MI5: иностранные агенты хотят похитить научные наработки британских вузовAlexander AntipovКрупнейшие университеты должны быть готовы к кибератакам и другим серьезным вызовам.

Спецслужбы Великобритании бьют тревогу — иностранные государства нацелились на кражу интеллектуальной собственности и передовых исследований в ведущих университетах страны.

На специальном закрытом брифинге , организованном MI5 и правительством, присутствовали проректоры 24 элитных британских вузов, включая Оксфордский и Кембриджский университеты, а также Имперский колледж Лондона.

По данным спецслужб, передовые научно-исследовательские разработки, которые можно применить как в гражданских, так и в военных областях, мог…

Расширение полномочий спецслужб вызывает у граждан опасения по поводу своей конфиденциальности.

Хорошо ли Tesla заботится о своих клиентах и работе систем?

Sekoia решает судьбу вируса, который остался без оператора много лет назад.

Китай стремится ускорить научные открытия и достигнуть нового уровня вычислений.

Случай в Балтиморе наглядно демонстрирует риски, которые несёт за собой бездумное использование ИИ.

Компания позволяет сделать iPhone неуязвимым с индивидуальными средствами безопасности.

Microsoft и IBM устроили энтузиастам путешествие в прошлое.

Ring получила штраф за ненадлежащую защиту видеозаписей клиентов.

Энергосистемы с исторической мощностью на службе у медицины, авиастроения и других сфер.

Мера против нелегального оборота началась в прошлом году и продолжает набирать обороты.

Ведомство напомнило пользователям об опасности незарегистрированных криптовалютных сервисов.

Отправить мем или научную работу на другие планеты стало возможно благодаря новой технологии.

Как отсутствие излучения изменяет понимание космических процессов.

В феврале этого года на российском рынке ИБ появился новый сервис защиты веб-приложений МТС RED WAF.

Рассказываем о том, как этот сервис совместно с МТС RED Anti-DDoS защищает компании от комплекса атак на веб-ресурсы и в чём польза такого тандема.

В апреле на Anti-Malware.ru вышел актуальный обзор рынка защиты веб-приложений (WAF), где, помимо прочих, представлен сервис защиты веб-приложений МТС RED.

Как работает сервис защиты веб-приложений от взломаПосле того как компания принимает решение о подключении к сервису защиты веб-приложений, на DNS-серверах производится смена IP-адресов владельца защищаемых веб-ресурсов на IP-адреса сервис-провайдера защиты.

Это удобно, например, если компания…

Расскажем о проблемах реализации Purple Teaming как со стороны заказчика, так и со стороны исполнителя.

Проблемы защитниковВ первую очередь Purple Teaming нужен для команды защиты.

Лишь Purple Teaming позволит эффективно обнаружить слепые зоны, настоящие «чёрные дыры», закрома вашей сети.

Им требуется выполнять практически те же действия, что и на Red Teaming (либо — очень редко — что и при типовом пентесте).

В таком случае с экспертами, проводящими Purple Teaming, никто не взаимодействует, никто не просит помощи.

Процесс управления уязвимостямиЭтапы управления уязвимостямиЧто же такое управление уязвимостями (Vulnerability Management, VM) в России?

Модель управления уязвимостями не может быть достаточно полной без такого важного этапа, как полная подготовка инфраструктуры, отметила Анастасия Кузнецова.

Внедрение Vulnerability ManagementВедущий спросил спикеров о том, как оценить готовность организации ко внедрению полноценного процесса управления уязвимостями.

В течение трёх-пяти лет заказчики станут лучше понимать свои потребности в управлении уязвимостями и разбираться в доступных им решениях.

В течение трёх-пяти лет заказчики станут лучше понимать свои потребности в управлении уязвимостями и разб…

SAST — это набор технологий для анализа исходного кода и бинарных файлов на предмет таких условий кодирования и проектирования, которые указывают на уязвимости.

Комплексный анализ безопасности на примере Solar appScreenerРассмотрим комплексный подход к безопасной разработке ПО на примере решения Solar appScreener, разработанного ГК «Солар».

Решение Solar appScreener позволяет встраивать инструменты анализа кода в цикл безопасной разработки на разных его этапах.

Модуль SAST может быть использован на этапах разработки и тестирования в цикле SSDLC для своевременного выявления уязвимостей и НДВ.

Модуль DAST может быть использован на финальных стадиях разработки и на этапе тестирования ПО, когда…

Бурный рост российского рынка систем виртуализации серверных мощностей обусловлен уходом западных вендоров и ужесточением требований регуляторов.

Этот обзор затрагивает ПО и ПАК для виртуализации серверной инфраструктуры.

Тенденции на мировом рынке систем серверной виртуализацииСогласно обновлённому исследованию, объём мирового рынка ПО для виртуализации серверов в 2022 году составил 7 878 900 000 долларов США.

Динамика объёма российского рынка систем виртуализации, млн руб.

Качественная платформа серверной виртуализации должна отличаться стабильной работой и надёжностью, поддерживать базовые функции виртуализации и в то же время отвечать узкопрофильным сценариям.

Официальный анонс «Гарда WAF»Новый продукт «Гарда WAF»Группа компаний «Гарда» представила свой продукт «Гарда WAF», назвав его отражением «нового витка эволюции межсетевых экранов для защиты веб-приложений».

Варианты развёртывания облачных WAAP-решений (Gartner)Лука Сафонов, технический директор «Гарда WAF», прокомментировал это отличие следующим образом: «специально вариант облачной поддержки “Гарда WAF” пока не рассматривается».

Как уже было отмечено, группа компаний «Гарда» делает в настоящее время акцент на размещении своего решения в локальном формате, хотя принципиальных запретов на использование «Гарда WAF» в облаке нет.

Варианты наборов правил для контроля рисков («Гарда» / Weblock)…

Основная функция Smoke Loader — загрузка и запуск других вредоносных программ (троянов, шпионов, шифровальщиков) на устройстве жертвы.

Особенности кибератак с использованием Smoke Loader«Достоинствами» дроппера Smoke Loader являются малобюджетность и низкозатратность для организаторов кибератак.

Из самораспаковывающегося архива извлекается BAT-файл, а тот, в свою очередь, выполняет загрузку вредоносного дроппера Smoke Loader и после этого открывает PDF.

Всё это позволяет утверждать, что в данном случае мы, скорее всего, имеем дело с фейковой операцией.

ВыводыВредоносный дроппер Smoke Loader, который может загружать дополнительные модули или ПО, получая команды после подключения к C&C-сервер…

Процесс стратегического менеджмента, выстроенный в компанииОпределите зрелость процесса стратегического менеджмента, принятого в компании, и изучите применяемые практики.

Также на этом шаге нужно выяснить, как в компании определяется целевое состояние: через постановку целей, закрытие рисков и / или угроз либо по-другому.

Изучите прогнозы по ИБ на ближайшее время: как будет развиваться рынок ИБ, какие угрозы и виды атак станут популярными.

Изучите прогнозы по ИБ на ближайшее время: как будет развиваться рынок ИБ, какие угрозы и виды атак станут популярными.

Для успешной реализации стратегии ИБ нужно проанализировать динамику бюджета на ИБ и загрузку ИБ-специалистов, открытые вакансии и попы…

Схема интеграции Solar webProxy в корпоративную инфраструктуруВ Solar webProxy реализованы развитые механизмы для обеспечения его бесперебойной работы под большой нагрузкой.

Возможна синхронизация досье сотрудников из Solar webProxy и DLP-системы Solar Dozor.

Выгрузка событий в разделе «Статистика» Solar webProxyКак уже говорилось, в Solar webProxy реализован межсетевой экран.

Настройка NAT в Solar webProxyВ Solar webProxy можно настроить доступ без аутентификации, что актуально для ряда приложений.

Создание правила фильтрации запросов в Solar webProxyВ Solar webProxy реализован модуль разграничения прав на базе ролевой модели.

В рекламных постах он описывался как «зловещее творение ИИ на Python, представляющее тёмную силу, превосходящую как ChatGPT, так и WormGPT».

Как и в случае с xxXGPT, WolfGPT широко продвигался на хакерских форумах и в телеграм-каналах, но реальных подтверждений его возможностей, помимо единичных скриншотов интерфейса, найдено не было.

FraudGPT и DarkBERTFraudGPT и DarkBERT — ещё две «злые» разработки, которые кто-то продвигал в даркнете в июле 2023 года наряду с другими ИИ-сервисами для киберпреступников.

ChatGPT и его «злые конкуренты»: сравниваем ключевые параметрыХарактеристика ChatGPT «Злые» аналоги (xxXGPT, WolfGPT, FraudGPT, DarkBERT) Этические ограничения Есть Нет или минимальны Безо…

Сейчас, в условиях недоступности некоторых программных продуктов, рынок WAF в России активно меняется в пользу отечественных решений: появляются новые продукты, производители работают над конкурентными преимуществами.

На основе последних докладов компании Gartner о рынке межсетевых экранов уровня приложений, среди зарубежных продуктов стоит отметить следующие: Akamai Web Application Protector, Imperva WAF, Cloudflare WAF, F5 Big-IP WAF, Barracuda WAF и AWS WAF.

Обзор отечественного рынка WAFПродукты Web Application FirewallВ этом разделе рассмотрим «коробочные» продукты, как в программном исполнении, так и в программно-аппаратном.

«МегаФон WAF» предназначен для защиты веб-приложений от суще…

Рынок аутсорсинга информационной безопасностиСовременная концепция аутсорсинга информационной безопасности на рынкеЧто же такое аутсорсинг в 2024 году?

В настоящее время многие компании отдают провайдерам построение систем как по информационной безопасности, так и по информационным технологиям.

Компании будут всё больше осознавать важность информационной безопасности и обращаться к аутсорсинговым партнёрам для обеспечения защиты своих данных и систем.

При выборе провайдера услуг по информационной безопасности важно учитывать такие факторы, как опыт, репутация и финансовая стабильность.

Прогнозы экспертов по развитию аутсорсинга информационной безопасности в целом положительны.

Расскажем, как упростить установку и настройку ИБ-решений с помощью OT Security Framework и соблюдать требования законодательства.

Помимо этого, на различных отраслевых конференциях обсуждаем сложности и нюансы обеспечения информационной безопасности в промышленной сфере с клиентами и партнёрами, в числе которых — системные интеграторы в области АСУ ТП.

OT Security Framework собирает вместе лучшие практики Positive Technologies для защиты компаний из индустриальной сферы и регулярно обновляется экспертизой.

Ещё одно направление — руководство по обеспечению соответствия требованиям национальных и международных отраслевых стандартов в области промышленной кибербезопасности с помощью продуктов…

Мы нашли уязвимости в популярных библиотеках: для разработки на Ruby, для электронных замков и даже для пользователей Reddit и Minecraft.

Ведь для большинства библиотек репозиторий содержит не только код, но и документацию — инструкции по установке и использованию.

Они не портят и не крадут данные системы кибербезопасности, но неприятности пользователю доставляют.

Напомним, что в первой части исследования мы создали метод быстрой проверки репозиториев GitHub на уязвимости.

Полагаем, наши исследования и статьи помогут выстроить приоритеты и решить, в какие сроки и какими ресурсами проверить код на внешние зависимости.

Там по id имени пользователя вытаскивают PublicKeyCredentialCreationOptions — параметр, хранящийся и на бэкенде, и в аутентификаторе.

Какие проблемы в списке WebAuthn закрывает WebAuthnПередача паролей по незашифрованному каналу не работает, так как для функционирования WebAuthn нужен исключительно протокол HTTPS.

Актуально ли это для WebAuthn?

Использование паролей в открытом виде (Plain Text) тоже отпадает, так как с публичным ключом в WebAuthn ничего нельзя сделать, механизм Webauthn защищен ассиметричным шифрованием.

Как правило, самая большая проблема WebAuthn — в восстановлении токена, если доступ будет утрачен.

А дело было так...Где-то в конце прошлого, 2023 года, некоторым сотрудникам (я НЕ в их числе), написал псевдо генеральный директор в Телеграмм.

То, что это мошенники сразу стало понятно, непонятно было что они хотят.

В конце мошенник сказал, что в компании ожидается проверка, придут ревизоры и аудиторы, возможно будут писать тебе - окажи содействие.

Тут уже характерно и то, что опять же все эти люди работаю тоже очень давно, и то, что за эти несколько месяцев уже вся компания успела обсудить странных прошлогодних мошенников.

АудиторыЕсли кто-то нанимает аудиторов, то и данные мог бы предоставить им, хоть и некрасиво, - поэтому видимо и шифруются.

Далеко не с первого раза, но у него это получилось, так как пароль у нас был несложный.

cleanCron() { crontab -l | sed '/base64/d' | crontab - crontab -l | sed '/_cron/d' | crontab - crontab -l | sed '/31.210.20.181/d' | crontab - crontab -l | sed '/update.sh/d' | crontab - # еще ~50 строк }Очистка cron.

Чтобы убитые процессы не в коем случае не ожили.

Схема атакиК большому счастью база данных была запущена не в системе а в docker контейнере и большинство команд просто не смогли выполниться!

Страшно представить что было бы, если бы хакер проник не в докер контейнер, а в саму систему.

И тут используется minimize, то есть он убирает все ненужные байты, и мы приходим к оптимальному значению, которое вызывает нашу панику.

То есть в нашем случае это 0, но всего у нас в корпусе лежит уже 8 seed-ов.

В карточке товара есть поле описания, и в него нельзя добавлять больше трёх Emoji.

У нас это не получилось, из-за чего мы не смогли очищать данные из таблицы.

Если какой-то из сервисов у нас или у наших потребителей начинает троттлить или перезапускаться из-за переполнения памяти, мы также получаем уведомления.

Дальнейшее сканирование памяти на хостах было приостановлено, поскольку мы не хотим, чтобы на основе наших рекомендаций клиент сломал себе бизнес-процессы.

Я не знал, пока не создал тикет и разработчик не подтвердил мне одно из очень смелых предположений, причём не с первого раза.

Лимит большой, так что в большинстве случаев можно считать, что это хеш от всего файла.

К счастью, это удалось вовремя выявить, так что это не привело к каким-то негативным последствиям.

Правда, проблема в том, что в современных условиях документация к программным интерфейсам ОС уже давно за гранью обозримого.

Примеры можно увидеть нижеSmartGPT - это новая языковая модель Al, который может очень хорошо следовать инструкциям пользователя и не имеет специальной фильтрации.

SmartGPT - это новая языковая модель Al, который может очень хорошо следовать инструкциям пользователя и не имеет специальной фильтрации.

Для моделей на 7 и 13 миллиардов параметров были так же выбраны две версии квантизованных весов на 4 и 8 байт.

Затем отправить потенциальной жертве электронное письмо, в котором утверждается, что на ее счету произошла неполадка или необходима проверка данных.

Взаимодействие наркотики/фишинг: Атаки, связанные с наркотиками, в большинстве случаев оказались успешнее по сравнению с фишингом, особен…

Слава не успел сделать скриншот переписки, поэтому мы постарались восстановить содержимое на основе скриншотов других жертв подобной схемыГолос учтен.

Позже Слава поймет, что в субботу его сессию перехватили мошенники и тихо ждали три дня, чтобы «выкинуть» владельца из всех устройств и завладеть аккаунтом.

Другие жертвы в сумме перевели 300 тысяч рублей, но не по указанному номеру в чате, а на известный им номер Кости.

Придумать подсказку для облачного пароля — учтите, что мошенники ее тоже увидят, поэтому сделайте ее понятной только для вас.

Ищите такие решения, которые учат сотрудников отражать атаки и безопасно общаться и в Телеграме, и Вотсапе.

На этот раз взглянем на продукт от разработчиков из компании Wiz Research — Kubernetes LAN Party , челлендж по выполнению CTF-сценариев.

Что такое K8s LAN Party и зачем он нуженK8s LAN Party — это набор из пяти CTF-сценариев, в которых пользователю нужно найти уязвимости в кластере Kubernetes.

В K8s LAN Party следующие правила для выполнения заданий:Выполнять сценарии можно в любом порядке.

65536 / 65536 [---------------------------------------------------------------------------------------------------------------------------------] 100.00% 985 p/sУтилита нашла сервис getflag-service.

Вставляем его в поле для ввода и завершаем наш сценарий.

Но такой подход неудобен и для администраторов системы и для пользователей.

В текущей статье мы настроим Kerberos аутентификацию в OpenAM.

Настройка WindowsСоздайте в Active Directory учетную запись для аутентификации Kerberos.

Таким образом, вы можете аутентифицироваться по протоколу Kerberos без подключения Active Directory в User Data Store в OpenAM.

Проверка решенияНа Windows машине под аутентифицированным в Active Directory пользователем откройте в браузере url OpenAM http://openam.example.com:8080/openam/XUI/#login/&realm=/&service=ssoЕсли все настроено корректно, OpenAM сразу аутентифицирует вас без запроса учетных данных.

Разбираемся с фаззингом с Ffuf и исследуем несколько ключевых методов его применения.

Могут приниматься несколько флагов -H -X HTTP метод для использования -b Данные cookie " Name1 = Value1; Name2 = Value2" для копирования функциональности curl -d Данные POST -http2 Использовать протокол HTTP2 (по умолчанию: false) -ignore-body Не загружать содержимое ответа (по умолчанию: false) -r Следовать перенаправлениям (по умолчанию: false) -recursion Сканировать рекурсивно.

Например: http://127.0.0.1:8080 или socks5://127.0.0.1:8080 ОБЩИЕ ОПЦИИ: -V Показать информацию о версии (по умолчанию: false) -ac Автоматическая калибровка параметров фильтрации (по умолчанию: false) -acc Пользовательская строка…

В продуктовом каталоге Cloud.ru есть несколько вендорских сервисов, в которые не заложили возможность подключения двухфакторной аутентификации, или предлагаемая функциональность нас по ряду причин не устраивала.

Но это требует установки и настройки клиентского ПО, что в удаленном формате работы не очень дружелюбно для пользователей.

Зарегистрировать в IAM пользователя, включить для него 2FA и настроить приложение OTP (например, Google Authenticator, Яндекс Ключ и т.

Настроить сетевую связность и разрешения до IAM и защищаемого приложения.

Что в итоге?

Что не исключает, конечно, ознакомления с угрозами через вендорские отчеты, бюллетени (IBM, Microsoft, Elastic, Acronis, SonicWALL и т.д.)

При этом только через TI-отчеты мы можем разобраться, как работают группировки, прокачиваются, как атакуют с конкретного вредоносного ПО, как используют техники и что сейчас актуально.

Шпионское ПО и некоторые формы рекламного ПО также можно отнести к вредоносному ПО.

Как и в любой другой компании, в группировке присутствуют менеджеры среднего звена, менеджеры по персоналу, различные технические, производственные команды с дорожной картой и релизами.

Причем публикации где угодно, на сайте поставщика с патчем или на черных рынках интернета.

На этой неделе Google выпустила обновление для Chrome 124, которое исправляет четыре сразу уязвимости, включая критическую проблему CVE-2024-4058 в ANGLE (Almost Native Graphics Layer Engine).

Стоит сказать, что за последние годы лишь несколько уязвимостей в Chrome получили статус «критических».

За свои находки исследователи получили вознаграждение в размере 16 000 долларов.

Google не сообщает о том, что CVE-2024-4058 уже может эксплуатироваться хакерами.

Однако злоумышленники нередко эксплуатируют ошибки типа confusion, найденные в Chrome, хотя чаще такие уязвимости затрагивают JavaScript-движок V8.

Министерство юстиции США обвинило Кионна Родригеса (Keonne Rodriguez) и Уильяма Лонергана Хилла (William Lonergan Hill) в отмывании более 100 млн долларов через криптовалютный миксер Samourai Whirlpool, которым они управляли на протяжении почти десяти лет.

Родригес был арестован ранее на этой неделе, и в ближайшие дни он предстанет перед судом в США.

В операции, направленной на закрытие Samourai, принимали участие правоохранительные органы Исландии и Португалии, а также Европол.

Предположительно, деятельность по отмыванию денег принесла основателям компании около 4,5 млн долларов США в качестве комиссионных за транзакции Whirlpool и Ricochet.

В настоящее время исландские правоохранительные …

Исследователи сообщают об актуальной мошеннической схеме, в рамках которой людям предлагают заработать на криптовалюте Toncoin (TON) через Telegram.

По данным компании, сначала потенциальную жертву побуждают вложить деньги в TON, а потом пригласить в специальный чат в мессенджере своих знакомых и получать за это комиссию.

Далее требуется купить криптовалюту (минимум на 5,5 TON) и перевести ее на свой кошелек.

Чем дороже тариф, тем выше комиссионный процент, — «велосипед» стоит 5 TON и дает 30% комиссии, а «ракета» — 500 TON и 70%.

По уверениям организаторов, в итоге «заработок» будет складываться из двух частей: фиксированной платы в 25 TON за каждого приглашенного друга и комиссии за тариф…

5 июня в Москве во второй раз состоится «БеКон» — конференция по безопасности контейнеров и контейнерных сред.

Комьюнити соберется снова, чтобы вместе со спикерами обсудить острые темы, важные моменты и нестандартные решения в области безопасности контейнеров и K8s.

Мероприятие организовано компанией Luntry — российским решением для защиты контейнеров и Kubernetes.

В докладах будут подниматься актуальные темы, касающиеся безопасности контейнерных сред в 2024 году.

Участники смогут познакомиться и лично пообщаться с представителями известных компаний, со спикерами и признанными экспертами в сфере безопасности контейнеров.

Cisco стало известно об ArcaneDoor в начале января 2024 года, когда были найдены доказательства того, что злоумышленники тестировали и разрабатывали эксплоиты для уязвимостей с июля 2023 года.

Уязвимости позволяли атакующим внедрять ранее неизвестные вредоносные программы в системы жертв и закрепляться на взломанных устройствах ASA и FTD.

«Злоумышленники использовали специализированный инструментарий, который свидетельствует о явной нацеленности на шпионаж и глубоком знании атакованных устройств, что является отличительными признаками опытных спонсируемых государством субъектов, — пишут в Cisco.

— В рамках этой кампании UAT4356 развернули два бэкдора, Line Runner и Line Dancer, которые в со…

На прошлой неделе специалисты Microsoft опубликовали LLM WizardLM 2, которая, по их словам, является одной из самых мощных на сегодня больших языковых моделей с открытым исходным кодом.

Затем, спустя несколько часов, компания удалила модель из сети, поскольку перед выпуском ее случайно забыли «протестировать на токсичность».

Однако пользователи успели сохранить LLM, и она по-прежнему доступна всем желающим.

Как отмечает 404 Media, официальные страницы WizardLM 2 на GitHub и Hugging Face все еще не работают, но найти множество копий LLM на тех же платформах совсем нетрудно.

Но, журналисты резюмируют, что факт остается фактом: Microsoft не смогла уберечь ИИ-модель, которую в компании сочли не…

Но для любого зам­ка оты­щет­ся отмычка: сегод­ня мы раз­берем­ся, как ревер­сить такие прог­раммы, научим­ся вос­ста­нав­ливать исходный код и узна­ем, как соз­дать для них собс­твен­ный дизас­сем­блер.

В качес­тве при­мера возь­мем некое при­ложе­ние для ней­росете­вой обра­бот­ки видео с нехоро­шей осо­бен­ностью: при­ложе­ние про­веря­ет лицен­зию на уда­лен­ном сер­вере при выпол­нении всех более‑менее полез­ных фун­кций.

Что это за фай­лы и с чем их едят, я под­робно рас­ска­зывал в статье «Зме­иная ана­томия.

На скрин­шоте прос­лежива­ется пов­торя­ющий­ся через каж­дые 16 байт шаб­лон, который, похоже, наложен опе­раци­ей XOR на исходный код и мес­тами прог­лядыва­ет на мес­те нулев…

Разработчики Google сообщили, что из-за тестирований, которые проводят британские регуляторы, отказ от сторонних файлов cookie вновь открывается.

Напомним, что исходно Goodge планировала, что не будет избавляться от сторонних cookie до 2022 года.

Затем срок перенесли, и отказ отложили до 2023 года, а затем и до 2024 года.

Так, власти Великобритании хотят убедиться, что Google вносит изменения в Chrome, не в ущерб конкурентам, ради поддержания собственного рекламного бизнеса.

В результате в Google сообщили, что активно сотрудничают с CMA и ICO и, если удастся достичь соглашения, планируется начать отказ от использования сторонних файлов cookie в начале следующего года.

К примеру, еще в 2022 году Говдяк сообщил инженерам Microsoft, что ему удалось скачать контент, защищенный PlayReady, с Canal+, премиальной VOD-платформы в Польше.

А в Microsoft тогда заявили СМИ, что «описанные проблемы касаются настроек, контролируемых поставщиком услуг, и безопасности стороннего клиента», подчеркнув, что речь не идет об уязвимости в службе или клиенте Microsoft.

Однако Говдяк продолжил изучать безопасность Microsoft PlayReady и теперь обратил внимание на международные стриминговые сервисы, которые используют PlayReady для защиты контента.

— Любой пользователь Windows может извлечь ключи для фильмов из стриминговых платформ, которые используют уязвимую технологию Microsof…

Присцилла Сноу (Priscilla Snow), музыкант и аудиодизайнер из Канады, рассказала, что ее телевизор Hisense помешал нормальной работе ее компьютера под управлением Windows.

Пользователь под ником Narayan B рассказывал на форуме Microsoft, что он нашел корень проблемы, которым оказался его телевизор Hisense, работающий на Android.

Оказалось, что телевизор Hisense генерирует «случайные UUID для обнаружения сети UPNP каждые несколько минут».

Windows, не понимая, зачем устройство это делает, видит это и добавляет все эти альтернативные устройства Hisense в свою службу Device Association Framework (DAF).

Narayan B писал, что и раньше замечал, как его телевизор Hisense заваливает обращениями систем…

Так, Так, в первом квартале 2024 года их число увеличилось в 5,2 раза по сравнению с аналогичным периодом 2023 года и составило более 19 миллионов.

Количество атак Dwphon на российских пользователей выросло в марте 2024 года примерно на 25% по сравнению с декабрем прошлого года и насчитывает почти 222 000 случаев.

Однако в случае с Dwphon жертва получает зараженное устройство прямо из коробки, то есть купив его в магазине.

Однако в Mamont злоумышленники развили функциональность банковского троянца, чтобы выманивать платежные данные потенциальных жертв и получать доступ к их SMS-сообщениям.

Злоумышленники распространяют Mamont на неофициальных площадках, в том числе под видом приложений для …

We've curated the top 10 must-know endpoint security tips that every IT and security professional should have in their arsenal.

The best way to have time on your side is to invest in endpoint security solutions that provide real-time monitoring and telemetry.

Conducting regular assessments is critical for evaluating the effectiveness of your endpoint security measures and contributing to a healthy security posture.

This continuous improvement cycle allows you to adapt strategies based on your findings, keeping your endpoint security solid and effective.

PRO TIPS:Schedule regular risk assessments to evaluate the effectiveness of your security measures, including endpoint security, network se…

Fake browser updates are being used to push a previously undocumented Android malware called Brokewell.

"Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware," Dutch security firm ThreatFabric said in an analysis published Thursday.

Brokewell is said to be the work of a developer who goes by the name "Baron Samedit Marais" and manages the "Brokewell Cyber Labs" project, which also includes an Android Loader publicly hosted on Gitea.

By default, the loader apps generated through this process have the package name "com.brkwl.apkstore," although this can configured by the user by either providing a specific name o…

Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation.

The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices.

It has been addressed in multiple versions of PAN-OS 10.2.x, 11.0.x, and 11.1.x.

The activity, codenamed Operation MidnightEclipse, entails the use of the flaw to drop a Python-based backdoor called UPSTYLE that's capable of executing commands transmitted via specially crafted requests.

"A factory reset is recommended due to evidence of more invasive threat actor activity."

Threat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers.

The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10.

In the attacks observed so far, CVE-2024-27956 is being used to unauthorized database queries and create new admin accounts on susceptible WordPress sites (e.g., names starting with "xtw"), which could then be leveraged for follow-on post-exploitation actions.

This includes installing plugins that make it possible to upload files or edit code, indicating attempts to repurpose the infected sites as stagers.

"To evade detection and maintain access, atta…

The North Korea-linked threat actor known as Lazarus Group employed its time-tested fabricated job lures to deliver a new remote access trojan called Kaolin RAT.

The Lazarus Group's use of job offer lures to infiltrate targets is not new.

Dubbed Operation Dream Job, the long-running campaign has a track record of using various social media and instant messaging platforms to deliver malware.

"The Lazarus group targeted individuals through fabricated job offers and employed a sophisticated toolset to achieve better persistence while bypassing security products," Camastra said.

What is certain is that Lazarus had to innovate continuously and allocate enormous resources to research various aspe…

Follow this real-life network attack simulation, covering 6 steps from Initial Access to Data Exfiltration.

Surprisingly, most network attacks are not exceptionally sophisticated, technologically advanced, or reliant on zero-day tools that exploit edge-case vulnerabilities.

By simulating a real-world network attack, security teams can test their detection systems, ensure they have multiple choke points in place, and demonstrate the value of networking security to leadership.

In the end, we explain why a holistic security approach is key for network security.

How to Protect Against Network AttacksEffectively protecting against attackers requires multiple layers of detection.

The U.S. Department of Justice (DoJ) on Wednesday announced the arrest of two co-founders of a cryptocurrency mixer called Samourai and seized the service for allegedly facilitating over $2 billion in illegal transactions and for laundering more than $100 million in criminal proceeds.

Rodriguez and Hill face a maximum sentence of 25 years in prison each.

Samourai laundered money from illegal dark web marketplaces, including Silk Road and Hydra, as well as spear-phishing schemes and scams aimed at defrauding multiple decentralized finance protocols.

"Ricochet defends against bitcoin blacklists by adding additional decoy transactions between the initial send and eventual recipient," according…

Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative.

The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year.

Privacy Sandbox refers to a set of initiatives that offers privacy-preserving alternatives to tracking cookies and cross-app identifiers in order to serve tailored ads to users.

Both Apple and Mozilla both discontinued support for third-party cookies in 2020.

The development comes as Google said it's updating client-side en…

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments.

Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).

Exactly which country is behind ArcaneDoor is unclear, however both Chinese and Russian state-backed hackers have targeted Cisco routers for cyber espionage purposes in the past.

Cisco Talos also did not specify how many customers were compromised in these attacks.

"Perimeter network devices are the perfect intrusion poi…

"These actors targeted more than a dozen U.S. companies and government entities through cyber operations, including spear-phishing and malware attacks," the Treasury Department said.

Nasab, Harooni, and Salmani have also been responsible for procuring and maintaining the online network infrastructure used to facilitate the intrusions, the DoJ said.

Each of the defendants has been charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud, and wire fraud.

If convicted, they face up to five years in prison for the computer fraud conspiracy, and up to 20 years in prison for each count of wire fraud and conspiracy to commit wire fraud.

Nasab, Harooni, and Salmani have als…

Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware called SSLoad.

The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software.

"Once inside the system, SSLoad deploys multiple backdoors and payloads to maintain persistence and avoid detection."

The initial reconnaissance phase paves the way for Cobalt Strike, a legitimate adversary simulation software, which is then used to download and install ScreenConnect, thereby allowing the threat actors to remotely commandeer the host.

"With this level of access, they could get into any…

Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors.

The only vendor whose keyboard app did not have any security shortcomings is that of Huawei's.

Following responsible disclosure, every keyboard app developer with the exception of Honor and Tencent (QQ Pinyin) have addressed the issues as of April 1, 2024.

Users are advised to keep their apps and operating systems up-to-date and switch to a keyboard app that entirely operates on-device to mitigate these privacy issues.

Other recommendations call on app developers to use well-tested and standard encryption protocols instead of developing homegrown version…

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks.

The intricate and elaborate infection chain, at its core, leverages a security shortcoming in the update mechanism of Indian antivirus vendor eScan to propagate the malware by means of an adversary-in-the-middle (AitM) attack.

"GuptiMiner hosts their own DNS servers for serving true destination domain addresses of C&C servers via DNS TXT responses," researchers Jan Rubín and Milánek said.

"As the malware connects to the malicious DNS servers direct…

A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024.

Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-origin group that came to light earlier this month.

"This threat actor is using a Content Delivery Network (CDN) cache to store the malicious files on their network edge host in this campaign, avoiding request delay," Talos researchers Joey Chen, Chetan Raghuprasad, and Alex Karkins said.

"The actor is using the CDN cache as a download server to dece…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

VideoWhat makes Starmus unique?

– A Q&A with award-winning filmmaker Todd MillerThe director of the Apollo 11 movie shares his views about the role of technology in addressing pressing global challenges as well as why he became involved with Starmus.

24 Apr 2024

We spoke to Michel Mayor about the importance of public engagement with science and fostering responsibility among the youth for the preservation of our changing planetJoin us as we speak to the Nobel Prize-winning astronomer Michel Mayor about the intersection of technology and scientific discovery, the art of making science accessible to all, and the imperative of nurturing environmental stewardship among the youth.

In this short video, Professor Mayor offers his quick takes on:the role of technology in driving scientific progressstrategies for communicating complex scientific concepts to the broader publicfostering a sense of responsibility among the youth towards the preservation of pla…

Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the strong sense of community within the Starmus universeIn this exclusive interview, we delve into the heart of the Starmus Festival with Dr. Garik Israelian, an astrophysicist and the visionary force behind the festival.

Join us as Dr. Israelian shares his views about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the sense of community within the Starmus universe.

What’s the goal of Starmus?

How is the Starmus community evolving?

What empowering messages does Starmus convey to the youth?

What are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?

Attackers behind the disruptive ransomware attack at medical firm Change Healthcare in late February have begun to leak what they claim are corporate and patient data stolen during the attack.

In this week's video, Tony looks at the risks and consequences of having your health data exposed and the steps you should take if your data is exposed.

This is impersonation fraud, and it’s fast becoming one of the highest earners for cybercriminals.

What does impersonation fraud look like?

Fake social media accounts are a growing challenge; used to spread scam links and too-good-to-be-true offers.

Bogus notificationUnusual messages: Phishing emails often contain inconsistencies which mark them out as impersonation fraud.

With any impersonation fraud, the key is: be skeptical, slow down, and independently verify they are who they say they are.

From promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children.

With the rise of social media influencers and curated online content, ads often portray an idealized version of reality that may not reflect the complexities of everyday life.

Parents or responsible adults must help children critically evaluate media messages and develop a balanced perspective.

Security and privacy risksSome ads that children may be exposed to can pose significant security and privacy risks.

From promoting questionable content to posing financial, security, and privacy risks, ads present multiple dangers for young minds.

Here’s how cybercriminals target cryptocurrencies and how you can keep your bitcoin or other crypto safeBitcoin is on a tear.

Threat actors are primed and ready to ruthlessly exploit any users lacking digital savvy – via scams and sophisticated malware.

We can divide the main threats into three types: malware, scams and third-party breaches.

Examples of scam sites (source: ESET Threat Report H1 2023)2.

Bogus play-to-earn video game (source: ESET Threat Report H1 2023)3.

Could your messaging app of choice have been authored by a threat actor known as Virtual Invaders?

As described by ESET researchers this week, this is what happened to the victims of an ongoing and targeted Android espionage campaign called eXotic Visit that began in late 2021 and pose as messaging services.

The malicious apps – which were distributed through dedicated websites and even Google Play – masqueraded as messaging services, but came bundled with the XploitSPY malware.

The campaign appears to have targeted people mainly in Pakistan and India.

To learn more, watch the video and make sure to read the full blogpost.

But they could also expose them to exploitative advertising, inappropriate content, and security and privacy risks.

The challenge for parents is compounded by complex privacy settings, opaque privacy policies, regulatory loopholes, weak enforcement and our own lack of awareness.

Limited privacy information: Despite regulatory requirements in many jurisdictions, kids’ apps can feature opaque privacy/security policies which make it unclear how your child’s data will be used and protected.

Security risks: Mobile apps also pose significant security risks.

Educate your children about the importance of protecting their personal information and the potential consequences of security and privacy ri…

At that time, there were five apps available, using the names ChitChat.apk, LearnSindhi.apk, SafeChat.apk, wechat.apk, and wetalk.apk.

Dink Messenger on Google Play implemented emulator checks (just as Alpha Chat), whereas the one on the dedicated website did not.

Sim Info reached over 30 installs on Google Play; we have no information about when it was removed from the store.

The Specialist Hospital app, available on GitHub, poses as the app for Specialist Hospital in India (specialisthospital.in); see Figure 10.

However, the same GitHub account now hosts several new malicious apps available for download.

Many people bagged Temu's offer and went on to post 'invitation codes' across social media sites in an effort to multiply the rewards for themselves and their relatives and friends.

The company later revised the terms of the giveaway, but the issue put the spotlight on the data collection practices of popular online services these days.

Some of the questions this leads to, however, are:Did Temu's new users read the fine print?

What should you consider before agreeing to these kinds of offers?

Find out in this week's edition of Week in security.

In other words, there isn’t a one-size-fits-all answer to when you should change your password(s).

The former means it is easier to store and recall long, strong and unique passwords for every account.

New passwords, especially if created every few months, are also more likely to be written down and/or forgotten, according to the NCSC.

“It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack.

We believe this reduces the vulnerabilities associated with regularly expiring passwords while doing little to increase the risk of long-term password exploitation.”When to change your passwordHowever, …

Hence, threat actors continually seek different ways to evade detection, and among those techniques is using malware hidden in images or photos.

Malware placed inside images of various formats is a result of steganography, the technique of hiding data within a file to avoid detection.

Another piece of malware must be delivered that takes care of extracting the malicious code and running it.

It might seem like both pictures are the same, but one of them includes malicious code in the alpha channel of its pixels.

From left to right: Clean image, image with malicious content, and the same malicious image enhanced to highlight the malicious code (Source: ESET Research)As you can see, the differ…

Much has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a resultRemote Desktop Protocol (RDP) turned out to be a lifeline for organizations around the world during the mass shift to remote and hybrid work arrangements.

Its popularity didn't escape the attention of cybercriminals, and RDP remains a popular attack vector among many bad actors intent on wreaking havoc on corporate networks.

While much has been written about the risks that poorly-secured RDP connections entail, reports show that many organizations continue to leave themselves exposed – and are even hit by data b…

As anticipation builds for the upcoming 2024 Summer Olympics in Paris, let’s look at 10 cases where sports organizations fell victim to cyberattacks.

The spear phishing attack lured the victim to a bogus Office 365 login page where he unknowingly surrendered his login credentials.

Kneecapped by ransomwareIn November 2020, Manchester United fell victim to a ransomware attack that disrupted the club’s digital operations.

In October 2023, a different kind of buzzer sounded for the French basketball team ASVEL – it signaled a data breach orchestrated by the NoEscape ransomware gang.

This incident compromised servers storing sensitive data, including names, surnames, postal addresses, email addr…

Dear Naked Security readers,Firstly, thank you for your interest, your time, and your contributions to the Naked Security community.

We have recently added the extensive catalog of Naked Security articles to the Sophos News blog platform, enabling us to provide all Sophos security research, insights, and intelligence in a single location.

We are redirecting articles from Naked Security to Sophos News and you can continue to access the Naked Security article library whenever you need it.

You can find their articles in the Security Operations, Threat Research and AI Research sections of this blog.

Whether you’re a threat hunter, security administrator, IT/security generalist, home user or mor…

Mom’s Meals issues “Notice of Data Event”: What to know and what to do

S3 Ep149: How many cryptographers does it take to change a light bulb?

Using WinRAR?

Be sure to patch against these code execution bugs…

Have you listened to our podcast?

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

S3 Ep147: What if you type in your password during a meeting?

Have you listened to our podcast?

These practices reveal a significant gap between recommended security practices and actual user behavior, highlighting how weak password habits and password reuse significantly heighten cybersecurity risks and identity theft.

Discrepancy between cybersecurity confidence and behaviorsThere is a critical need for enhanced awareness and education about better cybersecurity habits at home and work.

54% of individuals rely on memory and 33% use pen and paper to manage their passwords at home.

Weak user password practicesThe survey’s findings illustrate that individual password habits at work mirror those at home.

Stronger cybersecurity habits on the riseDespite the password security challenges, …

LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols.

What LSA Whisperer does“Many authentication packages generally support their internal APIs, known as package calls, and relatively few are documented or used outside of Microsoft.

“LSA Whisperer allows you to directly recover multiple types of credentials from the Local Security Authority Subsystem Service (LSASS) without accessing its memory.

LSA Whisperer uses CMake to generate and run the build system files for your platform.

LSA Whisperer is available for free on GitHub.

Following the past few years of economic turbulence, merger and acquisition (M&A) activity is on the rise in 2024, with several acquisition deals being announced in the first few months of the year valued at billions of dollars.

With the surge of AI adoption, companies must not only reevaluate AI’s role in identifying top prospects but also assess and resolve security risks that may lie hidden within their networks and the companies they are merging or acquiring.

In this Help Net Security video, Brian Neuhaus, CTO Americas for Vectra AI, discusses the intersection of AI and cybersecurity and its impact on M&A processes.

AletheaApril | $20 millionAlethea closed a $20 million Series B funding round led by GV, with participation from Ballistic Ventures, who led Alethea’s Series A funding in 2022.

AxoniusMarch | $200 millionAxonius has secured $200 million in a Series E extension funding round led by Accel and Lightspeed Venture Partners.

Defense UnicornsMarch | $33 millionDefense Unicorns has raised a $35 million Series A funding round led by Sapphire Ventures and Ansa Capital.

NinjaOneFebruary | $231.5 millionNinjaOne raised a $231.5 million Series C funding round led by ICONIQ Growth.

Sweet SecurityMarch | $33 millionSix months after coming out of stealth, Sweet Security announced a $33 million Series A fun…

Here’s a look at the most interesting products from the past week, featuring releases from Cyberint, Forcepoint, Invicti Security, Netwrix, Trend Micro, Zero Networks, and WhyLabs.

Trend Micro launches AI-driven cyber risk management capabilitiesTrend Micro unveiled AI-driven cyber risk management capabilities across its entire flagship platform, Trend Vision One.

This seamlessly integrates more than 10 industry technology categories into one offering, empowering security, cloud and IT operations teams to manage risk proactively.

Zero Networks unveils identity segmentation solution to prevent credential theftThe Zero Networks identity segmentation solution is automated, agentless, and MFA-p…

The Federal Communications Commission (FCC) today voted to restore a national standard to ensure the internet is fast, open, and fair.

Today’s decision to reclassify broadband service as a Title II telecommunications service allows the FCC to protect consumers, defend national security, and advance public safety.

Through its actions today, the Commission creates a national standard by which it can ensure that broadband internet service is treated as an essential service.

Today’s vote also makes clear that the Commission will exercise its authority over broadband in a narrowly tailored fashion— without rate regulation, tariffing, or unbundling—to foster continued innovation and investment.

M…

Acronis Advanced Security with Endpoint Detection and Response provides unmatched advanced threat detection and remediation capabilities designed for MSPs.

When combined with Stellar Cyber’s Open XDR Platform, MSPs can benefit from streamlined data management, threat detection and correlation, and unmatched visibility.

“Once the Acronis data is ingested and normalized, Stellar Cyber uses machine learning to identify potential threats against the environment.

With the power of Stellar Cyber Open XDR with the Acronis Cyber Protect Cloud, MSPs can seamlessly ingest logs, query alerts, and integrate telemetry into a data lake.

Adding the Acronis Cyber Protect Cloud and enabling the integration …

Edgio released its Client-Side Protection solution.

With Edgio Client-Side Protection, organizations handling payment data will be well positioned to gain a competitive edge by adopting client-side security controls ahead of the PCI DSS 4.0’s March 2025 deadline.

Edgio Client-Side Protection enables organizations to secure critical customer data and streamline compliance workflows.

“Edgio Client-Side Protection is proud to offer a full inventory and real-time reporting of all client-side scripts allowing security teams to investigate treats with unprecedented ease and power,” said Edgio CTO Ajay Kapur.

“Edgio Client-Side Protection supports the latest compliance requirements and addresses o…

IBM and HashiCorp have entered into a definitive agreement under which IBM will acquire HashiCorp for $35 per share in cash, representing an enterprise value of $6.4 billion.

“HashiCorp has a proven track record of enabling clients to manage the complexity of today’s infrastructure and application sprawl.

Combining IBM’s portfolio and expertise with HashiCorp’s capabilities and talent will create a comprehensive hybrid cloud platform designed for the AI era,” Krishna continued.

For example, the powerful combination of Red Hat’s Ansible Automation Platform’s configuration management and Terraform’s automation will simplify provisioning and configuration of applications across hybrid cloud en…

Dropzone AI has raised $16.85 million in Series A funding.

Dropzone AI is the first AI SOC analyst to replicate the techniques of elite human analysts.

Dropzone AI was recently named a finalist in the 2024 RSAC Innovation Sandbox Contest, the youngest and the only Gen AI-powered enterprise security technology in that cohort.

“Cyber defenders are losing today and will face more challenges when attackers leverage AI for more sophisticated attacks,” said Edward Wu, CEO at Dropzone AI.

Giving our SOC analysts the right kinds of AI tools can save lives.”“Dropzone gives you more accurate, more complete analyses of investigation data.

WhyLabs launched a new type of AI operations platform: the AI Control Center.

To address these challenges, the WhyLabs AI Control Platform assesses data in real-time from user prompts, RAG context, LLM responses, and application metadata to surface potential threats.

“WhyLabs AI Control Platform provides us with an accessible and easily adaptable solution that we can trust.

Organizations leveraging the WhyLabs AI Control Platform for generative AI applications see the following outcomes:Prevention of security threats : Users can detect bad actors and misuse of externally-facing chatbots and Q&A applications.

These capabilities are available now in the WhyLabs AI Control Platform alongside t…

ESET has unveiled a new integration with Arctic Wolf, to ensure increased visibility and protection against modern threats.

By integrating ESET Inspect into Arctic Wolf’s Security Operations Platform, Arctic Wolf customers are able to enhance their security posture – aggregating vast amounts of data from diverse, global sources.

Arctic Wolf is one of the most trusted MDR vendors in the world, and an exciting milestone for our integrations program,” Matchett continued.

“The new ESET PROTECT Platform API allows ESET Inspect data to seamlessly integrate with the Arctic Wolf Platform, that when combined with the telemetry from other security tools, ensure Arctic Wolf customers get holistic prot…

Sublime Security has raised $20 million in Series A funding, led by Index Ventures with participation from previous investors Decibel Partners and Slow Ventures.

In a rapidly evolving threat landscape, email remains a top security concern for businesses.

Email security has traditionally been driven by vendors that offer black box, one-size-fits-all solutions.

As the email threat landscape continues to evolve rapidly, defensive tools must be equally adaptable.

Security teams have full control over Sublime’s Attack Score output, enabling them to combine it with other logic using detection-as-code.

The 2024 Cyber Claims Report is based on reported claims data from January 1 to December 31, 2023.

Drop in ransomware severity, frequency, and demands in 2H 2023Overall claims frequency increased 13% year-over-year (YoY), and overall claims severity increased 10% YoY, resulting in an average loss of $100,000.

As ransomware payments hit $1 billion globally, Coalition ransomware severity dropped by 54%.

Ransomware severity, frequency, and demands all dropped in 2H 2023, though not enough to offset the surge in 1H.

FTF frequency increased by 15% YoY, and severity increased by 24%, to an average loss of more than $278,000.

Anatomy IT has announced the launch of an expanded end-to-end cybersecurity product suite designed to safeguard healthcare delivery organizations from evolving and growing IT system threats.

This alignment reaffirms Anatomy IT’s commitment to providing its customers with a comprehensive cybersecurity approach that adheres to world-class security standards.

Anatomy IT’s expanded Security Suite not only addresses the growing cybersecurity concerns faced by healthcare organizations, but also strengthens its approach to incident response and remediation.

Rooted in a methodical approach, the Risk Discovery Tool quantifies a healthcare organization’s risk tolerance and posture through a series of…

Salt Security have announced the release of its new multi-layered OAuth protection package to detect attempts to exploit OAuth and proactively fix vulnerabilities.

Salt is enhancing its API protection platform with a comprehensive suite of new OAuth threat detections and posture rules to address the growing challenge of OAuth exploitation.

Salt Security’s recent investigation exposed several critical security flaws within the OAuth implementations of popular ChatGPT plug-ins.

Salt Security’s OAuth Protection Package provides robust OAuth defences that help organisations achieve several critical security objectives.

In fact, within just five days of the OAuth protection package being deploye…

Two formidable female tech leaders have joined forces to launch an innovative new leadership development and mentoring platform for the cyber community – Leading Cyber.

Leading Cyber was unveiled ahead of the duo visiting UK Cyber Week in London and the leadership development and mentoring platform concept will connect cyber security leaders around the world.

The innovative platform will build a global online community for cyber security leaders and cyber business owners to share, connect and grow.

Danielle is the Founder and Managing Director of Durham based Inside Out, an internal communications consultancy that has successfully penetrated the tech, HE and cyber security sectors building …

Last week, the IT Security Guru team attended Cydea’s Risk Management Platform launch in London.

Firstly, what is the new Cydea Risk Management platform?

And the financial quantification is the cherry on top: the ROI is immediately obvious!”Cydea’s Risk Management Platform is built on the popular as-a-service model that is currently booming.

Building Cydea Risk Platform was no different.

Cydea Risk Platform helps organisations to have better conversations about cyber risk.

It finds that most businesses see “offensive AI” fast becoming a standard tool for cybercriminals, with 93% of security leaders expecting to face daily AI-driven attacks.

The research, Cyber security in the age of offensive AI, surveyed security leaders in the UK and US about their experience with AI as a tool in cybersecurity, enhancing both offensive and defensive capabilities.

It reveals that not only do most security leaders expect daily AI-driven attacks, two-thirds (65%) expect that offensive AI will be the norm for cybercriminals, used in most cyber attacks.

Only 11% of security leaders see bot attacks as the greatest cyber threat facing their business, below ransomware, phishing, an…

Coalition, the world’s first Active Insurance provider designed to prevent digital risk before it strikes, today published its 2024 Cyber Claims Report, which details emerging cyber trends and their impact on Coalition policyholders throughout 2023.

While these tools can help to reduce cyber risk, using some boundary devices can actually increase the likelihood of a cyber claim if they have known vulnerabilities.

Other key findings from the report include:Overall claims frequency increased 13% year-over-year (YoY), and overall claims severity increased 10% YoY, resulting in an average loss of $100,000.

FTF frequency increased by 15% YoY, and severity increased by 24%, to an average loss of …

According to the Department for Science, Innovation and Technology (DSIT), only 17% of the UK cyber sector workforce is female, and this is down from 22% in 2022.

As we know, the cyber sector is a male-dominated space, and therefore women aren’t necessarily presented with the same opportunities.

For instance, they might shy away from applying to a cybersecurity role unless they match every single piece of criteria.

Is there anything that can be used to incentivise women to work in the cyber sector?

Prominent female role models and leaders are crucial when it comes to making cyber more attractive for women.

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced it has entered into a definitive agreement to acquire Egress, a leader in adaptive and integrated cloud email security.

Egress’ Intelligent Email Security suite provides a set of scaled, AI-enabled security tools with adaptive learning capabilities to help prevent, protect and defend organisations against sophisticated email cybersecurity threats.

By acquiring Egress, KnowBe4 plans to deliver a single platform that aggregates threat intelligence dynamically, offering AI-based email security and training that is automatically tailored relative to risk.

KnowBe4 recently an…

Search giant Google is currently undergoing one of its biggest algorithm updates in its history, sources are told.

Why Does Google Update its Algorithms?

Certain algorithm updates address particularly search issues, including mobile quality, site speed, trust and authority (E-E-A-T), spam and general quality.

This low quality content should thus be removed or majorly de-valued in the upcoming core update.

The algorithm update concludes on 5th May 2024 with dramatic shifts in search positions expected in the run up to this core update.

There’s a major paradox at play here: the industry needs more people, yet entire groups of individuals are currently being overlooked.

The main piece of information that is impossible to grasp from a CV is the candidate’s potential to succeed in the specific role being recruited for.

With cybersecurity skills in high demand, it’s time we encourage the pursuit of non-traditional candidates to drastically expand talent pipelines and plug the global skills gap.

Also, almost a third (32%) of neurodivergent individuals score higher in spatial awareness and 10% higher in digit symbol coding.

Hiring needs to consider more than just experience – it needs to assess potential.

Mandiant, part of Google Cloud, today released the findings of its M-Trends 2024 report.

Now in its 15th year, this annual report provides expert trend analysis based on Mandiant frontline cyber attack investigations and remediations conducted in 2023.

The 2024 report reveals evidence that organizations globally have made meaningful improvements in their defensive capabilities, identifying malicious activity affecting their organization more quickly than in previous years.

Dwell Time By RegionA closer examination reveals that median dwell time varies by region.

Targeting By Industry VerticalThe M-Trends 2024 report highlights key trends in industry targeting by cyber attackers.

As the CEO of Sitehop, a cutting-edge cybersecurity company, I lead our team in revolutionizing data protection with our innovative solutions.

How did you get into the cybersecurity industry?

It’s utterly thrilling to be a woman in cybersecurity amidst this exhilarating era of technological progress and digital innovation.

The cybersecurity industry is witnessing unparalleled growth and importance, rendering it an immensely exciting period for all those engaged.

What is one piece of advice you would give to girls/women looking to enter the cybersecurity industry?

Advanced Cyber Defence Systems (ACDS) has unveiled its groundbreaking Attack Surface Management (ASM) solution: OBSERVATORY.

To address this critical challenge, ACDS has created OBSERVATORY, a pioneering solution that equips security teams with lightening-fast, comprehensive, and contextualised threat data at internet scale.

Unlike conventional vulnerability scanning methods, OBSERVATORY employs proprietary algorithms to map an organisation’s entire vulnerability landscape.

Insights: OBSERVATORY doesn’t stop at discovery and validation; it empowers IT leaders with actionable insights to remediate pressing vulnerabilities efficiently.

Elliott Wilkes, CTO at Advanced Cyber Defence Systems, sa…

Cydea, the cyber risk management provider, has announced the Cydea Risk Platform, set to quantify threats in financial terms to businesses, allowing them to visualise the consequences of different business security-related scenarios.

Allow organisations to manage and communicate their cyber risk internally to make efficient, informed, measured decisions to regulators and partners in a fast-moving, unpredictable risk landscape.

“We’ve witnessed the many varied approaches that CISOs and business leaders have taken to understand cyber risk.

The Cydea Risk Platform cuts through the noise and closes the loop on cyber risk.

By presenting risk in financial terms, we enable organisations to focus o…

ISO Survey 2022: ISO 27001 certificates (ISMS) from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001ISO опубликовала свежую стаистику по выданным сертификатам. Я же обновил свою презентацию по сертификатам ISO 27001 (ISMS).Всего в 2022 году было зарегистрировано 71 549 сертификатов ISO 27001. Это на 22% больше, чем в 2021 году.ТОП 10 стран по количеству сертификатов:1. China - 263012. Japan - 69873. United Kingdom of Great Britain and Northern Ireland - 60844. India - 29695. Italy - 24246. United States of America - 19807. Netherlands - 17418. Germany - 15829. Spain - 156110. Israel - 1467Для сравнения, в РФ в 2022 году было зарегистрировано (осталось) только 30 сертификатов, а в 2021 было 95…

Выложил на Udemy свой первый курс по подготовке к сертификационному аудиту СУИБ по ISO 27001, "ISO 27001:2022. How to prepare for a certification audit"На нем я разбираю задачи, которые надо сделать До. Во время и После сертификационного аудита. Курс на английском языке.

Cybersecurity Frameworks for DMZCON23 230905.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

From NIST CSF 1.1 to 2.0.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

Всем привет. Пропал, каюсь, работы слишком много :(А пока принес вам 40% скидку на все курсы и сертификации от Linux Foundation. Скидка действует только сегодня.Если кто давно планировал сдать что-то серьезное по k8s, Linux или из DevOps — самое время. Например Certified Kubernetes Administrator (CKA) и Certified Kubernetes Security Specialist (CKS) бандлом стоит $435 вместо $725.Экзамен можно сдать в течении года после покупки> https://training.linuxfoundation.org/end-of-summer-2023/

The advent of AI threatens to destroy the complex online ecosystem that allows writers, artists, and other creators to reach human audiences.

It quickly became apparent that the deluge of media made many of the functions that traditional publishers supplied even more necessary.

Technology companies developed automated models to take on this massive task of filtering content, ushering in the era of the algorithmic publisher.

Unlike human publishers, Google cannot read.

Protecting the web, and nourishing human creativity and knowledge production, is essential for both human and artificial minds.

The law can’t stop privacy consent from being a fairy tale, but the law can ensure that the story ends well.

In the European Union, the General Data Protection Regulation (GDPR) uses the express consent approach, where people must voluntarily and affirmatively consent.

Because it conceptualizes consent as mostly fictional, murky consent recognizes its lack of legitimacy.

To return to Hurd’s analogy, murky consent is consent without magic.

Murky consent should be subject to extensive regulatory oversight with an ever-present risk that it could be deemed invalid.

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft:Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.

[…]“The government needs to focus on encouraging and catalyzing competition,” Grotto said.

He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up.

“At the end of the day, Microsoft, any company, is going to respond mo…

Using Legitimate GitHub URLs for MalwareInteresting social-engineering attack vector:McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.

The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL.

What this means is that someone can upload malware and “attach” it to a legitimate and trusted project.

For example, a threat actor could upload a malware executable in NVIDIA’s driver installer repo that pretends to be a new driver fixing i…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Surprising no one, the incident is not unique:The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails.

These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics.

The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement.

This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor.

[…]The OpenJS team also recognized a similar suspicious pattern in two …

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

X.com Automatically Changing Link Text but Not URLsBrian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links.

The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL.

So if you were a clever phisher and registered fedetwitter.com, people would see the link as fedex.com, but it would send people to fedetwitter.com.

Thankfully, the problem has been fixed.

Posted on April 16, 2024 at 7:00 AM • 0 Comments

New Lattice Cryptanalytic TechniqueA new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems.

This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems.

There is a wide gulf between quantum algorithms in theory and in practice.

And until we can actually code and test these algorithms, we should be suspicious of their speed and complexity claims.

We don’t have nearly enough analysis of lattice-based cryptosystems to be confident in their security.

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking twice at RSA Conference 2024 in San Francisco.

I’ll be on a panel on software liability on May 6, 2024 at 8:30 AM, and I’m giving a keynote on AI and democracy on May 7, 2024 at 2:25 PM.

The list is maintained on this page.

Posted on April 14, 2024 at 12:02 PM • 0 Comments

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

You’ve likely never heard of an open-source library called XZ Utils, but it’s on hundreds of millions of computers.

On March 25, Hans Jansen—another fake name—tried to push the various Unix systems to upgrade to the new version of XZ Utils.

And there’s no way to know how many of the unpaid and unappreciated maintainers of critical software libraries are vulnerable to pressure.

Certainly the security of these libraries needs to be part of any broad government cybersecurity initiative.

The U.S. government needs to recognize this as a national security problem and start treating it as such.

History of RSA Conference.

Bruce Schneier.

Listen to the Audio on SoundCloud.comBruce Schneier was at the first ever RSA Conference in 1991, and he was the first ‘exhibitor’ in 1994 when he asked Jim Bidzos, Creator of the RSA Conference, if he could sell copies of his book “Applied Cryptography.” Bidzos set Schneier up in the hotel lobby where the conference was being held—and the rest is history.

Listen to some great RSA Conference memories on this episode of the History of RSA Conference.

Posted on April 11, 2024 at 1:52 AM • 0 Comments

Rescator said the data exposed included employer, name, address, phone, taxable income, tax refund amount, and bank account number.

KrebsOnSecurity sought comment from the Secret Service, South Carolina prosecutors, and Mr. Keel’s office.

The AP says South Carolina paid $12 million to Experian for identity theft protection and credit monitoring for its residents after the breach.

Mr. Keel’s assertion that somehow the efforts of South Carolina officials following the breach may have lessened its impact on citizens seems unlikely.

It remains unclear why Shefel has never been officially implicated in the breaches at Target, Home Depot, or in South Carolina.

The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021.

Meanwhile, Chirp’s parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

On March 7, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned about a remotely exploitable vulnerability with “low attack complexity” in Chirp Systems smart locks.

Neither August nor Chirp Systems responded to requests for comment.

It’s unclear exactly how many apartments and other residences are using the vulnerable Chirp locks, but multiple articles about the company from 2020 state t…

CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.

It is clear, however, that unknown attackers now have all of the credentials that Sisense customers used in their dashboards.

Beyond that, it is largely up to Sisense customers to decide if and when they change passwords to the various third-party services that they’ve previously entrusted to Sisense.

But when confronted with the details shared by my sources, Sisense apparently changed its mind.

“If they are hosting customer data on a third-party system like Amazon, it better damn well be encrypted,” Weave…

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead.

Those include carfatwitter.com, which Twitter/X will now truncate to carfax.com when the domain appears in user messages or tweets.

A number of these new domains including “twitter.com” appear to be registered defensively by Twitter/X users in Japan.

The domain netflitwitter.com (netflix.com, to Twitter/X users) now displays a message saying it was “acquired to prevent its use for malicious purposes,” along with a Twitter/X username.

Some of the domains registered recently and ending in “twitter.com” currently do not resolve and contain no useful contact information in their registr…

Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

Microsoft today released updates to address 147 security holes in Windows, Office, Azure, .NET Framework, Visual Studio, SQL Server, DNS Server, Windows Defender, Bitlocker, and Windows Secure Boot.

Childs said one ZDI’s researchers found this vulnerability being exploited in the wild, although Microsoft doesn’t currently list CVE-2024-29988 as being exploited.

“BlackLotus can bypass functionality called secure boot, which is designed to block malware from being able to load when booting up.

Adobe has since clar…

Fory66399 insisted that their website — privnote[.

The tornote.io website has a different color altogetherThe privatenote,io website also has a different color!

Other Privnote phishing domains that also phoned home to the same Internet address as pirwnote[.

A review of the passive DNS records tied to this address shows that apart from subdomains dedicated to tornote[.

How profitable are these private note phishing sites?

Since that story ran, KrebsOnSecurity has heard from this Saim Raza identity on two occasions.

“Hello, we already leave that fud etc before year,” the Saim Raza identity wrote.

I already leave everything.”Asked to elaborate on the police investigation, Saim Raza said he was freshly released from jail.

Now I want to start my new work.”Exactly what that “new work” might entail, Saim Raza wouldn’t say.

“After your article our police put FIR on my [identity],” Saim Raza explained.

Thread hijacking attacks.

Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

Thread hijacking attacks are hardly new, but that is mainly true because many Internet users still don’t know how to identify them.

In contrast, thread hijacking campaigns tend to patiently prey on the natural curiosity of the recipient.

“We call these mutli-persona phishing scams, and they’re often paired with thread hijacking,” Kalember said.

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature.

“All of my devices started blowing up, my watch, laptop and phone,” Patel told KrebsOnSecurity.

They can also then remotely wipe all of the user’s Apple devices.

The engineer assured Ken that turning on an Apple Recovery Key for his account would stop the notifications once and for all.

After that, the page will display the last two digits of the phone number tied to the Apple account.

The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus.

Launched in 2018 under the name Firefox Monitor, Mozilla Monitor also checks data from the website Have I Been Pwned?

“I knew Mozilla had this in the works and we’d casually discussed it when talking about Firefox monitor,” Hunt told KrebsOnSecurity.

Those include voting registries, property filings, marriage certificates, motor vehicle records, criminal records, cou…

But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities.

“Employees can set a special league for themselves and regularly check and compare their scores against one another.”Imagine that: Two different people-search companies mentioned in the same story about fantasy football.

Sally Stevens’ LinkedIn profile photo is identical to a stock image titled “beautiful girl” from Adobe.com.

The photo next to Ms. Fairly’s quote in Entrepreneurs matches that of a LinkedIn profile for Lynda Fairly.

ANALYSISIt appears the purpose of this network is to conceal the location of people in China who are …

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites.

Historic registration records indexed by DomainTools.com say Mr. Shelest was a registrant of onerep.com who used the email address [email protected].

Constella found that Minsk telephone number (375-292-702786) has been used multiple times in connection with the email address [email protected].

Domaintools.com finds that all of the domains mentioned in the last paragraph were registered to the email address [email protected].

Anderson said it is concerning to see a direct link between between a data removal service and …

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems.

Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest updates for iOS fixes two zero-day flaws.

The security updates are available in iOS 17.4, iPadOS 17.4, and iOS 16.7.6.

Apple’s macOS Sonoma 14.4 Security Update addresses dozens of security issues.

Finally, Adobe today issued security updates that fix dozens of security holes in a wide range of products, including Adobe Experience Manager, Adobe Premiere Pro, ColdFusion 2023 and 2021, Adobe Bridge, Lightroom, and Adobe Animate.

“We got one final little nasty surprise for y’all,” reads the message to Incognito Market users.

Incognito Market deals primarily in narcotics, so it’s likely many users are now worried about being outed as drug dealers.

Creating a new account on Incognito Market presents one with an ad for 5 grams of heroin selling for $450.

Incognito Market has priced its extortion for vendors based on their status or “level” within the marketplace.

“Shadowcrew was the precursor to today’s Darknet Markets and laid the foundation for the way modern cybercrime channels still operate today,” Johnson said.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Czech news agency ČTK announced on Tuesday that a hacker had managed to break into its systems and published fake news reports of a plot to murder the president of a neighbouring country.

A follow-up fake news story published by the hacker on ČTK's website and mobile app claimed that Czech Foreign Minister Jan Lipavský had commented on the alleged murder plot.

The hacker's haste in publishing false news led to careless mistakes that tipped off readers to its lack of factual basis.

Last year, security researchers described how a hacking group called "Ghostwriter" affiliated with the Belarus government had gained access to media organisations' content management systems to post false stories.…

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get 20% off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

But the ransomware attack on Leicester City Council's infrastructure doesn't stop there.

As local media reports, residents have noticed that some street lights have been constantly shining, 24 hours a day, ever since.

He was told by the council that the ransomware attack had affected the city's "central management system" and had resulted in the street lights "misbehaving".

Perhaps it is surprising to some of us that street lights would be centrally controlled at all.

Even if the Leicester City Council wanted to pay the ransom (it says it will not),The City Council says it will not be paying any ransom.

February's crippling ransomware attack against Change Healthcare, which saw prescription orders delayed across the United States, continues to have serious consequences.

RansomHub claims 4TB of stolen data are up for sale to the highest bidder unless Change Healthcare pays a ransom.

The haul is said to also contain contracts and legal agreements between Change Healthcare and its business partners.

The ransomware attack was initially attributed to the BlackCat ransomware gang (also known as ALPHV).

None of which is good news, and raises an interesting question - how will Change Healthcare respond to the latest ransom demand?

The international hotel chain Omni Hotels & Resorts has confirmed that a cyberattack last month saw it shut down its systems, with hackers stealing personal information about its customers.

According to the firm, it took eleven days to restore systems across its properties, with staff working "tirelessly around the clock."

Omni Hotels hasn't shared details of the specific nature of the cyberattack in its official advisory, but it resembles a ransomware attack.

Sure enough, a ransomware group called the Daixin Team has claimed responsibility.

Daixin Team has been responsible for a number of high-profile attacks.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the excl…

Law enforcement officers in Zambia have arrested 77 people at a call centre company they allege had employed local school-leavers to engage in scam internet users around the world.

According to Zambian authorities, Chinese-run Golden Top Support Services, based in an upmarket area of capital city Lusaka, recruited Zambian youths between the ages of 20-25, who believed they were being hired as call centre agents.

Please the people of Zambia report to us every time you are scammed.

Six properties linked to the company at the centre of the investigation have also been seized by authorities, including a luxury lakeside residence.

17 Zambian suspects have since been released, but the remainder o…

The East Central University (ECU) of Ada, Oklahoma, has revealed that a ransomware gang launched an attack against its systems that left some computers and servers encrypted and may have also seen sensitive information stolen.

In an advisory posted on its website, ECU claims that the BlackSuit ransomware gang was unsuccessful in taking down the university's critical services but were "able to conduct a successful attack on a variety of campus computers."

This is far from the first time the BlackSuit ransomware has targeted the education sector.

The BlackSuit ransomware gang most recently claimed responsibility for a cyber attack against California's Select Education Group, having compromise…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

But on Wednesday April 3, Leicester City Council confirmed that about 25 documents had been shared online by attackers, including people’s confidential information.

And the council described the data breach as a “very serious matter.”Well, yes, it is serious if malicious hackers steal 25 documents.

But now we know that Leicester City Council’s attackers didn’t limit themselves to 25 documents.

The latest FAQ from the council reveals that a gobsmacking 1.3 terabytes of data was stolen during the data breach and published on the dark web.

If 25 documents stolen is “very serious,” I’m not sure the words exist to describe 1.3 terabytes of leaked data…Found this article interesting?

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.

Smashing Security listeners get 20% off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

Targus, the well-known laptop bag and case manufacturer, has been hit by a cyber attack that has interrupted its normal business operations.

In short, in order to lock the bad guys out of its network, Targus has been forced to disable large parts of its infrastructure.

The one question everyone probably has right now is - so, was this a ransomware attack?

Without SEC regulations that came into effect late last year, we might not have known so quickly about the problems Targus was experiencing.

At the time of writing, no hacking groups have publicly claimed responsibility for the attack against Targus.

Two China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake cryptocurrency and other investment apps.

The company is taking action after scammers reportedly tricked victims with bogus promises of high returns from Android apps offering cryptocurrency investment opportunities.

According to Google, victims were asked to pay additional "fees" or "taxes" before a withdrawal, which the scammers would pocket.

Bogus investment platforms like TrionRT appeared legitimate through a variety of methods, including distributing press releases.

Although it has removed offending apps from Google Play when discovered, the scammers are al…

Именно такую операционную систему — Kaspersky Thin Client 2.0 — мы и предлагаем использовать в устройствах для подключения к инфраструктуре виртуальных рабочих столов.

Что такое Kaspersky Thin Client и чем может похвастаться версия 2.0?

По сути Kaspersky Thin Client 2.0 — это обновленная операционная система для тонких клиентов, созданная в соответствии с кибериммунным подходом, а потому не требующая наложенных средств защиты.

В основе Kaspersky Thin Client лежит наша система KasperskyOS, что минимизирует риски ее компрометации даже в случае сложных атак.

Также Kaspersky Thin Client 2.0 поддерживает подключение к отдельным бизнес-приложениям на базе инфраструктуры Microsoft Remote Desktop S…

Сегодня расскажем про мошенническую схему «заработка с Toncoin» — криптовалютой, созданной на основе технологий Telegram.

Этап первый: подготовьсяДля начала мошенники предлагают зарегистрировать криптокошелек в неофициальном боте для хранения крипты в Telegram, а после указать данные своего вновь созданного кошелька в боте для «заработка» с помощью покупки ускорителей.

Дальше по инструкции скамеров жертве требуется купить 5,5–501 тонкойн (TON), при этом один TON по текущему курсу эквивалентен примерно пяти-шести долларам.

Чем круче тариф, тем выше комиссионный процент, — «байк» стоит пять тонкойнов и дает 30% комиссии, «ракета» — 500 TON и 70%.

После этого, по задумке мошенников, жертва дол…

В результате в почтовый ящик падает огромное количество подтверждений, ссылок для активации аккаунта и тому подобных писем.

В частности, в приведенном примере атаки через механизмы регистрации оператор может заблокировать письма по наличию в поле Subject слова «регистрация» на различных языках (Registrace | Registracija | Registration | Registrierung | Regisztráció).

В результате письма будут автоматически отправляться в карантин, не доходя до папки «входящие» и не перегружая почтовый сервер.

Гибкая фильтрация бизнес-рассылокРазумеется, новые возможности нашего решения можно применять не только для защиты от почтовых DDoS-атак.

Подробнее узнать о Kaspersky Secure Mail Gateway, части решения…

Какую информацию можно извлечь из перехваченных сообщений чат-ботов на основе ИИРазумеется, чат-боты отправляют сообщения в зашифрованном виде.

Чтобы понять, что же происходит в ходе этой атаки, придется слегка погрузиться в детали механики LLM и чат-ботов.

Так что для дальнейшего восстановления текста исходного сообщения из полученной последовательности длин токенов исследователи использовали именно LLM.

Как минимум два разработчика чат-ботов с ИИ — Cloudflare и OpenAI — уже отреагировали на публикацию исследования и начали использовать упомянутый выше метод дополнения (padding), который как раз и придуман для противодействия такого рода атакам.

Вероятно, остальные разработчики чат-ботов с…

А может быть, даже задавались закономерным вопросом, не рассылает ли кто-нибудь вредоносные письма и от имени вашей компании.

Вредоносная кампания SubdoMailing и угон доменов у организацийИсследователи из Guardio Labs обнаружили масштабную кампанию по рассылке спама, которую они назвали SubdoMailing.

Угон доменов с настроенной записью CNAMEКак же именно злоумышленники используют захват чужих доменов?

Примеры угона доменов в ходе кампании SubdoMailingКак вообще могут возникать подобные проблемы, легко понять по случаю с сайтом msnmarthastewartsweeps.com .

Как защититься от SubdoMailingЧтобы предотвратить угон доменов и рассылку спама от имени вашей компании, мы рекомендуем следующее:

О том, как эта совместимость будет реализована в WhatsApp и Messenger*, недавно написали инженеры Meta*.

Можно ли переписываться в WhatsApp с пользователями других мессенджеров?

Теперь эти партнеры должны появиться, разработать мост между своим сервисом и WhatsApp и запустить его.

Пока об этом известно только из бета-версий WhatsApp — для переписок со сторонними сервисами будет отдельный подраздел в приложении, чтобы отделить их от чатов с пользователями WhatsApp.

Если вы пользуетесь WhatsApp и обдумываете общение с абонентами других сервисовОцените, сколько людей в вашем окружении не используют WhatsApp, но пользуются иными сервисами, объявившими о совместимости с WhatsApp.

Они нашли способ кражи данных из камер видеонаблюдения путем анализа паразитного электромагнитного излучения и назвали эту атаку EM Eye.

Этот «приемник» собирает данные, последующая обработка которых позволяет реконструировать картинку с камеры наблюдения в соседней секретной комнате.

В результате из состояния «почти ничего не видно» получается прекрасное изображение, не хуже, чем в оригинале, разве что с традиционными для нейросетей артефактами.

Но что, если подарить потенциальной жертве, ну, например, слегка модифицированный переносной аккумулятор?

Они разрабатываются не для того, чтобы подсматривать за кем-то уже завтра.

Конечно, что все это выполнимо при помощи коммерческих VPN и прокси на базе дата-центров.

Серый рынок proxywareСитуация с домашними прокси сложна, потому что на этом рынке и продавцы, и покупатели, и участники, бывают как абсолютно легитимные (добровольные, соблюдающие лучшие практики), так и откровенно незаконные.

Иногда это связано с тем, что некоторые ПДП покупают инфраструктуру у субподрядчиков и о происхождении прокси не знают сами.

Злоумышленники все чаще пытаются арендовать домашние прокси в регионе, близком к офису атакуемой организации.

Применение прокси для целей бизнеса.

Подделка изображений в фоторедакторах встречалась и ранее, но появление генеративного ИИ вывело подделки на новый уровень.

Подделка изображений и видео имеет прямое отношение к кибербезопасности.

На сайтах знакомств и в других соцсетях жулики тоже активно используют сгенерированные изображения для своего профиля.

Начнем со случаев, когда изображение не генерируется и не редактируется, — например, настоящий снимок из региона боевых действий выдается за фотографию из другого региона или кадр из художественного фильма преподносится как документальный.

Настоящие фото и видео, сделанные камерой или смартфоном, с метками даты, времени и геопозиции, будет практически невозможно выдать за изображен…

А после масштабных ransomware-инцидентов последних лет не стоит сбрасывать со счетов и возможность взлома сервисов заметок и массовой утечки пользовательских (ваших!)

Сохранить все удобства цифровых заметок и уберечь их от посторонних глаз поможет сквозное шифрование.

Поэтому для по-настоящему конфиденциальных заметок существуют отдельные, хоть и менее известные приложения, которые мы сегодня рассмотрим и сравним.

Сквозное шифрование для синхронизации включено по умолчанию, заметки зашифрованы и на самом устройстве, для входа в сервис используется двухфакторная аутентификация.

Поэтому в дополнение к одному из конфиденциальных приложений для заметок обязательно используйте комплексную систем…

Кроме телефонов и компьютеров, в этом участвуют смарт-часы, умные ТВ и колонки и даже автомобили.

Как выясняется, эти залежи информации используются не только рекламными агентствами, для того чтобы предложить вам лучший пылесос или страховку.

За кулисами контекстной рекламыРанее мы подробно описывали, как данные собираются на веб-страницах и в приложениях, но не уделяли внимания механизму их использования.

Затем DSP вступает в аукцион за нужные виды рекламы (баннер, видео и тому подобное), отображаемые на этих сайтах и в приложениях.

Как защититься от слежки через рекламуПоскольку все вышеописанные компании используют для сбора данных «центральные узлы» рекламной сети — большие рекламные би…

Но в последнее время кибератаки зашли слишком далеко: недавно злоумышленники сорвали крупный турнир по Apex Legends.

При этом потенциальный виновник не уточнил, где была уязвимость: в самой игре Apex Legends, в обязательном для кибертурниров ПО Easy Anti-Cheat или же в какой-либо другой программе.

Представители античита заявили, что их ПО в порядке.

Посреди матча Иван зашел на трансляцию своей же игры на Twitch — таким образом он мог получить преимущество, ведь на трансляции отображается расстановка сил обеих команд.

Также скептики любят приводить примеры, когда в важнейший момент игры на экране появлялось надоедливое уведомление антивируса.

Я знаю, что это звучит как бред, но таков сюжет фильма, это не первоапрельская шутка.

А на месте дочери разумно было бы заранее установить на машину надежное защитное решение, которое и от вирусов убережет, и внезапно открывающиеся окна заблокирует.

Кроме оружия и амуниции Клэй также завладевает ее паролем (DR07Z, напечатан на бумажке) и проникает в информационные системы пасечников.

Применяемые в ней эксплойт EternalBlue и бэкдор DoublePulsar предположительно были украдены у разведывательных структур и выложены в открытый доступ.

А значит, следует быть готовыми ко всему и использовать надежные защитные инструменты и на личных устройствах, и для защиты компаний.

Неизвестные злоумышленники встроили вредоносный код в набор утилит для компрессии с открытым исходным кодом XZ Utils версий 5.6.0 и 5.6.1.

Что еще хуже, утилиты с бэкдором успели попасть в несколько популярных мартовских сборок Linux, так что данную закладку можно расценивать как атаку на цепочку поставок.

Бэкдор перехватывает функцию RSA_public_decrypt, проверяет подпись хоста с использованием фиксированного ключа Ed448 и, в случае успешной проверки, через функцию system() выполняет вредоносный код, переданный хостом, не оставляя следов в логах sshd.

Откуда вредоносный код взялся в утилитах?

А тот, в какой-то момент, добавил в код проекта бэкдор.

Исследователи показали это на практике, используя сразу две популярных библиотеки для шифрования данных.

Это Go Crypto, стандартная библиотека для разработчиков ПО на языке Go, и OpenSSL, используемая для шифрования сетевого трафика и многих других задач.

Алгоритм DMP иногда по ошибке загружает данные по определенному адресу, который на самом деле является куском этого ключа.

На практике, чтобы извлечь ключ шифрования, нужно провести десятки и сотни тысяч вычислений, подавая на вход алгоритма данные и наблюдая за состоянием кэш-памяти неявным образом.

Прямо сейчас угрозы для данных, хранящихся на устройствах Apple, нет — вряд ли они будут украдены таким сложным способом.

I’m proud to announce Cisco Hypershield, the first truly distributed, AI-native system that puts security wherever it needs to be: in every software component of every application running on your network; on every server; and in your public or private cloud deployments.

They converted these products into thousands of pieces of software — including security software — that could run on every server.

Built within the Cisco Security Cloud, Hypershield, plus the processing, protection, and data capabilities within Splunk, will create a transformative hyperscale datacenter that not only leads the AI revolution, but protects it.

We’ll share more soon, but for now, you can expect Cisco Hypershield…

Cisco has created such a fabric — Cisco Hypershield — that we discuss in the paragraphs below.

Virtual/Container Network Enforcement Point: Here, a software network enforcement point runs inside a virtual machine or container.

Centralized security policyThe usual retort to distributed security enforcement is the nightmare of managing independent security policies per enforcement point.

The administrator’s faith in the security fabric — Cisco Hypershield — deepens after a few successful runs through the segmentation process.

ConclusionIn both the examples discussed above, we see Cisco Hypershield function as an effective and efficient security fabric.

Cisco XDR is a leader in providing comprehensive threat detection and response across the entire attack surface.

Cutting-Edge Innovations in Cisco XDRAt the heart of these innovations is the Cisco AI Assistant in XDR.

The Cisco AI Assistant gives analysts contextual insights, guided responses, and best next steps.

We will also show Cisco Identity Intelligence capabilities.

Cisco XDR can detect and respond to sophisticated identity-based attacks with accuracy and speed by incorporating identity as a source of telemetry.

Two leading players in this space, Cisco’s Duo Security and Cisco Identity Intelligence, have emerged as champions in Identity Threat Detection & Response.

The Power of Identity Threat Detection & ResponseIdentity Threat Detection & Response (ITDR) has become a vital aspect of modern cybersecurity.

Cisco Identity Intelligence: Elevating Cybersecurity PreparednessCisco Identity Intelligence brings an additional layer of protection to the table with its advanced capabilities in anomaly detection and behavioral analytics.

How Cisco Identity Intelligence Complements Cisco’s Duo SecurityEnhanced Anomaly Detection: While Cisco’s Duo Security provides robust MFA and access controls, Cisco Identity…

Cisco Telemetry Broker (CTB) Release 2.1.3 is generally available as of March 25, 2024.

Cisco Telemetry Broker is the answer.

It can broker hybrid cloud data, filter unneeded data, and transform data into a more usable format.

Produces Telemetry for Devices that Cannot Generate NetFlow NativelyTo support the notion of an intelligent telemetry plane, there is a need to generate NetFlow for devices that might not be capable of generating the protocol natively.

Additionally, the CTB Broker to CTB Manager data bandwidth was optimized which improves overall performance significantly and allows scalability of the Manager node.

It’s one thing to claim leadership in cloud security; it’s another to have that leadership acknowledged by industry experts.

That’s why we’re thrilled to announce our recent recognition by Frost & Sullivan as the 2024 Customer Value Leader in the Global Security Service Edge Industry.

Frost & Sullivan’s Customer Value Leadership Award recognizes the company that offers products or services customers find superior for the overall price, performance, and quality.

Vendors are evaluated on business impact criteria (including financial performance, customer acquisition, operational efficiency, growth potential, and human capital) and customer impact criteria (price/performance value, customer pu…

These attackers used compromised credentials to repeatedly attempt to sign in to the company’s real Microsoft 365 page, triggering the series of MFA notifications—an attack technique known as MFA exhaustion.

According to this quarter’s Talos IR report, using compromised credentials on valid accounts was one of two top initial access vectors.

How credentials are compromisedPhishing, while one of the most popular methods, isn’t the only way that attackers gather compromised credentials.

Reducing the impact of compromised credentialsIt goes without saying that protecting credentials from being compromised and abused is important.

To illustrate, let’s look at when the threat actor begins hammer…

Blockchain security, by its very nature, often diverges from standard cybersecurity practices originating from its decentralized, immutable, and cryptographic nature.

The hashrate originates from the processing power of validator nodes that lend their computational power to validate and secure blockchain transactions.

There are four main types of blockchains:Public : Anyone can read and write (transact) on a public blockchain such as Bitcoin.

In evaluating blockchain risk levels, public blockchains typically present the lowest risk.

Proof-of-work is extensively used in cryptocurrency and is generally a secure method for validating blockchain transactions .

Let’s look at this from the lens of a customer-impacting factor that may make security operations less predictable: security incidents.

According to our latest Security Outcomes Report:According to our 2024 Cybersecurity Readiness Index, 54% of organizations said they have experienced a cybersecurity incident in the last 12 months.

The latest Security Outcomes Report shows preventing incidents and mitigating losses are the top priorities for security resilience overall.

Ensuring leadership is aligned with the organization’s approach to balancing agility and predictability.

In our goal to balance agility with predictability, we have implemented some specific aspects to processes that work be…

For years, analysts, security specialists, and security architects alike have been encouraging organizations to become DMARC compliant.

These attacks were initially reported by Guardio Labs who reported the discovery of 8,000 domains and 13,000 subdomains being used for these types of attacks since 2022.

In the customer’s instance of Red Sift OnDMARC, they noticed email was coming from a sender with a poor reputation and a subdomain that appeared unrelated to their customer’s main domain.

But these emails had fully passed SPF checks with the customer’s current SPF record.

If you’re a Cisco Secure Email customer, find out how you can quickly add Red Sift domain protection to your security su…

In Cisco XDR, “Playbooks” are the strategic guides for robust incident response, designed to streamline the identify, contain, and eradicate processes for cyber threats.

The Playbook EditorWhen you open the Editor for the first time, only the Cisco Managed Incident Playbook is displayed and is designated as the “Default” Playbook.

If the Incident does not match any rules assigned to playbooks, the default playbook is assigned to the Incident.

Once a playbook is assigned to an Incident, the assignment Incident cannot be changed, even if the playbook is edited.

In this blog post, we have discussed the evolution and significance of Cisco XDR in standardizing the incident response process, enha…

Cisco Secure Workload allows enterprise customers to proactively microsegment their applications in an infrastructure, location, and form factor agnostic manner.

With Cisco Secure Workload 3.9, we introduced the Nvidia Bluefield DPU integration which allows the offloading of Secure Workload Agent functionality from hosts to Nvidia Bluefield DPUs.

Under the hood, the control plane logic of the Cisco Secure Workload agent operates on the ARMv8+ CPUs.

Cisco Secure Workload – Nvidia DPU integration fosters a flexible deployment approach which reduces organizational barriers, greatly enhances practitioner experiences, and accelerates the time to value.

Cisco Secure Workload tackles the complexit…

Zero Trust Network Access (ZTNA) is a critical component to increase productivity and reduce risk in today’s hyper-distributed environments.

Cisco Secure Access provides a modern form of zero trust access that utilizes a new architecture to deliver a unique level of security and user convenience.

We’re proud to announce that our innovative security service edge (SSE) solution, Cisco Secure Access, has been named an Overall Leader in the KuppingerCole Zero Trust Network Access (ZTNA) Leadership Compass.

Recognizing the shift towards distributed and hybrid work models, Cisco Secure Access is engineered to modernize cybersecurity strategies, enabling organizations to implement zero trust with …

Join the guided tour outside the Security Operations Center, where we’ll discuss real time network traffic of the RSA Conference, as seen in the NetWitness platform.

Engineers will be using Cisco Security Cloud in the SOC, comprised of Cisco Breach Protection Suite, User Protection Suite, Cloud Protection Suite and Secure Firewall.

Please fill out the RSAC SOC Tour Request Form to request your spot.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

In response, organizations have adopted security service edge (SSE) solutions, such as Cisco Secure Access, to protect users regardless of where they are located or what they are accessing.

Experience insights is a core component of Secure Access, which means all its data and alerts are provided in the same management portal as the rest of Secure Access’ capabilities.

In addition, all Secure Access capabilities, including Experience Insights, rely on the Cisco Secure Client, a single agent on the end-user’s machine.

Experience insights is just one capability of an incredible solutionWhile experience insights is our latest announcement, Secure Access includes many capabilities, including a s…

Challenges in ICS forensicsICS forensics differs from standard IT forensics, because ICS environments possess distinctive features that distinguish them.

In contrast, forensics in OT environments involves analyzing ICS data, including data from sensors and controllers used in manufacturing and industrial settings.

Specialized tools and techniques have started to emerge to address the unique challenges of conducting investigations in ICS environments.

Defender for IoT, or any other OT security solution, can help with both proactive and reactive OT incident response.

To get started with OT security, watch the “Introduction to ICS/OT Security” webinar series, hosted by Microsoft Security Commu…

Insight #3: Effective cybersecurity takes a good partnerThe next wave of multicloud security with Microsoft Defender for Cloud Read moreKeeping user needs in mind, Microsoft has its own CNAPP solution—Microsoft Defender for Cloud.

Operationalizing Microsoft Defender for Cloud takes both integrating it into daily operations and satisfying your users’ needs by continuously evolving cloud security.

Strengthening the SOC even further is a new Microsoft Defender for Cloud integration with Microsoft Defender XDR.

The future holds significant promise for CNAPP, and Microsoft is leading in this effort with solutions like Microsoft Defender for Cloud.

Also, follow us on LinkedIn (Microsoft Security)…

To help like-minded defenders tackle this difficult task, Microsoft Incident Response experts have created a guide on using Windows Internals for forensic investigations.

Guidance for Incident Responders The new guide from the Microsoft Incident Response team helps simplify forensic investigations.

Understanding these artifacts will strengthen your ability to conduct Windows forensic analysis.

Shimcache’s forensic evolution : The Shimcache has long served as a source of forensic information, particularly as evidence of program execution.

Forensic insights with SRUM : SRUM’s tracking of application execution, network activity, and resource consumption is a boon for forensic analysts.

Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks.

Forest Blizzard often uses publicly available exploits in addition to CVE-2022-38028, such as CVE-2023-23397.

In addition to patching, this blog details several steps users can take to defend themselves against attempts to exploit Print Spooler vulnerabilities.

Forest Blizzard primarily targets government, energy, transportation, and non-governmental organizations in the United States, Europe, and the Middle East.

To hear stories and insights f…

Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.

Attack flowFor initial access, the attackers likely identify and target Kubernetes workloads of OpenMetadata exposed to the internet.

Once they identify a vulnerable version of the application, the attackers exploit the mentioned vulnerabilities to gain code execution on the container running the vulnerable OpenMetadata image.

In this specific case, the attackers’ actions triggered Microsoft Defender for Containers alerts, identifying the malicious activity in the container.

Microsoft Defender Cloud Security Pos…

Today, we are excited to announce Zero Trust activity-level guidance for DoD Components and DIB partners implementing the DoD Zero Trust Strategy.

In this blog, we’ll review the DoD Zero Trust Strategy and discuss how our new guidance helps DoD Components and DIB partners implement Zero Trust.

We’ll cover the Microsoft Zero Trust platform and relevant features for meeting DoD’s Zero Trust requirements, and close with real-world DoD Zero Trust deployments.

Microsoft supports the DoD’s Zero Trust StrategyThe DoD released its formal Zero Trust Strategy in October 2022.1 The strategy is a security framework and mindset that set a path for achieving Zero Trust.

There are 152 Zero Trust activitie…

We’re thrilled to announce that Forrester has recognized Microsoft as a Leader in the Forrester Wave™: Workforce Identity Platforms, Q1 2024 report.

In The Forrester Wave™ report, Forrester recognized Microsoft Entra for its adaptive policy engine, well-integrated identity lifecycle management, and end-to-end approach to identity threat detection.

Bookmark the Microsoft Entra blog to keep up with our expert coverage on workforce identity matters.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Forrester Wave™: Workforce Identity Platforms, Q1 2024, Geoff Cairns, Merrit Maxim, Lok Sze Sung, Pater Harrison.

You can read more about Microsoft’s approach to securing generative AI with new tools we recently announced as available or coming soon to Microsoft Azure AI Studio for generative AI app developers.

While Crescendo attacks were a surprising discovery, it is important to note that these attacks did not directly pose a threat to the privacy of users otherwise interacting with the Crescendo-targeted AI system, or the security of the AI system, itself.

Microsoft Azure AI Content Safety is an example of this approach.

Microsoft Azure AI Content Safety is an example of this approach.

Microsoft’s own procedure is explained here: Microsoft AI Bounty.

Join us a day early, on Sunday, May 5, 2024, at Microsoft Pre-Day to kick-off RSA Conference 2024, and hear directly from our Microsoft Security Business leaders, including Vasu Jakkal, Corporate Vice President, Microsoft Security Business, and Charlie Bell, Executive Vice President, Microsoft Security.

Plus, view live demos at a variety of Microsoft sessions happening throughout the conference in breakout rooms and at our booth #6044N.

They’ll reflect on the latest developments in cybersecurity, AI, and how the global community of cyber professionals can work together for a more secure future.

Check out one or all of our Microsoft Security sessions included in the RSA Conference agenda.

Vi…

Today, I am excited to announce the public preview of our unified security operations platform.

Onboarding a Microsoft Sentinel workspace only takes a few minutes, and customers can continue to use their Microsoft Sentinel in Azure.

Unified security operations platform The new platform brings together the capabilities of XDR and SIEM.

Fortunately, the Microsoft Security Exposure Management solution, built right into the new unified platform experience, consolidates silos into a contextual and risk-based view.

If you’d like to join the public preview, view the prerequisites and how to connect your Microsoft Sentinel workplace.

Microsoft Priva Privacy AssessmentsBuild the foundation of your privacy posture with Microsoft Priva Privacy Assessments—a solution that automates the discovery, documentation, and evaluation of personal data use across your entire data estate.

Embed your custom privacy risk framework into each assessment to programmatically identify the factors contributing to privacy risk.

Microsoft Priva Privacy Risk ManagementMicrosoft Priva Privacy Risk Management is here to empower you to simplify the identification of unstructured personal data usage.

Key featuresEfficiently manage subject rights requests : Streamline the fulfillment of subject rights request tasks using configurable settings within …

The future of compliance and data governance is here: Introducing Microsoft Purview Read moreIn 2022, we introduced Microsoft Purview, a comprehensive set of solutions that let you secure, govern, and ensure compliance across your data estate.

Confidently activate your data with modern data governanceWe are thrilled to introduce the new Microsoft Purview Data Governance experience.

This new reimagined software as a service (SaaS) solution offers sophisticated yet simple business-friendly interaction, integration across your multicloud data estate, and actionable insights that help data leaders to responsibly unlock business value within their data estate.

If you’re attending, don’t miss the…

We are excited to share that Microsoft has been named a Leader by Frost & Sullivan in the Frost Radar™: Managed Detection and Response, 2024, leading in innovation and among the top two in growth.

Frost RadarTM for Managed Detection and Response 2024 showing Microsoft as a leader.

Learn moreTo learn more about our service, visit the Microsoft Defender Experts for XDR web page, read the Defender Experts for XDR docs page, and subscribe to our ongoing news at the Microsoft Security Experts blog home.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

1Frost & Sullivan, Frost Radar™: Managed Detection and Response, 2024, Luc…

Microsoft Incident Response Strengthen your security with an end-to-end portfolio of proactive and reactive cybersecurity incident response services.

In this incident, one click on a malicious link led a large customer to reach out to Microsoft Incident Response for help.

Then, by leveraging Microsoft Defender for Endpoint alongside Defender for Identity, Microsoft Incident Response was able to trace the threat actor’s movements and disrupt their attempts to use compromised accounts to reenter the environment.

Microsoft Incident Response works with the tools and teams available to support incident response—like Defender for Identity, Defender for Endpoint, and now Copilot for Security—to de…

At the end of January 2024, Microsoft Threat Intelligence observed a campaign using lures masquerading as tax-related documents provided by employers.

Tax season cybersecurity best practicesThe best defense against cybercriminals, both at tax season and throughout the year, is education and good cyber hygiene.

To learn more about the latest observed tax season phishing campaigns, social engineering fraud, and tips on how to stay ahead of these types of attacks during tax season and other holidays, read the Microsoft Threat Intelligence tax season report.

Microsoft Threat Intelligence Read the new tax season report to learn about the techniques that threat actors use to mislead taxpayers.

Al…

Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks.

In this blog post, we'll explore reporting and enforcement policies that enterprise security teams can implement within Chrome Enterprise Premium for data loss prevention (DLP).

Chrome Enterprise DLP rules give IT admins granular control over browser activities, such as entering financial information in Gen AI websites.

As enterprises work through their policies and processes involving GenAI, Chrome Enterprise Premium empowers them to strike the balance that works best.

Learn more about how Chrome Enterprise can secure businesses just like yours here.

How location crowdsourcing works on the Find My Device networkThe Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices.

Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag.

With end-to-end encrypted location data, Google cannot decrypt, see, or otherwise use the location data.

The Find My Device network is also compliant with the integration version of the joint industry standard for unwanted tracking.

We have an unwavering commitment to continue to improve user protections on Find My Device and prioritize user safety.

In this post, we will look at DNS cache poisoning attacks and how Google Public DNS addresses the risks associated with them.

DNS Cache Poisoning AttacksDNS lookups in most applications are forwarded to a caching resolver (which could be local or an open resolver like.

For an excellent introduction to cache poisoning attacks, please see “An Illustrated Guide to the Kaminsky DNS Vulnerability”.

Cache poisoning mitigations in Google Public DNSImproving DNS security has been a goal of Google Public DNS since our launch in 2009.

To enhance DNS security, we recommend that DNS server operators support one or more of the security mechanisms described here.

Address Sanitizer (ASan) overviewAddress sanitizer is a compiler-based instrumentation tool used to identify invalid memory access operations during runtime.

The KASan runtime routines implemented in the Linux kernel serve as a great example of how to define a KASan runtime for targets which aren’t supported by default with -fsanitize=address .

Memory access checkThe routines __asan_loadXX_noabort , __asan_storeXX_noabort perform verification of memory access at runtime.

This routine takes as input a target memory address and sets the corresponding byte in shadow memory to the value of YY .

Essentially, we would need to instrument the memory allocator with the code which unpoisons KASan sha…

That’s why we're excited to announce a new version of Safe Browsing that will provide real-time, privacy-preserving URL protection for people using the Standard protection mode of Safe Browsing in Chrome.

Introducing real-time, privacy-preserving Safe BrowsingHow it worksIn order to transition to real-time protection, checks now need to be performed against a list that is maintained on the Safe Browsing server.

With OHTTP, Safe Browsing does not see your IP address, and your Safe Browsing checks are mixed amongst those sent by other Chrome users.

Since the privacy server doesn’t know the private key, it cannot decrypt the hash prefixes, which offers privacy from the privacy server itself.

I…

To further our engagement with top security researchers, we also hosted our yearly security conference ESCAL8 in Tokyo.

Android and Google DevicesIn 2023, the Android VRP achieved significant milestones, reflecting our dedication to securing the Android ecosystem.

The Google Play Security Reward Program continued to foster security research across popular Android apps on Google Play.

All of this resulted in $2.1M in rewards to security researchers for 359 unique reports of Chrome Browser security bugs.

Thank you to the Chrome VRP security researcher community for your contributions and efforts to help us make Chrome more secure for everyone!

The latest news and insights from Google on security and safety on the Internet

Google Play, for example, carries out rigorous operational reviews to ensure app safety, including proper high-risk API use and permissions handling.

We recently launched enhanced Google Play Protect real-time scanning to help better protect users against novel malicious Internet-sideloaded apps.

This feature, now deployed on Android devices with Google Play Services in India, Thailand, Singapore and Brazil, has already made a significant impact on user safety.

To help better protect Android users from these financial fraud attacks, we are piloting enhanced fraud protection with Google Play Protect.

Our commitment to protecting Android usersWe believe industry collaboration is essential to …

At the time, Rust was already in wide use across Android and other Google products.

Our announcement emphasized our commitment to improving the security reviews of Rust code and its interoperability with C++ code.

Rust is one of the strongest tools we have to address memory safety security issues.

We’re also furthering our existing commitment to the open-source Rust community by aggregating and publishing audits for Rust crates that we use in open-source Google projects.

As these improvements have continued, we’ve seen a reduction in the barriers to adoption and accelerated adoption of Rust.

Google takes the threat of cybercrime very seriously, and dedicates significant resources to combating it.

Such safeguards aren’t just important to ensuring free expression and human rights, they are also critical to protecting web security.

The Cybercrime Treaty should not criminalize the work of legitimate cybersecurity researchers and penetration testers, which is designed to protect individual systems and the web as a whole.

At the same time, Member States should avoid attempts to criminalize activities that raise significant freedom of expression issues, or that actually undercut the treaty’s goal of reducing cybercrime.

We urge Member States to heed calls from civil society groups to …

The AI world moves fast, so we’ve been hard at work keeping security apace with recent advancements.

One of our approaches, in alignment with Google’s Safer AI Framework (SAIF), is using AI itself to automate and streamline routine and manual security tasks, including fixing security bugs.

Last year we wrote about our experiences using LLMs to expand vulnerability testing coverage, and we’re excited to share some updates.

We’ll also show you how we’re using AI to speed up the bug patching process.

If you’re interested in using LLMs to patch bugs, be sure to read our paper on building an AI-powered patching pipeline.

This is why the Pixel team has been especially excited about passkeys—the easier, safer alternative to passwords.

As part of last December’s Pixel Feature Drop, we introduced a new feature to Google Password Manager: passkey upgrades.

With this new feature, Google Password Manager will let you discover which of your accounts support passkeys, and help you upgrade with just a few taps.

This new passkey upgrade experience is now available on Pixel phones (starting from Pixel 5a) as well as Pixel Tablet.

Google Password manager will incorporate these updates for other platforms in the future.

Welcome back to our latest update on MiraclePtr, our project to protect against use-after-free vulnerabilities in Google Chrome.

Our analysis is based on two primary information sources: incoming vulnerability reports and crash reports from user devices.

MiraclePtr effectively mitigated 57% of these use-after-free vulnerabilities in privileged processes, exceeding our initial estimate of 50%.

Impressively, five of the six were discovered while investigating MiraclePtr crash reports!

ConclusionIn summary, MiraclePtr has proven to be effective in mitigating use-after-free vulnerabilities and enhancing the overall security of the Chrome browser.

Beyond security, addressing the issues uncovered by these sanitizers improves code health and overall stability, reducing resources spent addressing bugs in the future.

Baseband security and exploitation has been a recurring theme in security conferences for the last decade.

For example, we consider vulnerabilities allowing Remote Code Execution (RCE) in the cellular baseband to be of CRITICAL severity.

Aside from uncovering security vulnerabilities, this stage is highly effective at uncovering code quality and stability bugs that could result in instability on user devices.

There is no need to rewrite everything in Rust, as Rust provides a strong C FFI support and easily interfaces with ex…

Systems such as Gmail, YouTube and Google Play rely on text classification models to identify harmful content including phishing attacks, inappropriate comments, and scams.

To help make text classifiers more robust and efficient, we’ve developed a novel, multilingual text vectorizer called RETVec (Resilient & Efficient Text Vectorizer) that helps models achieve state-of-the-art classification performance and drastically reduces computational cost.

RETVec-based Gmail Spam filter improvements.

RETVec is a novel open-source text vectorizer that allows you to build more resilient and efficient server-side and on-device text classifiers.

The Gmail spam filter uses it to help protect Gmail inboxe…