Свобода — это когда ты выключаешь компьютер, а он не включает тебе подписку на что-то новое.

Учёный из Японии нашёл объяснение странному «фальшивому» сигналу в гравитационных волнах.

Никаких батареек, никаких чипов — просто гениальная поверхность, очищающая сигнал.

Каждая четвёртая компания понятия не имеет, что делать с устаревшими системами.

Как микробы выживали в ледяном плену? Дроны ищут ответ в вулканическом пепле Намибии.

Система ускорит создание лекарств в 100 раз, мощно прокачает логистику…

Ваш код держат на мушке, и вы даже не услышите выстрела.

Это не просто статистика — это риск для каждого второго пользователя.

Гибридные облака создают новые уязвимости, к которым бизнес оказался не готов.

Контента должно стать в разы больше — но какой ценой?

Случайный скрипт на больничном терминале стоил карьеры и свободы.

Так что же стало причиной массового отключения электричества?

Увольнение сотрудника превратилось в хакерскую вендетту.

ФБР тихо злорадствует в сторонке.

Кто поджарил иранский порт и попытался взломать страну?

Николай Казанцев уверен, что автоматизация не только снижает нагрузку на людей, но и повышает качество информационной безопасности.

Типичные ошибки автоматизации информационной безопасности и как их избежатьНиколай Казанцев объяснил, что в готовых продуктах для управления процессами и автоматизации инцидентов уже заложена определённая экспертиза.

Нужно подумать, стоит ли прибегать к автоматизации для повторяющихся задач, а не для разовых уникальных случаев.

Авторские решения и разработки для автоматизации информационной безопасностиСпикеры рассказали о том, как в их компаниях воплощаются новейшие тенденции по части автоматизации информационной безопасности.

ВыводыАвтоматизация в информацион…

Компаниям и разнообразным госорганизациям приходится собирать их как с сотрудников, так и с покупателей и заказчиков, даже если они просто посетили сайт организации.

Россия присоединилась к соответствующим конвенциям относительно поздно, только в начале нулевых, а закон о персональных данных 152-ФЗ — ещё позже, в 2006 году.

Причём нужно отдельное согласие на каждую из целей обработки персональных данных.

По мнению Алексея Мунтяна, существующий порядок целесообразно сохранить только для обработки биометрических данных и персональных данных специальных категорий.

Замглавы ведомства напомнил, что Роскомнадзор определил список ситуаций, когда сбор согласий на обработку персональных данных со ст…

Госдума одобрила законопроект об изменениях в федеральном законе № 187-ФЗ о безопасности критической информационной инфраструктуры России. Цель — усилить независимость и повысить безопасность, обеспечить непрерывное взаимодействие с НКЦКИ. Что изменилось и к чему уже сейчас надо готовиться субъектам КИИ? ВведениеОтраслевые особенности объектов КИИТехнологическая независимость КИИ РФВзаимодействие с НКЦКИЧто делать субъектам КИИ в связи с нововведениями?ВыводыВведение25 марта в третьем чтении Государственной Думой принят законопроект, вносящий изменения в Федеральный закон от 26.07.2017 №187-ФЗ «О безопасности критической информационной инфраструктуры Российской Федерации». Ранее эксперты Ан…

Для обеспечения комплексной защиты антивирусы, как правило, используют разные типы движков, а иногда и их сочетания.

В отличие от полноценного антивируса этот сканер не имеет графического интерфейса и не способен обеспечить защиту в режиме реального времени.

Эти драйверы могут завершать вредоносные процессы, гарантированно удалять их или перемещать в карантин, даже когда вредоносная программа пытается активно защищаться.

В зависимости от принципов, заложенных разработчиками, настройки для сканеров в режиме реального времени и по требованию могут быть как централизованными, так и индивидуальными.

Хорошей практикой также считается проверка подписи обновлений и самого файла каталога: это позво…

Сфера конфиденциальных вычислений (таких, которые позволяют нескольким участникам производить совместные математические расчёты без раскрытия входных данных друг другу) демонстрирует быстрый рост. Они востребованы во многих секторах и отраслях экономики. А как обстоит дело с внедрением этой концепции в России? ВведениеТеория конфиденциальных вычислений: от «миллионеров» до криптопротоколовКак работают конфиденциальные вычисления: технологии и реализацияПримеры внедрения конфиденциальных вычислений в России: финтех, ДЭГ, медицинаОсновные барьеры для внедрения конфиденциальных вычисленийВыводыВведениеТеоретические основы конфиденциальных вычислений были заложены не так давно. Интересно, что в…

Продукт включает в себя программные компоненты:PT ISIM View Sensor (обобщённое наименование продуктов PT ISIM microView Sensor, PT ISIM netView Sensor, PT ISIM proView Sensor) — базовый компонент.

PT ISIM Endpoint Server — компонент сбора событий с хостовых агентов PT ISIM Endpoint Agent.

PT ISIM Endpoint Management — интерфейс управления хостовыми агентами PT ISIM Endpoint Agent.

Программно-аппаратными узлами системы могут быть узлы PT ISIM View Sensor и PT ISIM Overview Center.

Промышленная экспертиза в PT ISIM 5PT ISIM View Sensor использует специальную экспертную базу Positive Technologies Industrial Security Threat Indicators (PT ISTI).

Согласно исследованию Б1, Россия входит в топ-10 мировых лидеров по объёму инвестиций в кибербезопасность, что способствует дальнейшему развитию отрасли.

В 2024 году продолжился рост доли отечественных решений, подтверждая устойчивость рынка как на национальном, так и на глобальном уровне.

Специфика тут заключается в том, что на российском рынке регуляторы сильно давят на иностранные облачные сервисы и их клиентов.

Дефицит кадров на рынке информационной безопасности в РоссииНа фоне бурного роста рынка кибербезопасности в России наблюдается дефицит кадров.

Это стимулирует спрос не только на технические решения, но и на аудит, консалтинг и обучение специалистов.

Поэтому вопрос использования WAF и API Firewall становится еще актуальнее.

Защита этих протоколов становится важной задачей как для WAF, так и для API Firewall.

Почему важно использовать WAF и API Firewall вместе?

Важно понимать, что WAF и API Firewall — это не конкуренты, а дополняющие друг друга решения.

Таким образом, комплексное применение WAF и API Firewall гарантирует всестороннюю защиту цифрового бизнеса от широкого спектра киберугроз и сохранность данных клиентов.

Дмитрий Лебедев считает, что для выявления угроз можно отталкиваться от проблем, которые связаны с безопасностью и организацией удалённого доступа.

Как организовать удалённый доступ для подрядчиков?

Дмитрий Орлёнок, ведущий менеджер по развитию бизнеса SafeInspect, Solar inRightsДмитрий Лебедев уверен, что доступ для подрядчиков должен быть максимально строгий и безопасный.

Сертификация означает, что криптографическое средство прошло проверку в уполномоченных органах (ФСБ или ФСТЭК России) и включено в реестр сертифицированных средств.

Последнее особенно важно: если удалённый пользователь выключил средства защиты и не установил критически важные обновления, никакие технические меры не помог…

Именно такой подход реализуют системы класса SIEM (Security Information and Event Management, решение для централизованного автоматизированного мониторинга событий безопасности и выявления инцидентов информационной безопасности).

Платформа Security Capsule SIEMОдна из них — Security Capsule SIEM (SC SIEM) — российская платформа класса SIEM, созданная компанией ООО «Инновационные Технологии в Бизнесе», сертифицированная ФСТЭК России и зарегистрированная в реестре отечественного ПО Минцифры РФ.

Использование Security Capsule SIEM в информационных системахКлючевые выгоды от использования Security Capsule SIEM:Повышение безопасности данных.

Сценарии использования Security Capsule SIEMИИ-ассисте…

Появление безопасности киберфизических систем (КФС) среди главных тем для ИБ многим кажется закономерным.

Круглый стол по развитию защиты киберфизических систем на «Рутокен Day 2025»Основные отговорки звучат так:Устройства слишком простые — ломаться нечему, компрометировать нечего.

Тема «особого» отношения к КФС на российском рынке сразу отметили участники круглого стола.

Как отметил Владимир Карантаев («Лаборатория Касперского»), недавно компания Positive Technologies провела при поддержке Минпромторга анализ состояния КФС на российском рынке.

Реалии защищенности киберфизических систем в РоссииКак уже было отмечено, компания Positive Technologies провела исследование российского рынка КФС …

РФ долгое время заметно отставала в развитии квантовых технологий, но в последние 5 лет сделала довольно большой рывок, в том числе в разработке практических сценариев применения квантовых технологий.

Как развиваются квантовые технологии в России: стратегия, достижения и планыС 2020 года квантовые технологии стали одними из тех, развитию которых уделяется большое внимание на государственном уровне.

Основные области применения квантовых технологий в России по данным АНО «Цифровая экономика»Пока, как отметил Сергей Плуготаренко, в большей степени востребовано использование оптимизационных алгоритмов.

Заместитель председателя правления «Газпромбанка» Дмитрий Зауэрс назвал перспективными сценар…

Недавно он анонсировал запуск новой версии 2.8 системы организации удалённого доступа RuDesktop с дополнительным модулем UEM, позволяющим управлять конфигурациями устройств.

Функции и возможности RuDesktop УД и UEM 2.8RuDesktop УД и UEM не ограничивается только организацией удалённого доступа.

Страница «Преднастройки» в RuDesktop 2.8Программный комплекс RuDesktop легко синхронизируется с внутренними инструментами информационной безопасности (SIEM, системами контроля и управления доступом (СКУД) и др.).

Системные требования к RuDesktop УД и UEM 2.8Программный комплекс RuDesktop УД и UEM 2.8 совместим со всеми популярными операционными системами (в т.ч.

Программные компоненты RuDesktop УД и U…

Aggah в данный момент прекратила использовать Crypters And Tools или или их атаки находятся вне зоны нашего наблюдения.

Отметим, что TA558 и Blind Ealge не ограничиваются использованием только Crypters And Tools в своих атаках.

В отчете данное ВПО было атрибутировано к группе Blind Eagle, но Ande Loader используется в Crypters And Tools, поэтому прямая атрибуция некорректна.

Например URL, который мы указывали в качестве инфраструктуры TA558 в одной из версий Crypters And Tools появился внутри самого криптора:http://servidorwindows.ddns.com.br/Files/js.jpegРисунок 2.

Ниже показаны некоторые взаимосвязи между группировками TA558 и Aggah на основе открытых источников и прошлых кампаний злоумыш…

Они говорят, что это было «удивительно просто».

Давайте рассмотрим, как я к этому пришел.

Первоначальная подсказкаПервое, что я сделал, это взял выходной код python в анимированном GIF-файле Horizon.

То, что началось как любопытство по поводу твита, превратилось в глубокое исследование того, как ИИ меняет исследования уязвимостей.

Я решил перевести эту статью для вас, потому что уверен в её концептуальной важности для всей кибербезопасности.

Достаточно перейти на online.setezor.net, в веб-браузере, зарегистрироваться и развернуть агента, например, на VDS.

Несколько пользователей могут быть приглашены в один проект, в разных подсетях и на любых устройствах, сканировать сеть на устройства в сети, открытые порты, сервисы и их версии, находить уязвимости и проводить аналитику в удобном представлении (визуализация объекта исследования на карте сети и в табличном формате).

Просканированная информация на странице «Информация» Добавить Scopes с IP-адресами и портами Создадим вторую группу целей.

Готовый скоуп по IP-адресам и портам на странице «Скоупы» Определение сервисов на портах На странице «Инструменты» → «Сети» → nmap выбрать Ско…

Теперь же мы обратим своё внимание на LLM, в частности GigaChat.

Часть 1: Яндекс.Разврат или анти-этичный ИИЧасть 2: Яндекс.Вброс или ИИ для фейковНачнём с небольшого погружения в суть вопроса (если хочется сразу к интересному, то можно скипнуть этот и следующий абзацы).

Он с удовольствием поможет кому угодно с химией, да и не только с ней.

Тот же промпт, что и выше, опробовали мы его на двух разных моделях, 4o и на продвинутой o3.

Но мы всё время говорили о чём-то овеществлённом, хотя очевидно, что ИИ может и в социальную инженерию.

В этой статье я расскажу об опыте перехода с UserGate 6.x на 7.x — со всеми подводными камнями, неожиданными сюрпризами и спасительными лайфхаками.

Вы будете благодарны себе за эту предусмотрительность, особенно когда миграция растянется не на часы, а на долгие дни тестирования и отладки.

Во процессе импорта конфигурации на UserGate NGFW 7.x отображается подробный лог импорта с цветовой индикацией: зеленым выделены успешно импортированные компоненты, синим — предупреждения.

На что обратить внимание в UserGate NGFW 7Седьмая версия UserGate NGFW избавлена от многих раздражающих проблем шестой, но и она не идеальна.

Интерфейс межсетевого экрана в UserGate NGFW 7.x после миграцииСистемы глубоко…

С помощью Ansible можно массово развертывать и применять конфигурации, упрощая соблюдение требований ФСТЭК России и обеспечивая надежность и эффективность инфраструктуры.

А ещё Ansible поддерживает разные платформы и сервисы, так что можно автоматизировать задачи как в локальной, так и в облачной среде.

Например, плейбук с именем «2.1 Configuring authorization in Linux operating systems» выполняет настройки для рекомендации ФСТЭК России по пункту «2.1.

Применение изменений sysctl: командой выполняется перезагрузка параметров sysctl для применения всех изменений.

2.6.7 Применение изменений sysctl: командой выполняется перезагрузка параметров sysctl для применения всех изменений.

Разработка безопасного программного обеспечения.

Композиционный анализ ПО В ГОСТ будут установлены требования к практикам композиционного анализа, в том числе с обязательным взаимодействием с банком данных угроз ФСТЭК России (БДУ).

Руководство по внедрению процессов разработки безопасного ПО Планируется, что ГОСТ предложит детальное руководство по внедрению требований ГОСТ Р 56939-2024.

Из планов Правительства:Как участники Консорциума исследований безопасности технологий ИИ мы знаем, что в скором времени планируется законодательное регулирование применения ИИ в госсекторе и КИИ.

Такой файл помог мне разложить для себя хронологию регулирования и определить последовательность, что и за чем ш…

Во второй части посмотрим на весь Kill Chain атак на FreeIPA и покажем, как приведенные правила позволят выявлять злоумышленника на любом из этапов.

Оказавшись на сервере или на рядовом хосте, атакующий может скомпрометировать находящиеся на них keytab-файлы для аутентификации.

На сервере FreeIPA и на членах домена:/etc/krb5.keytab2.

На сервере FreeIPA и на членах домена:/var/lib/sss/db/*.ldb/var/lib/sss/secrets/secrets.ldb2.

В норме таких событий в домене достаточно мало, соответственно, можно выстроить профиль подключений, отследить нелегитимные и в дальнейшем их расследовать.

Как это работает?

Zero шифрования на своём уровне: VLESS полагается на TLS — это как бронежилет под обычной рубашкой.

TLS (как в HTTPS) уже защищает трафик.

), но в десятой версии ОС был добавлен встроенный OpenSSH клиент, который работает так же, как в Линукс.

Настройка клиента:Email: аналогично как и с примечанием, наименование для удобства;Flow: выбираем из списка xtls-rprx-vision.

По этим причинам автором была предпринята попытка реализовать аналог оригинального протокола на эллиптических кривых.

Необходимые параметры взаимодействия:i - идентификатор Алисы на сервере Боба.

Алиса и Боб генерируют сеаксовый ключ связи k = SHA-256(S.x | S.y).

Теперь Алиса и Боб обмениваются доказательствами того, что они выработали одинаковый ключ k:6.

Поэтому Меллори может получить верификатор V Алисы (ибо имеет прямой доступ к БД Боба) и при этом контроллировать канал взаимодействия Боба и Алисы.

Я начинал как полный ноль, для понимания два года назад я не знал разницы между TCP и UDP.

Надеюсь, мой опыт, изложенный в этой статье, убережет вас от подобных ошибок и сэкономит время, деньги и нервы.

Главной проблемой оказался острый недостаток практического опыта и того, что я называю «насмотренностью» – способности быстро распознавать паттерны атак и потенциальные уязвимости.

Машины на HTB часто сложнее и не всегда напрямую похожи на экзаменационные в OSCP.

Несмотря на не самое лучшее качество записи, оно просто великолепно демонстрирует системный и тщательный подход к пентесту от начала и до конца.

Например, Ubuntu хорош для повседневной работы, а Kali Linux разработан специально для задач информационной безопасности.

Выбор зависит от ваших целей: для атак — Kali, для анонимности — Parrot, для защиты — Kali Purple, для forensics — DEFT.

Установщик сам настроит разделы для Linux (обычно корневой / и swap для подкачки) и добавит загрузчик GRUB, который позволит выбирать между Windows и Linux при включении компьютера.

В Kali Linux основная работа проходит в терминале — командной строке, которая похожа на "Командную строку" в Windows, но гораздо мощнее.

Чтобы открыть терминал, найдите его в меню приложений (в Xfce это значок с чёрным экраном в верхнем меню или в разделе "Система").

В этом году Recall (судя по всему) возвращается, и в ее работе произошли некоторые позитивные изменения.

Наконец, собираемые данные (база скриншотов и распознанный текст) зашифрованы, в то время как в первой версии Recall в прошлом году они хранились в открытом виде.Хорошие новости на этом заканчиваются.

Microsoft предприняла некоторые усилия, чтобы в базе Recall не сохранялась уж совсем опасная информация вроде номеров кредитных карт.

Бьюмон также отметил, что на фотографиях публичных персон эти самые персоны определяются по имени.В текущей версии Recall присутствуют явные баги.

На ноутбуке, протестированном журналистами Ars Technica, Recall зарезервировала 150 гигабайт на терабайтном SSD …

Не хочу, чтобы в ваш дом из-за меня постучались люди в штатском.

Поначалу меня смутила надпись, но оказалось, что это не проблема.Первой трудностью стало то, что в Интернете на удивление мало ресурсов о клонировании сигнала.

После нескольких нажатий на кнопки термостата график ожил!Не обращайте внимания на толстую вертикальную линию на графике — это стандартное последствие работы с очень дешёвым SDR, в моём случае она возникает на всех исследуемых частотах.Этот шаг не особо важен, но можете попробовать воспользоваться инструментом rtl_433 tool (несмотря на название, он работает и на других частотах), чтобы проверить, не общается ли термостат по известному протоколу.

Для не очень популярных …

Настройка базы данных XCAСоздадим корневой сертификат для подписи, для этого перейдите в "Сертификаты" и "Новый сертификат"Инструкция в картинках Создадим корневой сертификат, которым подпишем промежуточный.

Аналогичные действия и для ROOTCA Экспортируем SUBCA и ROOTCA в файл revoked.crl именно в таком порядке.

{ ssl_fc } http-request set-header X-Forwarded-Host %[req.hdr(host)] http-request set-header X-Forwarded-For %[src] http-request add-header X-Real-Ip %[src] server s1 127.0.0.1:49009 Таким образом можно добавить неограниченной количество inboundsНастроим XHTTP:Пример Создаем inbound со следующими настройками:1.

В f_https добавим:use_backend http_adh if { ssl_fc_sni -i corp.example.ru…

Также взломщики поделились множеством скриншотов, которые демонстрируют, что некий хакер имел доступ к административным панелям и инструментам для сотрудников 4chan.

Члены The Party не сообщили, как именно они получили доступ к системам 4chan.

— Через эту точку входа им удалось получить доступ к одному из серверов 4chan, включая доступ к БД и нашей административной панели.

Закончив загрузку, они начали ломать 4chan, после чего модераторам стало известно о происходящем, и серверы 4chan были отключены, чтобы предотвратить дальнейший доступ.

Нам удалось завершить покупку в июне, а в июле новые серверы были установлены в стойки и запущены в работу, — рассказывают представители администрации.

Согласно предлагаемым изменениям, дропперам и их посредникам будет грозить тюремное заключение на срок до шести лет, а также штраф в размере от 300 000 до 1 млн рублей.

Инициатива позволит создать серьезные препятствия для вывода мошенниками украденных средств, а возможная уголовная ответственность существенно сократит количество желающих поучаствовать в преступных схемах за вознаграждение, добавил он.

В аппарате Григоренко заявили, что целью является «создание многоуровневой системы защиты, которая минимизирует риски для граждан и усложнит реализацию мошеннических схем».

Им грозят принудительные работы до пяти лет и возможный штраф от 300 000 до 1 млн рублей, либо лишение свободы до шести …

Hitachi Vantara, дочерняя компания японской транснациональной корпорации Hitachi, в минувшие выходные была вынуждена отключить от сети серверы, чтобы локализовать атаку вымогателя Akira.

Компания Hitachi Vantara занимается хранением данных, созданием инфраструктурных систем, управлением облачными вычислениями и предоставляет услуги по восстановлению после атак вымогателей.

«26 апреля 2025 года компания Hitachi Vantara столкнулась с вымогательским инцидентом, который привел к нарушению работы некоторых наших систем, — сообщили в Hitachi Vantara.

Собственный источник издания, знакомый с ситуацией, сообщил, что хакеры похитили файлы из сети Hitachi Vantara и оставили на взломанных машинах запи…

Если ты хочешь не просто пройти обучение, а действительно выйти на рынок труда с нужными навыками, стоит обратить внимание на курсы с трудоустройством Eduson Academy — онлайн-платформы с современными образовательными программами, ориентированными на результат.

Почему стоит выбрать обучение с трудоустройством?

Главное отличие курсов с трудоустройством — акцент на практику и поддержку на пути к первому рабочему месту.

более 20 000 студентов завершили обучение;90% трудоустроены в течение полугода;онлайн-формат и обучение в удобное время;наставники — действующие ИТ-специалисты;документ о прохождении обучения — электронный сертификат, который ценят работодатели.

Eduson Academy не только обучает,…

Криптовалютная биржа Coinbase исправляет ошибку в логах активности аккаунтов, из-за которой пользователи считали, что их учетные данные скомпрометированы.

В прошлом месяце издание Bleeping Computer сообщило о массовой проблеме, возникшей у пользователей Coinbase: биржа по ошибке обозначала неудачные попытки входа в аккаунт с неверным паролем как проблему двухфакторной аутентификации (2ФА) в логах активности.

На этой неделе разработчики Coinbase выпустили обновление, исправляющее эту ошибку, и теперь попытки входа в аккаунт сопровождаются корректным сообщением о неудачной попытке ввода пароля: «Password attempt failed».

Так, пользователи биржи сообщали Bleeping Computer, что мошенники пытали…

Разработчики браузера Brave открыли исходный код инструмента Cookiecrumbler.

Cookiecrumbler использует ИИ для поиска сайтов, где применяются платформы CMP (Consent Management Platforms), и сообщает о результатах в Issues на GitHub.

В своем анонсе разработчики подчеркивают, что работа Cookiecrumbler не раскрывает никаких конфиденциальных данных.

Так, Cookiecrumbler полностью работает в бэкенде Brave, а не в браузере пользователя, а значит, данные пользователя не участвуют в процессе поиска и анализа.

Также в компании сообщают, что Cookiecrumbler будет интегрирован в Brave только после того, как пройдет полную проверку на предмет, которая гарантирует, что работа инструмента будет соответствов…

Разработчики Cisco изучают влияние критической уязвимости CVE-2025-32433, связанной с удаленным выполнением кода в Erlang/OTP, на свои продукты.

На прошлой неделе стало известно, что в Erlang/OTP нашли критическую уязвимость CVE-2025-32433, которая позволяет удаленно и без аутентификации выполнять произвольный код на уязвимых устройствах.

Проблема затрагивает все устройства, на которых работает SSH-демон Erlang/OTP, и для ее устранения рекомендуется как можно скорее обновиться до версий OTP-27.3.3, OTP-26.2.5.11 и OTP-25.3.2.20.

Любые команды, выполняемые с помощью этой уязвимости, будут запускаться с теми же привилегиями, что и демон SSH.

Также ИБ-специалисты предупреждали, что для атак мо…

Общее количество атак возросло на 110% по сравнению с первым кварталом 2024 года, а также эксперты обнаружили гигантский DDoS-ботнет, состоящий из 1,33 млн устройств.

Большинство DDoS-атак на транспортном и сетевом уровнях (L3–L4) были направлены на сегменты ИТ и телекома (26,8%), финтех (22,3%) и электронную коммерцию.

Кроме того, исследователи рассказали об обнаружении огромного DDoS-ботнета, состоящего из 1,33 млн устройств.

Сообщается, что ботнет состоит преимущественно из устройств, находящихся в Бразилии (51,1%), Аргентине (6,1%), России (4,6%), Ираке (3,2%) и Мексике (2,4%).

Аналитики связывают это с низкими темпами замены устаревших устройств, для которых более не выпускают обновлен…

Справка: сканирование портовСка­ниро­вание пор­тов — стан­дар­тный пер­вый шаг при любой ата­ке.

Он поз­воля­ет ата­кующе­му узнать, какие служ­бы на хос­те при­нима­ют соеди­нение.

На осно­ве этой информа­ции выбира­ется сле­дующий шаг к получе­нию точ­ки вхо­да.

На­ибо­лее извес­тный инс­тру­мент для ска­ниро­вания — это Nmap.

Улуч­шить резуль­таты его работы ты можешь при помощи сле­дующе­го скрип­та:#!/ bin/ bash ports = $( nmap -p- --min-rate = 500 $1 | grep ^[ 0- 9] | cut -d '/ ' -f 1 | tr ' ' ', ' | sed s/, $/ / ) nmap -p $ports -A $1

Недавно компания Microsoft создала в Windows пустую папку inetpub и попросила пользователей не удалять ее, так как она предотвращает эксплуатацию уязвимости.

Хотя удаление папки не вызывало никаких проблем в работе Windows, представители Microsoft поспешили сообщить, что пустая папка была создана намеренно, и ее не следует удалять.

Тогда разработчики Microsoft обновили бюллетень безопасности, связанный с уязвимостью повышения привилегий в Windows Process Activation (CVE-2025-21204), чтобы сообщить пользователям о пользе пустой папки inetpub.

«Эту папку не следует удалять, независимо от того, активна ли служба Internet Information Services (IIS) на целевом устройстве.

«Я обнаружил, что это и…

ФБР предлагает до 10 млн долларов США за информацию об участниках китайской хак-группы Salt Typhoon и прошлогодней атаке, в результате которой были скомпрометированы сети ряда американских телекоммуникационных компаний.

В частности, правоохранителей интересуют конкретные члены Salt Typhoon и то, как группировка взломала несколько американских телекоммуникационных компаний в прошлом году.

Считается, что группировка Salt Typhoon, также известная под именами RedMike, Ghost Emperor, FamousSparrow, Earth Estries и UNC2286, активна как минимум с 2019 года.

За годы своего существования Salt Typhoon неоднократно атаковала телекоммуникационные компании по всему миру, в том числе и в США.

Наиболее из…

Компания SAP выпустила внеплановые патчи для NetWeaver и исправила уязвимость нулевого дня, связанную с удаленным выполнением кода (RCE).

Проблема связана с неаутентифицированной загрузкой файлов в SAP NetWeaver Visual Composer, а именно в компоненте Metadata Uploader.

Она позволяет злоумышленникам загружать вредоносные исполняемые файлы без входа в систему, что потенциально может привести к удаленному выполнению кода и полной компрометации.

Примечательно, что на прошлой неделе компания ReliaQuest сообщила о некой активно эксплуатируемой уязвимости в SAP NetWeaver Visual Composer, а конкретно в /developmentserver/metadatauploader, что соответствует описанию CVE-2025-31324.

В компании писали…

Компания Microsoft объявила об увеличении размера выплат по программе bug bounty до 30 000 долларов США за ИИ-уязвимости, обнаруженные в сервисах и продуктах Dynamics 365 и Power Platform.

«Мы приглашаем частных лиц и организации выявить уязвимости в целевых приложениях Dynamics 365 и Power Platform и поделиться ими с нашей командой.

Соответствующие требованиям материалы могут претендовать на вознаграждение в размере от 500 до 30 000 долларов США», — говорится в сообщении компании.

К связанным с ИИ уязвимостям относятся подмены выводов, манипуляции с моделью и утечки чувствительной информации критической или серьезной степени через запросы.

Как стало известно на этой неделе, в результате ко…

Игроки сообщают, что некая уязвимость в StarCraft II позволяет внедрять видео в многопользовательские матчи и показывать их другим игрокам без предупреждения.

Затем, примерно через минуту появилось видео с парнем, входящим в магазин с наложенным поверх видео [пользовательским интерфейсом StarCraft] и репликами призрака.

Со мной в комнате была моя пятилетняя дочь, отчасти уделяя внимание тому, что я играю в игру».

После этого сообщения Tad0422 другие игроки тоже стали рассказывать на Reddit о том, что за последний год они сталкивались с подобными ситуациями в StarCraft II.

Еще несколько человек на официальных форумах StarCraft II и на Reddit рассказали, что им показывали видео с нацистской с…

Обводного канала, 74Ц, Санкт-Петербург) Подробнее ознакомиться с проектом и программой, а также бесплатно зарегистрироваться на конференцию можно на официальном сайте cyberwave.ru.

Cyberwave 2025Конференция Cyberwave 2025 ставит перед собой цель — создать платформу для обмена опытом и реальными кейсами, способствующую коллаборации с бизнесом, развитию профессионального комьюнити и хантингу нового поколения кадров в области IT и кибербезопасности.

ПрограммаОрганизаторы подготовили для участников Cyberwave 2025 насыщенную программу.

Кроме того, партнером Cyberwave 2025 выступает факультет безопасности информационных технологий Университета ИТМО, который представит ряд активностей, связанных с…

Popular messaging app WhatsApp on Tuesday unveiled a new technology called Private Processing to enable artificial intelligence (AI) capabilities in a privacy-preserving manner.

"Private Processing will allow users to leverage powerful optional AI features – like summarizing unread messages or editing help – while preserving WhatsApp's core privacy promise," the Meta-owned service said in a statement shared with The Hacker News.

With the introduction of the latest feature, the idea is to facilitate the use of AI features while still keeping users' messages private.

The development comes as Meta released a dedicated Meta AI app built with Llama 4 that comes with a "social" Discover feed to s…

The second jailbreak is realized by prompting the AI for information on how not to reply to a specific request.

"Ergo – having built-in guardrails in the form of policies and prompt rules is invaluable in achieving consistently secure code."

"Upgrading to the latest model is not as simple as changing the model name parameter in your code," SplxAI said.

This has also prompted worries that the AI company may be rushing new model releases at the expense of lowering safety standards.

"The potential impact of this is massive, opening the door for malicious exploitation and complete system compromise."

Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its high-value customers.

Further analysis has determined that the same South Asian government entity was also targeted previously in June 2024 with ShadowPad (aka PoisonPlug), a known backdoor widely shared among China-nexus espionage groups.

The exact nature of the overlap between the June 2024 activity and the later PurpleHaze attacks is unknown as yet.

One among the victims of these attacks included the organization that was then responsible for managing hardware logistics for SentinelOne employees.

One ransomware gro…

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats - all while keeping productivity high.

Reco's Approach to Microsoft Copilot SecurityReco, a SaaS Security platform, steps in to address these Copilot-induced risks.

Reco's strategy for Copilot security covers six key areas.

The platform also integrates with data classification systems (like Microsoft Purview sensitivity labels) to understand what data Copilot accesses.

Securing Copilot is therefore not just about Copilot itself, but about securing your entire SaaS environment against a new kind of access and automation.

Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023.

Of the 75 zero-days, 44% of them targeted enterprise products.

Among the exploited 33 zero-days in enterprise software and appliances, 20 of them targeted security and network products, such as those from Ivanti, Palo Alto Networks, and Cisco.

The companies with the most targeted zero-days were Microsoft (26), Google (11), Ivanti (7), and Apple (5).

The future of zero-day exploitation will ultimately be dictated by vendors' decisions and ability to counter threat actors' objectives and pursuits."

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that's capable of conducting surveillance.

The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur language.

Present within the archive was a poisoned version of UyghurEdit++ that profiled the compromised Windows system and sent the information to an external server ("tengri.ooguy[.]com").

The findings are the latest in a series of highly-targeted attacks aimed at the Uyghur diaspora with the goal of …

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

For software customers, this means your environment must be: (i) accessible via the internet, (ii) compromised through an unrelated avenue, and (iii) accessed leveraging legitimate user credentials."

"This vulnerability can allow the user to execute any existing Fabric OS command or can also be used to modify the Fabric OS itself, including adding their own subroutines," Broadcom noted in a bulletin published on A…

The activity exemplifies the sophisticated social engineering tactics employed by North Korean threat actors to lure developers.

The activity exemplifies the sophisticated social engineering tactics employed by North Korean threat actors to lure developers.

This indicates that threat actors are using unconventional ways to evade detection while aggressively pushing them through ads and malicious sites.

Also added to ATT&CK v17 is a technique named "Remote Access Tools: Remote Access Hardware" that highlights Democratic People's Republic of Korea (DPRK) remote work schemes.

Also added to ATT&CK v17 is a technique named "Remote Access Tools: Remote Access Hardware" that highlights Democratic …

Not every security vulnerability is high risk on its own - but in the hands of an advanced attacker, even small weaknesses can escalate into major breaches.

These five real vulnerabilities, uncovered by Intruder's bug-hunting team, reveal how attackers turn overlooked flaws into serious security incidents.

The app followed the redirect and logged the response, which exposed sensitive metadata - including AWS credentials.

While automated tools might not have detected the full attack chain, breaking just this part of the chain could have prevented exploitation.

Stop breaches before they startThese real-world examples show how vulnerabilities can escalate into serious breaches when left unchec…

The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration.

The threat actor's activities date back to November 2020, with the intrusions primarily relying on services like Dropbox and Microsoft OneDrive to siphon sensitive data using tools like TESDAT and SIMPOBOXSPY.

These consist of Cobalt Strike Beacons, rootkits like KRNRAT and Moriya, as well as data exfiltration malware.

One of the bespoke tools used for data exfiltration is SIMPOBOXSPY, which can upload the RAR archive to Dropbox with a specific access token.

"Earth Kurma remains highly active, continuing to target countries around Southeast Asia," Trend Micro said.

Cybersecurity researchers are warning about a large-scale phishing campaign targeting WooCommerce users with a fake security alert urging them to download a "critical patch" but deploy a backdoor instead.

Recipients of the phishing email are urged to click on a "Download Patch" link in order to download and install the supposed security fix.

However, doing so redirects them to a spoofed WooCommerce Marketplace page hosted on the domain "woocommėrce[.

]com" (note the use of "ė" in place of "e") from where a ZIP archive ("authbypass-update-31297-id.zip") can be downloaded.

Users are advised to scan their instances for suspicious plugins or administrator accounts, and ensure that the software …

Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access.

"In versions 3.x of Craft CMS, the asset ID is checked before the creation of the transformation object whereas in versions 4.x and 5.x, the asset ID is checked after.

Thus, for the exploit to function with every version of Craft CMS, the threat actor needs to find a valid asset ID."

The asset ID, in the context of Craft CMS, refers to the way document files and media are managed, with each asset given a unique ID.

Vulnerable Craft CMS Instances by CountryAs of April 18, 2025, an estimated 13,000 vulnerable Craft CMS instanc…

Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year.

"The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors," the Microsoft Threat Intelligence team said in an analysis.

"The threat actor then used the information from both files and posted the credentials to the target tenants for validation," Microsoft said.

In one successful instance of account compromise observed by Redmond, the threat actor is said to have taken advantage of a guest account to create a resource group within the compromi…

Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS.

LAGTOY is designed to contact a hard-coded command-and-control (C2) server to retrieve commands for subsequent execution on the endpoint.

"After a lull in activity of approximately three weeks, we observed the CACTUS ransomware group make its way into the victim enterprise using credentials stolen by ToyMaker," Talos said.

Also observed are multiple methods to set up long-term access using OpenSSH, AnyDesk, and eHorus Agent.

"ToyMaker is a financially-motivated initial access broker (IAB) who acq…

North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process.

"In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry—BlockNovas LLC (blocknovas[.]

]co)—to spread malware via 'job interview lures," Silent Push said in a deep-dive analysis.

The activity, the cybersecurity company said, is being used to distribute three different known malware families, BeaverTail, InvisibleFerret, and OtterCookie.

The threat actors also appear to be hosting a tool named Kryptoneer on the domain attisscmo[.

Chances are high that many people think, “it’s an iPhone, so I’m safe”.

Also, all manner of everyday scams and other threats bombard not just Android, but also iOS users.

Where else iOS threats are lurkingWhile the above may “only” impact EU citizens, there are also other and possibly more immediate concerns for iOS users worldwide.

Take ESET’s iOS security checklist to learn just how safe your iPhone is.

Try to stick to the App Store for any downloads, in order to minimize the risk of downloading something malicious or risky.

On social media platforms like TikTok and Instagram, the reach of deepfakes, along with their potential for harm, can be especially staggering.

Example of a misleading TikTok videoIn one case, the “doctor” touts a “natural extract” as a superior alternative to Ozempic, the drug celebrated for aiding weight loss.

We spotted more than 20 TikTok and Instagram accounts using deepfake doctors to push their products.

While such misuse violates the terms and conditions of common AI tools, it also highlights how easily they can be weaponized.

As AI tools continue to advance, distinguishing between authentic and fabricated content will become harder rather than easier.

And they are doing so with Google Forms to harvest sensitive information from their victims and even trick them into installing malware.

Why Google Forms?

Quiz spamCybercriminals might abuse the quiz feature in Google Forms – by creating a quiz and adding your email address.

Pay attention: Google always displays a warning on Google Forms, telling recipients “Never submit passwords through Google Forms".

Simply by reading this article, you will be in a good place when it comes to fending off the threat from malicious Google Forms.

Most headline-making LLM models have “moral barriers” against doing bad things, the digital equivalent of the Hippocratic Oath to “First, do no harm”.

Some recently released projects focus the backend API of an LLM on the target of gaining root access on servers.

It’s easy to imagine nation states ramping up this kind of effort – predictive weaponization of software flaws now and in the future using AI.

This puts the defenders on the “rear foot”, and will cause a sort of digital defense AI escalation that does seem slightly dystopian.

Even today’s freely available AI models can “reason” through problems without breaking a sweat, mindlessly pondering them in a chain-of-thought manner that mi…

So what if, instead of downloading an AI‑generated video from CapCut or another similar tool, you had your data stolen or gave control of your computer to a stranger?

The threat isn’t hypothetical – security researchers have previously observed campaigns that exploited CapCut’s popularity to distribute multiple infostealers and other malware.

Let’s now look briefly at another campaign that’s targeting people interested in AI-powered content by promising premium versions of popular software such as CapCut, Adobe Express and Canva.

(Note that the actual premium version is called “CapCut Pro” or referred to simply as “Pro” on the website, not “CapCutProAI" as in the screenshot.)

“Most remote c…

That’s why information-stealing (infostealer) malware has risen to become a major driver of identity fraud, account takeover and digital currency theft.

But there are also plenty of people that live much of their daily lives online and manage to stay safe.

Splash screen shown by the Vidar infostealer installer and impersonating Midjourney (source: ESET Threat Report H1 2024)How do I get compromised with infostealers?

Game mods/cheats: Unofficial modifications or cheats for video games may contain infostealer malware.

This will offer some protection against certain infostealer techniques such as keylogging, although it is not 100% foolproof.

So why are education institutions such a popular target?

A culture of information sharing, and openness to external collaboration, can invite risk and provide opportunities for threat actors to leverage.

A culture of information sharing, and openness to external collaboration, can invite risk and provide opportunities for threat actors to leverage.

It doesn’t help that many education institutions are running legacy software and hardware that may be unpatched and unsupported.

It doesn’t help that many education institutions are running legacy software and hardware that may be unpatched and unsupported.

Our habit of blindly trusting and clicking on top search results has become so predictable that it can be subverted and turned against us.

A fake website blending in search results for Firefox and targeting Chinese speakers (image credit: landiannews.com)The risks aren’t lost on Google, of course.

Which is why it pays to know about the risks involved in both organic and paid search results, and how to separate the wheat from the chaff.

Mastercard impersonatorsStaying safeMost of all, remember that prominence in search results doesn’t automatically equate to legitimacy.

Use reputable security software that can identify and block connections to malicious domains, thus providing an additional …

News that someone close, be it a friend, relative, or colleague, has had one of their valuable online accounts compromised is bound to trigger a mix of reactions.

Maybe you’ve already received a message that ostensibly came from a close friend but felt off.

Have you previously shared access to streaming services or other online tools with the person who was hacked?

What if the same or similar login credentials have been used to access other digital accounts?

Collective awareness and securityFinally, chances are high your relative or friend could use some help when rebuilding their digital life.

Here’s a lowdown on how your personal data could be stolen – and how to make sure it isn’t.

Once circulating in the cybercrime underground, it’s only a matter of time before it is used in identity fraud attempts.

According to Javelin Strategy & Research, identity fraud and scams cost Americans $47bn in 2024 alone.

Malicious websites: Phishing sites can be spoofed to appear as if they are the real thing, right down to faked domain.

Identity fraud continues to be a threat because it is relatively easy for threat actors to start making healthy profits.

AI systems, especially the large foundation models, are revolutionizing the way AI is used in society.

People devise various tests to showcase how far AI has come and where these AI systems or models surpass human capabilities.

Trust in AI is a major topic globally, with attitudes toward AI systems varying widely between cultures and regions.

How can the AI research community help foster trust in AI technologies and ensure that they are viewed as beneficial and trustworthy across diverse societies?

How do you see AI researchers contributing to policies and regulations that ensure the ethical and responsible development of AI systems?

From an exploited vulnerability in a third-party ChatGPT tool to a bizarre twist on ransomware demands, it's a wrap on another month filled with impactful cybersecurity newsAs you might expect, the world of cybersecurity doesn't sleep, so much so that keeping up with new threats and other impactful news actually feels like a full-time job.

This is where our roundup of the month's most impactful cybersecurity stories comes in.

In the March 2025 edition, ESET Chief Security Evangelist Tony Anscombe looks at:how cybercriminals exploited a year-old vulnerability in a third-party ChatGPT tool to attack US government organizations,a bizarre twist on ransomware demands, as a scam is making the rou…

“Everybody has a plan until they get punched in the mouth.”Mike Tyson’s punchy (pun intended) adage rings all too true for organizations reeling from a ransomware attack.

According to Verizon’s 2024 Data Breach Investigations Report, one-third of all data breaches involve ransomware or another extortion technique.

Bruised and batteredWhen the news of a ransomware attack breaks, headlines often focus on the dramatic ransom demands and the ethical and legal conundrums over payment.

Second, decryption tools from researchers are better thought of as a last-resort option as it often cannot match the urgency of business recovery needs.

Since attackers also often take aim at data backups, this app…

For a fleeting moment, she actually felt like she’d seen a similar message before, probably in last year’s cybersecurity awareness training.

But by now that training was a blur of lifeless PowerPoint slides, forgettable screenshots and mind-numbing multiple-choice questions replete with obscure terms and concepts.

Ripping off the band aidThe story above exposes a major problem: even the most diligent employees are prone to forgetting what they “learned” in cybersecurity training.

Why subject your employees to mundane training that is likely to fail the moment pressure hits?

She recognizes the red flags, because she has encountered similar scenarios in her engaging security training.

ESET researchers also examine the growing threat posed by tools that ransomware affiliates deploy in an attempt to disrupt EDR security solutionsESET research has released a deep-dive analysis of changes in the ransomware ecosystem in 2024, focusing especially on RansomHub, a new but highly prolific ransomware-as-a-service (RaaS) gang.

Among other things, the report features previously unpublished insights into RansomHub’s affiliate structure and uncovers connections between this gang and its peers, such as Play, Medusa, and BianLian.

In addition, ESET's analysis also documents the emerging threat of EDR killers, unmasking EDRKillShifter, one such tool developed and maintained by RansomHub.…

In 2024, threat actors exploited 75 zero-days – i.e., vulnerabilities previously unknown to vendors, thus without a readily available patch – in a wide variety of attacks.

Of these, 33 vulnerabilities (44%) affected enterprise solutions, which is up from 37% in 2023, according to Google Threat Intelligence Group researchers.

We identified 20 security and networking vulnerabilities, which was over 60% of all zero-day exploitation of enterprise technologies,” they noted.

Apple slid to the fourth most frequently exploited vendor this year, with detected exploitation of only five zero-days.

“We continue to see the same types of vulnerabilities exploited over time, indicating patterns in what we…

Bitwarden launched Access Intelligence, a set of new capabilities that enables enterprises to proactively defend against internal credential risks and external phishing threats.

Risk Insights addresses a critical disconnect surfaced in the Bitwarden Business Insights Report.

Securing critical workflows and sensitive informationBuilt-in application visibility enables teams to prioritize credential remediation based on business impact.

Real-time protection against phishing attacksAdvanced Phishing Blocker for Access Intelligence stops phishing attempts by detecting and redirecting users away from known malicious domains before credentials are entered.

Unlike conventional solutions centered on…

ExtraHop launched all-in-one sensor designed to unify network traffic collection that scales across a number of security use cases.

With the ExtraHop all-in-one sensor, customers can eliminate the need to tap into each network segment multiple times to feed their legacy security tools.

Simplify security stacks : Eliminate tool sprawl and integrate multiple security tools into one platform.

: Eliminate tool sprawl and integrate multiple security tools into one platform.

Enhance SOC productivity: Streamline security workflows by avoiding switching between siloed security tools and leverage network context data to achieve faster response times.

The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault (CVE-2025-3928), Active!

Vulnerabilities exploited as zero-daysCVE-2025-3928 is an unspecified vulnerability that affected the web server module in all Commvault CommServe, Web Servers, and Command Center software.

“Exploiting this vulnerability requires a bad actor to have authenticated user credentials within the Commvault Software environment.

In a recent update on the February attacks, Commvault said that only a small number of customers have been affected.

FInally, CVE-2025-1976 is a code injection vulnerability in the Fabri…

The “cyber incident” that British multinational retailer Marks & Spencer has been struggling with for over a week is a ransomware attack, multiple sources have asserted.

The Telegraph’s sources say ransomware was deployed by a unnamed criminal gang.

Ransomware deploymentMany have speculated that the attack was probably the work of a ransomware / cyber extortion outfit.

Scattered Spider is a loosely organized cybercriminal group that specializes in phishing, social engineering, MFA prompt bombing and SIM swapping attacks and often allies with various ransomware groups.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity thre…

Aqua Security has unveiled the next phase of its AI security strategy with the introduction of Secure AI, full lifecycle security from code to cloud to prompt.

IDC predicts over 1 billion new AI applications by 2028, translating into 10 billion containers deployed across cloud native environments.

At the same time, attacks on AI workloads have surged 400%, targeting the very layer where AI applications execute.

As the cloud native stack becomes the hotbed for running AI applications, Aqua is uniquely positioned to extend its leadership in runtime protection to the emerging challenges of AI security.

“There’s growing demand for AI-specific security controls from customers across every vertic…

Varonis announced always-on AI risk defense that continuously identifies data exposure in real time, flags violations, and automatically fixes issues before they can become data breaches.

Varonis AI Shield continuously analyzes your AI security posture, monitors how AI interacts with data, and dynamically right-sizes permissions so that sensitive information isn’t exposed due to poor data security hygiene.

AI Shield makes intelligent decisions about which data to restrict from AI using Varonis’ patented permissions analysis algorithms that factor in data sensitivity, staleness, user profile, and more.

“AI Shield gives our customers the confidence to deploy AI with both preventative and dete…

Rogue applications are a top concern.

Nearly half (45%) of respondents encountered rogue and/or malicious applications in the past year, and 46% cited them as a top identity-based concern.

The consequences of these attacks go beyond downtime and reputational harm, with 32% of businesses impacted by identity-based incidents reporting losses exceeding $100,000.

Our Managed ITDR solution gives organizations the proactive detection and response they need to take control of their identity security posture before attackers do,” Ramamurthy continued.

Protecting more than 1.8 million identities, Huntress Managed ITDR has stopped 28,000 identity attacks and counting in the last six months.

This release sets a new benchmark in the red team services market, enabling organizations to test their security environments with the highest level of confidence.

Bugcrowd customers can tailor their RTaaS engagements to meet specific needs, budget constraints, and organizational maturity.

“Bugcrowd was founded on the bug bounty hunter mindset, an objective that aligns perfectly with Red Team operators.

Bugcrowd RTaaS Integrates threat intelligence and risk profiling to simulate realistic, regulation-ready scenarios.

Capitalize on assured, blended, or continuous red team operations to match various budgets, regulatory obligations, and security maturity levels.

Arctic Wolf has introduced Cipher, an AI security assistant that provides customers with self-guided access to deeper security insights directly within the Arctic Wolf Aurora Platform.

Cipher is the newest element of Alpha AI, Arctic Wolf’s portfolio of AI technologies designed to deliver AI SOC intelligence.

Alpha AI leverages the full scale of the Arctic Wolf Aurora Platform which ingests more than 8 trillion security events each week across every major attack surface, including endpoint, network, cloud, and identity.

Cipher bridges that gap by making deep security insights instantly accessible, helping customers investigate faster, prioritize smarter, and respond with greater confidence.…

Its new Data Security Posture Management (DSPM) solution identifies and eliminates data exposures within Microsoft 365 environments and will be available in May.

“At Netwrix, we understand that data security and identity security must work hand in hand; security teams need clarity on who can access sensitive data to effectively isolate threats,” said Grady Summers, CEO of Netwrix.

Sensitivity labels for data protection : The DSPM solution enhances data risk remediation policies by applying sensitivity labels in Microsoft 365, preventing data exfiltration.

: The DSPM solution enhances data risk remediation policies by applying sensitivity labels in Microsoft 365, preventing data exfiltration…

Oasis Security launched Oasis NHI Provisioning, a capability that automates the creation, governance, and security of non-human identities (NHIs) from their inception.

Built into the Oasis NHI Security Cloud, this solution addresses the critical challenges of fragmented processes, ungoverned sprawl, and manual workflows that plague NHI provisioning today.

Built into the Oasis NHI Security Cloud, Oasis NHI Provisioning ensures every NHI is secure by design, embedding policy-driven governance, ownership, and least-privilege access from day one.

“With Oasis NHI Provisioning, NHIs are secured by default the moment they are created and throughout their lifecycle.

With Oasis NHI Provisioning, we …

Lumu released Lumu SecOps Platform, a fully integrated Security Operations (SecOps) platform that unifies threat detection, response, automation, compliance, and intelligence across the network, identities and endpoints—delivering full attack context and enabling security teams to autonomously detect and neutralize complex threats.

Lumu SecOps Platform acts as the control center of a security network and allows teams to unify their entire security stack, streamline defenses, enhance their visibility, and reduce security gaps, powered by automated responses and proactive risk mitigation.

“We created Lumu SecOps Platform to provide a comprehensive yet simple and flexible solution to this chao…

Now, with new lines of vacuums and emerging humanoid robots, devices have appendages to manipulate the world around them.

Armed with, well, arms, this evolution interconnects cybersecurity with physical security.

And, as mentioned in my previous piece, more than 60% of users are worried about their smart security systems or cameras getting hacked.

We’re witnessing giant leaps in capability and baking safety into the foundation of these emerging devices should be non-negotiable.

Bad actors using backdoors to access a device’s “eyes” and “ears” is one thing, but physical capabilities in the real world are entirely another.

These innovations include:Multiple threat intelligence feeds – Sumo Logic’s Threat Intelligence now supports multiple threat intelligence feeds, allowing organizations to integrate their own feeds via STIX/TAXII to expand visibility and tailor intelligence to their risk profile.

Sumo Logic delivers broader, real-time context to ensure high-fidelity alerts and actionable insights at machine speed.

UEBA historical baselining – Sumo Logic UEBA rapidly baselines user and entity behaviors in minutes to improve threat detection accuracy.

Applying software development practices to threat detection—testing, refining, and deploying detection logic at scale – brings agility, precision, and automation…

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

The company doesn’t keep logs, so couldn’t turn over data:Windscribe, a globally used privacy-first VPN service, announced today that its founder, Yegor Sak, has been fully acquitted by a court in Athens, Greece, following a two-year legal battle in which Sak was personally charged in connection with an alleged internet offence by an unknown user of the service.

The case centred around a Windscribe-owned server in Finland that was allegedly used to breach a system in Greece.

Greek authorities, in cooperation with INTERPOL, traced the IP address to Windscribe’s infrastructure and, unlike standard international procedures, proceeded to initiate criminal proceedings against Sak himself, rather…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Interesting:The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market.

At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors.

The problem?

Attackers can completely sidestep these monitored calls by leaning on io_uring instead.

This clever method could let bad actors quietly make network connections or tamper with files without triggering the usual alarms.

Interesting research: “Guillotine: Hypervisors for Isolating Malicious AIs.”Abstract:As AI models become more embedded in critical sectors like finance, healthcare, and the military, their inscrutable behavior poses ever-greater risks to society.

To mitigate this risk, we propose Guillotine, a hypervisor architecture for sandboxing powerful AI models—models that, by accident or malice, can generate existential threats to humanity.

Although Guillotine borrows some well-known virtualization techniques, Guillotine must also introduce fundamentally new isolation mechanisms to handle the unique threat model posed by existential-risk AIs.

Beyond such isolation at the software, network, and microa…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Friday Squid Blogging: Live Colossal Squid FilmedA live colossal squid was filmed for the first time in the ocean.

It’s only a juvenile: a foot long.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Posted on April 18, 2025 at 5:02 PM • 0 Comments

Discord is testing the feature:“We’re currently running tests in select regions to age-gate access to certain spaces or user settings,” a spokesperson for Discord said in a statement.

“The information shared to power the age verification method is only used for the one-time age verification process and is not stored by Discord or our vendor.

For Face Scan, the solution our vendor uses operates on-device, which means there is no collection of any biometric information when you scan your face.

For ID verification, the scan of your ID is deleted upon verification.”

CVE Program Almost UnfundedMitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact.

The CVE program is one of those pieces of common infrastructure that everyone benefits from.

Losing it will bring us back to a world where there’s no single way to talk about vulnerabilities.

Sasha Romanosky, senior policy researcher at the Rand Corporation, branded the end to the CVE program as “tragic,” a sentiment echoed by many cybersecurity and CVE experts reached for comment.

“CVE naming and assignment to software packages and versions are the…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m giving an online talk on AI and trust for the Weizenbaum Institute on April 24, 2025 at 2:00 PM CEST (8:00 AM ET).

The list is maintained on this page.

Posted on April 14, 2025 at 12:04 PM • 0 Comments

The Wall Street Journal has the story:Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate.

The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwan, the people, who declined to be named, said.

Friday Squid Blogging: Squid and Efficient Solar TechResearchers are trying to use squid color-changing biochemistry for solar tech.

This appears to be new and related research to a 2019 squid post.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Posted on April 11, 2025 at 7:06 AM • 0 Comments

AI Vulnerability FindingMicrosoft is reporting that its AI systems are able to find new vulnerabilities in source code:Microsoft discovered eleven vulnerabilities in GRUB2, including integer and buffer overflows in filesystem parsers, command flaws, and a side-channel in cryptographic comparison.

Additionally, 9 buffer overflows in parsing SquashFS, EXT4, CramFS, JFFS2, and symlinks were discovered in U-Boot and Barebox, which require physical access to exploit.

The newly discovered flaws impact devices relying on UEFI Secure Boot, and if the right conditions are met, attackers can bypass security protections to execute arbitrary code on the device.

But that an AI system can do this at all …

The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia that tried to use valid credentials for a newly-created DOGE user account.

Berulis said the new DOGE accounts had unrestricted permission to read, copy, and alter information contained in NLRB databases.

The DOGE staffers did not speak with Berulis or anyone else in NLRB’s IT staff, but instead met with the agency leadership.

Berulis said the container caught his attention because he polled his colleagues and found none of them had ever used containers within the NLRB network.

The message informed NLRB employees that two DOGE representatives would be …

A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down.

Many of these CNAs are country and government-specific, or tied to individual software vendors or vulnerability disclosure platforms (a.k.a.

Put simply, MITRE is a critical, widely-used resource for centralizing and standardizing information on software vulnerabilities.

MITRE told KrebsOnSecurity the CVE website listing vulnerabilities will remain up after the funding expires, but that new CVEs won’t be added after April 16.

Former CISA Director Jen Easterly said the CVE program is a bit like the Dewey Decimal S…

President Trump last week revoked security clearances for Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA) who was fired by Trump after declaring the 2020 election the most secure in U.S. history.

In 2020, CISA launched Rumor Control, a website that sought to rebut disinformation swirling around the 2020 election.

That effort ran directly counter to Trump’s claims that he lost the election because it was somehow hacked and stolen.

“Regular meetings between the National Security Council and European national security officials have gone unscheduled, and the NSC has also stopped formally coordinating efforts across U.S. agencies, including with t…

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google.

Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies.

Rather, they are sent via iMessage to Apple device users, and via RCS on Google Android devices.

The Smishing Triad members maintain their own Chinese-language sales channels on Telegram, which frequently offer videos and photos of their staff hard at work.

Prodaft’s report details how the Smishing Triad has achieved such success in sending their spam messages.

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild.

Microsoft rates it as “important,” but as Chris Goettl from Ivanti points out, risk-based prioritization warrants treating it as critical.

Narang notes that while flaws allowing attackers to install arbitrary code are consistently top overall Patch Tuesday features, the data is reversed for zero-day exploitation.

And in case you missed it, on March 31, 2025 Apple released a rather large batch of security updates for a wide range of their products, from macOS to the iOS operating systems on iPhones and iPa…

Another example: President Trump recently fired most of the people involved in processing Freedom of Information Act (FOIA) requests for government agencies.

President Trump recently took the extraordinary step of calling for the impeachment of federal judges who rule against the administration.

On March 20, Trump issued an order calling for the closure of the DOE.

On Jan. 27, Trump issued a memo (PDF) that paused all federally funded programs pending a review of those programs for alignment with the administration’s priorities.

Where is President Trump going with all these blatant attacks on the First Amendment?

Researchers at the security firm Silent Push mapped a network of several dozen phishing domains that spoof the recruitment websites of Ukrainian paramilitary groups, as well as Ukrainian government intelligence sites.

]army features a carbon copy of the homepage for the Freedom of Russia Legion (a.k.a.

“Free Russia Legion”), a three-year-old Ukraine-based paramilitary unit made up of Russian citizens who oppose Vladimir Putin and his invasion of Ukraine.

According to Edwards, there are no signs that these phishing sites are being advertised via email.

“They are on top of DuckDuckGo and Yandex, so it unfortunately works.”Further reading: Silent Push report, Russian Intelligence Targeting its…

How are these China-based phishing groups obtaining stolen payment card data and then loading it onto Google and Apple phones?

“I would be shocked if this wasn’t the NFC relay app,” Merrill said, concerning the arrested suspects in Tennessee.

ABC10 reported that while most of those transactions were declined, the suspects still made off with $1,400 worth of gift cards.

In other words, the phishing websites are powered by real human operators as long as new messages are being sent.

For more on how these China-based mobile phishing groups operate, check out How Phished Data Turns Into Apple and Google Wallets.

A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency (CISA) is the latest exhibit in the Trump administration’s continued disregard for basic cybersecurity protections.

On March 13, a Maryland district court judge ordered the Trump administration to reinstate more than 130 probationary CISA employees who were fired last month.

The message in the screenshot above was removed from the CISA homepage Tuesday evening and replaced with a much shorter notice directing former CISA employees to contact a specific email address.

The White House press secretary told The Times that Starlink had “donated” the service and that the gift had been vetted by t…

ClickFix attacks mimic the “Verify You are a Human” tests that many websites use to separate real visitors from content-scraping bots.

In November 2024, KrebsOnSecurity reported that hundreds of hotels that use booking.com had been subject to targeted phishing attacks.

Earlier this month, the security firm Arctic Wolf warned about ClickFix attacks targeting people working in the healthcare sector.

The company said those attacks leveraged malicious code stitched into the widely used physical therapy video site HEP2go that redirected visitors to a ClickFix prompt.

Alas, the email security vendor Proofpoint has documented plenty of ClickFix attacks via phishing emails that include HTML attachm…

Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.

Two of the zero-day flaws include CVE-2025-24991 and CVE-2025-24993, both vulnerabilities in NTFS, the default file system for Windows and Windows Server.

Microsoft credits researchers at ESET with reporting the zero-day bug labeled CVE-2025-24983, an elevation of privilege vulnerability in older versions of Windows.

However, ESET notes the vulnerability itself also is present in newer Windows OS versions, including Windows 10 build 1809 and the still-supported Windows Server 2016.

This month’…

Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations.

On March 7, the U.S. Department of Justice (DOJ) unsealed an indictment against Besciokov and the other alleged co-founder of Garantex, Aleksandr Mira Serda, 40, a Russian national living in the United Arab Emirates.

Since those penalties were levied, Garantex has processed more than $60 billion, according to the blockchain analysis company Elliptic.

Mira Serda is allegedly Garantex’s co-founder and chief commercial officer.

Federa…

In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022.

“Since we initially disclosed this incident back in 2022, LastPass has worked in close cooperation with multiple representatives from law enforcement,” LastPass said in a written statement.

But on Nov. 30, 2022, LastPass notified customers about another, far more serious security incident that the company said leveraged data stolen in the August breach.

Researchers found that many of the cyberheist victims had chosen master passw…

It is difficult to find another person connected to DOGE who has stronger ties to Musk than Branden Spikes.

In 2012, Spikes launched Spikes Security, a software product that sought to create a compartmentalized or “sandboxed” web browser that could insulate the user from malware attacks.

In 2016, Spikes Security was merged with another security suite called Aurionpro, with the combined company renamed Cyberinc.

The photo of Branden and Natalia above is from one such event in 2011 (tied to russianwhitenights.org, another Haldeman domain).

The Russian Heritage Foundation and the California Russian Association both promote the interests of the Russian Orthodox Church.

Unfortunately, despite its best efforts - millions of users' SIM details could have been put at risk, and may now be in the hands of cybercriminals.

Although SK Telecom has not confirmed the total number of users whose SIM details have been exposed, it has acknowledged that millions of individuals could be at risk.

The good news is that SK Telecom says it has seen no evidence that the sensitive data has been exploited by cybercriminals.

Since its breach, SK Telecom has faced some criticism for the way it has communicated news of the cyber attack to its customers.

Apologising for the breach and responding to complaints about its response to the incident, SK Telecom has apologised and begun t…

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

In episode 47 of The AI Fix, o3 becomes the best competitive programmer in the world, hacked California crosswalks speak with the voice of Elon Musk and Mark Zuckerberg, Meta introduces a herd of Llamas, Graham explains what a “lollipop lady” is, and Google talks to some dolphins.

Graham discovers an AI that’s just a warehouse full of people, o3 becomes the best computer programmer in the world, and Mark wonders if software engineering will be the first job to fall to AI.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bs…

"Stop, look, and listen" is the standard advice we should allow follow when crossing the road - but pedestrians in some parts are finding that they cannot believe their ears - after a hacker compromised crosswalks to play deepfake audio mocking tech bosses Elon Musk, Mark Zuckerberg, and Jeff Bezos.

The fake voices of Tesla CEO Elon Musk, Meta CEO Mark Zuckerberg, and Amazon founder Jeff Bezos, are being played from hacked crossings to the surprise of pedestrians in a number of US cities.

However the hack occurred, social media has been full of videos documenting what the compromised crosswalks have been saying.

In another message, the fake voice of Mark Zuckerberg glibly "assured" pedestri…

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

A data breach at insurance firm Lemonade left the details of thousands of drivers' licenses exposed for 17 months.

According to the company, on March 14 2025 Lemonade learnt that a vulnerability in its online car insurance application process contained a vulnerability that was likely to have exposed "certain driver's license numbers for identifiable individuals."

In Lemonade's data breach notifications being sent to affected members of the public, it isn't clear whether any additional personal data beyond driver's license numbers was compromised.

Lemonade is at pains in its notification letter to underline that it has no evidence to suggest that the exposed driver's license number details h…

RansomHouse, however, appears to often skip the step of encrypting victims' data entirely - preferring to just steal the data instead, making threats to release it if a cryptocurrency ransom is not paid.

Well, yes your day-to-day operations may not be impacted if a ransomware group has not locked up your data.

So when did RansomHouse first appear, and are they associated with other ransomware gangs?

As ever with ransomware attacks, some victims give in to the extortion and others do not.

Did RansomHouse respond to non-payment by releasing the stolen data?

In episode 46 of The AI Fix, China trolls US tariffs, a microscopic pogoing flea-bot makes a tiny leap forward for robotics, Google unveils the Agent2Agent protocol, a robot dog is so cute it ruins Graham’s entire day, and Europe commits €20 billion and all of its buzzwords to five moonshot AI gigafactories.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts o…

The Medusa ransomware-as-a-service (RaaS) claims to have compromised the computer systems of NASCAR, the United States' National Association for Stock Car Auto Racing, and made off with more than 1TB of data.

In an attempt to verify its claim of having hacked NASCAR, Medusa has published screenshots of what it claims are internal documents - including some purporting to show the names, email addresses, and phone numbers of NASCAR employees and sponsors, as well as invoices, financial reports, and more.

Furthermore, the ransomware gang has published a substantial directory illustrating NASCAR's internal file structure and the names of documents that have been exfiltrated.

Although NASCAR has…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

In episode 45 of The AI Fix, our hosts discover that ChatGPT is running the world, Mark learns that mattress companies have scientists, Gen Z has nightmares about AI, OpenAI gets a bag, Graham eats too many cheese sandwiches, and too much training makes AIs over-sensitive.

Mark reveals why he’s got beef with cows, GPT-4.5 beats the Turing test, and Anthropic’s brain scanner reveals how AIs really think.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by te…

Читайте историю большого взлома, чтобы узнать, как крадут аккаунты в Instagram* с помощью подмены SIM-карты и что с этим делать.

Как защитить свой аккаунт от взломаВот базовые правила, которые помогут предотвратить колоссальное количество способов взлома мессенджеров, аккаунтов в соцсетях, форумах и прочих сайтах.

Установите пароль на вход в личный кабинет оператора связи в приложении или на сайте.

Обратитесь в салон связи с паспортом.

Обратитесь в салон связи с паспортом.

Несмотря на официальное прекращение работы Skype, троян имеет модуль и для работы с ним.

Как зловред оказывается на смартфонахВо всех известных нам случаях заражения на устройствах обнаруживались прошивки, названия которых отличались от официальных на одну букву.

Мы обнаружили сообщения на тематических форумах, в которых покупатели жаловались на прошивки устройств, приобретенных на маркетплейсах и в онлайн-магазинах.

Поэтому лучшим решением для защиты от Triada станет покупка смартфонов только у авторизованных дистрибьюторов.

А на нашем портале Privacy Checker вы найдете пошаговые инструкции, как настроить приватность и конфиденциальность в самых разных приложениях и в целом в операционных …

Код на Python содержал меньше вымышленных зависимостей (16%) по сравнению с кодом на JavaScript (21%).

Если при генерации пытаться использовать пакеты, технологии и алгоритмы, ставшие популярными за последний год, несуществующих пакетов становится на 10% больше.

Знакомьтесь, slopsquattingВсе вышесказанное позволяет спрогнозировать новое поколение атак на репозитории open source, уже получившее жаргонное название slopsquatting по аналогии с typosquatting.

Этот риск значительно возрастет с популяризацией vibe coding — процесса, в котором приложение пишут, оперируя исключительно инструкциями в чате с ИИ, практически не заглядывая в сам программный код.

Поэтому мы собрали небольшое подмножество…

Исследователь обнаружил уязвимость в PyTorch, фреймворке машинного обучения с открытым исходным кодом.

Эксплуатация CVE-2025-32434 при определенных условиях позволяет злоумышленнику запускать на компьютере жертвы, скачивающей ИИ-модель произвольный код.

Всем, кто использует PyTorch для работы с нейросетями, рекомендуется как можно скорее обновить фреймворк до последней версии.

Суть уязвимости CVE-2025-32434Фреймворк PyTorch, помимо всего прочего, позволяет сохранять уже обученные модели в файл, который хранит веса связей.

Команда, разрабатывающая фреймворк PyTorch, выпустила обновление 2.6.0, в котором уязвимость CVE-2025-32434 успешно исправлена.

Рассказываем, как взламывают аккаунты на «Госуслугах» с помощью фейкового бота «Почты России».

— А как найти бота?

Почему этот развод работаетСкорее всего, вы не ожидаете ни письма от налоговой, ни тем более звонка в мессенджере от сотрудника «Почты России».

Но даже если бдительность прокачана у вас на все 100%, то проколоться легко на мини-приложении в Telegram.

Есть и боты посложнее — например, в них загружена настоящая справочная информация, а где-то в углу сияет синяя кнопка Авторизация.

В данный момент в половине крупных организаций используется более 40 инструментов ИБ, в четверти — более 60.

Решение этой проблемы — либо консолидация технологического стека в рамках моновендорного подхода (один поставщик платформы ИБ и всех ее компонентов), либо выбор лучшего инструмента в каждой категории.

Компании, консолидировавшие свои инструменты и в итоге использующие современные инструменты XDR и SOAR, в среднем добиваются снижения расходов на 16% и экономят 20% времени аналитиков.

В некоторых даже звучат директивы руководства в духе «перед тем как нанять сотрудника, докажи, что эту работу не может сделать ИИ».

В некоторых случаях, как в кейсе с нашей SIEM, Kaspersky Unified Monitor…

Чтобы ваш аккаунт не взломали и не украли, например выпустив нелегальный дубликат SIM-карты.

Зайти в мессенджере в настройки безопасности и конфиденциальности, ввести и хорошо запомнить секретный пароль.

Никому не пересылать и не диктовать одноразовые коды для входа в мессенджер.

В настройках самого мессенджера или в настройках смартфона нужно также активировать опцию Блокировка приложения (App Lock).

Зайти в настройках мессенджера в подраздел Конфиденциальность и поправить настройки «Кто видит время моего посещения», «Фото профиля», «Статус» и прочие.

Программы-архиваторы, упрощающие хранение и пересылку файлов, стали привычным инструментом не только для пользователей, но и для злоумышленников.

В этом очень помогает то, что технические заголовки ZIP-архива находятся в конце файла, а не в начале.

Убедитесь, что ваше защитное решение способно проверять многократно вложенные архивы и архивы большого размера.

Поэтому разумно использовать более глубокий анализ на конечных точках и в почтовых шлюзах и посильный (с учетом ограничений) — на веб-фильтрах и NGFW.

Если загрузка файлов в архивах не является критически важной бизнес-функциональностью, лучше отключить эту возможность в CMS, CRM и других онлайн-приложениях.

Рассказываем, как выглядит применение GetShared в атаках, зачем злоумышленникам это нужно и как оставаться в безопасности.

Как выглядит атака при помощи GetSharedЖертве приходит вполне обычное, совершенно настоящее уведомление от сервиса GetShared, в котором говорится, что пользователю был прислан файл.

Зачем злоумышленникам нужен GetShared и другие сторонние сервисы?

Очередным, подходящим для эксплуатации инструментом оказался GetShared — бесплатный сервис для отправки больших файлов.

Признаки того, что что-то не такДавайте для начала отвлечемся от этого кейса и вообще от GetShared.

Сегодня на примере реальных кейсов расскажем, что не так с ресурсами, которые предлагают скачать любое ПО здесь и сейчас.

И эта возможность, как и в случае с GitHub, — камень преткновения на пути к высокому уровню безопасности.

Рассмотрим лишь один пример: наши эксперты обнаружили на SourceForge проект с названием officepackage.

А если мы скажем, что описание и файлы полностью скопированы с чужого проекта на GitHub?

А после клика пользователи перенаправлялись не на страницу проекта loading, а на очередной сайт-прокладку с очередной же кнопкой Скачать.

Затем смартфон с этим аккаунтом используется, чтобы оплачивать товары с чужой карты — в обычном магазине или в фальшивой торговой точке с платежным терминалом, поддерживающим NFC.

Никаких мгновенных списаний с карты не происходит, и многие люди, не увидев ничего подозрительного в выписке, забывают об этом эпизоде и успокаиваются.

Как крадут деньги с картыПреступники привязывают к одному смартфону десяток, а то и несколько десятков карт, не пытаясь тратить с них деньги.

А тот с ее помощью оплачивал покупки или снимал деньги в банкомате с NFC.

Когда жертва подносит телефон к банкомату, мошенник транслирует на него данные своей карты, и деньги в результате поступают на счет мошенника.

Но интересен способ, при помощи которого злоумышленники прятали свой вредоносный код в, казалось бы, безобидном файле, — для этого они использовали технику polyglot.

Используются они для маскировки зловредов — для пользователя, а также для некоторых защитных механизмов они могут выглядеть как что-то совершенно безопасное, например картинка или документ.

Компания Unit42 исследовала атаку с применением файла контекстной справки в формате Microsoft Compiled HTML Help (расширение .chm), который одновременно является HTML-приложением (файлом в формате .hta).

Внутри архива находился ярлык — файл с двойным расширением .pdf.lnk.

Ну а для того, чтобы иметь самые актуальные данные о техниках, тактика…

Представьте, каким был бы мир, если бы с помощью карт Таро можно было точно предсказать абсолютно любые события!

Что за троянНовый троян Trojan.Arcanum распространяется через сайты, посвященные гаданиям и эзотерике, маскируясь под «магическое» приложение для предсказания будущего.

На первый взгляд — это безобидная программа, предлагающая пользователю разложить виртуальные карты Таро, рассчитать астрологическую совместимость или даже «зарядить амулет энергией Вселенной», что бы это ни значило.

После внедрения на устройство пользователя Trojan.Arcanum обращается к облачному C2-серверу и устанавливает полезную нагрузку — стилер Autolycus.Hermes, майнер Karma.Miner и шифровальщик Lysander.Scyta…

Хотя звучит это очень странно, в развитии событий есть логика, которую легко применить к другой организации и другим устройствам в ее инфраструктуре.

На сервере они попытались запустить свой шифровальщик, но EDR-система, установленная в компании, опознала вредоносное ПО и поместила его в карантин.

Увы, это не остановило атакующих.

Злоумышленники смогли установить свое вредоносное ПО на эту камеру и зашифровать серверы организации прямо с нее.

Как не стать следующей жертвойИнцидент с IP-камерой наглядно демонстрирует некоторые принципы целевых кибератак и подсказывает способы эффективного противодействия.

The team is called Foundation AI, and its mission is to create transformational AI technology for cybersecurity applications.

Introducing Foundation AIToday, we are thrilled to announce the launch of Foundation AI, a Cisco organization dedicated to creating open bleeding-edge AI technology to empower cybersecurity applications.

Foundation AI is comprised of leading AI and security researchers and engineers, building from Robust Intelligence, which was recently acquired by Cisco.

Foundation AI is comprised of leading AI and security researchers and engineers, building from Robust Intelligence, which was recently acquired by Cisco.

Foundation AI will soon release AI supply chain and risk mana…

With Foundation-sec-8B, teams can build, fine-tune, and deploy AI-native workflows across the security lifecycle.

This model is designed to help security teams think faster, act with precision, and scale operations without compromise.

In downstream security tasks—such as extracting MITRE ATT&CK techniques from unstructured threat reports—a fine-tuned foundation-sec-8b model significantly outperformed fine-tuning the same-sized Llama model.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social HandlesLinkedInFacebookInstagramXShareShare:

Attack StoryboardThe Cisco XDR Attack Storyboard is a breakthrough advancement, leveraging AI-driven investigations that help analysts comprehend an entire attack in under 30 seconds.

Decisive Response: Cisco XDR triggers prebuilt playbooks across XDR and Secure Access, isolating compromised users, devices, or workloads in real-time once a threat is confirmed.

Cisco XDR triggers prebuilt playbooks across XDR and Secure Access, isolating compromised users, devices, or workloads in real-time once a threat is confirmed.

Optimized Analyst Time: By automating the SOC workflow with AI, Cisco XDR empowers analysts to focus on decision-making rather than log analysis.

By automating the SOC workflow…

6: Cisco XDR dashboard tiles at Black Hat Asia 2025Below are the Cisco XDR integrations for Black Hat Asia, empowering analysts to investigate Indicators of Compromise (IOC) very quickly, with one search.

We started the proof-of-value at Black Hat Asia 2024 and partially deployed at Black Hat Europe 2024.

72: Detection at Black Hat AsiaDomain Name Service StatisticsAuthored by: Christian Clasen and Justin MurphyWe install virtual appliances as critical infrastructure of the Black Hat network, with cloud redundancy.

73: Black Hat USA teamSince 2018, we have been tracking DNS stats at the Black Hat Asia conferences.

81: Black Hat Asia teamWe are already planning for more innovation at Black H…

Enterprises are accelerating generative AI usage, and they face several challenges regarding securing access to AI models and chatbots.

Cisco Security research, in conjunction with the University of Pennsylvania, recently studied security risks with popular AI models.

Cisco Secure Access With AI Access: Extending the Security PerimeterCisco Secure Access is the market’s first robust, identity-first, SSE solution.

AI Access inspects web traffic to identify shadow AI usage across the organization, allowing you to quickly identify the services in use.

ConclusionThe combination of our SSE’s AI Access capabilities, including AI guardrails, offers a differentiated and powerful defense strategy.

Cisco’s Commitment to Transparent Vulnerability DisclosureCisco is committed to transparency and vulnerability disclosure practices that do not solely rely on the CVE program.

Cisco acknowledges the critical role that the CVE program plays in the cybersecurity ecosystem and applauds CISA for helping extend the program.

It aims to keep the CVE Program a globally respected, community-led effort.

If the CVE program were to stop or significantly degrade, the impact on open-source software security would be profound.

Vendors, government, and open-source communities must remain dedicated to supporting the integrity and availability of critical cybersecurity resources like the CVE program.

Revolutionizing Endpoint Security: Cisco Secure Client and XDRManaging endpoint security in today’s landscape is no small task.

Enter the Cisco Secure Client, now deployable and manageable through Client Management in Cisco XDR.

Simplified ManagementThe integration of AMP for Endpoints (Cisco Secure Endpoint) into Cisco Secure Client means fewer clients to manage and a more intuitive interface.

When and When Not to Make ChangesEvery endpoint will have a Cloud Management Module and a Cloud Management Profile.

With new cloud-based management options, such as Client Management in Cisco XDR and the standalone Cisco Secure Client Cloud Management (CSCCM) tool, administrators gain greater flexibi…

Cisco and Endace are providing SOC Services to RSAC™ 2025 Conference, monitoring traffic on the Moscone wireless network for security threats.

Experts will be using Cisco Security Cloud in the SOC, with the power of Cisco Breach Protection Suite and User Protection Suite, and Secure Firewall; with Splunk Enterprise Security as the platform.

Please complete the SOC at RSAC Tour Request Form to reserve your spot.

You can read the SOC Findings Report From RSAC™ 2024 Conference here.

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Quantum interference is used to manipulate qubit states, allowing quantum algorithms to solve problems more efficiently than classical computers.

Comparison – PQC, QC and CCPost-quantum cryptography (PQC) and quantum cryptography (QC) are distinct concepts.

Below table illustrates the key differences and roles of PQC, Quantum Cryptography, and Classical Cryptography, highlighting their objectives, techniques, and operational contexts.

Feature Post-Quantum Cryptography (PQC) Quantum Cryptography (QC) Classical Cryptography (CC) Objective Secure against quantum computer attacks Use quantum mechanics for cryptographic tasks Secure using mathematically hard problems Operation Runs on classical …

The traditional Intrusion Detection Systems (IDS) have depended on rule-based or signature-based detection, which are challenged by evolving cyber threats.

Through the introduction of Artificial Intelligence (AI), real-time intrusion detection has become more dynamic and efficient.

By incorporating ANNs into intrusion detection systems, firewalls can learn, deriving knowledge from cyber-attacks and becoming increasingly more accurate.

LSTM firewalls can identify time-based anomalies and mark suspicious behavior before it becomes a problem.

As cyber threats continue to advance, AI- driven methods will be the answer to real-time defense mechanisms.

Cisco at MWC 2025: A Powerhouse of InnovationIn true Cisco fashion, our booth wasn’t just a space but rather a hub of innovation and collaboration.

We also connected the integrations with Cisco XDR, for Dashboard visibility and Incident investigation.

Cisco’s SNOC Team remains committed to staying one step ahead, turning every challenge into an opportunity to innovate and protect.

Special appreciation to Ivan Padilla Ojeda, who was our liaison with the network team to connect everything in the SNOC.

Thank you for joining us on this journey through MWC 2025 and stay tuned for more insights and behind-the-scenes stories from MWC 2025.

Understanding Today’s Privacy LandscapeIn our interconnected world, data privacy has become increasingly important.

The Cisco 2025 Data Privacy Benchmark Study, which gathered perspectives from 2,600+ privacy and security professionals across 12 countries, paints a dynamic picture of the state of privacy today.

Privacy and AI: The Intersection of Innovation and ResponsibilityArtificial Intelligence offers substantial business value while also introducing novel privacy and security risks.

This underscores the urgent need for robust AI security and privacy frameworks and controls to protect non-public data during development, deployment, and use of AI.

Explore these trends and more in the Cis…

Secure Network Analytics version 7.5.2 has been released, offering exciting new features such as the Network Visibility Module (NVM) and Zeek detections.

By integrating a more diverse range of telemetry sources, Secure Network Analytics significantly enhances network visibility and provides deeper insights into network activities.

The Secure Network Analytics version 7.5.2 software updates can be downloaded from Cisco Software Central.

New Network Visibility Module (NVM) AlertsNetwork Visibility Module is a component of Cisco Secure Client that records and reports on network activity from an endpoint device and ties in endpoint style information with those network details.

The detections en…

An open integration approach for extended detection and response (XDR) empowers organizations to harness the full potential of their security ecosystems.

Cisco XDR stands out in this arena by offering unmatched integration capabilities with not only Cisco solutions but a broad array of third-party tools.

Open > NativeFor that reason, since inception, Cisco XDR has followed an Open XDR philosophy, or to be more precise, Hybrid XDR.

These integrations are written by trusted Cisco partners to bring their products into the Cisco XDR ecosystem and are vetted by Cisco XDR Engineering and Quality Assurance teams prior to release.

If your cybersecurity company would like to build an integration wit…

For chief technology officers (CTOs), this raises important questions: How can frontline devices enhance productivity and responsiveness?

Learn how Microsoft Intune can help your organization securely manage frontline devices.

To deliver those experiences at scale, CTOs should consider three foundational principles for frontline device strategy:Recognize that many devices are shared.

When frontline tools are secure, responsive, and tailored to the user, staff can serve with confidence—and people feel the difference.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

At Microsoft, we help empower data security leaders to keep their most valuable assets—data—safe, and now we’re publishing Securing your data with Microsoft Purview: A practical handbook.

This guide is designed for data security leaders to initiate and enhance data security practices, leveraging the extensive experience of Microsoft subject matter experts (SMEs) and relevant customer insights.

Leveraging Microsoft Purview to secure your organization’s dataOnce organizations set goals and prioritize data security opportunities, it’s time to assess their environment and implement robust protections to secure their data.

From empowering data security teams and deep-content investigation with t…

We are releasing a taxonomy of failure modes in AI agents to help security professionals and machine learning engineers think through how AI systems can fail and design them with safety and security in mind.

The taxonomy continues Microsoft AI Red Team’s work to lead the creation of systematization of failure modes in AI; in 2019, we published one of the earliest industry efforts enumerating the failure modes of traditional AI systems.

Taxonomy of Failure Mode in Agentic AI Systems Microsoft's new whitepaper explains the taxonomy of failure modes in AI agents, aimed at enhancing safety and security in AI systems.

Failure modes in agentic AI systems.

Existing failure modes have been observed…

Microsoft Threat Intelligence has observed threat actors taking advantage of unsecured workload identities to gain access to resources, including containerized environments.

Threats in Kubernetes environmentsContainerized assets (including Kubernetes clusters, Kubernetes nodes, Kubernetes workloads, container registries, container images, and more) are at risk of several different types of attacks.

During deployment, you should ensure the following best security practices:Ensure containers are immutable: Prevent patches from running containers whenever possible.

As best practice, if you notice that a running container needs updates, you should rebuild the image and deploy the new container.…

The Microsoft Secure Future Initiative (SFI) stands as the largest cybersecurity engineering project in history and most extensive effort of its kind at Microsoft.

Insights and learnings from this progress inform ongoing innovations in our Microsoft Security portfolio—Microsoft Entra, Microsoft Defender, and Microsoft Purview—that helps better protect customers and Microsoft.

The launch of 11 new innovations across Microsoft Azure, Microsoft 365, Windows, and Microsoft Security that help improve security by default.

Learn more with Microsoft SecurityTo learn more about Microsoft Security solutions and Microsoft’s Secure Future Initiative, visit our website.

Also, follow us on LinkedIn (Micr…

Throughout this blog post, the term “Secure by Design” encompasses both “secure by design” and “secure by default.”Microsoft committed to work towards key goals across a spectrum of Secure by Design principles advocated by numerous government agencies around the world.

Our SFI updates provide examples of Microsoft’s progress in implementing secure by design, secure by default, and secure in operations principles, and provide best practices based on Microsoft’s own experience, demonstrating our dedication to improving security for customers.

Enhancing security with multifactor authentication and default password managementPhishing-resistant multifactor authentication provides the most robust…

Tech support scams are a case where elevated fraud risks exist, even if AI does not play a role.

The team’s longstanding collaboration with law enforcement around the world to respond to tech support fraud has resulted in hundreds of arrests and increasingly severe prison sentences worldwide.

For enterprises combating tech support fraud, Remote Help is another valuable resource for employees.

Next steps with Microsoft SecurityTo learn more about Microsoft Security solutions, visit our website.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Malicious ads deliver compiled Node.js executablesMalvertising has been one of the most prevalent techniques in Node.js attacks we’ve observed in customer environments.

Excerpts from the malicious script, highlighting core HTTP functionsRecommendationsOrganizations can follow these recommendations to mitigate threats associated with Node.js misuse:Educate users.

Microsoft Defender Threat IntelligenceMicrosoft Security Copilot customers can also use the Microsoft Security Copilot integration in Microsoft Defender Threat Intelligence, either in the Security Copilot standalone portal or in the embedded experience in the Microsoft Defender portal to get more information about this threat actor.…

In this blog, we’ll explore how Microsoft Security Exposure Management initiatives build on this foundation to offer a renewed perspective on managing cybersecurity risks.

Beyond ransomware, critical assets, and identity, Microsoft Security Exposure Management continues to develop initiatives that address other vital areas of security.

Embracing clarity over fragmentation with Microsoft Security Exposure ManagementSecurity initiatives solve the fragmentation problem by organizing security metrics around business objectives rather than technical controls.

This shift in approach with help from Microsoft Security Exposure Management initiatives, helps security leaders refresh stale conversatio…

Register to attend one or all our Learn Live sessions to learn how to secure your environment for AI adoption.

The post Explore how to secure AI by attending our Learn Live Series appeared first on Microsoft Security Blog.

For RSAC 2025, Microsoft Security is bringing an exciting lineup of sessions, expert panels, and exclusive networking opportunities to empower security professionals in the era of AI. The post The ultimate guide to Microsoft Security at RSAC 2025 appeared first on Microsoft Security Blog.

Exchange Server and SharePoint Server are business-critical assets and considered crown jewels for many organizations, making them attractive targets for attacks.

This AMSI integration on SharePoint Server and Exchange Server becomes especially important when attackers attempt to exploit security vulnerabilities, particularly zero-days.

AMSI integrationIn both SharePoint Server and Exchange Server, AMSI is integrated as a security filter module within the IIS pipeline to inspect incoming HTTP requests before they are processed by the application.

Here are steps that organizations can take:Activate AMSI on Exchange Server and SharePoint Server.

To hear stories and insights from the Microsoft…

The role of domain controllers in ransomware campaignsDomain controllers are the backbone of any on-premises environment, managing identity and access through Active Directory (AD).

—The cyberattacker leverages the domain controller’s wide network visibility and high privileges to map the network using different tools, focusing on servers and network shares.

—Leveraging the domain controller’s native group policy functionality, the cyberattacker attempts to tamper with the victim’s antivirus by modifying security-related group policy settings.

Assuming they’re able to validate a domain controller’s effectiveness, they begin by running the payload locally on the domain controller.

Protecting…

Ransomware threat actors value post-compromise elevation of privilege exploits because these could enable them to escalate initial access, including handoffs from commodity malware distributors, into privileged access.

CVE 2025-29824: A zero-day vulnerability in the Common Log File System (CLFS)The exploit activity discovered by Microsoft targets a zero-day vulnerability in the Common Log File System (CLFS) kernel driver.

Microsoft Defender AntivirusMicrosoft Defender Antivirus detects threats associated with this activity as the following malware:SilverBasket (Win64/Windows)MSBuildInlineTaskLoader.C (Script/Windows)Microsoft Defender for EndpointThe following alerts might indicate threat a…

Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers.

This is why we are making Sec-Gemini v1 freely available to select organizations, institutions, professionals, and NGOs for research purposes.

Sec-Gemini v1 outperforms other models on key cybersecurity benchmarks as a result of its advanced integration of Google Threat Intelligence (GTI), OSV, and other key data sources.

Sec-Gemini v1 outperforms other models on CTI-MCQ, a leading threat intelligence benchmark, by at least 11% (See Figure 1).

If you are interested in collaborating with us on advancing the AI cybersecurity frontier, please request early access to Sec-Gemini v1…

In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library.

These challenges are addressed by using Sigstore, a collection of tools and services that make code signing secure and easy.

These features are why we recommend Sigstore’s signing mechanism as the default approach for signing ML models.

Today the OSS community is releasing the v1.0 stable version of our model signing library as a Python package supporting Sigstore and traditional signing methods.

This model signing library is specialized to handle the sheer scale of ML models (which are usually much larger than traditional so…

The Chrome Root Program launched in 2022 as part of Google’s ongoing commitment to upholding secure and reliable network connections in Chrome.

It is non-normative and considered distinct from the requirements detailed in the Chrome Root Program Policy.

Last spring, the Chrome Root Program led ecosystem-wide experiments, emphasizing the need for linting adoption due to the discovery of widespread certificate mis-issuance.

We recently landed an updated version of the Chrome Root Program Policy that further aligns with the goals outlined in “Moving Forward, Together.” The Chrome Root Program remains committed to proactive advancement of the Web PKI.

We continue to value collaboration with web…

We’re excited to announce that starting today, Titan Security Keys are available for purchase in more than 10 new countries:IrelandPortugalThe NetherlandsDenmarkNorwaySwedenFinlandAustraliaNew ZealandSingaporePuerto RicoThis expansion means Titan Security Keys are now available in 22 markets, including previously announced countries like Austria, Belgium, Canada, France, Germany, Italy, Japan, Spain, Switzerland, the UK, and the US.

What is a Titan Security Key?

How do I use a Titan Security Key?

Where can I buy a Titan Security Key?

You can buy Titan Security Keys on the Google Store.

In December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR.

With guided remediation support for Maven, you can remediate vulnerabilities in both direct and transitive dependencies through direct version updates or overriding versions through dependency management.

We also introduced machine readable output for guided remediation that makes it easier to integrate guided remediation into your workflow.

VEX Support: We're planning to add support for Vulnerability Exchange (VEX) to facilitate better communication and collaboration around vulnerability information.

Try OSV-Scanner V2You can try V2.0.0 and contribute to its ongoing developme…

Posted by Dirk GöhmannIn 2024, our Vulnerability Reward Program confirmed the ongoing value of engaging with the security research community to make Google and its products safer. This was evident as we awarded just shy of $12 million to over 600 researchers based in countries around the globe across all of our programs.Vulnerability Reward Program 2024 in NumbersYou can learn about who’s reporting to the Vulnerability Reward Program via our Leaderboard – and find out more about our youngest security researchers who’ve recently joined the ranks of Google bug hunters.VRP Highlights in 2024In 2024 we made a series of changes and improvements coming to our vulnerability reward programs and rel…

Scam Detection in Google Messages uses powerful Google AI to proactively address conversational scams by providing real-time detection even after initial messages are received.

You can turn off Spam Protection, which includes Scam Detection, in your Google Messages at any time.

Scam Detection in Google Messages is launching in English first in the U.S., U.K. and Canada and will expand to more countries soon.

Scam Detection for callsMore than half of Americans reported receiving at least one scam call per day in 2024.

If enabled, Scam Detection will beep at the start and during the call to notify participants the feature is on.

This includes memory-safe languages, now including high-performance ones such as Rust, as well as safer language subsets like Safe Buffers for C++.

In Android for example, the increasing adoption of memory-safe languages like Kotlin and Rust in new code has driven a significant reduction in vulnerabilities.

In this way, policymakers will gain the technical foundation to craft effective policy initiatives and incentives promoting memory safety.

Importantly, our vision for achieving memory safety through standardization focuses on defining the desired outcomes rather than locking ourselves into specific technologies.

The goal would be to objectively compare the memory safety assurance of diff…

Google Play’s multi-layered protections against bad appsTo create a trusted experience for everyone on Google Play, we use our SAFE principles as a guide, incorporating multi-layered protections that are always evolving to help keep Google Play safe.

Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source.

In 2024, Google Play Protect’s real-time scanning identified more than 13 million new malicious apps from outside Google Play1.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled …

This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.

One of these tools is a robust evaluation framework we have developed to automatically red-team an AI system’s vulnerability to indirect prompt injection attacks.

Threat model and evaluation frameworkOur threat model concentrates on an attacker using indirect prompt injection to exfiltrate sensitive information, as illustrated above.

Based on this probability, the attack model refines the prompt injection.

This process repeats until the attack model converges to a successful prompt injection.

This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft.

As part of enabling Identity Check, you can designate one or more trusted locations.

Theft Detection Lock: expanding AI-powered protection to more usersOne of the top theft protection features introduced last year was Theft Detection Lock, which uses an on-device AI-powered algorithm to help detect when your phone may be forcibly taken from you.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help …

Today, we’re excited to release OSV-SCALIBR (Software Composition Analysis LIBRary), an extensible library for SCA and file system scanning.

We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface.

OSV-Scanner + OSV-SCALIBRUsers looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities using much of the same extraction as OSV-SCALIBR.

Some of OSV-SCALIBR’s capabilities are not yet available in OSV-Scanner, but we’re currently working on integrating OSV-SCALIBR more deeply into O…

Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage.

A significant benefit of utilizing Google Cloud Platform is its integrated security tools, including Artifact Analysis.

This integration provides industry-leading insights into open source vulnerabilities—a crucial capability as software supply chain attacks continue to grow in frequency and complexity, impacting organizations reliant on open source software.

Open source vulnerabilities, with more reachArtifact Analysis pulls vulnerability information directly from OSV, which is the only open source, distributed vulnerability dat…

Today, we are announcing the availability of Vanir, a new open-source security patch validation tool.

In collaboration with the Google Open Source Security Team, we have incorporated feedback from our early adopters to improve Vanir and make it more useful for security professionals.

These algorithms have low false-alarm rates and can effectively handle broad classes of code changes that might appear in code patch processes.

The Vanir signatures for Android vulnerabilities are published through the Open Source Vulnerabilities (OSV) database.

You can also contribute to Vanir by providing vulnerability data with Vanir signatures to OSV.

But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets.

The ideal solution would be to completely automate the manual process of developing a fuzz target end to end:Drafting an initial fuzz target.

Running the corrected fuzz target for a longer period of time, and triaging any crashes to determine the root cause.

In January 2024, we open sourced the framework that we were building to enable an LLM to generate fuzz targets.

New results: More code coverage and discovered vulnerabilitiesWe’re now able to automatically gain more coverage in 272 C/C++ projects on OSS-Fuzz (up from 160), …