its globally trusted multifactor authentication (MFA).

Purpose-built to protect against modern identity threats, Duo IAM enables organizations to securely manage their entire identity infrastructure.

The new Identity Routing Engine allows Duo to integrate with many identity providers either as an identity broker or as a secondary identity provider.

To help organizations continuously monitor and respond to changes …

At Span Cyber Security Arena, I sat down with Ria Shetty, Director, Cyber Security & Resilience for Europe at Mastercard.

That’s why transparency, privacy, and security are built into every step of her team’s work, not added at the end.

Her team works with banks, merchants, and partners to raise awareness, provide tools, and help them secure their full environment.

“You’re only as strong as your weakest link.”The same cybersecurity products offered to customers are used internally.

“If you cut corners in cybersecurity, you’re going to pay for it later, and not just in money.

The report underscores the need for transparent oversight as AI systems expand their reach into detection, investigation, and decision-making.

“AI has become a double-edged sword in fraud prevention,” said Yinglian Xie, CEO of DataVisor.

The institutions that move first—building AI governance, linking systems, and reducing manual effort—will define the new standard for fraud resilience.”First-party fraud is everyone’s problemBeyond AI, first-party fraud (FPF) is now the second-biggest concern among decision-makers.

In fraud prevention, the impact is the same — disjointed data and manual handoffs lead to missed threats and wasted resources.

Balancing fraud control with customer experienceOne…

Another significant area is security and risk management process optimization, with 23% of organizations targeting this for cost savings.

Streamlining these processes can lead to more effective risk management and better allocation of resources.

This allows CISOs to adopt a more outcome-driven focus by prioritizing risk-adjusted returns on investments,” said Tony Buffomante, SVP & Global Head — Cybersecurity & Risk Services at Wipro.

22% of organizations now have their CISOs report directly to the CEO or have regular CEO reviews, and 8% report to the CFO.

Additionally, 17% of CISOs report to other C-level executives such as the COO, CRO or the general counsel.

In this Help Net Security video, Lee Archinal, Senior Threat Hunter at Intel 471, walks through practical strategies for detecting malicious activity involving Living Off The Land binaries (LOLBins).

These are legitimate tools built into operating systems, such as PowerShell, that can be hijacked by attackers to evade detection.

Archinal explains how to identify suspicious usage based on user roles, abnormal behavior, and log data, and dives into techniques such as encoded command detection, process injection, and time stomping.

He also highlights key resources like MITRE ATT&CK and Sysmon logs to help security teams build effective, data-driven threat hunting hypotheses.

If you’re new to cybersecurity and looking for a book that doesn’t overwhelm you with jargon or dive too deep into technical territory, Cybersecurity For Dummies might be a solid starting point.

This latest edition, published in 2025, adds newer topics like AI threats, which help keep the material relevant.

He has written several books on cybersecurity, including the previous edition of Cybersecurity For Dummies.

The book also does a good job of reminding readers that not all cybersecurity issues come from bad guys.

Cybersecurity For Dummies is ideal for people who don’t work in tech but want to protect themselves.

PlainID introduced Policy Management for Agentic AI.

Securing the future with a solution that brings identity-aware, policy-based access control to the next generation of AI systems.

As organizations adopt AI and LLM-based systems, they are ingesting and processing vast amounts of sensitive, and high-risk data.

Through policy management and access enforcement, we ensure every AI interaction is secure, compliant, and policy-aware,” said Gal Helemski, CPO of PlainID.

“The principals of zero trust and identity-first security are directly applicable to Agentic AI, and with this solution, we’re making them a reality.”Policy Management for Agentic AI enables organizations to define granular polic…

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

Why Take9 Won’t Improve CybersecurityThere’s a new cybersecurity awareness campaign: Take9.

Connect.” was an awareness campaign from 2016, by the Department of Homeland Security—this was before CISA—and the National Cybersecurity Alliance.

Recently, both cyberspace activist Cory Doctorow and security researcher Troy Hunt—two people who you’d expect to be excellent scam detectors—got phished.

Security isn’t based on the average employee’s ability to detect a malicious email; it’s based on the worst person’s inability—the weakest link.

Security awareness training, and the blame-the-user mentality that comes with it, are all we have.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Location Tracking App for Foreigners in MoscowRussia is proposing a rule that all foreigners in Moscow install a tracking app on their phones.

Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information: Residence locationFingerprintFace photographReal-time geo-location monitoringThis isn’t the first time we’ve seen this.

Qatar did it in 2022 around the World Cup:“After accepting the terms of these apps, moderators will have complete control of users’ devices,” he continued.

“All personal content, the ability to edit it, share it, extract it as well as data from other apps on your device is in their hands…

A new study found that many commercials VPNS are (often surreptitiously) owned by Chinese companies.

It would be hard for U.S. users to avoid the Chinese VPNs.

The ownership of many appeared deliberately opaque, with several concealing their structure behind layers of offshore shell companies.

TTP was able to determine the Chinese ownership of the 20 VPN apps being offered to Apple’s U.S. users by piecing together corporate documents from around the world.

None of those apps clearly disclosed their Chinese ownership.

Interesting story:USS Stein was underway when her anti-submarine sonar gear suddenly stopped working.

On returning to port and putting the ship in a drydock, engineers observed many deep scratches in the sonar dome’s rubber “NOFOUL” coating.

In some areas, the coating was described as being shredded, with rips up to four feet long.

Large claws were left embedded at the bottom of most of the scratches.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

In software development, the concept of user experience (UX) is fundamental to the design of any product or service.

Good UX design results in easy, relevant, useful, positive experiences.

Bad UX design leads to unhappy users.

Specifically, how might we define the UX of an election cycle: the voter experience (VX)?

This isn’t a radically new idea, and earlier efforts to embed UX design into electoral work yielded promising early benefits.

The percentage of AI bots that respond to surveys is also increasing.

We need to move past bland, grid-filled surveys and start designing experiences people actually want to complete.

TikTok or dating app style surveys wouldn’t be a bad idea or is that just me being too much Gen Z?

There’s a growing toolkit of ways to spot AI-generated responses—using things like response entropy, writing style patterns or even metadata like keystroke timing.

Ideally, you introduce an element that only humans can do, e.g., you have to pick up your price somewhere in-person.

DoorDash HackA DoorDash driver stole over $2.5 million over several months:The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app.

Then, using DoorDash employee credentials, he manually assigned the orders to driver accounts he and the others involved had created.

Devagiri would then mark the undelivered orders as complete and prompt DoorDash’s system to pay the driver accounts.

Then he’d switch those same orders back to “in process” and do it all over again.

Doing this “took less than five minutes, and was repeated hundreds of times for many of the orders,” writes the US Attorney’s Office.

The NSA’s “Fifty Years of Mathematical Cryptanalysis (1937–1987)”“Fifty Years of Mathematical Cryptanalysis (1937-1987),” by Glenn F. Stahly, was just declassified—with a lot of redactions—by the NSA.

I have not read it yet.

If you find anything interesting in the document, please tell us about it in the comments.

Posted on May 19, 2025 at 7:06 AM • 0 Comments

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

This is a weird story:U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people familiar with the matter said.

[…]Over the past nine months, undocumented communication devices, including cellular radios, have also been found in some batteries from multiple Chinese suppliers, one of them said.

Reuters was unable to determine how many solar power inverters and batteries they have looked at.

The rogue components provide additional, undocumented communication channels that could allow firewalls to be circumvented remotely, with poten…

AI-Generated LawOn April 14, Dubai’s ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws.

The first instance of enacted law known to have been written by AI was passed in Porto Alegre, Brazil, in 2023.

We approve of AI assisting humans in this manner, although Rosário should have disclosed that the bill was written by AI before it was voted on.

Individual lawmakers have begun turning to AI drafting tools as they traditionally have relied on staffers, interns, or lobbyists.

AI’s capacity to write complex law would allow the humans directing it to dictate their exacting policy preference for eve…

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking (remotely) at the Sektor 3.0 Festival in Warsaw, Poland, May 21-22, 2025.

The list is maintained on this page.

Posted on May 14, 2025 at 12:05 PM • 0 Comments

The agency said Funnull directly facilitated pig butchering and other schemes that resulted in more than $200 million in financial losses by Americans.

Pig butchering is a rampant form of fraud wherein people are lured by flirtatious strangers online into investing in fraudulent cryptocurrency trading platforms.

The FBI has released a technical writeup (PDF) of the infrastructure used to manage the malicious Funnull domains between October 2023 and April 2025.

In May 2024, KrebsOnSecurity published a deep dive on Stark Industries Solutions that found much of the malicious traffic traversing Stark’s network (e.g.

vulnerability scanning and password brute force attacks) was being bounced thro…

Authorities in Pakistan have arrested 21 individuals accused of operating “Heartsender,” a once popular spam and malware dissemination service that operated for more than a decade.

Pakistan’s National Cyber Crime Investigation Agency (NCCIA) reportedly conducted raids in Lahore’s Bahria Town and Multan on May 15 and 16.

In January 2025, the FBI and the Dutch Police seized the technical infrastructure for the cybercrime service, which was marketed under the brands Heartsender, Fudpage and Fudtools (and many other “fud” variations).

Dawn reported that those arrested included Rameez Shahzad, the alleged ringleader of the Heartsender cybercrime business, which most recently operated under the P…

The FBI says a newer version of DanaBot was used for espionage, and that many of the defendants exposed their real-life identities after accidentally infecting their own systems with the malware.

Initially spotted in May 2018 by researchers at the email security firm Proofpoint, DanaBot is a malware-as-a-service platform that specializes in credential theft and banking fraud.

The government says the malware infected more than 300,000 systems globally, causing estimated losses of more than $50 million.

“In some cases, such self-infections appeared to be deliberately done in order to test, analyze, or improve the malware,” the criminal complaint reads.

Further reading:Danabot: Analyzing a Fal…

KrebsOnSecurity last week was hit by a near record distributed denial-of-service (DDoS) attack that clocked in at more than 6.3 terabits of data per second (a terabit is one trillion bits of data).

For reference, the 6.3 Tbps attack last week was ten times the size of the assault launched against this site in 2016 by the Mirai IoT botnet, which held KrebsOnSecurity offline for nearly four days.

Forky denied being involved in the attack on KrebsOnSecurity, but acknowledged that he helped to develop and market the Aisuru botnet.

Forky offered equivocal, evasive responses to a number of questions about the Aisuru botnet and his business endeavors.

But that leak also rapidly led to the creation…

“Pompompurin,” is slated for resentencing next month after pleading guilty to access device fraud and possession of child sexual abuse material (CSAM).

On January 18, 2023, denizens of Breachforums posted for sale tens of thousands of records — including Social Security numbers, dates of birth, addresses, and phone numbers — stolen from Nonstop Health, an insurance provider based in Concord, Calif.

Jill Fertel is a former federal prosecutor who runs the cyber litigation practice at Cipriani & Warner, the law firm that represented Nonstop Health.

Despite admitting to possessing more than 600 CSAM images and personally operating Breachforums, Fitzpatrick was sentenced in January 2024 to time …

The Windows CLFS is a critical Windows component responsible for logging services, and is widely used by Windows system services and third-party applications for logging.

In any case, windowslatest.com reports that Windows 11 version 24H2 shows up ready for downloads, even if you don’t want it.

“Even if you don’t check for updates, Windows 11 24H2 will automatically download at some point.”Apple users likely have their own patching to do.

On May 12 Apple released security updates to fix at least 30 vulnerabilities in iOS and iPadOS (the updated version is 18.5).

Apple also released updates for macOS Sequoia, macOS Sonoma, macOS Ventura, WatchOS, tvOS and visionOS.

Google’s Ads Transparency Center finds 360 Digital Marketing LLC ran at least 500 ads promoting various websites selling ghostwriting services .

Rameez Moiz is a Texas resident and former Abtach product manager who has represented 360 Digital Marketing LLC and RetroCube.

Moiz told KrebsOnSecurity he stopped working for 360 Digital Marketing in the summer of 2023.

That lawsuit helpfully showed an image of the office front door at 1910 Pacific Ave Suite 8025, which featured the logos of 360 Digital Marketing, Retrocube, and eWorldTrade.

Riley decided to sue, naming 360 Digital Marketing LLC and Retrocube LLC, among others.

GitGuardian’s systems constantly scan GitHub and other code repositories for exposed API keys, and fire off automated alerts to affected users.

GitGuardian’s Eric Fourrier told KrebsOnSecurity the exposed API key had access to several unreleased models of Grok, the AI chatbot developed by xAI.

“The credentials can be used to access the X.ai API with the identity of the user,” GitGuardian wrote in an email explaining their findings to xAI.

xAI told GitGuardian to report the matter through its bug bounty program at HackerOne, but just a few hours later the repository containing the API key was removed from GitHub.

“The fact that this key was publicly exposed for two months and granted access …

A 23-year-old Scottish man thought to be a member of the prolific Scattered Spider cybercrime group was extradited last week from Spain to the United States, where he is facing charges of wire fraud, conspiracy and identity theft.

Scattered Spider is a loosely affiliated criminal hacking group whose members have broken into and stolen data from some of the world’s largest technology companies.

His extradition to the United States was first reported last week by Bloomberg.

In August 2022, KrebsOnSecurity reviewed data harvested in a months-long cybercrime campaign by Scattered Spider involving countless SMS-based phishing attacks against employees at major corporations.

KrebsOnSecurity repor…

The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub.

Berulis said the new DOGE accounts had unrestricted permission to read, copy, and alter information contained in NLRB databases.

Berulis said he discovered one of the DOGE accounts had downloaded three external code libraries from GitHub that neither NLRB nor its contractors ever used.

Elez was among the first DOGE employees to face public scrutiny, after The Wall Street Journal linked him to social media posts that advocated racism and eugenics.

KrebsOnSecurity sought comment from both the NLRB and DOGE, and will update this story if either responds.

The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.

Berulis said the new DOGE accounts had unrestricted permission to read, copy, and alter information contained in NLRB databases.

The DOGE staffers did not speak with Berulis or anyone else in NLRB’s IT staff, but instead met with the agency leadership.

Berulis said the container caught his attention because he polled his colleagues and found none of them had ever used containers within the NLRB network.

The message informed NLRB employees that two DOGE representatives would be …

A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down.

Many of these CNAs are country and government-specific, or tied to individual software vendors or vulnerability disclosure platforms (a.k.a.

Put simply, MITRE is a critical, widely-used resource for centralizing and standardizing information on software vulnerabilities.

MITRE told KrebsOnSecurity the CVE website listing vulnerabilities will remain up after the funding expires, but that new CVEs won’t be added after April 16.

Former CISA Director Jen Easterly said the CVE program is a bit like the Dewey Decimal S…

President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history.

In 2020, CISA launched Rumor Control, a website that sought to rebut disinformation swirling around the 2020 election.

That effort ran directly counter to Trump’s claims that he lost the election because it was somehow hacked and stolen.

“Regular meetings between the National Security Council and European national security officials have gone unscheduled, and the NSC has also stopped formally coordinating efforts across U.S. agencies, including with t…

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google.

Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies.

Rather, they are sent via iMessage to Apple device users, and via RCS on Google Android devices.

The Smishing Triad members maintain their own Chinese-language sales channels on Telegram, which frequently offer videos and photos of their staff hard at work.

Prodaft’s report details how the Smishing Triad has achieved such success in sending their spam messages.

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild.

Microsoft rates it as “important,” but as Chris Goettl from Ivanti points out, risk-based prioritization warrants treating it as critical.

Narang notes that while flaws allowing attackers to install arbitrary code are consistently top overall Patch Tuesday features, the data is reversed for zero-day exploitation.

And in case you missed it, on March 31, 2025 Apple released a rather large batch of security updates for a wide range of their products, from macOS to the iOS operating systems on iPhones and iPa…

The UK’s Ministry of Defence has revealed that it was the target of a sophisticated, cyber attack that saw Russia-linked hackers pose as journalists.

The foiled attack was one of over 90,000 cyber attacks linked to hostile states directed against the UK's defence over the past two years, according to the Ministry of Defence.

The spear phishing campaign, which targeted staff with the intention of planting malware on MoD systems, was dubbed "Damascened Peacock".

A later attack used a financial theme in an attempt to trick the recipient into clicking on a link to a file-sharing site.

As Sky News reports, the UK's military is strengthening its own capabilities with the intention of being able t…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Allan Liska.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

According to the company, the security breach occurred at an unnamed third-party customer service provider rather than on Adidas's own systems.

Instead, according to the firm, "it mainly consists of contact information relating to consumers who have contacted our customer service help desk in the past."

Adidas says that it has informed the relevant regulators and authorities, and will be reaching out to those consumers affected by the data breach.

The company has not said how many people have been impacted by the security breach, how it occurred, or when it first detected.

The company has also notified the relevant authorities regarding this security incident and will alert those affected b…

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain access to ad-free episodes, become a supporter by joining Join The AI Fix Plus!

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more inf…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

The charges, filed under the Racketeer Influenced and Corrupt Organizations Act (RICO), bring the total number of defendants in the case to 27.

According to investigators, they tricked the victim into sharing multi-factor authentication codes, enabling them to access his accounts and steal a fortune in cryptocurrency.

Following the theft, Lam and Serrano are alleged to have laundered the stolen funds in a variety of ways, and used their riches to fund an extravagant lifestyle.

Now the DOJ has announced further defendants have been charged in connection with the racketeering conspiracy.

This case is a stark reminder of the growing intersection between cyber fraud and human psychology.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by special guest Dinah Davis.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

In episode 51 of The AI Fix, a Greek man’s marriage is destroyed after ChatGPT reads his coffee, a woman dumps her husband to marry an AI called Leo, and Graham wonders whether it’s time to upload his brain into a lunchbox-packing robot.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

If you would like to further support the podcast, and gain …

Sure enough, the announcement caused an immediate and dramatic spike in the value of Bitcoin, before it slipped down again after Gensler confirmed on his personal account that the SEC's account had been compromised.

His role was to impersonate the person who managed the SEC's Twitter account - a goal he achieved after creating a fake ID card bearing his face and their name.

Armed with a fake identity card, Council walked into an AT&T store in Huntsville, Alabama, and convinced a retail employee to hand over a SIM card for the victim’s phone number.

He then raced to an Apple Store, bought an iPhone, plugged in the SIM, and intercepted the password for the SEC’s Twitter account.

In June 2024,…

I’m delighted to share with you that “The AI Fix” is up for an award!

“The AI Fix” is the podcast that Mark Stockley and I have been producing for the last year all about the hilarious, bizarre, and sometimes downright mind-boggling world of artificial intelligence.

If you fancy voting for us in the European Cybersecurity Blogger awards (and frankly, we need a hand as we’re neither a blog nor about cybersecurity) then visit https://theaifix.show/voteVoting closes on Tuesday May 27 2025, so don’t delay!

And if you aren’t already a listener, be sure to check out “The AI Fix’ in all good podcast apps (and quite a few crummy ones as well):Thanks to everyone who listens to “The AI Fix”!

Follow G…

Industry observers have linked the Ascension patient data breach to the Clop ransomware group which in late 2024 was exploiting a zero-day vulnerability in software by enterprise software developer Cleo.

Ascension says it is offering two years' worth of free credit monitoring and identity restoration assistance to those who may be impacted by the data breach.

But that is likely to be little comfort for those who may be waking up to the reality that their sensitive medical data is now circulating publicly.

Ascension, meanwhile, has learnt the hard way that your systems are only as secure as your least protected partner.

All healthcare businesses handling sensitive information would be wise t…

In this episode of “Smashing Security” we dive into the creepy world of sextortion scams, and investigate how crypto wallet firm Ledger’s Discord server was hijacked in an attempt to phish for cryptocurrency recovery phrases.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our …

News and views from the world of artificial intelligence.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusi…

Perhaps you didn't manage to get any formal qualifications which would help you in the career you're interested in pursuing.

You've tried to set up your own business designing websites, but it's not giving you the life you want.

FBI officers were also present for Mazhar's arrest, as his criminal activities had stretched as far as the United States.

Judge Helen Boyle acknowledged Mazhar's early guilty plea and the complexities of the case but highlighted the deliberate nature of his criminal enterprise.

There was no evidence it was to assist a criminal organisation - you yourself were the criminal organisation," said the judge.

Система управления контентом WordPress используется на 43,5% сайтов в Интернете, поэтому нет ничего удивительного в том, что злоумышленники постоянно ищут способы атаки на нее.

Именно VexTrio непосредственно занимается перенаправлением трафика, который приходит от DollyWay, на мошеннические сайты.

Сотрудничество DollyWay с Lospollos объясняет, почему в некоторых случаях редирект с зараженных сайтов приводит пользователей не на вредоносные сайты, а на страницы вполне легитимных приложений в Google Play, в том числе Tinder или TikTok.

Для этого DollyWay отслеживает все, что вводится в форму входа в админку сайта, и сохраняет эти данные в скрытый файл.

Как полагают эксперты, скрипт для обслужи…

В официальном магазине Chrome Web Store исследователи кибербезопасности обнаружили 57 подозрительных расширений более чем с 6 000 000 пользователей.

К тому же эти расширения скрыты от индексирования — они не отображаются в результатах поиска в Chrome Web Store и их не находят поисковые системы.

Чем опасны расширения и как удобство ставит под угрозу безопасностьМы уже не раз рассказывали о том, почему к установке браузерных расширений не стоит относиться легкомысленно.

Дело в том, что для эффективной работы расширениям, как правило, необходимо иметь широкий доступ ко всему, что делает пользователь в браузере.

С чего началось исследование подозрительных расширений в Chrome Web StoreИсследоват…

Можно ли скачать или стереть со смартфона ваши фото и другие данные, пока он заряжается от общественной зарядки — в транспорте, в поликлинике, в аэропорту и так далее?

Первая разновидность атаки, эффективная и для iOS, и для Android, наиболее сложна в реализации.

На экране возникает вопрос о включении режима передачи данных — и атакующее устройство передает подтверждение с помощью Bluetooth-клавиатуры.

Какие устройства защищены от USB ChoiceJackingApple и Google заблокировали эти методы атаки в обновлениях iOS/iPadOS 18.4 и Android 15.

Наиболее важной и массовой защитой станет обновление до новейших версий Android и iOS.

Инцидент начался с того, что один из сотрудников скачал популярный менеджер паролей KeePass.

Компрометация менеджера паролей — серьезная угроза и для обычных пользователей, и для организаций.

Злоумышленники создавали поддельные сайты, имитирующие официальный сайт KeePass, и использовали вредоносные рекламные объявления (malvertising), чтобы перенаправлять пользователей, ищущих KeePass, на домены с многообещающими именами вроде keeppaswrd, keebass и KeePass-download.

Троян может поджидать в любом виде ПО — от игр и менеджеров паролей до специализированных приложений для бухгалтеров или архитекторов.

Это убережет вас от заражения большинством образцов вредоносного ПО и от перехода на опасные …

Мы обнаружили уязвимость в приложении Rubetek Home и рассказали, что могло бы случиться с безопасностью владельцев умных квартир и домов — но, к счастью, не случилось.

Проблема в том, что отправляемые файлы, помимо системной информации, содержали в себе персональные данные пользователей, а также, что более критично, Refresh-токены, необходимые для авторизации в аккаунте пользователя, чей токен был получен.

Зная расписание человека, злоумышленники могли бы попасть в квартиру, предварительно отключив камеры и другие охранные системы через приложение.

Через найденную уязвимость злоумышленник мог бы устроить атаку не на одну квартиру или частный дом, а на несколько тысяч жителей жилого комплекс…

Конечно, это может произойти не только, пока вы в отпуске, но именно в этом случае быстро отреагировать вы не сможете.

Кроме того, злоумышленник, получив доступ к вашей домашней IP-камере, может следить за вашим домом и в ваше отсутствие спланировать проникновение в жилище.

В отеле храните технику в сейфе и не оставляйте гаджет без присмотра, даже если вы им не планируете пользоваться.

В отеле храните технику в сейфе и не оставляйте гаджет без присмотра, даже если вы им не планируете пользоваться.

По возможности вообще не подключайтесь к неизвестным сетям Wi-Fi и не используйте чужие компьютеры, раз уж решили отдохнуть от Интернета и экранов.

Недавно мы уже рассказывали, как мошенники используют для этого уведомления от вполне легитимного сервиса для отправки больших файлов GetShared.

Сегодня мы рассмотрим еще один вариант доставки вредоносных сообщений: в этой схеме злоумышленники научились добавлять свои сообщения в настоящие письма с благодарностью за оформление бизнес-подписки на Microsoft 365.

Вполне легитимное письмо от Microsoft с сюрпризомАтака начинается с настоящего письма от Microsoft, в котором получателя благодарят за покупку подписки Microsoft 365 Apps for Business.

В случае с письмом со скриншота ниже Microsoft благодарит получателя за оформление 55 подписок на бизнес-приложения Microsoft 365 на общую сумму $587,9…

Всемирный экономический форум (WEF) определяет киберустойчивость как способность организации минимизировать влияние существенных киберинцидентов на ее основные бизнес-цели и задачи.

Все согласны, что киберустойчивость нужна современной компании, но практическая реализация стратегии киберустойчивости сталкивается с многочисленными трудностями.

Чтобы своевременно и эффективно реагировать на угрозы, следует обязательно внедрять системы, сочетающие детальный мониторинг инфраструктуры с полуавтоматическим реагированием: XDR, комбинация SIEM и SOAR и подобные.

Ecosystem engagement (взаимодействие в экосистеме): сотрудничество с партнерами по цепочке поставок, регулирующими органами и конкурентами…

Данные баги могут быть использованы по отдельности или в сочетании для проведения беспроводных атак на разнообразную технику, поддерживающую AirPlay.

AirPlay — это разработанный Apple набор протоколов, которые используются для стриминга аудио и (все чаще) видео между пользовательскими устройствами.

Например, с помощью AirPlay можно стримить музыку со смартфона на умную колонку или дублировать экран ноутбука на телевизоре.

Что такое AirBorne и чем опасны эти уязвимостиAirBorne — это целое семейство уязвимостей в протоколе AirPlay и наборе инструментов для разработки AirPlay SDK.

Установите на все ваши устройства надежное защитное решение — вопреки распространенному мифу, устройства Apple не …

Именно на них, по всей видимости, и рассчитывают злоумышленники, продвигающие фишинговые сайты через платформу Google Ads.

Согласно отчету Ads Safety Report, за 2024 год Google заблокировала или удалила 415 миллионов рекламных объявлений Google Ads за нарушения правил, преимущественно связанных с мошенничеством.

Как и в случае с настоящей формой входа в Semrush, на поддельных страницах предлагается два основных способа аутентификации: войти через Google-аккаунт или же ввести логин и пароль непосредственно от Semrush.

Фальшивый Google Ads в рекламе Google AdsЕще интереснее выглядит вариант той же атаки, в ходе которой преступники использовали Google Ads для продвижения фальшивых версий… само…

Когда год назад Microsoft анонсировала функцию «фотографической памяти» Recall для компьютеров Copilot+ PC, эксперты ИБ забили тревогу.

Насколько это меняет общую ситуацию с Recall и стоят ли некоторые его удобства возможной потери контроля над личной информацией?

И в быту, и на работе подсмотреть или угадать пин-код — простая задача для домочадцев и коллег.

Как отключить или удалить RecallЧтобы отключить RecallОткройте Параметры (Settings) в меню Пуск (Start) Windows и выберите Конфиденциальность и безопасность (Privacy & Security).

Периодически, хотя бы пару раз в неделю, заходите в Recall, чтобы посмотреть, какие приложения и сайты были им недавно сохранены.

Ransomware-группировка Interlock начала использовать технику ClickFix для проникновения в инфраструктуру своих жертв.

Исследователи кибербезопасности обнаружили, что Interlock использует поддельную CAPTCHA якобы от Cloudflare на странице, маскирующейся под сайт Advanced IP Scanner — популярного бесплатного сетевого сканера.

Судя по всему, Interlock находится на этапе тестирования новых инструментов, в частности техники ClickFix.

Как Interlock использует ClickFix для распространения вредоносного ПОЗлоумышленники из Interlock заманивают жертву на страницу, адрес которой имитирует адрес сайта Advanced IP Scanner.

Как защититься от атак с использованием техники ClickFixПоэтому все защитные меры…

Письмо выглядит вполне «по-гугловски», да и адрес отправителя совершенно респектабельный — no—[email protected].

Это именно тот адрес, с которого приходят уведомления безопасности.

Смотрим дальше: в поле mailed-by мы также сталкиваемся с подозрительным адресом, который уж точно никак не связан с Google, — fwd-04-1.fwd.privateemail[.]com.

Далее мошенники зарегистрировали собственное веб-приложение в системе Google OAuth и предоставили ему доступ к своему аккаунту в Google Workspace.

Компания признала ее потенциальным риском для пользователей и в настоящее время работает над устранением уязвимости в OAuth.

В 2025 году в этот памятный день, учрежденный Интерполом и «Лабораторией Касперского», мы хотим обсудить тенденции, которые прослеживаются в ransomware-инцидентах и служат доказательством того, что с каждым годом идея вести переговоры со злоумышленниками и совершать переводы в криптовалюте становится все хуже.

Во-вторых, бизнес вымогателей — это шифрование, а не расшифровка, поэтому написанию декрипторов уделяется минимум внимания: они плохо и медленно работают.

Ужесточение законодательствСовременные злоумышленники не только шифруют, но и крадут данные, что создает долгосрочные риски для компании и топ-менеджмента.

Отсутствие гарантийЧасто компании платят не столько за расшифровку, сколько …

Затем она вошла и в стандарт стилизации веб-страниц, CSS.

Суд фирма выиграла, но производители основных браузеров изменили код обработки ссылок, чтобы считывать состояние посещенности ссылок «в лоб» стало невозможно.

Мы неоднократно писали, как рекламные и аналитические компании отслеживают все перемещения пользователей по Сети с помощью куки и технологий фингерпринтинга.

Если вы нажмете на ссылку centralbank.com, она будет покрашена как посещенная — но только внутри виджета banksupport, показанного на сайте bank.com.

Что делать пользователямЕсли вы не пользуетесь Chrome, в котором хватает других проблем с конфиденциальностью, для защиты от атак «фиолетовых ссылок» есть несколько простых пр…

That’s why I’m excited to announce the availability of Cisco Secure Access – DNS Defense, the newest member of the Secure Access product family.

Why Secure Access – DNS Defense?

Secure Access – DNS Defense delivers faster, more precise threat detection with fewer false positives.

A Seamless Upgrade for Umbrella DNS CustomersIf you’re an existing Cisco Umbrella DNS customer, we’ve designed Secure Access – DNS Defense with you in mind.

Whether you choose DNS Defense exclusively or explore the broader possibilities of Cisco’s Secure Access product family, Secure Access adapts as your needs change.

What if we told you that most breaches are not caused by advanced malware or zero-day exploits, but by everyday human mistakes?

This is the essence of the 90-5-5 Concept: a framework that shifts the conversation from reactive defenses to proactive design.

IBM, Stanford University and Verizon all highlight how human behavior, especially around everyday decision-making, is the dominant factor in security breaches.

The 90-5-5 Concept is not just an observation: it is a blueprint.

We can build environments where human mistakes are caught, guided, or even prevented entirely.

The Forrester Total Economic Impact™ (TEI) study, commissioned by Cisco, explored the experiences of organizations using Cisco Security Suites to implement zero trust.

The study highlights how Cisco Security Suites are enabling organizations to address key challenges associated with traditional security models.

One of the key findings is the ability of Cisco Security Suites to streamline security operations.

The study also highlights the impact of Cisco Security Suites on an organization’s overall security posture.

By implementing zero trust principles with Cisco, organizations reduced their risk of data breaches and other security incidents.

Cisco XDR has always been predicated on the knowledge that every customer and every SOC is different.

If a technology your team relies on isn’t supported out-of-the-box in Cisco XDR, that can be addressed by the vendor of that product, or even yourself.

These changes will make it easier to not only write custom content, but to also find and share content written by the Cisco XDR community.

This year, we’re excited to host DEVNET-2236, DEVNET-2387, and the DevNet Innovation Zone demo booth, where we’ll showcase groundbreaking updates for Cisco XDR.

Cisco XDR integrations can offer several different outcomes depending on what the technology does and how you want to use it.

Modern GPU allocation solutions must adapt to the varying nature of AI workloads and provide customized resource provisioning to avoid unnecessary idle states.

The Use of Market in the GPU Allocation FrameworkServices and GPU resources can adapt to the changing computational needs of AI workloads in dynamic and shared environments.

Framework Overview (Using an Example)Given our expertise in cybersecurity, we explore a GPU allocation scenario for a forensic AI system designed to support incident response during a cyberattack.

Instead, Company Z adopts an on-demand GPU allocation model, ensuring high-performance, AI-driven, forensic analysis while minimizing unnecessary resource waste.

GPU Re…

Cisco solves these challenges with Cisco Hybrid Mesh Firewall.

Intelligent centralized managementThe connective tissue for Cisco Hybrid Mesh Firewall is Cisco Security Cloud Control, an AI-native management system that unifies the administration of on-premises and cloud-based firewalls.

A simpler, more flexible way to achieve outcomesThe Cisco Cloud Protection Suite marries simplicity and flexibility for easy adoption of core hybrid mesh firewall capabilities.

Security that evolves with your needsCisco Hybrid Mesh Firewall is redefining network security.

Check out Cisco Hybrid Mesh Firewall and Cloud Protection Suite today and discover how it can help you protect your hybrid environment.

Announcing Cisco Secure Access China, Operated by Digital China CloudRegulatory ambiguity.

To support our customers’ growth in Mainland China and comply with the country’s cybersecurity and data protection laws, we are introducing our Secure Access China solution, operated in partnership with Digital China Cloud (DCC).

What Compliance-First MeansPurpose-built for China’s unique regulatory landscape, Secure Access China emphasizes compliance as the leading element in the organization’s security posture.

Secure Access China offers the core benefits of the global version of Secure Access.

Cisco Secure Access China clears the path for a more predictable and stable operating posture.

1: LLMs, agents, tools and frameworksThe figure above outlines the ecosystem of AI agents, showcasing the relationships between four main components: LLMs, AI Agents, Frameworks, and Tools.

2: AI red-team agent workflowThis illustrates a cybersecurity workflow for automated vulnerability exploitation using AI.

3: Red-team AI agent LangGraph workflowThe figure above illustrates a workflow for building AI agents using LangGraph.

The Testing EnvironmentThe figure below describes a testing environment designed to simulate a vulnerable application for security testing, particularly for red team exercises.

In SummaryThe AI red team agent showcases the potential of leveraging AI agents to streamli…

As threats move faster and operations get leaner, organizations are shifting from reactive investigation to proactive, automated forensics.

That’s why we’re excited to announce a major leap forward in Cisco XDR: automated forensics built into the detection and response workflow.

Cisco’s vision is clear: Threat Detection, Investigation, and Response (TDIR) and forensics must be a unified motion.

And now, Cisco XDR makes this possible by operationalizing forensics directly into the AI-assisted TDIR flow.

Confident SOCs have embraced a continuous, connected workflow where detection, response, investigation, verification, and remediation are all part of the same motion.

Instant Attack VerificationDesigned to take Incidents in Cisco XDR to the next level, Instant Attack Verification continues to focus on ensuring organizations can quickly understand what is happening in their environment and action effectively.

With Instant Attack Verification, every action is backed by explainable AI, real evidence, and a human-readable verdict.

Cisco XDR with Instant Attack Verification turns the idea of autonomous response into a trusted, practical reality.

Instant Attack Verification Redefines What’s PossibleInstant Attack Verification redefines what is possible in modern security operations.

Instant Attack Verification reduces false positives, reduces alert fatigue, sp…

Attack StoryboardThe Cisco XDR Attack Storyboard is a breakthrough advancement, leveraging AI-driven investigations that help analysts comprehend an entire attack in under 30 seconds.

Decisive Response: Cisco XDR triggers prebuilt playbooks across XDR and Secure Access, isolating compromised users, devices, or workloads in real-time once a threat is confirmed.

Cisco XDR triggers prebuilt playbooks across XDR and Secure Access, isolating compromised users, devices, or workloads in real-time once a threat is confirmed.

Optimized Analyst Time: By automating the SOC workflow with AI, Cisco XDR empowers analysts to focus on decision-making rather than log analysis.

By automating the SOC workflow…

With Foundation-sec-8B, teams can build, fine-tune, and deploy AI-native workflows across the security lifecycle.

This model is designed to help security teams think faster, act with precision, and scale operations without compromise.

In downstream security tasks—such as extracting MITRE ATT&CK techniques from unstructured threat reports—a fine-tuned foundation-sec-8b model significantly outperformed fine-tuning the same-sized Llama model.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social HandlesLinkedInFacebookInstagramXShareShare:

The team is called Foundation AI, and its mission is to create transformational AI technology for cybersecurity applications.

Introducing Foundation AIToday, we are thrilled to announce the launch of Foundation AI, a Cisco organization dedicated to creating open bleeding-edge AI technology to empower cybersecurity applications.

Foundation AI is comprised of leading AI and security researchers and engineers, building from Robust Intelligence, which was recently acquired by Cisco.

Foundation AI is comprised of leading AI and security researchers and engineers, building from Robust Intelligence, which was recently acquired by Cisco.

Foundation AI will soon release AI supply chain and risk mana…

Below is an example of the detection we observed at Black Hat Asia.

Domain Name Service StatisticsAuthored by: Christian Clasen and Justin MurphyWe install virtual appliances as critical infrastructure of the Black Hat network, with cloud redundancy.

Want to learn more about what we saw at Black Hat Asia 2025?

Check out our main blog post — Black Hat Asia 2025: Innovation in the SOC — and our other Black Hat 2025 content.

Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings presentations, Trainings courses, Summits, and more.

Authored by: Ryan MacLennanLast year, Black Hat asked Cisco Security if we could be the Single Sign-On (SSO) provider for all the partners in the Black Hat NOC.

We started the proof-of-value at Black Hat Asia 2024 and partially deployed at Black Hat Europe 2024.

We have successfully integrated with the partners in the Black Hat NOC to enable this idea started a year ago.

Want to learn more about what we saw at Black Hat Asia 2025?

Check out our main blog post — Black Hat Asia 2025: Innovation in the SOC — and the other content it links to.

In today’s evolving cyber threat landscape, threat actors are committed to advancing the sophistication of their attacks.

When clicked, the link returns a token for the Device Registration Service, allowing registration of the threat actor’s device to the tenant.

Post-compromise identity attacksIn addition to using phishing techniques for initial access, in some cases threat actors leverage the identity acquired from their first-stage phishing attack to launch subsequent phishing attacks.

Learn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

To hear stories and insights from the Microsoft Threat Intelli…

In this blog you will hear directly from Corporate Vice President and Deputy Chief Information Security Officer (CISO) for AI, Yonatan Zunger, about how to build a plan to deploy AI safely.

How do you deploy AI safely?

As Microsoft’s Deputy CISO for AI, my day job is to think about all the things that can go wrong with AI.

If you’re reading this, you’ve likely been asked to do something similar in your own organization—to develop AI systems for your own use, or deploy ones that you’ve acquired from others.

AI-specific principlesWhen it comes to building AI systems, we’ve uncovered a few rules that are exceptionally useful.

Our industry needs to continue working together on identity standards for agent access across systems. Read about how Microsoft is building a robust and sophisticated set of agents.

The post The future of AI agents—and why OAuth must evolve appeared first on Microsoft Security Blog.

We also thank our partners at the US Federal Bureau of Investigation for their continued collaboration on investigating Void Blizzard targeting.

Void Blizzard targetsVoid Blizzard primarily targets NATO member states and Ukraine.

Note, however, that this alert can be also triggered by Void Blizzard activity that is not related to the activity covered in this report.

Void Blizzard activityThe following alerts might indicate credential theft activity related to Void Blizzard utilizing commodity information stealers or conducting password spraying techniques.

Suspicious URL clickedThis query correlates Microsoft Defender for Office 365 signals and Microsoft Entra ID identity data to find the r…

Lumma Stealer delivery techniquesLumma Stealer leverages a broad and evolving set of delivery vectors.

Screenshot of the ClickFix landing after Prometheus TDS redirectionLumma Stealer malware analysisThe core Lumma Stealer malware is written in a combination of C++ and ASM.

Microsoft Defender Threat IntelligenceMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.

Learn moreFor the latest security research from the Microsoft Threat Intelligence communi…

We are excited to introduce Microsoft Entra Agent ID, which extends identity management and access capabilities to AI agents.

Microsoft Entra Agent ID is a huge step in delivering industry thought leadership with a tangible solution.

As part of this, we’ll integrate Microsoft Entra Agent ID with the ServiceNow AI Platform and the Workday Agent System of Record.

Enabled natively for AI agents built within Azure AI Foundry and Copilot Studio.

This means that AI agents can now inherently benefit from Microsoft Purview’s robust data security and compliance capabilities.

In this blog, you’ll learn more about how the Microsoft Secure Future Initiative (SFI)—a real-world case study on Zero Trust—aligns with Zero Trust strategies.

In May 2024, Microsoft expanded the Secure Future Initiative to include six engineering pillars and 28 aligned objectives.

Zero Trust Workshop A comprehensive technical guide to help customers and partners adopt a Zero Trust strategy and deploy security solutions end-to-end to secure their organizations.

Additional resources and action itemsGet started on your Zero Trust journey: Visit the Microsoft Zero Trust webpage, access the Zero Trust Adoption Framework in the Microsoft Zero Trust guidance center, and download the self-serve Ze…

In this blog, we present details on how Marbled Dust uses the Output Messenger zero-day exploit in the attack chain of this campaign.

Strengthen operating environment configurationStrengthen Microsoft Defender for Endpoint configurationEnsure that tamper protection is enabled in Microsoft Defender for Endpoint.

Marbled Dust C2Surface devices that might have communicated with Marbled Dust C2.

]com Domain C2 4/5/2024 5/12/2025Learn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evo…

In this blog, we present details on how Marbled Dust uses the Output Messenger zero-day exploit in the attack chain of this campaign.

Strengthen operating environment configurationStrengthen Microsoft Defender for Endpoint configurationEnsure that tamper protection is enabled in Microsoft Defender for Endpoint.

Marbled Dust C2Surface devices that might have communicated with Marbled Dust C2.

]com Domain C2 4/5/2024 5/12/2025Learn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To hear stories and insights from the Microsoft Threat Intelligence community about the ever-evo…

Terrell Cox , Vice President for Privacy and Compliance and Deputy Chief Information Security Officer for Microsoft Security Products Division.

, Vice President for Privacy and Compliance and Deputy Chief Information Security Officer for Microsoft Security Products Division.

Ilya Grebnov , Distinguished Engineer and Deputy Chief Information Security Officer, Business Applications.

, Distinguished Engineer and Deputy Chief Information Security Officer, Business Applications.

Damon Becknel, Vice President and Deputy Chief Information Security Officer, Regulated Industries.

Terrell Cox , Vice President for Privacy and Compliance and Deputy Chief Information Security Officer for Microsoft Security Products Division.

, Vice President for Privacy and Compliance and Deputy Chief Information Security Officer for Microsoft Security Products Division.

Ilya Grebnov , Distinguished Engineer and Deputy Chief Information Security Officer, Business Applications.

, Distinguished Engineer and Deputy Chief Information Security Officer, Business Applications.

Damon Becknel, Vice President and Deputy Chief Information Security Officer, Regulated Industries.

In February of 2024, Microsoft outlined its six-pillared comprehensive approach to addressing abusive AI-generated content.

“We are delighted to welcome Microsoft to the Global Signal Exchange.

To this end, The Global Signal Exchange empowers us all to share a vision for data sharing based on a global, multistakeholder, multisector platform.” —Emily Taylor, Founder, Global Signal ExchangeThe Global Signal Exchange platform surfaces malicious URLs, suspect IP addresses, scams, and phishing attacks.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

1International Scammers Steal Over $1 Trillion in 12 Months in Global State…

In February of 2024, Microsoft outlined its six-pillared comprehensive approach to addressing abusive AI-generated content.

“We are delighted to welcome Microsoft to the Global Signal Exchange.

To this end, The Global Signal Exchange empowers us all to share a vision for data sharing based on a global, multistakeholder, multisector platform.” —Emily Taylor, Founder, Global Signal ExchangeThe Global Signal Exchange platform surfaces malicious URLs, suspect IP addresses, scams, and phishing attacks.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

1International Scammers Steal Over $1 Trillion in 12 Months in Global State…

An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks.

After discovering this issue, we shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

This blog post details our investigation into using Office macros to escape the macOS App Sandbox and how we uncovered the CVE-2025-31191 vulnerability.

The macOS App Sandbox and Office macrosThe macOS App Sandbox is a security mechanism employed on macOS applications, enforcing strict fine-grained rules on what an app can or cannot do.

As corroborated by our research, this ex…

An attacker could create an exploit to escape the App Sandbox without user interaction required for any sandboxed app using security-scoped bookmarks.

After discovering this issue, we shared our findings with Apple through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

This blog post details our investigation into using Office macros to escape the macOS App Sandbox and how we uncovered the CVE-2025-31191 vulnerability.

The macOS App Sandbox and Office macrosThe macOS App Sandbox is a security mechanism employed on macOS applications, enforcing strict fine-grained rules on what an app can or cannot do.

As corroborated by our research, this ex…

Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems.

In 2019, using the same physical assumptions – which consider qubits with a slightly lower error rate than Google Quantum AI’s current quantum computers – the estimate was lowered to 20 million physical qubits.

Normally more error correction layers means more overhead, but a good combination was discovered by the Google Quantum AI team in 2023.

Another notable error correction improvement is using "magic state cultivation", proposed by the Google Quantum AI team in 2024, to reduce the workspace required for certain basic quantum operations.

These algorithms can already be deployed to d…

Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.

Now, Google Play Protect live threat detection will catch apps and alert you when we detect this deceptive behavior.

We’ve made Google Play Protect’s on-device capabilities smarter to help us identify more malicious applications even faster to keep you safe.

Google Play Protect now uses a new set of on-device rules to specifically look for text or binary patterns to quickly identify malware families.

This update to Google Play Protect is now available globally for all Android…

To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users.

Advanced Protection gives users:Best-in-class protection, minimal disruption: Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Advanced Protection gives users the option to equip their devices with Android’s most effective security features for proactive defense, with a user-friendly and low-friction experience.

Defense-in-depth: Once a user turns on Advanced Protection, the system prevents accidental or malicious disab…

Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data.

Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts.

Chrome has always worked with Google Safe Browsing to help keep you safe online.

Standard Protection users will also benefit indirectly from this feature as we add newly discovered dangerous sites to blocklists.

Beyond tech support scams, in the future we plan to use the capabilities described in this post to help detect other popular scam types, such as package tracking scams and unpaid toll scams.

Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers.

This is why we are making Sec-Gemini v1 freely available to select organizations, institutions, professionals, and NGOs for research purposes.

Sec-Gemini v1 outperforms other models on key cybersecurity benchmarks as a result of its advanced integration of Google Threat Intelligence (GTI), OSV, and other key data sources.

Sec-Gemini v1 outperforms other models on CTI-MCQ, a leading threat intelligence benchmark, by at least 11% (See Figure 1).

If you are interested in collaborating with us on advancing the AI cybersecurity frontier, please request early access to Sec-Gemini v1…

In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library.

These challenges are addressed by using Sigstore, a collection of tools and services that make code signing secure and easy.

These features are why we recommend Sigstore’s signing mechanism as the default approach for signing ML models.

Today the OSS community is releasing the v1.0 stable version of our model signing library as a Python package supporting Sigstore and traditional signing methods.

This model signing library is specialized to handle the sheer scale of ML models (which are usually much larger than traditional so…

The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome.

It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy.

Last spring, the Chrome Root Program led ecosystem-wide experiments, emphasizing the need for linting adoption due to the discovery of widespread certificate mis-issuance.

We recently landed an updated version of the Chrome Root Program Policy that further aligns with the goals outlined in “Moving Forward, Together.” The Chrome Root Program remains committed to proactive advancement of the Web PKI.

We continue to value collaboration with web…

We’re excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe NetherlandsDenmarkNorwaySwedenFinlandAustraliaNew ZealandSingaporePuerto RicoThis expansion means Titan Security Keys are now available in 22 markets, including previously announced countries like Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.

What is a Titan Security Key?

How do I use a Titan Security Key?

Where can I buy a Titan Security Key?

You can buy Titan Security Keys on the Google Store.

In December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR.

With guided remediation support for Maven, you can remediate vulnerabilities in both direct and transitive dependencies through direct version updates or overriding versions through dependency management.

We also introduced machine readable output for guided remediation that makes it easier to integrate guided remediation into your workflow.

VEX Support: We're planning to add support for Vulnerability Exchange (VEX) to facilitate better communication and collaboration around vulnerability information.

Try OSV-Scanner V2You can try V2.0.0 and contribute to its ongoing developme…

Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of $12 million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who’s reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who’ve recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and rel…

Scam Detection in Google Messages uses powerful Google AI to proactively address conversational scams by providing real-time detection even after initial messages are received.

You can turn off Spam Protection, which includes Scam Detection, in your Google Messages at any time.

Scam Detection in Google Messages is launching in English first in the U.S., U.K. and Canada and will expand to more countries soon.

Scam Detection for callsMore than half of Americans reported receiving at least one scam call per day in 2024.

If enabled, Scam Detection will beep at the start and during the call to notify participants the feature is on.

This includes memory-safe languages, now including high-performance ones such as Rust, as well as safer language subsets like Safe Buffers for C++.

In Android for example, the increasing adoption of memory-safe languages like Kotlin and Rust in new code has driven a significant reduction in vulnerabilities.

In this way, policymakers will gain the technical foundation to craft effective policy initiatives and incentives promoting memory safety.

Importantly, our vision for achieving memory safety through standardization focuses on defining the desired outcomes rather than locking ourselves into specific technologies.

The goal would be to objectively compare the memory safety assurance of diff…

Google Play’s multi-layered protections against bad appsTo create a trusted experience for everyone on Google Play, we use our SAFE principles as a guide, incorporating multi-layered protections that are always evolving to help keep Google Play safe.

Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source.

In 2024, Google Play Protect’s real-time scanning identified more than 13 million new malicious apps from outside Google Play1.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled …

This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.

One of these tools is a robust evaluation framework we have developed to automatically red-team an AI system’s vulnerability to indirect prompt injection attacks.

Threat model and evaluation frameworkOur threat model concentrates on an attacker using indirect prompt injection to exfiltrate sensitive information, as illustrated above.

Based on this probability, the attack model refines the prompt injection.

This process repeats until the attack model converges to a successful prompt injection.