Кибербезопасность
👉 от %username%
Подборка ресурсов по кибербезопасности
На русском 🇷🇺
Securitylab
последний пост 1 час назад
Домашнее задание на $3 млн: школьный округ попался на удочку мошенников
Домашнее задание на $3 млн: школьный округ попался на удочку мошенников

Как одно письмо лишило школы Теннесси соцпрограммы.

1 час назад @ securitylab.ru
Конец анонимности ИИ: новые правила маркировки в Китае
Конец анонимности ИИ: новые правила маркировки в Китае

Создатели ИИ-контента перед сложным выбором – маркировка или штраф.

2 часа назад @ securitylab.ru
Белый дом и IT-гиганты: неожиданный союз покончит с сексуализированными дипфейками
Белый дом и IT-гиганты: неожиданный союз покончит с сексуализированными дипфейками

Новые правила безопасности навсегда изменят индустрию ИИ-технологий.

2 часа назад @ securitylab.ru
От JavaScript до Zig: кто определяет будущее разработки
От JavaScript до Zig: кто определяет будущее разработки От JavaScript до Zig: кто определяет будущее разработки

От JavaScript до Zig: кто определяет будущее разработкиAlexander AntipovRedMonk обновил рейтинг языков программирования.

Компания RedMonk представила свой ежеквартальный рейтинг популярности языков программирования за июнь 2024 года.

Его цель – выявить взаимосвязь между обсуждением языков и их практическим применением, чтобы прогнозировать будущие тенденции внедрения.

Несмотря на появление новых технологий, включая системы искусственного интеллекта для помощи в программировании, радикальных сдвигов в популярности языков пока не наблюдается.

Авторы исследования подчеркивают, что рейтинг не отражает реальное использование языков в корпоративной среде, так как подобные данные недоступны для ан…

2 часа назад @ securitylab.ru
Фейки, хакеры и рекордные просмотры: непростая история Олимпийских игр 2024
Фейки, хакеры и рекордные просмотры: непростая история Олимпийских игр 2024

Раскрыты масштабы информационных атак на Олимпиаду-2024.

2 часа назад @ securitylab.ru
Компания Kawasaki Motors подверглась атаке вымогателей
Компания Kawasaki Motors подверглась атаке вымогателей

Хакеры утверждают, что смогли похитили 487 ГБ корпоративных данных.

3 часа назад @ securitylab.ru
Чат-боты против теорий заговора: ИИ находит подход к самым упрямым конспирологам
Чат-боты против теорий заговора: ИИ находит подход к самым упрямым конспирологам

Ученые придумали неожиданный способ борьбы с антинаучными сказками.

3 часа назад @ securitylab.ru
Киберудар по Трампу: США готовят обвинения против Ирана
Киберудар по Трампу: США готовят обвинения против Ирана

США раскрывают детали атаки на штаб Трампа.

3 часа назад @ securitylab.ru
Связь в любой точке мира: как пять спутников BlueBird изменят будущее коммуникаций
Связь в любой точке мира: как пять спутников BlueBird изменят будущее коммуникаций

AST SpaceMobile бросает вызов традиционным операторам.

3 часа назад @ securitylab.ru
Виртуальные монеты, реальные проблемы: 17 стран ЕС требуют пересмотра игровой монетизации
Виртуальные монеты, реальные проблемы: 17 стран ЕС требуют пересмотра игровой монетизации

BEUC раскритиковал Fortnite и Minecraft за недобросовестные практики.

4 часа назад @ securitylab.ru
Разбуди вулкан удачи вместе с SecurityLab
Разбуди вулкан удачи вместе с SecurityLab

P. S. Квартира и дача останутся при вас.

4 часа назад @ securitylab.ru
Вирус по клику: хакеры взламывают Windows через CAPTCHA
Вирус по клику: хакеры взламывают Windows через CAPTCHA

Тест на робота превратился в ночной кошмар для пользователей.

4 часа назад @ securitylab.ru
CDU в цифровом тупике: партия не может восстановить данные уже несколько месяцев
CDU в цифровом тупике: партия не может восстановить данные уже несколько месяцев

Атака признана одной из самых разрушительных в истории немецкой политики.

4 часа назад @ securitylab.ru
От кроликов до галактик: как числа Фибоначчи управляют Вселенной
От кроликов до галактик: как числа Фибоначчи управляют Вселенной

Насколько иррациональные числа важны для эволюции.

18 часов назад @ securitylab.ru
iOS 18: Apple наносит удар по рынку краденых деталей
iOS 18: Apple наносит удар по рынку краденых деталей iOS 18: Apple наносит удар по рынку краденых деталей

iOS 18: Apple наносит удар по рынку краденых деталейAlexander AntipoviOS 18 делает краденые детали бесполезными.

С выходом новой версии iOS 18 компания Apple сделала очередной шаг в борьбе с рынком подержанных запчастей от украденных устройств.

Теперь функция блокировки активации распространяется не только на сам iPhone, но и на его основные компоненты, такие как батарея, камеры и дисплей.

Для использования iOS 18 потребуется iPhone XR или более новая модель.

Важно отметить, что пока функция блокировки активации распространяется только на iPhone, и не охватывает устройства iPad с iPadOS 18.Это нововведение является частью общей стратегии Apple по повышению безопасности устройств и защиты по…

1 day, 2 hours назад @ securitylab.ru
Anti-Malware Anti-Malware
последний пост 3 часа назад
Нейросети и блокчейн в SIEM: как грамотно использовать системы этого класса
Нейросети и блокчейн в SIEM: как грамотно использовать системы этого класса Нейросети и блокчейн в SIEM: как грамотно использовать системы этого класса

Вскоре стало очевидным, что эти системы можно использовать не только для мониторинга, но и для выявления аномалий и угроз безопасности.

Использование нейросетей в SIEM — это не просто очередной тренд, а революция в области кибербезопасности.

Удачными примерами проектов, где сейчас активно используются нейросети, можно назвать MaxPatrol SIEM и Kaspersky Unified Monitoring and Analysis Platform.

Все события, фиксируемые в SIEM, могут быть занесены в блокчейн, что гарантирует их целостность и защищённость от фальсификации.

При правильной реализации SIEM помогает организациям повысить эффективность мониторинга событий и реагирования на инциденты, снизить риски утечек данных и других последствий…

3 часа назад @ anti-malware.ru
Российские мобильные устройства: есть ли жизнь на рынке?
Российские мобильные устройства: есть ли жизнь на рынке? Российские мобильные устройства: есть ли жизнь на рынке?

ВведениеНа протяжении примерно десятилетия различные предприятия нашей страны пытаются наладить массовый выпуск смартфонов и планшетных устройств.

Поначалу инновационное устройство произвело фурор на ряде выставок, но раскачать российский рынок ему так и не удалось.

Несмотря на то что смартфон TaigaPhone позиционировался как антишпионский и создавался с ориентацией на корпоративный сегмент, производили его в Китае.

Смартфон F+ tech R570E на Android продаётся на маркетплейсахR570 / R570E — ударопрочный и влагозащищённый смартфон корпоративного назначения, поступивший в свободную продажу в прошлом году.

Но, похоже, период стагнации заканчивается и в ближайшие годы рынок смартфонов в РФ ожидае…

3 days, 1 hour назад @ anti-malware.ru
В 2024 году криптопреступники стали чаще атаковать централизованные биржи
В 2024 году криптопреступники стали чаще атаковать централизованные биржи В 2024 году криптопреступники стали чаще атаковать централизованные биржи

При этом киберпреступники в 2024 году всё чаще применяют ИИ и квантовые технологии, которые значительно упрощают взлом.

Для проведения успешных атак в 2024 году криптопреступники применяют сложные алгоритмы, объединяя несколько приёмов реализации взлома.

В 2024 году произошло несколько инцидентов, которые можно внести в топ-10 самых крупных краж за всю историю существования криптовалютного рынка.

Далее мы рассмотрим самые нашумевшие удачные попытки взлома CEX, произошедшие в 2024 году.

Таким способом криптопреступникам удалось вывести 30 млн долларов в USDT, 10 млн долларов в USDC, ещё 10 млн долларов в DAI, а также 231 WBTC и 9500 ETH.

3 days, 5 hours назад @ anti-malware.ru
Практика внедрения NGFW и вторая волна импортозамещения
Практика внедрения NGFW и вторая волна импортозамещения Практика внедрения NGFW и вторая волна импортозамещения

Чего не хватает в популярных российских NGFW и чем это можно компенсировать?

Российский рынок вступает во вторую фазу, когда пионеры уже внедрили отечественные NGFW и начинает это делать основная масса.

А вот недостаточная производительность набрала лишь 8 % голосов — столько же, сколько и в прошлом эфире.

Представитель ГК «Солар» посоветовал начинать проект не с оборудования уровня ядра или периметровой защиты, а с более низких сегментов сети.

Отношение ко внедрению российских NGFWВыводыПо мнению экспертов, в настоящее время идёт вторая волна импортозамещения NGFW.

4 days назад @ anti-malware.ru
Чтобы мышь не проскочила: как защититься от атак класса Mousejacking
Чтобы мышь не проскочила: как защититься от атак класса Mousejacking Чтобы мышь не проскочила: как защититься от атак класса Mousejacking

Разберёмся, как развиваются атаки с их использованием и что можно сделать, чтобы не стать жертвой «маусджекинга».

В отличие от Bluetooth, здесь нет отраслевого стандарта, которому нужно следовать, что позволяет каждому поставщику внедрять собственную схему безопасности.

Система защиты не распознает злонамеренность устройства и не будет создавать сигналов тревоги.

Как следствие, организация не узнает, что на неё нападают, пока не станет слишком поздно.

Выбор требований для проверки конечной точкиРассмотрим, как простая настройка требования для NAC-агента от Efros DefOps позволит предотвратить атаку класса Mousejacking.

4 days, 22 hours назад @ anti-malware.ru
Эволюция электронной подписи: от создания до квантовых угроз
Эволюция электронной подписи: от создания до квантовых угроз Эволюция электронной подписи: от создания до квантовых угроз

Виды ЭП, механизмы реализации, процедуры полученияВ Федеральном законе от 06.04.2011 № 63-ФЗ «Об электронной подписи» определены три вида ЭП: простая, неквалифицированная и квалифицированная.

Пара ключей для КЭП генерируется только в аккредитованном Минцифры УЦ в присутствии заявителя на токене или смарт-карте.

Чтобы получить КЭП, нужно:Обратиться в УЦ с паспортом, СНИЛС, ИНН и доверенностью от юридического лица.

Особенности использования ЭП в 2024 годуК 2024 году в странах бывшего СССР сложилась вполне развитая, но неоднородная правовая база, регламентирующая порядок использования ЭП.

Выделяются простая, неквалифицированная и квалифицированная ЭП с разными сценариями использования и неодин…

5 days, 3 hours назад @ anti-malware.ru
Аппаратное обеспечение для технологической независимости
Аппаратное обеспечение для технологической независимости Аппаратное обеспечение для технологической независимости

Если с ПО, по крайней мере массовым, после ухода зарубежных вендоров ситуация относительно благополучна, то с аппаратным обеспечением всё обстоит куда более драматично.

Регулятор в лице Минпромторга регулярно повышает требуемый уровень локализации для продукции, которая претендует на попадание в реестр.

По мнению Алексея Криштопа, ПАК делает доверенным сочетание реестровых оборудования и ПО с сертифицированными средствами защиты информации.

Создателями ПАК, по оценке Ильи Левчука, могут быть вендоры оборудования, разработчики ПО, интеграторы и сами конечные заказчики.

По мнению зрителей, наиболее значимыми критериями стали надёжность работы и совместимость с используемым оборудованием и ПО.

6 days назад @ anti-malware.ru
Особенности внедрения систем anti-APT
Особенности внедрения систем anti-APT Особенности внедрения систем anti-APT

Давайте рассмотрим, как развивались отечественные системы anti-APT, на примере Kaspersky Anti Targeted Attack (KATA) и практики команды iTPROTECT.

Эволюция систем anti-APTХакерские группировки постоянно развивают векторы атак на предприятия, поэтому и системы anti-APT находятся в процессе непрерывного совершенствования.

Как менялись anti-APTНа примере KATA (Kaspersky Anti Targeted Attack) давайте проследим, как менялись системы anti-APT за последние годы.

Как внедрить систему защиты от целевых атакВнедрение anti-APT в инфраструктуру современного предприятия является сложной задачей, требующей основательной подготовки.

Итогом «пилота» могут быть скорректированные требования к системе anti-AP…

6 days, 2 hours назад @ anti-malware.ru
Применение 2FA-системы «Контур.ID» в корпоративной среде
Применение 2FA-системы «Контур.ID» в корпоративной среде Применение 2FA-системы «Контур.ID» в корпоративной среде

Второй фактор может применяться не только для входа в систему или подключения к корпоративной сети.

Например, двухфакторная аутентификация пригодится для подтверждения крупных транзакций, для контроля чувствительных действий в системе и в прочих более узкопрофильных сценариях.

«Контур.ID» также настроен под RADIUS-протокол, который часто применяется в корпоративной среде.

Если сотрудник покинул компанию, учётная запись в системе «Контур.ID» также автоматически удаляется.

ВыводыМы рассмотрели, как система двухфакторной аутентификации «Контур.ID» помогает усилить защиту доступа сотрудников к ресурсам и сервисам в корпоративной среде.

6 days, 4 hours назад @ anti-malware.ru
Киберзрелость: что это такое и как российским компаниям её достичь
Киберзрелость: что это такое и как российским компаниям её достичь Киберзрелость: что это такое и как российским компаниям её достичь

Этот пример мы и используем, чтобы показать, как на практике удаётся устранить подобные угрозы и повысить уровень киберзрелости.

Это включает в себя обеспечение кибербезопасности при управлении проектами, регулярные внутренние и внешние аудиты, а также поддержание контактов с профессиональными сообществами по кибербезопасности и полномочными органами.

Это обеспечивает надёжную защиту данных при их передаче во внутренних системах и по общедоступным сетям.

Безопасная разработка системЦель безопасной разработки — снизить риск появления уязвимостей и ошибок в ПО компании, помешать попыткам несанкционированного доступа и внедрению вредоносных программ.

Специалисты BI.ZONE провели аудит кибербезо…

1 week назад @ anti-malware.ru
Сравнение российских NGFW
Сравнение российских NGFW Сравнение российских NGFW

Что изменилось на рынкеПо общему мнению участников дискуссии, набор функций NGFW в целом не меняется уже много лет.

Также в NGFW приходится поддерживать как российские ОС, которые очень быстро развиваются, так и зарубежные.

Руководитель направления NGFW в МТС RED Андрей ЛаршинАндрей Ларшин:— Российские вендоры не достигли уровня продукции международных, так же как и немецкие, французские, итальянские.

И в целом разработка NGFW — дело долгое и дорогое.

Руководитель продукта Solar NGFW в ГК «Солар» Альберт МаннановАльберт Маннанов:— Смена вендора — очень сложный процесс, сродни смене вероисповедания.

1 week назад @ anti-malware.ru
Сетевая безопасность в ЦОДах
Сетевая безопасность в ЦОДах Сетевая безопасность в ЦОДах

Наверное, по этой причине наибольшее число голосов участников опроса в эфире собрало самостоятельное тестирование NGFW на реальной нагрузке (рис.

В то же время, как отметил Александр Воробьев, включение модуля предотвращения вторжений снижало производительность более чем в пять раз.

Архитектор решений кибербезопасности BI.ZONE Александр ВоробьевАлександр Воробьев:— В ходе нашего теста отклонение от указанных вендором значений было минимальным и не превышало погрешности наблюдения.

Как объединить NGFW в кластерДля объединения NGFW в кластер использовался брокер сетевых пакетов DS Integrity NG от компании «Цифровые решения».

Директор по аналитике и интеграции компании «Цифровые решения» Серге…

1 week, 3 days назад @ anti-malware.ru
Эволюция защиты от вредоносных программ
Эволюция защиты от вредоносных программ Эволюция защиты от вредоносных программ

Поэтому до 90 % всех вредоносных программ, с которыми приходится иметь дело аналитикам, выпущены лет семь назад, а то и раньше.

Теймур Хеирхабаров связал редкость таких вредоносных объектов со сложностью их разработки и с появлением новых механизмов самозащиты в основных операционных системах.

Основные типы вредоносных программ, которые атаковали российских частных лиц и компании, по итогам 2023 г.Теймур Хеирхабаров напомнил, что запуск вредоносных программ обычно является последней стадией атаки, когда средства защиты, в том числе антивирусной, злоумышленники отключили.

Если процесс работы шифровальщика уже начался, то счёт идёт на минуты, если не на секунды.

Какие средства защиты от вредо…

1 week, 3 days назад @ anti-malware.ru
Обзор MEDOED, онлайн-сервиса автоматизации процессов по защите информации
Обзор MEDOED, онлайн-сервиса автоматизации процессов по защите информации Обзор MEDOED, онлайн-сервиса автоматизации процессов по защите информации

Поэтому данный онлайн-сервис будет полезен как для государственного сектора, так и для бизнеса, независимо от масштаба и сферы деятельности.

Продукт MEDOED зарегистрирован в Роспатенте как программа для автоматизации процессов по защите информации и внесён в реестр отечественного ПО (запись № 21982 от 20.03.2024) в качестве средства автоматизации процессов ИБ.

С помощью MEDOED соблюдать требования по учёту СКЗИ в соответствии с приказом ФАПСИ от 13.06.2001 № 152 проще, чем в Excel.

Выгрузка журналов из модуля «Учёт СКЗИ»Также возможно ведение отдельных журналов по разным юрлицам, что удобно как для групп компаний, так и для специалистов по ИБ, обслуживающих несколько организаций.

MEDOED име…

1 week, 4 days назад @ anti-malware.ru
Особенности применения MDR в корпоративной среде
Особенности применения MDR в корпоративной среде Особенности применения MDR в корпоративной среде

В состав услуги входят мониторинг инфраструктуры, обнаружение инцидентов и, в некоторых случаях, реагирование на них, а также поддержка в случае обнаружения атак.

Благодаря этому MDR в SOC может распознать большее количество рисков, так как имеет данные о событиях от разных источников.

Могут потребоваться услуги сервис-провайдера, который поможет реализовать взаимодействие MDR с объектами КИИ, в т. ч. значимыми, согласно перечню требований.

Функциональные возможности MDRПродуктов класса MDR на рынке существует несколько, но далее мы будем рассматривать схему работы и функции на примере Kaspersky MDR, так как этот продукт позволяет наглядно показать различия между MDR и EDR.

Кстати, в данном…

1 week, 5 days назад @ anti-malware.ru
Хабр: ИБ Хабр: ИБ
последний пост 3 часа назад
WAF-экспресс, или Как закрыть RCE за два дня
WAF-экспресс, или Как закрыть RCE за два дня WAF-экспресс, или Как закрыть RCE за два дня

PT Cloud Application Firewall прост и быстр в настройке и обладает теми же функциями, что и on-premise PT Application Firewall.

Благодаря сотрудничеству Positive Technologies и K2 Cloud мы решили вопрос с развертыванием WAF буквально за два дня.

Она измеряется в RPS и не ограничивает число агентов и фильтрующих нод, пока число запросов не превышает оговоренный объем.

Задача состояла в интеграции WAF в эту существующую архитектуру.

Причина в том, что WAF не может обрабатывать этот тип трафика, так как ориентирован только на HTTP-защиту веб-приложений и API.

3 часа назад @ habr.com
Свой надежный VPN. Настройка протокола VLESS XTLS-инструкция
Свой надежный VPN. Настройка протокола VLESS XTLS-инструкция Свой надежный VPN. Настройка протокола VLESS XTLS-инструкция

В данной статье описан способ обхода западной цензуры на примере использования протокола VLESS XTLS Reality для доступа к сайтам, которые блокируют доступ из Российской Федерации.

В моем случае с aeza - данные есть и на почте и в личном кабинете.

Вам нужны две строки: IP-адрес и root-парольШаг 1: Подключитесь к серверу по SSH:Наберите ssh [email protected] в консоли (IP поменяйте на свой).

Можно шаманить дальше, чтобы повышать уровень безопасности сервера и качество его маскировки, но «для старта» я считаю это излишним.

Я использую /mysecreturl/, но вы придумайте свою.

4 часа назад @ habr.com
Госуслуги поощряют сбор логинов-паролей пользователей?
Госуслуги поощряют сбор логинов-паролей пользователей? Госуслуги поощряют сбор логинов-паролей пользователей?

Сделало оно это очень просто - в своём окне оно запросило у меня логин-пароль от Госуслуг.

И у приложения будет сессия от моего имени в лк Госуслуг.

Т. е. такая система нормально работает в браузере, когда сайт перенаправляет тебя на другое окно сайта госуслуг, и там ты в Госуслугах авторизуешься на сайте.

Но в случае приложения - твой лк может оказаться полностью под контролем разработчиков приложения, если они этого пожелают.

Обратился в поддержку Госуслуг - они сказали, что это целиком ответственность пользователя - что он сообщает третьим приложениям, и служба безопасности Госуслуг не будет этим заниматься.

5 часов назад @ habr.com
Шифрование личных заметок
Шифрование личных заметок Шифрование личных заметок

const credentials = readCredentials(); const key = await importKey(credentials); const encryptedNote = await encryptNote(note, key); await post(`/api/merge-notes`, { notes: [encryptedNote] }, credentials); console.log(`Created note with ID ${note.id}`); } async function getNote(id?

const credentials = readCredentials(); const key = await importKey(credentials); // ids: [] would return no notes.

Раньше проблему решал текстовый файл, где хранились и пароли, и заметки, и который легко было зашифровать.

Но если с паролями проблема решена благодаря парольным менеджерам, то вот с шифрованием заметок не всё так гладко.Какой вариант выбрать для безопасного и надёжного шифрования личных заметок, с с…

18 часов назад @ habr.com
[Перевод] Портируем декодер AV1 с С на Rust для повышения быстродействия и безопасности
[Перевод] Портируем декодер AV1 с С на Rust для повышения быстродействия и безопасности [Перевод] Портируем декодер AV1 с С на Rust для повышения быстродействия и безопасности

Исходя из этой идеи, мы в тандеме с командой из Immutant создали rav1d , портировав на Rust написанный на С декодер dav1d .

— Джош Аас, глава проекта Prossimo организации ISRGrav1ddav1ddav1drav1dПеренести код dav1d на Rust для повышения безопасности памяти.

на Rust для повышения безопасности памяти.

Многие из других сложностей оказались больше связаны с переносом кода С на Rust, поэтому текущая статья будет акцентироваться именно на этих проблемах и их решениях.Мы столкнулись с различными проблемами, связанными с расхождениями между паттернами С и безопасного Rust.

Мы выяснили, что, несмотря на проблемы с потоками и заимствованием, переписывание существующего кода С на безопасном и производ…

1 day, 3 hours назад @ habr.com
[Перевод] Безопасность приложений больших языковых моделей (LLM, GenAI)
[Перевод] Безопасность приложений больших языковых моделей (LLM, GenAI) [Перевод] Безопасность приложений больших языковых моделей (LLM, GenAI)

OWASP Top 10 для приложений LLM и GenAI: Руководство для разработчиков и практиковОткройте для себя OWASP Top 10 для LLM и GenAI и изучите основные стратегии защиты ваших моделей и приложений искусственного интеллекта.

Злоумышленники могут использовать наборы данных в веб, изменяя содержимое по URL-адресам, используемым в обучающих данных.

Обнаружение аномалий и тестирование на надежность: Реализуйте обнаружение аномалий и тестирование на надежность на полученных от поставщиков моделях и данных для выявления подмены данных и отравления моделей.

ВыводыOWASP Top 10 для LLM и GenAI является важнейшим ресурсом для обеспечения безопасности приложений, использующих эти передовые технологии.

Посто…

1 day, 4 hours назад @ habr.com
Обучение в Stanford Online: Advanced Cybersecurity
Обучение в Stanford Online: Advanced Cybersecurity Обучение в Stanford Online: Advanced Cybersecurity

На основе своего опыта прохождения сертификации в 2023 году я расскажу про процессы поступления и обучения, структуру программы Advanced Cybersecurity и платформу онлайн обучения, опишу особенности и в конце статьи поделюсь своим мнением.

Мне не удалось зарегистрироваться на программу/курс используя зарубежную карту указав адрес в РФ, пришлось наугад писать адрес из ОАЭ.

После оплаты получаем доступ к платформе онлайн обучения с материалами.

Были всего 2 выхода на меня со стороны работодателей благодаря этим курсам.

Видимо благодаря тому, что тема для меня была интересной и дают возможность очного нетворкинга в США.

1 day, 5 hours назад @ habr.com
В погоне за тенями: геолокация изображения с помощью Shadow Finder Tool
В погоне за тенями: геолокация изображения с помощью Shadow Finder Tool В погоне за тенями: геолокация изображения с помощью Shadow Finder Tool

Если вы знаете дату и время съемки и можете точно измерить высоту объекта и длину его тени, вы сможете определить кольцо возможных мест, где был сделан снимок.

Вы можете ввести время в UTC (универсальное координированное время) или в местном времени.

Если вы измеряете и объект, и тень в одних и тех же единицах, инструмент Bellingcat для поиска теней будет работать.

Теперь, имея под рукой результаты измерений высоты и данные о времени и дате, откройте инструмент Shadow FinderВведите высоту объекта и длину тени, а также дату и время и нажмите «▶», чтобы запустить инструмент.

Расширенная геолокация: повторный слепокЕсли у вас есть несколько снимков, сделанных в разное время, вы можете еще боль…

2 days, 5 hours назад @ habr.com
Социальная инженерия или как усилия безопасников разбиваются о человеческий фактор
Социальная инженерия или как усилия безопасников разбиваются о человеческий фактор Социальная инженерия или как усилия безопасников разбиваются о человеческий фактор

Социальная инженерия — это то, что заставляет безопасников терять сон.

Почему социальная инженерия работаетВсе больше атак строятся на обмане сотрудников, а не на взломе кода.

И когда сотрудник, увидев письмо от "генерального директора", передает доступы или кликает на фишинговую ссылку, технические меры бессильны.

Потому что в момент атаки срабатывают эмоции: доверие, страх, желание помочь.

И помните, социальная инженерия — это не вопрос «если», это вопрос «когда».

2 days, 22 hours назад @ habr.com
Серж Хумпич: человек, взломавший национальную банковскую систему Франции
Серж Хумпич: человек, взломавший национальную банковскую систему Франции Серж Хумпич: человек, взломавший национальную банковскую систему Франции

И как-то не приходит в голову, что за таким взломом может стоять один человек, который, в общем-то, никогда раньше не задумывался о карьере хакера.

Именно тогда он с головой погрузился в архитектуру финансового ПО, для создания которого требовалось изучать большие объемы технической документации.

Это позволило Хумпичу изготовить поддельную карту, не привязанную к банковскому счету, которая, тем не менее, принималась платежными терминалами Carte Bleue и позволяла совершать покупки.

В некотором смысле Хумпич опередил свое время — его действия предвосхитили эти современные инициативы, хотя и привели его на скамью подсудимых.

Он, возможно, и не добился признания, на которое рассчитывал, но изме…

3 days назад @ habr.com
Зачем медицине облака
Зачем медицине облака Зачем медицине облака

Это действительно крупный проект с Базой данных в миллионы записей, он объединяет многих поставщиков информации.

Соответственно, анализируя большое количество данных, мы можем предлагать компаниям, которые занимаются распространением препаратов, данные по врачам (опять-таки, с их согласия).

Надо поддерживать и защищенность каналов связи, и актуальность ПО, которое обслуживает эти базы данных, потому что регулярно находят уязвимости и в операционных системах, и в базах данных, и ПО, которое, например, работает в интернете.

Так что, да, санкции повлияли даже на нас, хотя мы скорее работаем в области цифрового маркетинга, который имеет отношение к медицине.

Как справлялись раньше, до нас, что …

3 days, 4 hours назад @ habr.com
Всегда ли виноват «Вася»: развеиваем мифы о человеческом факторе в ИБ
Всегда ли виноват «Вася»: развеиваем мифы о человеческом факторе в ИБ Всегда ли виноват «Вася»: развеиваем мифы о человеческом факторе в ИБ

Станислав Карпович, заместитель директора департамента "Киберполигон" по развитию бизнеса, в новом материале постарался развеять несколько мифов о человеческом факторе в кибербезопасности.

Вопрос не в том, смогут ли киберпреступники склонить на «темную» сторону сотрудника, смогут.

Вопрос в количестве ресурсов, которые для этого потребуются и объеме потенциального ущерба, который они смогут причинить.

Спрос на них ежегодно растет, как и требования к их квалификации на входе и в процессе работы.

Например, матрица компетенций – это наглядный способ понять, от какого типа и от какого уровня атак защищена компании, и при каком сценарии шансов не будет.

3 days, 21 hours назад @ habr.com
Композиционный анализ при помощи CodeScoring
Композиционный анализ при помощи CodeScoring Композиционный анализ при помощи CodeScoring

Рассмотрим пример известной (опубликованной) уязвимости в пакете org.yaml:[email protected] , используемой в качестве зависимости.

В рамках стратегии импортозамещения можно рассмотреть интеграцию CodeScoring в процесс проверки каждого pull request в защищённых ветвях кода.

Если кратко, то наличие хотя бы одной уязвимости, выявленной в процессе анализа pull request, приводит к блокировке завершения pull request.

Мы не откладываем устранение уязвимостей, не ждем завершения pull request и сборки ПО, а проводим анализ на этапе pull request.

И хотел бы узнать мнение сообщества по следующим вопросамС какими сложностями вы столкнулись при внедрении композиционного анализа в pull request?

3 days, 21 hours назад @ habr.com
Автоматизация безопасности: Когда использовать SOAR?
Автоматизация безопасности: Когда использовать SOAR? Автоматизация безопасности: Когда использовать SOAR?

Но когда действительно стоит внедрять SOAR, а когда можно справиться силами команды?

SOAR берет на себя рутинные задачи, автоматизирует анализ инцидентов и помогает оперативно принимать решения, что снижает нагрузку на специалистов и минимизирует риски для бизнеса.

В теории это звучит как мечта каждого SOC-специалиста, но в реальности внедрение SOAR — не всегда лёгкий путь.

Но не стоит думать, что SOAR — это решение всех проблем.

Не каждый SOC нуждается в SOAR прямо сейчас, но если ваша команда захлёбывается в потоке инцидентов, а скорость реагирования падает, пора задуматься об автоматизации.

3 days, 23 hours назад @ habr.com
[Перевод] Не слишком ли много мы разрешаем нашим приложениям?
[Перевод] Не слишком ли много мы разрешаем нашим приложениям? [Перевод] Не слишком ли много мы разрешаем нашим приложениям?

Без них приложение соцсети не сможет получить доступ к вашим фотографиям, ваш мессенджер не сможет сохранять документы, а ваше приложение для редактирования фотографий не сможет сохранять сделанные вами изменения.

Ни одно из проанализированных приложений не запрашивает разрешение на доступ к датчикам на теле или добавление голосовой почты.

Например, если вы используете стандартное приложение для телефонных звонков, то можете пересмотреть возможность предоставления подобных разрешений для WhatsApp или Messenger.

Все приложения запрашивают доступ к камере и точному местоположению, к отправке уведомлений, а также чтению и записи в хранилище.

Даже при отсутствии опасных разрешений приложение вс…

3 days, 23 hours назад @ habr.com
Хакер Хакер
последний пост 2 часа назад
Злоумышленники могли перехватывать данные с виртуальной клавиатуры Apple Vision Pro
Злоумышленники могли перехватывать данные с виртуальной клавиатуры Apple Vision Pro Злоумышленники могли перехватывать данные с виртуальной клавиатуры Apple Vision Pro

Исследователи из Университета Флориды и Техасского технологического университета продемонстрировали атаку GAZEploit, которая отслеживает взгляд пользователя Apple Vision Pro и может определить, что именно человек набирает на виртуальной клавиатуре.

Дело в том, что ввод данных на виртуальной клавиатуре Apple Vision Pro может осуществляться из режима аватара (Persona), который используется для видеозвонков, онлайн-встреч и так далее.

И исследователи выяснили, что можно проанализировать движения глаз виртуального аватара, чтобы определить, что человек в VR-гарнитуре Vision Pro набирает на своей виртуальной клавиатуре.

Затем направление взгляда на виртуальной клавиатуре сопоставлялось с конкрет…

2 часа назад @ xakep.ru
Малварь блокирует браузер жертвы в режиме киоска
Малварь блокирует браузер жертвы в режиме киоска Малварь блокирует браузер жертвы в режиме киоска

Исследователи обнаружили необычный локер, который блокирует браузер жертвы в режиме киоска, вынуждая пользователя ввести свои учетные данные, которые в итоге похищает инфостилер.

После запуска в системе пользователя Amadey разворачивает AutoIt-скрипт, который сканирует зараженную машину на наличие доступных браузеров и запускает один из них в режиме киоска с определенным URL-адресом.

Скрипт также настраивает игнорирование для клавиш F11 и Escape в браузере, чтобы жертвы не могла легко выйти из режима киоска.

Как отмечает издание Bleeping Computer, даже если F11 и Escape заблокированы, выйти из режима киоска можно и другими способами.

Затем стоит загрузиться в «Безопасном режиме» (F8) и прои…

4 часа назад @ xakep.ru
Группа Lazarus атакует Python-разработчиков с помощью фейковых тестовых заданий
Группа Lazarus атакует Python-разработчиков с помощью фейковых тестовых заданий Группа Lazarus атакует Python-разработчиков с помощью фейковых тестовых заданий

Аналитики ReversingLabs предупреждают, что участники северокорейской хак-группы Lazarus выдают себя за рекрутеров и предлагают Python-разработчикам пройти тестовые задания, якобы связанные с разработкой фальшивого менеджера паролей.

На самом деле никакого менеджера паролей нет, и такие задания содержат малварь.

Тогда злоумышленники тоже атаковали разработчиков, но делали это с помощью вредоносных пакетов Python, загруженных в репозиторий PyPI.

В качестве тестового задания злоумышленники предлагали своим жертвам найти ошибку в фейковом менеджере паролей, прислать свое решение и предоставить скриншоты в качестве proof-of-concept.

В README-файле этого «тестового задания» жертвам предлагалось с…

2 days, 18 hours назад @ xakep.ru
Арестован подросток, связанный со взломом лондонской муниципальной службы Transport for London
Арестован подросток, связанный со взломом лондонской муниципальной службы Transport for London Арестован подросток, связанный со взломом лондонской муниципальной службы Transport for London

Известно, что в настоящее время подозреваемого допросили и отпустили под залог.

1 сентября текущего года представители Transport for London сообщили, что служба подверглась кибератаке, из-за чего пришлось закрыть или ограничить доступ к различным ИТ-системам, чтобы предотвратить распространение угрозы.

Хотя атака не повлияла на работу общественного транспорта Лондона, она затронула внутренние системы Transport for London, используемые персоналом, а также различные онлайн-сервсиы для работы с клиентами.

Системы Transport for London до сих пор не восстановились до конца.

Хотя исходно сообщалось, что во время атаки не были похищены данные клиентов, на этой неделе представители Transport for Lo…

2 days, 19 hours назад @ xakep.ru
Открыта регистрация на онлайн-кэмп по практической безопасности CyberCamp 2024
Открыта регистрация на онлайн-кэмп по практической безопасности CyberCamp 2024 Открыта регистрация на онлайн-кэмп по практической безопасности CyberCamp 2024

CyberCamp — это трехдневный технологический онлайн-кэмп, позволяющий обмениваться практическим опытом и знаниями в области кибербезопасности в прямом эфире, а также онлайн-митапы с разбором заданий киберучений в течение года.

Так, лучшие участники корпоративной лиги получат 300 000, 200 000 и 100 000 рублей, студенческой — 100 000, 70 000 и 50 000 рублей.

Общий призовой фонд CyberCamp составит 5 000 000 рублей.

Платформа с эфиром, докладами, практическими заданиями, а также мерч и призы будут доступны для всех зарегистрированных участников CyberCamp 2024.

На платформе мероприятия уже открыт один доклад, а также несколько заданий — за их выполнение можно заработать первые сайбы.

2 days, 21 hours назад @ xakep.ru
GitLab патчит критическую уязвимость, связанную с пайплайном
GitLab патчит критическую уязвимость, связанную с пайплайном GitLab патчит критическую уязвимость, связанную с пайплайном

Разработчики GitLab выпустили патчи для устранения нескольких уязвимостей, наиболее серьезная из которых (CVE-2024-6678) при определенных условиях позволяет злоумышленнику запускать пайплайны от имени любого пользователя.

В общей сложности в версиях 17.3.2, 17.2.5 и 17.1.7 GitLab Community Edition (CE) и Enterprise Edition (EE) было исправлено 18 проблем.

В GitLab предупреждают, что проблема затрагивает версии CE/EE с 8.14 до 17.1.7, версии с 17.2 до 17.2.5 и версии с 17.3 до 17.3.2, и рекомендуют установить обновления как можно скорее.

Стоит отметить, что за последние месяцы GitLab уже не первый раз устраняет связанные с пайплайнами баги.

Также в этом месяце разработчики GitLab выпустили п…

2 days, 22 hours назад @ xakep.ru
OAuth от и до. Ищем цепочки уязвимостей при атаках на авторизацию
OAuth от и до. Ищем цепочки уязвимостей при атаках на авторизацию OAuth от и до. Ищем цепочки уязвимостей при атаках на авторизацию

Но если ты смо­жешь най­ти спо­соб кра­сиво заюзать его и повысить импакт до кра­жи акка­унта, это уже сов­сем дру­гое дело.

info О том, как устро­ен про­токол OAuth и как экс­плу­ати­руют базовые уяз­вимос­ти в нем, читай в моей пре­дыду­щей статье — «OAuth от и до.

Как и рань­ше, про­ходим весь флоу с логином, что­бы соб­рать все зап­росы и спо­кой­но про­ана­лизи­ровать их.

Находим Authorization Request (тот зап­рос на сер­вер авто­риза­ции, на который нас перенап­равило при­ложе­ние) и отправ­ляем его в Repeater.

Мож­но нажать пра­вой кноп­кой мыши и выб­рать Copy URL, что­бы ско­пиро­вать всю ссыл­ку и пос­мотреть в бра­узе­ре, как про­изой­дет редирект и в логах появит­ся наш токен.

2 days, 23 hours назад @ xakep.ru
Фишеры массово атакуют российские отели
Фишеры массово атакуют российские отели Фишеры массово атакуют российские отели

Специалисты «Лаборатории Касперского» предупредили, что с лета текущего года активно распространяются фишинговые рассылки, нацеленные на российские отели, гостевые дома, санатории и другие объекты размещения.

В других случаях атакующие уточняют, соответствуют ли фотографии в сервисе бронирования действительности и просят предоставить номер телефона для связи.

Атакующие запугивают жертв, заявляя, что из-за этого инцидента отель будет заблокирован в сервисе и удален с платформы.

Чтобы этого не произошло, предлагается нажать на кнопку в теле письма и перейти в аккаунт объекта размещения на сервисе онлайн-бронирования.

Также исследователи отмечают, что в последнее время среди преступников в цел…

3 days назад @ xakep.ru
Хакер украл и опубликовал 440 ГБ данных компании Fortinet
Хакер украл и опубликовал 440 ГБ данных компании Fortinet Хакер украл и опубликовал 440 ГБ данных компании Fortinet

Дело в том, что 12 сентября 2024 года злоумышленник под ником Fortibitch заявил, что похитил 440 ГБ данных с принадлежащего компании сервера Azure Sharepoint и уже сливает эту информацию на хак-форуме.

«Некий человек получил несанкционированный доступ к ограниченному количеству файлов, хранившихся на сервере компании Fortinet в стороннем облачном файловом хранилище, где содержались ограниченные данные, связанные с небольшим количеством (менее 0,3%) клиентской базы Fortinet», — сообщают представители компании в блоге.

Также в Fortinet заверили, что инцидент не является вымогательской атакой и не связан с развертыванием шифровальщика.

Хакер открыто поделился учетными данными для бакета S3, гд…

3 days, 2 hours назад @ xakep.ru
Атака PIXHELL: шумы ЖК-мониторов можно использовать для кражи данных
Атака PIXHELL: шумы ЖК-мониторов можно использовать для кражи данных Атака PIXHELL: шумы ЖК-мониторов можно использовать для кражи данных

Эксперты продемонстрировали «звуковую» атаку PIXHELL, которая позволяет извлекать данные с изолированных машин.

Атаку PIXHELL разработал израильский ИБ-специалист, доктор Мордехай Гури (Mordechai Guri), руководитель R&D отдела в центре исследования кибербезопасности в Университета имени Бен-Гуриона.

Совсем недавно мы рассказывали о другом его проекте, атаке RAMBO (Radiation of Air-gapped Memory Bus for Offense), которая предназначена для кражи данных с защищенных машин через электромагнитное излучение оперативной памяти.

В отчете исследователей подчеркивается, что PIXHELL может работать даже в условиях, когда на несколько источников сигнала приходится только один реципиент.

SATAn: роль бесп…

3 days, 4 hours назад @ xakep.ru
Сайты удостоверяющего центра «Основание» подверглись взлому и дефейсу
Сайты удостоверяющего центра «Основание» подверглись взлому и дефейсу Сайты удостоверяющего центра «Основание» подверглись взлому и дефейсу

Хакеры атаковали сайты УЦ «Основание», федерального удостоверяющего центра (УЦ) по выдаче цифровых электронных подписей (ЭП), в результате которой был остановлен процесс выдачи ЭП.

С социальных сетях представители организации сообщили, что атака на инфраструктуру центра выдачи электронной подписи УЦ «Основание» (включает АО «Аналитический центр» и АО «Единый портал ЭП») в ночь на 11 сентября.

Ориентировочным сроком возобновления выдачи сертификатов назван сегодняшний день, 12 сентября 2024 года, однако пока ресурсы УЦ «Основание» по-прежнему не работают.

Представители УЦ «Основание» подтвердили изданию «Коммерсант», что атаке подверглись только сайты.

«Инфраструктура, связанная с программно…

3 days, 18 hours назад @ xakep.ru
Малварь Vo1d заразила 1,3 млн Android-приставок по всему миру
Малварь Vo1d заразила 1,3 млн Android-приставок по всему миру Малварь Vo1d заразила 1,3 млн Android-приставок по всему миру

Специалисты «Доктор Веб» сообщают, что новый бэкдор заразил почти 1 300 000 ТВ-приставок на базе Android в 197 странах мира.

Этот вредонос помещает свои компоненты в системную область и по команде злоумышленников способен скрытно загружать и устанавливать стороннее ПО.

Кроме того, в файловой системе появилось четыре новых файла:/system/xbin/vo1d/system/xbin/wd/system/bin/debuggerd/system/bin/debuggerd_realФайлы vo1d и wd — это компоненты выявленной малвари, которую компания отслеживает как Android.Vo1d.

Отмечается, что основная функциональность Vo1d скрыта в его компонентах vo1d (Android.Vo1d.1) и wd (Android.Vo1d.3), которые работают в связке.

Из-за этого люди реже устанавливают на них защ…

3 days, 20 hours назад @ xakep.ru
Эй, на борту! Перехватываем и разбираем сигнал AIS — системы идентификации кораблей
Эй, на борту! Перехватываем и разбираем сигнал AIS — системы идентификации кораблей Эй, на борту! Перехватываем и разбираем сигнал AIS — системы идентификации кораблей

Нем­ного углу­бим­ся в фор­маты сооб­щений и раз­берем­ся, какие дан­ные мож­но переда­вать и получать в AIS.

Все­го в AIS 21 основной тип сооб­щений, в будущем этот спи­сок может быть рас­ширен до 63.

Рас­смот­рим все сооб­щения, раз­делив их на клас­сы: сооб­щения передат­чиков клас­са А, сооб­щения передат­чиков клас­са Б, сооб­щения от ATON, бинар­ные сооб­щения AIS с адре­сом, бинар­ные сооб­щения AIS для всех при­емни­ков.

Передат­чики SART тран­сли­руют по четыре сооб­щения на каж­дой из час­тот AIS, то есть четыре на 161,975 МГц и четыре на 162,025 МГц.

В этой статье мы не будем углублять­ся в ата­ки на AIS, а толь­ко поп­робу­ем пол­ностью разоб­рать­ся в переда­че, модуля­ции и ко…

3 days, 23 hours назад @ xakep.ru
С октября 2024 года WordPress будет требовать использования 2ФА от разработчиков плагинов
С октября 2024 года WordPress будет требовать использования 2ФА от разработчиков плагинов С октября 2024 года WordPress будет требовать использования 2ФА от разработчиков плагинов

Начиная с 1 октября 2024 года, все учетные записи на WordPress.org, которые имеют право отправлять обновления и вносить изменения в плагины и темы для CMS, должны будут использовать двухфакторную аутентификацию (2ФА).

«Учетные записи с доступом к коммиту могут распространять обновления и вносить изменения в плагины и темы, используемые миллионами сайтов WordPress по всему миру, — гласит официальное заявление.

— Защита этих учетных записей необходима для предотвращения несанкционированного доступа, а также поддержания безопасности и доверия в сообществе WordPress.org».

Владельцы учетных записей могут активировать двухфакторную аутентификацию в настройках безопасности своего аккаунта.

Авторам…

4 days назад @ xakep.ru
API Google Play Integrity позволяет блокировать приложения, установленные из сторонних источников
API Google Play Integrity позволяет блокировать приложения, установленные из сторонних источников API Google Play Integrity позволяет блокировать приложения, установленные из сторонних источников

В итоге пользователю будет предложено загрузить приложение из Google Play Store, и обойти эту «рекомендацию» не получится.

Как правило, в таких случаях отказываются работать банковские приложения, Google Wallet, некоторые игры, Snapchat, а также ряд мультимедийных приложений (например, Netflix).

В ответ на это разработчик может использовать Play Integrity API для отображения диалогового окна GET_LICENSED, чтобы предложить пользователю установить приложение из магазина Google Play.

Как видно в примере выше, диалоговое окно предлагает загрузить приложение из Google Play Store, чтобы продолжать его использование.

При нажатии на кнопку «Get app», откроется целевая страница приложения в Google P…

4 days, 2 hours назад @ xakep.ru
In English 🇺🇸
The Hacker News The Hacker News
последний пост 5 часов назад
Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure
Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure Apple Drops Spyware Case Against NSO Group, Citing Risk of Threat Intelligence Exposure

Apple has filed a motion to "voluntarily" dismiss its lawsuit against commercial spyware vendor NSO Group, citing a shifting risk landscape that could lead to exposure of critical "threat intelligence" information.

The iPhone maker said its efforts, coupled with those of others in the industry and national governments to tackle the rise of commercial spyware, have "substantially weakened" the defendants.

"At the same time, unfortunately, other malicious actors have arisen in the commercial spyware industry," the company said.

It described NSO Group, a subsidiary of Q Cyber Technologies Limited, as "amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance mach…

5 часов назад @ thehackernews.com
Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks
Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks

Cybersecurity researchers have warned of ongoing phishing campaigns that abuse refresh entries in HTTP headers to deliver spoofed email login pages that are designed to harvest users' credentials.

The infection chains are characterized by the delivery of malicious links through header refresh URLs containing targeted recipients' email addresses.

To lend the phishing attempt a veneer of legitimacy, the malicious webmail login pages have the recipients' email addresses pre-filled.

Phishing and business email compromise (BEC) continues to be a prominent pathway for adversaries looking to siphon information and perform financially motivated attacks.

One of its users is Storm-1152, a Vietnamese …

8 часов назад @ thehackernews.com
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability
Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild.

The high-severity vulnerability in question is CVE-2024-8190 (CVSS score: 7.2), which allows remote code execution under certain circumstances.

"An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker to obtain remote code execution," Ivanti noted in an advisory released earlier this week.

"Customers must upgrade to Ivanti CSA 5.0 for continued support."

Customers already running Ivanti CSA 5.0 do not need to take any additional action."

2 days, 8 hours назад @ thehackernews.com
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers
Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers Apple Vision Pro Vulnerability Exposed Virtual Keyboard Inputs to Attackers

Details have emerged about a now-patched security flaw impacting Apple's Vision Pro mixed reality headset that, if successfully exploited, could allow malicious attackers to infer data entered on the device's virtual keyboard.

"The GAZEploit attack leverages the vulnerability inherent in gaze-controlled text entry when users share a virtual avatar."

"Inputs to the virtual keyboard may be inferred from Persona," it said in a security advisory, adding it resolved the problem by "suspending Persona when the virtual keyboard is active."

"By remotely capturing and analyzing the virtual avatar video, an attacker can reconstruct the typed keys," the researchers said.

"Notably, the GAZEploit attack…

2 days, 22 hours назад @ thehackernews.com
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London
17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London 17-Year-Old Arrested in Connection with Cyber Attack Affecting Transport for London

British authorities on Thursday announced the arrest of a 17-year-old male in connection with a cyber attack affecting Transport for London (TfL).

"The 17-year-old male was detained on suspicion of Computer Misuse Act offenses in relation to the attack, which was launched on TfL on 1 September," the U.K. National Crime Agency (NCA) said.

The teenager, who's from Walsall, is said to have been arrested on September 5, 2024, following an investigation that was launched in the incident's aftermath.

It's worth noting that West Midlands police previously arrested a 17-year-old boy, also from Walsall, in July 2024 in connection with a ransomware attack on MGM Resorts.

Back in June, another 22-year…

2 days, 23 hours назад @ thehackernews.com
TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud
TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud TrickMo Android Trojan Exploits Accessibility Services for On-Device Banking Fraud

"The mechanisms include using malformed ZIP files in combination with JSONPacker," Cleafy security researchers Michele Roviello and Alessandro Strino said.

"Accessibility services are designed to assist users with disabilities by providing alternative ways to interact with their devices," the researchers said.

"However, when exploited by malicious apps like TrickMo, these services can grant extensive control over the device."

Furthermore, the abuse of the accessibility services allows the malware to disable crucial security features and system updates, auto-grant permissions at will, and prevent the uninstallation of certain apps.

These files encompass fake login pages for various services,…

3 days, 1 hour назад @ thehackernews.com
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft
Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft Say Goodbye to Phishing: Must-Haves to Eliminate Credential Theft

Traditional defenses, such as end-user training or basic multi-factor authentication (MFA), lower the risk at best but cannot eliminate it.

Legacy MFA is a particularly urgent problem, given that attackers now bypass MFA at scale prompting NIST, CISA, OMB, and NYDFS to issue guidances for phishing-resistant MFA.

To address this, Beyond Identity authentication relies on a Platform Authenticator, which verifies the origin of access requests.

Enforce Device Security ComplianceDuring authentication, it's not just the user that's logging in, it's also their device.

Ready to experience phishing-resistant security?

3 days, 1 hour назад @ thehackernews.com
Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw
Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw Progress WhatsUp Gold Exploited Just Hours After PoC Release for Critical Flaw

Malicious actors are likely leveraging publicly available proof-of-concept (PoC) exploits for recently disclosed security flaws in Progress Software WhatsUp Gold to conduct opportunistic attacks.

"The polling process NmPoller.exe, the WhatsUp Gold executable, seems to be able to host a script called Active Monitor PowerShell Script as a legitimate function," the researchers explained.

"The threat actors in this case chose it to perform for remote arbitrary code execution."

This is the second time security vulnerabilities in WhatsUp Gold have been actively weaponized in the wild.

Early last month, the Shadowserver Foundation said it had observed exploitation attempts against CVE-2024-4885 (C…

3 days, 1 hour назад @ thehackernews.com
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency

Cybersecurity researchers have uncovered a new malware campaign targeting Linux environments to conduct illicit cryptocurrency mining.

The activity, which specifically singles out the Oracle Weblogic server, is designed to deliver malware dubbed Hadooken, according to cloud security firm Aqua.

"When Hadooken is executed, it drops a Tsunami malware and deploys a crypto miner," security researcher Assaf Moran said.

This is accomplished by launching two nearly-identical payloads, one written in Python and the other, a shell script, both of which are responsible for retrieving the Hadooken malware from a remote server ("89.185.85[.

"It then moves laterally across the organization or connected e…

3 days, 6 hours назад @ thehackernews.com
New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram
New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram

"The attacker has a network of affiliates motivated by financial gain, spreading Android banker malware that targets ordinary users," security researchers Boris Martynyuk, Pavel Naumov, and Anvar Anarkulov said.

There is evidence to suggest that some aspects of the Telegram-based malware distribution process may have been automated for improved efficiency.

The numerous Telegram accounts are designed to serve crafted messages containing links -- either to other Telegram channels or external sources -- and APK files to unwitting targets.

Ajina.Banker is capable of gathering SIM card information, a list of installed financial apps, and SMS messages, which are then exfiltrated to the server.

"T…

3 days, 20 hours назад @ thehackernews.com
Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution
Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution

GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an attacker to run pipeline jobs as an arbitrary user.

The vulnerability, along with three high-severity, 11 medium-severity, and two low-severity bugs, have been addressed in versions 17.3.2, 17.2.5, 17.1.7 for GitLab Community Edition (CE) and Enterprise Edition (EE).

It's worth noting that CVE-2024-6678 is the fourth such flaw that GitLab has patched over the past year after CVE-2023-5009 (CVSS score: 9.6), CVE-2024-5655 (CVSS score: 9.6), and CVE-2024-6385 (CVSS score: 9.6).

While there is no evidence of active exploitation of the flaws, users are recommended to ap…

3 days, 20 hours назад @ thehackernews.com
Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide
Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide

Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d (aka Void).

A majority of the infections have been detected in Brazil, Morocco, Pakistan, Saudi Arabia, Argentina, Russia, Tunisia, Ecuador, Malaysia, Algeria, and Indonesia.

"Before Android 8.0, crashes were handled by the debuggerd and debuggerd64 daemons," Google notes in its Android documentation.

The "vo1d" payload, in turn, starts "wd" and ensures it's persistently running, while also downloading and running executables when instructed by a command-and-control (C2) server.

Furthermore, it keeps tabs on…

3 days, 22 hours назад @ thehackernews.com
Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking
Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking

Internet-exposed Selenium Grid instances are being targeted by bad actors for illicit cryptocurrency mining and proxyjacking campaigns.

"Selenium Grid is a server that facilitates running test cases in parallel across different browsers and versions," Cado Security researchers Tara Gould and Nate Bill said in an analysis published today.

"However, Selenium Grid's default configuration lacks authentication, making it vulnerable to exploitation by threat actors."

The abuse of publicly-accessible Selenium Grid instances for deploying crypto miners was previously highlighted by cloud security firm Wiz in late July 2024 as part of an activity cluster dubbed SeleniumGreed.

"As many organizations …

3 days, 23 hours назад @ thehackernews.com
Top 3 Threat Report Insights for Q2 2024
Top 3 Threat Report Insights for Q2 2024 Top 3 Threat Report Insights for Q2 2024

Cato CTRL (Cyber Threats Research Lab) has released its Q2 2024 Cato CTRL SASE Threat Report.

Key Insights from the Q2 2024 Cato CTRL SASE Threat ReportThe report is packed with unique insights that are based on thorough data analysis of network flows.

1) IntelBroker: A Persistent Threat Actor in the Cyber UndergroundDuring an in-depth investigation into hacking communities and the dark web, Cato CTRL identified a notorious threat actor known as IntelBroker.

3) Log4j Still Being ExploitedDespite being discovered in 2021, the Log4j vulnerability remains a favored tool among threat actors.

From Q1 to Q2 2024, Cato CTRL recorded a 61% increase in attempted Log4j exploits in inbound traffic and…

4 days, 1 hour назад @ thehackernews.com
Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack
Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack

Iraqi government networks have emerged as the target of an "elaborate" cyber attack campaign orchestrated by an Iran state-sponsored threat actor called OilRig.

OilRig, also called APT34, Crambus, Cobalt Gypsy, GreenBug, Hazel Sandstorm (formerly EUROPIUM), and Helix Kitten, is an Iranian cyber group associated with the Iranian Ministry of Intelligence and Security (MOIS).

"The Spearal malware is a .NET backdoor that utilizes DNS tunneling for [C2] communication," Check Point said.

"The data transferred between the malware and the C2 server is encoded in the subdomains of DNS queries using a custom Base32 scheme."

"This campaign against Iraqi government infrastructure highlights the sustain…

4 days, 1 hour назад @ thehackernews.com
threatpost threatpost
последний пост None
DarkReading
последний пост 9 months, 3 weeks назад
Cyber Threats to Watch Out for in 2024
Cyber Threats to Watch Out for in 2024

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 3 weeks назад @ darkreading.com
CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines
CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 3 weeks назад @ darkreading.com
Ardent Health Hospitals Disrupted After Ransomware Attack
Ardent Health Hospitals Disrupted After Ransomware Attack

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 3 weeks назад @ darkreading.com
General Electric, DARPA Hack Claims Raise National Security Concerns
General Electric, DARPA Hack Claims Raise National Security Concerns

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 3 weeks назад @ darkreading.com
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 3 weeks назад @ darkreading.com
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 3 weeks назад @ darkreading.com
Balancing Simplicity and Security in the Digital Experience
Balancing Simplicity and Security in the Digital Experience

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 3 weeks назад @ darkreading.com
Hack The Box Launches 5th Annual University CTF Competition
Hack The Box Launches 5th Annual University CTF Competition

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 4 weeks назад @ darkreading.com
Fake Browser Updates Targeting Mac Systems With Infostealer
Fake Browser Updates Targeting Mac Systems With Infostealer

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 4 weeks назад @ darkreading.com
Kiteworks' Maytech Acquisition Reaffirms Commitment to UK Market
Kiteworks' Maytech Acquisition Reaffirms Commitment to UK Market

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 4 weeks назад @ darkreading.com
Generative AI Takes on SIEM
Generative AI Takes on SIEM

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 4 weeks назад @ darkreading.com
Web Shells Gain Sophistication for Stealth, Persistence
Web Shells Gain Sophistication for Stealth, Persistence

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 4 weeks назад @ darkreading.com
Qatar Cyber Agency Runs National Cyber Drills
Qatar Cyber Agency Runs National Cyber Drills

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 4 weeks назад @ darkreading.com
Researchers Undermine 'Windows Hello' on Lenovo, Dell, Surface Pro PCs
Researchers Undermine 'Windows Hello' on Lenovo, Dell, Surface Pro PCs

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 4 weeks назад @ darkreading.com
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

9 months, 4 weeks назад @ darkreading.com
WeLiveSecurity
последний пост 3 days, 2 hours назад
CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe
CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe

ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own endsThis week, ESET researchers published a deep dive into the recent activities of the CosmicBeetle cybercrime group.

Among other notable things, CosmicBeetle was found to abuse the infamy of the LockBit ransomware gang for its own ends.

This ransomware, however, exhibits decryption issues to the point that it's actually impossible to restore some encrypted files.

How does CosmicBeetle attack its targets and what else is there to know about their recent campaigns?

Learn more in the video and read the full write-up here: CosmicBeetle steps up: Probation period at Ra…

3 days, 2 hours назад @ welivesecurity.com
6 common Geek Squad scams and how to defend against them
6 common Geek Squad scams and how to defend against them 6 common Geek Squad scams and how to defend against them

Geek Squad scams exposedAll Geek Squad scams are variations on existing themes.

Tech support: One of the oldest scams going is tech support fraud, where victims are often called out of the blue by tech ‘experts’ claiming their machine is compromised with malware.

Geek Squad will never do this out of the blue.

How to stay safe from Geek Squad scamsForewarned is forearmed.

If you receive a phone call out of the blue from Geek Squad, get their name and where they’re calling from, put the phone down and call Geek Squad direct to check.

5 days, 3 hours назад @ welivesecurity.com
CosmicBeetle steps up: Probation period at RansomHub
CosmicBeetle steps up: Probation period at RansomHub CosmicBeetle steps up: Probation period at RansomHub

ESET researchers have mapped the recent activities of the CosmicBeetle threat actor, documenting its new ScRansom ransomware and highlighting connections to other well-established ransomware gangs.

Key points of the blogpost: CosmicBeetle remains active in 2024, continually improving and distributing its custom ransomware, ScRansom.

Recently, we have investigated an interesting case that leads us to believe that CosmicBeetle may be a new affiliate of RansomHub.

The following entries, delimited by $ (a dollar sign): Hex-encoded RunKeyPair.Public, Decryption ID, RunKeyPair.Private, encrypted using AES-CTR-128 with ProtectionKey, and FileKey, encrypted using RSA with RunKeyPair.Public.

Impact …

6 days, 3 hours назад @ welivesecurity.com
Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe
Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe

The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scamsConsumers in the United States lost more than $114 million to scams involving Bitcoin ATMs (BTMs) last year, with the figure soaring ten-fold from 2020, according to data released by the US Federal Trade Commission (FTC) this week.

As consumers lost $65 million to these ploys in the first half of 2024 alone, this year is on track to top the losses from 2023.

The FTC also found that the scams disproportionately victimize older people, as those aged 60 or over were more than three times as likely as younger adults to report a loss u…

1 week, 3 days назад @ welivesecurity.com
ESET Research Podcast: HotPage
ESET Research Podcast: HotPage ESET Research Podcast: HotPage

But as we explain in this episode of our podcast, not all adware is created equal.

HotPage is a recently discovered trojan using a vulnerable, Microsoft-signed, kernel driver to inject and manipulate what victims see in their browsers.

In their conversation, host ESET Distinguished Researcher Aryeh Goretsky and his guest ESET Principal Threat Intelligence Researcher Robert Lipovsky, compare HotPage to other threats, especially infostealing malware, which typically has a similar level of sophistication but is far more dangerous.

Based on its regional and vertical targeting, HotPage seems to be designed to go after Chinese gamers.

For detailed report on HotPage and other threat actor activiti…

1 week, 4 days назад @ welivesecurity.com
The key considerations for cyber insurance: A pragmatic approach
The key considerations for cyber insurance: A pragmatic approach The key considerations for cyber insurance: A pragmatic approach

These are some of the questions organizations should consider when reviewing their cyber insurance optionsThere must be a consideration of the ethical question of contributing to the payment of extortion demands of cybercriminals.

At the same time, the process of preparing to be eligible for cyber insurance is beneficial to all businesses regardless of whether they end up being insured.

It forces companies to take an audit of their cyber environment, understand the potential risks, and enhance cybersecurity posture where needed.

Cyber risks in the business worldThere are many cyber risks that a business can face.

This blog is the fifth of a series looking into cyber insurance and its releva…

1 week, 5 days назад @ welivesecurity.com
In plain sight: Malicious ads hiding in search results
In plain sight: Malicious ads hiding in search results In plain sight: Malicious ads hiding in search results

No SEO tricks necessary – crooks paying for search ads automatically bring their malicious page to the top of people’s search results.

Thus, internet users searching for particular products could encounter such cases, with only subtle clues available to discriminate between a legitimate and a malicious ad or page.

While search engine providers continually remove malicious ads or websites from search results, hackers are persistent and keep on finding new ways to counter content filtering, creating a game of whack-a-mole between search providers and criminals.

Other forms of malvertising Malicious search ads represent just one form of ad abuse by threat actors.

Malicious ads can also be enco…

1 week, 6 days назад @ welivesecurity.com
Stealing cash using NFC relay – Week in Security with Tony Anscombe
Stealing cash using NFC relay – Week in Security with Tony Anscombe Stealing cash using NFC relay – Week in Security with Tony Anscombe

The discovery of the NGate malware by ESET Research is another example of how sophisticated Android threats have becomeRecently, ESET Researchers have discovered a crimeware campaign that targeted the clients of prominent Czech banks.

The malware, named NGate by ESET, can relay data from victims’ stored payment cards via a malicious app installed on their Android phones to the attackers’ rooted Android devices.

Watch as Tony discusses the story and shares some important ways how to stay secure against such sophisticated attacks.

2 weeks, 4 days назад @ welivesecurity.com
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office
Analysis of two arbitrary code execution vulnerabilities affecting WPS Office Analysis of two arbitrary code execution vulnerabilities affecting WPS Office

ESET researchers discovered a code execution vulnerability in WPS Office for Windows (CVE⁠-⁠2024⁠-⁠7262), as it was being exploited by APT-C-60, a South Korea-aligned cyberespionage group.

Key points of the blogpost: APT-C-60 weaponized a code execution vulnerability in WPS Office for Windows (CVE-2024-7262) in order to target East Asian countries.

Our analysis led us to the discovery of a code execution vulnerability in WPS Office for Windows being exploited in the wild by APT-C-60 to target East Asian countries.

CVE-2024-7262This section describes the bug exploited by APT-C-60 that allows code execution via hijacking the control flow of the WPS Office plugin component promecefpluginhost.e…

2 weeks, 5 days назад @ welivesecurity.com
Old devices, new dangers: The risks of unsupported IoT tech
Old devices, new dangers: The risks of unsupported IoT tech Old devices, new dangers: The risks of unsupported IoT tech

Hacks of outdated or vulnerable devices are an issue, but why would anyone attempt to hack discontinued devices or those running out-of-support software?

One person’s trash is another’s treasureA good example of a botnet exploiting outdated and vulnerable IoT devices was Mozi.

The list of vulnerable EOL IoT devices goes on, with manufacturers typically not taking action to patch such vulnerable devices; indeed this is not possible when a manufacturer has gone out of business.

Old device, new purposeA new trend has emerged due to the abundance of IoT devices in our midst: the reuse of old devices for new purposes.

Apart from the environmental angle of not messing up landfills with toxic mate…

2 weeks, 6 days назад @ welivesecurity.com
Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep.5)
Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep.5) Exploring Android threats and ways to mitigate them | Unlocked 403 cybersecurity podcast (ep.5)

The world of Android threats is quite vast and intriguing.

Among them is the Blue Ducky script, which exploits the CVE-2023-45866 Android device vulnerability.

Nonetheless, this is just one example from the vast world of threats that can target Android.

Join the host of the Unlocked 403 cybersecurity podcast Alžbeta Kovaľová as she talks with ESET Senior Malware Researcher Lukáš Štefanko about the dangers of Android threats and how one can protect oneself.

Watch as they walk through three different demonstrations of infiltrating and taking control of Android devices, stressing the importance of awareness and strong mobile security solutions.

3 weeks назад @ welivesecurity.com
PWA phishing on Android and iOS – Week in security with Tony Anscombe
PWA phishing on Android and iOS – Week in security with Tony Anscombe PWA phishing on Android and iOS – Week in security with Tony Anscombe

Phishing using PWAs?

The technique used installed a phishing application from a third-party website without the user having to allow third-party app installation.

This is because PWAs are simply websites bundled into what feels like a standalone app, enhanced by the usage of native system prompts.

For iOS users, such an action might break their assumptions about their platform’s security.

On Android, this could result in the silent installation of a special kind of APK, which even appears to be installed from the Google Play store.

3 weeks, 3 days назад @ welivesecurity.com
NGate Android malware relays NFC traffic to steal cash
NGate Android malware relays NFC traffic to steal cash NGate Android malware relays NFC traffic to steal cash

In March 2024 the group’s technique improved by deploying the NGate Android malware.

NGate Android malware is related to the phishing activities of a threat actor that operated in Czechia since November 2023.

]eu) for NGate malwareToolsetThe NGate malware displays uniform characteristics across all six samples we analyzed.

66DE1E0A2E9A421DD16BD54B371558C93E59874F csob_smart_klic.apk Android/Spy.NGate.C NGate Android malware.

DA84BC78FF2117DDBFDCBA4E5C4E3666EEA2013E george_klic.apk Android/Spy.NGate.C NGate Android malware.

3 weeks, 4 days назад @ welivesecurity.com
How regulatory standards and cyber insurance inform each other
How regulatory standards and cyber insurance inform each other How regulatory standards and cyber insurance inform each other

Cyber insurance and incidentsIn the unfortunate situation of a company dealing with a cyber incident, the insurer may, depending on policy, provide incident response and legal resources to assist the company.

For example, the US Securities and Exchange Commission (SEC), now requires listed companies to disclose a cyber incident via form ‘8-K'.

This blog is the fourth of a series looking into cyber insurance and its relevance in this increasingly digital era – see also part 1, part 2, and part 3.

If I were running a small business today, I may subscribe to cyber insurance to gain access to experts on regulation.

With this in mind, my cyber insurance premium cost would almost definitely be lo…

3 weeks, 5 days назад @ welivesecurity.com
Be careful what you pwish for – Phishing in PWA applications
Be careful what you pwish for – Phishing in PWA applications Be careful what you pwish for – Phishing in PWA applications

PWAs, just like websites, are cross-platform, explaining how these PWA phishing campaigns can target both iOS and Android users.

Most of the observed applications targeted clients of Czech banks, but we also observed one phishing app that targeted a Hungarian bank and another targeting a Georgian bank.

Timeline of the PWA and WebAPK phishing campaignThe only exception is the cryptomaker[.

PWA and WebAPK applicationsPWAsThe phishing campaign and method discussed in this post is possible only thanks to the technology of progressive web applications (PWAs).

IoCsFilesSHA-1 Filename Detection Description D3D5AE6B8AE9C7C1F8690452760745E18640150D base.apk Android/Spy.Banker.CIC Android mobile phis…

3 weeks, 6 days назад @ welivesecurity.com
Naked Security Naked Security
последний пост None
Help Net Security Help Net Security
последний пост 8 часов назад
EchoStrike: Generate undetectable reverse shells, perform process injection
EchoStrike: Generate undetectable reverse shells, perform process injection EchoStrike: Generate undetectable reverse shells, perform process injection

EchoStrike is an open-source tool designed to generate undetectable reverse shells and execute process injection on Windows systems.

“EchoStrike allows you to generate binaries that, when executed, create an undetectable RevShell, which can be the first entry point into a company.

Effectiveness: Tested with custom payloads and low detection rates.

RequirementsGo compiler: Install Go to compile the tool and generate custom payloads.

Install Go to compile the tool and generate custom payloads.

8 часов назад @ helpnetsecurity.com
Compliance frameworks and GenAI: The Wild West of security standards
Compliance frameworks and GenAI: The Wild West of security standards Compliance frameworks and GenAI: The Wild West of security standards

In this Help Net Security interview, Kristian Kamber, CEO at SplxAI, discusses how security challenges for GenAI differ from traditional software.

Once the data feeding your GenAI model is corrupted, the AI learns all the wrong lessons.

In the context of GenAI, how are compliance frameworks and regulatory requirements shaping security practices, and what do you foresee as the biggest hurdles for organizations?

Right now, compliance and regulation around GenAI feel a bit like the Wild West, but there’s movement.

These rules are beginning to shape how we approach GenAI security.

8 часов назад @ helpnetsecurity.com
The ripple effects of regulatory actions on CISO reporting
The ripple effects of regulatory actions on CISO reporting The ripple effects of regulatory actions on CISO reporting

In this Help Net Security video, Sara Behar, Content Manager at YL Ventures, discusses how recent regulatory actions and high-profile legal incidents involving cybersecurity leaders have influenced CISO reporting.

In a recent report of the CISO Circuit, YL Ventures set out to understand executive security needs around reporting and the impact of recent FTC and SEC actions, including those taken against SolarWinds.

Throughout 50 interviews with cybersecurity executives from a broad spectrum of verticals and company sizes, they collected responses to questions about the dynamics between enterprise security leadership and their board of directors and the rise of personal CISO accountability.

9 часов назад @ helpnetsecurity.com
Trends and dangers in open-source software dependencies
Trends and dangers in open-source software dependencies Trends and dangers in open-source software dependencies

A C-suite perspective on potential vulnerabilities within open-source dependencies or software packages reveals that, while remediation costs for dependency risks are perilously high, function-level reachability analysis still offers the best value in this critical area, according to Endor Labs.

Research shows that analysis-based vulnerability prioritization has become a critical capability because of this, and highlights other trends and challenges related to dependency management,” said Darren Meyer, staff research engineer at Endor Labs.

Phantom dependencies and other trouble spots: Among select customers scanned for this report, the share of Python phantom dependencies in the universe o…

9 часов назад @ helpnetsecurity.com
eBook: Navigating compliance with a security-first approach
eBook: Navigating compliance with a security-first approach eBook: Navigating compliance with a security-first approach

As cyberattacks escalate, more regulations are being introduced to help protect organizations and their customers’ data.

This has resulted in a complex web of legislation with which companies in the private sector must comply.

It can be challenging, as industry standards and requirements often overlap.

This e-book:Provides a practical guide to help companies understand the role of password and credential security within the regulatory landscapeOutlines how Dark Web, password, and credential screening solutions enable organizations to easily adhere to and maintain compliance, minimizing the risk of a data breachDownload – eBook: Navigating compliance with a security-first approach

9 часов назад @ helpnetsecurity.com
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days
Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days Week in review: Veeam Backup & Replication RCE could soon be exploited, Microsoft fixes 4 0-days

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data.

33 open-source cybersecurity solutions you didn’t know you neededIn this article, you will find a list of 33 open-source cybersecurity tools for Linux, Windows, and macOS that you should consider to enhance protection and stay ahead of potential threats.

How AI and zero trust are transforming resilience strategiesIn this Help Net Security interview, John Her…

1 day, 4 hours назад @ helpnetsecurity.com
Rain Technology protects consumers against visual hackers and snoopers at ATM terminals
Rain Technology protects consumers against visual hackers and snoopers at ATM terminals Rain Technology protects consumers against visual hackers and snoopers at ATM terminals

Rain Technology announced ATM Switchable Privacy, designed to protect consumers against visual hackers and snoopers at ATM terminals in financial institutions, retail stores, restaurants, airports, and other public settings.

Technology advances like Switchable Privacy help to combat this type of fraud and protect consumer information at the ATM.

Technology breakthroughATM Switchable Privacy is a thin, proprietary layer embedded within the liquid crystal module of an ATM screen.

Even when the ATM display is completely off or in sleep mode, Display Screen Branding provides opportunities for branding.

Both the U.S. and EU have demonstrated an evolving focus on all aspects of consumer privacy, …

3 days, 3 hours назад @ helpnetsecurity.com
Nudge Security unveils SSPM capabilities to strengthen SaaS security
Nudge Security unveils SSPM capabilities to strengthen SaaS security Nudge Security unveils SSPM capabilities to strengthen SaaS security

Nudge Security unveiled new SSPM (SaaS security posture management) capabilities for its SaaS security and governance platform.

This enhancement creates the industry’s most comprehensive solution of its kind, combining SaaS discovery, security posture management, spend management, third-party risk, and identity governance in a single, self-service offering that deploys in minutes.

Nudge Security’s SSPM capabilities enable IT and security teams to quickly identify and address identity risks and misconfigurations in their Google Workspace and Microsoft 365 environments, as part of the platform’s comprehensive SaaS security and governance capabilities.

“SSPM is crucial for any organization’s S…

3 days, 4 hours назад @ helpnetsecurity.com
How to make Infrastructure as Code secure by default
How to make Infrastructure as Code secure by default How to make Infrastructure as Code secure by default

Infrastructure as Code (IaC) has become a widely adopted practice in modern DevOps, automating the management and provisioning of technology infrastructure through machine-readable definition files.

What can we to do make IaC secure by default?

Security policies and configuration checks are often automated and integrated into CI/CD pipelines to ensure each commit or pull request is validated against security policies before deployment.

IaC secure by default is possibleWhile IaC solves many challenges of application deployment, it still relies on people to manually convert security policies into IaC.

But if you can abstract IaC away using tools that generate the infrastructure from the appli…

3 days, 7 hours назад @ helpnetsecurity.com
Security measures fail to keep up with rising email attacks
Security measures fail to keep up with rising email attacks Security measures fail to keep up with rising email attacks

Organizations must reassess their email security posture as incidents continue to escalate, leading to financial losses.

Key findings reveal a significant increase in email attacks, with many successfully bypassing standard security protocols and targeting vulnerable sectors.

Business email compromise, phishing, and sophisticated social engineering tactics continue to evolve, exploiting gaps in security measures.

The rise in email volume coincided with a 47% increase in email attacks targeting organizations.

Cofense | 2024 Annual State of Email Security Report | February 2024In 2023, malicious email threats bypassing secure email gateways (SEGs) increased by more than 100%.

3 days, 8 hours назад @ helpnetsecurity.com
Organizations still don’t know how to handle non-human identities
Organizations still don’t know how to handle non-human identities Organizations still don’t know how to handle non-human identities

Organizations are grappling with their current NHI (non-human identities) security strategies, according to Cloud Security Alliance and Astrix Security.

The high volume of NHIs significantly amplifies the security challenges organizations face.

Organizations’ lack of confidence suggests their current NHI security methods are lagging behind their human identity security methods.

This lack of confidence in securing NHIs versus human identities could be due to the sheer volume of NHIs in their environment, which often outnumber human identities by a factor of 20 to 1.

The reason organizations are struggling with the basics of NHI security may stem from a fragmented approach to managing NHI sec…

3 days, 8 hours назад @ helpnetsecurity.com
Cyber insurance set for explosive growth
Cyber insurance set for explosive growth Cyber insurance set for explosive growth

Cyber insurance is poised for exponential growth over the coming decade, but it remains a capital-intensive peril that requires structural innovation, according to CyberCube.

Cyber insurance is projected to grow rapidly, driven by increasing digitization of the global economy and rising concerns about cyber risk.

CyberCube has modeled three CAGR factors for the US insurance industry to 2034: 10% growth resulting in $17 billion of premium; 20% growth leading to $45 billion of premium and 30% growth creating $109 billion of US cyber premium.

“The cyber insurance market is set for outsized growth compared with other lines of P&C insurance over the coming 10 years.

In the mid-to-high range of c…

3 days, 9 hours назад @ helpnetsecurity.com
New infosec products of the week: September 13, 2024
New infosec products of the week: September 13, 2024 New infosec products of the week: September 13, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Druva, Huntress, Ketch, LOKKER, Tenable, Trellix, and Wing Security.

SaaS Pulse tool from Wing Security enhances SaaS security postureWing Security has released SaaS Pulse, a free tool for SaaS security management, offering organizations actionable insights and continuous oversight into their SaaS security posture.

This tool continuously monitors threats from issues like critical misconfigurations, offboarding errors, user access risks, and more.

LOKKER’s consent management solution blocks all unauthorized data collection on websitesLOKKER released a new consent management solution available in its Pr…

3 days, 9 hours назад @ helpnetsecurity.com
Suspect arrested over the Transport for London cyberattack
Suspect arrested over the Transport for London cyberattack Suspect arrested over the Transport for London cyberattack

The UK National Crime Agency has arrested and detained a suspect – a 17-year-old male in Walsall (West Midlands) – on suspicion of Computer Misuse Act offences in relation to the Transport for London (TfL) cyberattack, the agency has announced today.

The company has promised to contact affected individuals directly to offer support and guidance.

“Many of our staff have limited access to systems and, as a result, there will be some delays responding to any online enquiries,” the transport provider says.

Although we don’t expect any significant impact to customer journeys as we carry out this process, temporary and limited disruption is possible to some services.

Please check before you trave…

3 days, 21 hours назад @ helpnetsecurity.com
Dru Investigate simplifies cyber investigations and helps users uncover data threats
Dru Investigate simplifies cyber investigations and helps users uncover data threats Dru Investigate simplifies cyber investigations and helps users uncover data threats

Druva launched Dru Investigate, a gen AI-powered tool that guides data security investigations using a natural language interface.

With Dru Investigate, users across IT, security, legal, and privacy teams can swiftly identify and mitigate data risks, without needing to write complicated queries.

Data is increasingly at risk, and customers frequently conduct thorough investigations to understand the extent and impact of threats to their data.

Dru Investigate is designed to empower users to investigate potential data risks with natural language queries so they can quickly understand their data – even guiding them when they do not know what to look for.

With the initial release of Dru Investig…

3 days, 22 hours назад @ helpnetsecurity.com
IT Security Guru IT Security Guru
последний пост 3 weeks, 2 days назад
How Immigration Can Solve America’s Cybersecurity Shortage
How Immigration Can Solve America’s Cybersecurity Shortage How Immigration Can Solve America’s Cybersecurity Shortage

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

3 weeks, 2 days назад @ itsecurityguru.org
Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days
Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

3 weeks, 3 days назад @ itsecurityguru.org
The 8 Most Common Website Design Mistakes According to Pros
The 8 Most Common Website Design Mistakes According to Pros The 8 Most Common Website Design Mistakes According to Pros

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

3 weeks, 4 days назад @ itsecurityguru.org
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack Dodging the Cyber Bullet: Early Signs of a Ransomware Attack

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

3 weeks, 6 days назад @ itsecurityguru.org
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves Cyber insurance claims fall as businesses refuse ransom payments and recover themselves

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

3 weeks, 6 days назад @ itsecurityguru.org
AI-powered cyber threats are too overpowering for over 50% of security teams
AI-powered cyber threats are too overpowering for over 50% of security teams AI-powered cyber threats are too overpowering for over 50% of security teams

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

1 month назад @ itsecurityguru.org
New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands
New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

1 month назад @ itsecurityguru.org
New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity
New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

1 month назад @ itsecurityguru.org
Kicking cyber security down the road can come back to bite you
Kicking cyber security down the road can come back to bite you Kicking cyber security down the road can come back to bite you

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

1 month назад @ itsecurityguru.org
What skills can cyber security experts develop to adapt to AI and quantum computing?
What skills can cyber security experts develop to adapt to AI and quantum computing? What skills can cyber security experts develop to adapt to AI and quantum computing?

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

1 month назад @ itsecurityguru.org
HealthEquity Data Breach Compromises Customer Information
HealthEquity Data Breach Compromises Customer Information

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

1 month, 2 weeks назад @ itsecurityguru.org
Accenture and SandboxAQ Expand Cybersecurity Partnership
Accenture and SandboxAQ Expand Cybersecurity Partnership

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

1 month, 2 weeks назад @ itsecurityguru.org
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

1 month, 2 weeks назад @ itsecurityguru.org
Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester
Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

1 month, 2 weeks назад @ itsecurityguru.org
Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands
Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

1 month, 2 weeks назад @ itsecurityguru.org
SecurityTrails
последний пост None
Блоги 👨‍💻
Бизнес без опасности Бизнес без опасности
последний пост None
Жизнь 80 на 20 Жизнь 80 на 20
последний пост None
ZLONOV ZLONOV
последний пост None
Блог Артема Агеева Блог Артема Агеева
последний пост None
Киберпиздец Киберпиздец
последний пост None
Schneier on Security Schneier on Security
последний пост 1 day, 20 hours назад
Upcoming Speaking Engagements
Upcoming Speaking Engagements Upcoming Speaking Engagements

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking at eCrime 2024 in Boston, Massachusetts, USA.

The event runs from September 24 through 26, 2024, and my keynote is at 8:45 AM ET on the 24th.

I’m briefly speaking at the EPIC Champion of Freedom Awards in Washington, D.C. on September 25, 2024.

I’m speaking at SOSS Fusion 2024 in Atlanta, Georgia, USA.

The event will be held on October 22 and 23, 2024, and my talk is at 9:15 AM ET on October 22, 2024.

1 day, 20 hours назад @ schneier.com
Friday Squid Blogging: Squid as a Legislative Negotiating Tactic
Friday Squid Blogging: Squid as a Legislative Negotiating Tactic Friday Squid Blogging: Squid as a Legislative Negotiating Tactic

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 days, 15 hours назад @ schneier.com
My TedXBillings Talk
My TedXBillings Talk My TedXBillings Talk

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 days, 18 hours назад @ schneier.com
Microsoft Is Adding New Cryptography Algorithms
Microsoft Is Adding New Cryptography Algorithms Microsoft Is Adding New Cryptography Algorithms

From a news article:The first new algorithm Microsoft added to SymCrypt is called ML-KEM.

Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum standards formalized last month by the National Institute of Standards and Technology (NIST).

Shared secrets generated by a KEM can then be used with symmetric-key cryptographic operations, which aren’t vulnerable to Shor’s algorithm when the keys are of a sufficient size.

The ML in the ML-KEM name refers to Module Learning with Errors, a problem that can’t be cracked with Shor’s algorithm.

As explained here, this problem is based on a “core computational assumption of lattice-based cryptography which offers an interesting trade-of…

3 days, 20 hours назад @ schneier.com
Evaluating the Effectiveness of Reward Modeling of Generative AI Systems
Evaluating the Effectiveness of Reward Modeling of Generative AI Systems Evaluating the Effectiveness of Reward Modeling of Generative AI Systems

This paper introduces new metrics to evaluate the effectiveness of modeling and aligning human values, namely feature imprint, alignment resistance and alignment robustness.

By regressing RM scores against these features, we quantify the extent to which RMs reward them ­ a metric we term feature imprint.

We observed a 26% incidence of alignment resistance in portions of the dataset where LM-labelers disagreed with human preferences.

Furthermore, we find that misalignment often arises from ambiguous entries within the alignment dataset.

These findings underscore the importance of scrutinizing both RMs and alignment datasets for a deeper understanding of value alignment.

5 days, 1 hour назад @ schneier.com
New Chrome Zero-Day
New Chrome Zero-Day New Chrome Zero-Day

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

6 days, 1 hour назад @ schneier.com
Australia Threatens to Force Companies to Break Encryption
Australia Threatens to Force Companies to Break Encryption Australia Threatens to Force Companies to Break Encryption

Companies are not legally obligated to comply with a TAR but law enforcement sends requests to solicit cooperation.

The Australian government can force tech companies to build backdoors into their systems.

Now, the director of the Australian Security Intelligence Organisation (ASIO)—that’s basically their CIA—is threatening to do just that:ASIO head, Mike Burgess, says he may soon use powers to compel tech companies to cooperate with warrants and unlock encrypted chats to aid in national security investigations.

“I don’t accept that actually lawful access is a back door or systemic weakness, because that, in my mind, will be a bad design.

I believe you can ­ these are clever people ­ design…

1 week назад @ schneier.com
Live Video of Promachoteuthis Squid
Live Video of Promachoteuthis Squid Live Video of Promachoteuthis Squid

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 2 days назад @ schneier.com
YubiKey Side-Channel Attack
YubiKey Side-Channel Attack YubiKey Side-Channel Attack

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 2 days назад @ schneier.com
Long Analysis of the M-209
Long Analysis of the M-209 Long Analysis of the M-209

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 4 days назад @ schneier.com
Security Researcher Sued for Disproving Government Statements
Security Researcher Sued for Disproving Government Statements Security Researcher Sued for Disproving Government Statements

Security Researcher Sued for Disproving Government StatementsThis story seems straightforward.

A city is the victim of a ransomware attack.

A security researcher repeatedly proves their statements to be lies.

The city gets mad and sues the researcher.

Let’s hope the judge throws the case out, but—still—it will serve as a warning to others.

1 week, 5 days назад @ schneier.com
List of Old NSA Training Videos
List of Old NSA Training Videos List of Old NSA Training Videos

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 5 days назад @ schneier.com
SQL Injection Attack on Airport Security
SQL Injection Attack on Airport Security SQL Injection Attack on Airport Security

Interesting vulnerability:…a special lane at airport security called Known Crewmember (KCM).

KCM is a TSA program that allows pilots and flight attendants to bypass security screening, even when flying on domestic personal trips.

If successful, the employee can access the sterile area without any screening at all.

A similar system also exists for cockpit access, called the Cockpit Access Security System (CASS).

Anyone with basic knowledge of SQL injection could login to this site and add anyone they wanted to KCM and CASS, allowing themselves to both skip security screening and then access the cockpits of commercial airliners.

2 weeks назад @ schneier.com
Friday Squid Blogging: Economic Fallout from Falklands Halting Squid Fishing
Friday Squid Blogging: Economic Fallout from Falklands Halting Squid Fishing Friday Squid Blogging: Economic Fallout from Falklands Halting Squid Fishing

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks, 2 days назад @ schneier.com
Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published
Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published

Adm. Grace Hopper’s 1982 NSA Lecture Has Been PublishedThe “long lost lecture” by Adm. Grace Hopper has been published by the NSA.

It’s a wonderful talk: funny, engaging, wise, prescient.

Remember that talk was given in 1982, less than a year before the ARPANET switched to TCP/IP and the internet went operational.

Listening to it, and thinking about the audience of NSA engineers, I wonder how much of what she’s talking about as the future of computing—miniaturization, parallelization—was being done in the present and in secret.

Posted on August 29, 2024 at 11:58 AM • 0 Comments

2 weeks, 3 days назад @ schneier.com
Krebs On Security
последний пост 3 days назад
The Dark Nexus Between Harm Groups and ‘The Com’
The Dark Nexus Between Harm Groups and ‘The Com’ The Dark Nexus Between Harm Groups and ‘The Com’

Top Com members are constantly sniping over who pulled off the most impressive heists, or who has accumulated the biggest pile of stolen virtual currencies.

Some of the largest such known groups include CVLT, Court, Kaskar, Leak Society, 7997, 8884, 2992, 6996, 555, Slit Town, 545, 404, NMK, 303, and H3ll.

“The abuse perpetrated by members of com groups is extreme,” Wired’s Ali Winston wrote.

Beige group members also have claimed credit for a breach at the domain registrar GoDaddy.

Prosecutors allege Kalana Limkin, 18, of Hilo, Hawaii, admitted he was an associate of CVLT and 764, and that he was the founder of a splinter harm group called Cultist.

3 days назад @ krebsonsecurity.com
Bug Left Some Windows PCs Dangerously Unpatched
Bug Left Some Windows PCs Dangerously Unpatched Bug Left Some Windows PCs Dangerously Unpatched

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks.

Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.

Those include Windows 10 systems that installed the monthly security update for Windows released in March 2024, or other updates released until August 2024.

“To correct this issue, users need to apply both the September 2024 Servicing Stack Update and the September 2024 Windows Security Updates,” Narang sai…

5 days, 14 hours назад @ krebsonsecurity.com
Sextortion Scams Now Include Photos of Your Home
Sextortion Scams Now Include Photos of Your Home Sextortion Scams Now Include Photos of Your Home

The missive threatens to release the video to all of your contacts unless you pay a Bitcoin ransom.

In this case, the ransom demand is just shy of $2,000, payable by scanning a QR code embedded in the email.

Following a salutation that includes the recipient’s full name, the start of the message reads, “Is visiting [recipient’s street address] a more convenient way to contact if you don’t take action.

Nice location btw.” Below that is the photo of the recipient’s street address.

Previous innovations in sextortion customization involved sending emails that included at least one password they had previously used at an account online that was tied to their email address.

1 week, 5 days назад @ krebsonsecurity.com
Owners of 1-Time Passcode Theft Service Plead Guilty
Owners of 1-Time Passcode Theft Service Plead Guilty Owners of 1-Time Passcode Theft Service Plead Guilty

]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords.

Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites.

KrebsOnSecurity profiled OTP Agency in a February 2021 story about arrests tied to another phishing-related service based in the U.K.

Within hours of that publication, OTP Agency shuttered its website and announced it was closing up shop and purging its user database.

NCA investigators said more than 12,500 people were targeted by OTP Agency users during the 18 month the service was…

1 week, 6 days назад @ krebsonsecurity.com
When Get-Out-The-Vote Efforts Look Like Phishing
When Get-Out-The-Vote Efforts Look Like Phishing When Get-Out-The-Vote Efforts Look Like Phishing

“We have you in our records as not registered to vote,” the unbidden SMS advised.

WDIV even interviewed a seventh-grader from Canada who said he also got the SMS saying he wasn’t registered to vote.

Another version of this SMS campaign told recipients to check their voter status at a site called votewin.org, which DomainTools says was registered July 9, 2024.

The same voter registration query form advertised in the SMS messages is available if one clicks the “check your registration status” link on voteamerica.org.

Cleaver said her office had received several inquiries about the messages, which violate a key tenet of election outreach: Never tell the recipient what their voter status may be.

2 weeks, 4 days назад @ krebsonsecurity.com
New 0-Day Attacks Linked to China’s ‘Volt Typhoon’
New 0-Day Attacks Linked to China’s ‘Volt Typhoon’ New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers.

Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.

Versa Director systems are primarily used by Internet service providers (ISPs), as well as managed service providers (MSPs) that cater to the IT needs of many small to mid-sized businesses simultaneously.

In January 2024, the U.S. Department of Justice disclosed the F…

2 weeks, 5 days назад @ krebsonsecurity.com
Local Networks Go Global When Domain Names Collide
Local Networks Go Global When Domain Names Collide Local Networks Go Global When Domain Names Collide

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time.

But problems can arise when an organization has built their Active Directory network on top of a domain they don’t own or control.

From then on, anyone who registered company.llc would be able to passively intercept that organization’s Microsoft Windows credentials, or actively modify those connections in some way — such as redirecting them somewhere malicious.

When Caturegli discovered an encryption certificate being actively used for the domain memrtcc.…

3 weeks, 2 days назад @ krebsonsecurity.com
National Public Data Published Its Own Passwords
National Public Data Published Its Own Passwords National Public Data Published Its Own Passwords

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online.

KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.

Very informative.”The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment.

This is notable because the leaked…

3 weeks, 6 days назад @ krebsonsecurity.com
NationalPublicData.com Hack Exposes a Nation’s Data
NationalPublicData.com Hack Exposes a Nation’s Data NationalPublicData.com Hack Exposes a Nation’s Data

Many media outlets mistakenly reported that the National Public data breach affects 2.9 billion people (that figure actually refers to the number of rows in the leaked data sets).

TWISTED HISTORYWhere did National Public Data get its consumer data?

It remains unclear how thieves originally obtained these records from National Public Data.

USDoD said the data stolen from National Public Data had traded hands several times since it was initially stolen in December 2023.

The breach at National Public Data may not be the worst data breach ever.

1 month назад @ krebsonsecurity.com
Six 0-Days Lead Microsoft’s August 2024 Patch Push
Six 0-Days Lead Microsoft’s August 2024 Patch Push Six 0-Days Lead Microsoft’s August 2024 Patch Push

Microsoft today released updates to fix at least 90 security vulnerabilities in Windows and related software, including a whopping six zero-day flaws that are already being actively exploited by attackers.

Microsoft’s advisories include little information about the last two privilege escalation flaws, other than to note they are being actively exploited.

Separately, Adobe today released 11 security bulletins addressing at least 71 security vulnerabilities across a range of products, including Adobe Illustrator, Dimension, Photoshop, InDesign, Acrobat and Reader, Bridge, Substance 3D Stager, Commerce, InCopy, and Substance 3D Sampler/Substance 3D Designer.

It’s a good idea for Windows users …

1 month назад @ krebsonsecurity.com
Cybercrime Rapper Sues Bank over Fraud Investigation
Cybercrime Rapper Sues Bank over Fraud Investigation Cybercrime Rapper Sues Bank over Fraud Investigation

In January, KrebsOnSecurity wrote about rapper Punchmade Dev, whose music videos sing the praises of a cybercrime lifestyle.

That story showed how Punchmade’s social media profiles promoted Punchmade-themed online stores selling bank account and payment card data.

PNC Bank did not respond to a request for comment.

“Ultimately, PNC bank not only refused his request to release his funds but informed him that his funds would be seized indefinitely as [sic] PNC Bank,” Turner lawsuit recounts.

For more on Punchmade, check out the TikTok video How Punchmade Dev Got Started Scamming.

1 month, 1 week назад @ krebsonsecurity.com
Low-Drama ‘Dark Angels’ Reap Record Ransoms
Low-Drama ‘Dark Angels’ Reap Record Ransoms Low-Drama ‘Dark Angels’ Reap Record Ransoms

A ransomware group called Dark Angels made headlines this past week when it was revealed the crime group recently received a record $75 million data ransom payment from a Fortune 50 company.

ThreatLabz found Dark Angels has conducted some of the largest ransomware attacks to date, and yet little is known about the group.

Brett Stone-Gross, senior director of threat intelligence at ThreatLabz, said Dark Angels operate using an entirely different playbook than most other ransomware groups.

But the Dark Angels didn’t even have a victim shaming site until April 2023.

It’s a whole order of magnitude greater with Dark Angels.

1 month, 1 week назад @ krebsonsecurity.com
U.S. Trades Cybercriminals to Russia in Prisoner Swap
U.S. Trades Cybercriminals to Russia in Prisoner Swap U.S. Trades Cybercriminals to Russia in Prisoner Swap

Twenty-four prisoners were freed today in an international prisoner swap between Russia and Western countries.

In return, Russia has reportedly released 16 prisoners, including Wall Street Journal reporter Evan Gershkovich and ex-U.S. Marine Paul Whelan.

In addition to receiving a record prison sentence, Seleznev was ordered to pay more than $50 million in restitution to his victims.

Among the Americans freed by Russia were Wall Street Journal reporter Evan Gershkovich, 32, who has spent the last 16 months in a Russian prison on spying charges.

ET:An earlier version of this story reported that one of the Russian hackers released was the BTC-e co-founder Alexander Vinnik.

1 month, 2 weeks назад @ krebsonsecurity.com
Don’t Let Your Domain Name Become a “Sitting Duck”
Don’t Let Your Domain Name Become a “Sitting Duck” Don’t Let Your Domain Name Become a “Sitting Duck”

A few actors have stockpiled hijacked domains for an unknown purpose.”Eclypsium researchers estimate there are currently about one million Sitting Duck domains, and that at least 30,000 of them have been hijacked for malicious use since 2019.

For example, Infoblox found cybercriminal groups using a Sitting Duck domain called clickermediacorp[.

Another hijacked Sitting Duck domain — anti-phishing[.

In many cases, the researchers discovered Sitting Duck domains that appear to have been configured to auto-renew at the registrar, but the authoritative DNS or hosting services were not renewed.

In the case of the aforementioned Sitting Duck domain clickermediacorp[.

1 month, 2 weeks назад @ krebsonsecurity.com
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services
Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services

Last week, KrebsOnSecurity heard from a reader who said they received a notice that their email address had been used to create a potentially malicious Workspace account that Google had blocked.

“In the last few weeks, we identified a small-scale abuse campaign whereby bad actors circumvented the email verification step in our account creation flow for Email Verified (EV) Google Workspace accounts using a specially constructed request,” the notice from Google read.

Anu Yamunan, director of abuse and safety protections at Google Workspace, told KrebsOnSecurity the malicious activity began in late June, and involved “a few thousand” Workspace accounts that were created without being domain-ve…

1 month, 3 weeks назад @ krebsonsecurity.com
Graham Cluley Graham Cluley
последний пост 3 days, 20 hours назад
WordPress plugin and theme developers told they must use 2FA
WordPress plugin and theme developers told they must use 2FA

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

3 days, 20 hours назад @ tripwire.com
Smashing Security podcast #384: A room with a view, AI music shenanigans, and a cocaine bear
Smashing Security podcast #384: A room with a view, AI music shenanigans, and a cocaine bear Smashing Security podcast #384: A room with a view, AI music shenanigans, and a cocaine bear

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

4 days, 2 hours назад @ grahamcluley.com
Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details
Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details

A man from New York City has admitted to computer hacking and associated crimes after being caught with a laptop containing hundreds of thousands of stolen payment card details.

32-year-old Vitalii Antonenko pleaded guilty in a Boston court to stealing credit and debit card data and other personal identifiable information from computer networks and selling it on the darknet to other criminals.

Working with unnamed criminal associates, Antonenko used SQL injection attacks to extract sensitive information from vulnerable online systems.

Undercover law enforcement agents had linked Antonenko to two bitcoin wallets used in transactions totaling $94 million, according to reports at the time.

Acc…

5 days, 2 hours назад @ bitdefender.com
The AI Fix #15: AI robot butlers and gigawatt banana highways
The AI Fix #15: AI robot butlers and gigawatt banana highways The AI Fix #15: AI robot butlers and gigawatt banana highways

In episode 15 of “The AI Fix”, Graham learns there’s one W in Mississippi, ChatGPT finds Mark’s G-spot, nobody watches Megalopolis, Alexa is unmasked as a “commie operative”, and our hosts learn that AI will soon need dedicated nuclear reactors.

Graham introduces Mark to a forlorn robot butler folding a shirt, and Mark explains why AI is like a highway of exploding bananas.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Hosts:Graham Cluley – @gcluleyMark Stockley – @markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on App…

5 days, 22 hours назад @ grahamcluley.com
Cicada ransomware – what you need to know
Cicada ransomware – what you need to know

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

1 week, 3 days назад @ tripwire.com
Smashing Security podcast #383: The Godfather club, and AirTags to the rescue
Smashing Security podcast #383: The Godfather club, and AirTags to the rescue Smashing Security podcast #383: The Godfather club, and AirTags to the rescue

All this, and a very bad Cockney accent, in the latest edition of the “Smashing Security” podcast by industry veterans Graham Cluley and Carole Theriault.

Material Security – email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while also protecting accounts and data from exploit or exposure.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cl…

1 week, 4 days назад @ grahamcluley.com
The AI Fix #14: There are two Rs in “strawberry”, and an AI makes unsmellable smells
The AI Fix #14:  There are two Rs in “strawberry”, and an AI makes unsmellable smells The AI Fix #14: There are two Rs in “strawberry”, and an AI makes unsmellable smells

In episode 14 of “The AI Fix”, Graham makes an apology, Mark wonders if suicide drones have second thoughts, people pretend to be robots, and some researchers prove that all you need for an AI to generate a somewhat usable version of the computer game Doom out of thin air is to already have a fully-working copy of the computer game Doom.

Graham learns how to escape from a police sniffer elephant, an AI-generates a smell with no odour, and Mark explains why the world’s best LLMs think there are two Rs in “strawberry”.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Hosts:Graham Cluley – @gcluleyMark Stockley – @markstockle…

1 week, 5 days назад @ grahamcluley.com
IT worker charged over $750,000 cyber extortion plot against former employer
IT worker charged over $750,000 cyber extortion plot against former employer IT worker charged over $750,000 cyber extortion plot against former employer

Shortly afterwards, network administrators discovered that domain administrator accounts had been deleted, denying access to the firm's computer systems.

44 minutes later, employees received an extortion email from an external address with the subject line "Your Network Has Been Penetrated".

deleted administrator accountsaltered user account passwords to "TheFr0zenCrew!"

Rhyne's laptop was said to cease all internet browsing when internet browsing was occurring on the VM, suggesting that the same person was using both the VM and Rhyne's laptop.

Those records immediately precede Rhyne's user account logging into his laptop and, in many instances, then accessing the VM.

2 weeks назад @ bitdefender.com
$2.5 million reward offered for hacker linked to notorious Angler Exploit Kit
$2.5 million reward offered for hacker linked to notorious Angler Exploit Kit

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

2 weeks, 3 days назад @ tripwire.com
‘Big-game hunting’ – Ransomware gangs are focusing on more lucrative attacks
‘Big-game hunting’ – Ransomware gangs are focusing on more lucrative attacks ‘Big-game hunting’ – Ransomware gangs are focusing on more lucrative attacks

The ballooning size of maximum ransom payments represents a 96% year-on-year growth from 2023, and a 335% increase from the maximum payment made in 2022.

Chainalysis's research reveals that the median ransom payment made in response to the most severe ransomware has rocketed from just under US $200,000 in early 2023 to US $1.5 million by mid-June 2024.

The researchers believe that this 7.9x increase in the typical size of ransom payment (a nearly 1200x rise since the start of 2021) suggests that larger businesses and critical infrastructure providers considered more likely to agree to make higher payments due to their greater access to funds and the more significant impact of downtime.

Agai…

2 weeks, 4 days назад @ exponential-e.com
Crypto scammers who hacked McDonald’s Instagram account say they stole $700,000
Crypto scammers who hacked McDonald’s Instagram account say they stole $700,000 Crypto scammers who hacked McDonald’s Instagram account say they stole $700,000

Hackers who seized control of the official Instagram account of McDonald's claim that they managed to steal US $700,000 from unsuspecting investors by promoting a fake cryptocurrency.

Earlier this month, hackers promoted a worthless cryptocurrency token they dubbed "GRIMACE" to the 5.1 million people following McDonald's Instagram account.

He encouraged investors to buy the GRIMACE coin with the promise that they would receive a follow from the official McDonald's account.

In a final insult, the hackers left a message on McDonald's Instagram profile bragging that they had escaped with US $700,000 as a result of their scam.

To its credit, it appears that McDonald’s quickly deleted the offend…

2 weeks, 4 days назад @ bitdefender.com
University criticised for using Ebola outbreak lure in phishing test
University criticised for using Ebola outbreak lure in phishing test University criticised for using Ebola outbreak lure in phishing test

A phishing exercise conducted by the IT department of the University of California Santa Cruz (UCSC) has backfired, after causing unnecessary panic amongst students and staff.

Instead, it falsely claimed that a staff member had tested positive with the Ebola virus, after returning from a trip to South Africa.

Although in this case the email wasn't a phishing campaign perpetrated by online crooks, but instead a "phishing test" orchestrated by UCSC's IT department based upon a real phishing email it had spotted a few weeks before.

Brian Hall, UCSC's chief information security officer, apologised for the incident, acknowledging that phishing simulation email was "not true and inappropriate" an…

2 weeks, 5 days назад @ bitdefender.com
The AI Fix #13: ChatGPT runs for mayor, and should we stop killer robots?
The AI Fix #13: ChatGPT runs for mayor, and should we stop killer robots? The AI Fix #13: ChatGPT runs for mayor, and should we stop killer robots?

In episode 13 of “The AI Fix””, meat avatar Cluley learns that AI doesn’t pose an existential threat to humanity and tells meat avatar Stockley how cybersex is about to get very, very weird.

Our hosts also learn that men lie on their dating profiles, hear ChatGPT steal somebody’s voice, and discover an AI that rick rolls its users.

Graham tells Mark about AI’s political ambitions and discovers what ChatGPT has in common with the reluctant ruler of the universe, while Mark introduces Graham to the Campaign to Stop Killer Robots.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Follow Graham Cluley on Twitter, Mastodon, or T…

2 weeks, 5 days назад @ grahamcluley.com
Hacker leaks upcoming episodes of Netflix shows online following security breach
Hacker leaks upcoming episodes of Netflix shows online following security breach Hacker leaks upcoming episodes of Netflix shows online following security breach

A production partner of Netflix has suffered a serious security breach which has resulted in yet-to-be-released episodes of popular shows to be leaked online.

As Variety reports, the security breach occurred at media localisation company Iyuno which confirmed on August 9 that it had suffered a "security issue, involving unauthorized access to confidential content."

Iyuno said it was "actively investigating" the security breach and would attempt to "identify the responsible parties" in the wake of numerous clips, footage, and even complete episodes of unreleased Netflix shows were leaked online by hackers.

Animator Kass Chapa, who worked on the Ranma 1/2 anime shows leaked by the hacker, des…

3 weeks, 4 days назад @ bitdefender.com
Over 100,000 Oregon Zoo visitors warned that their payment card details were stolen in security breach
Over 100,000 Oregon Zoo visitors warned that their payment card details were stolen in security breach Over 100,000 Oregon Zoo visitors warned that their payment card details were stolen in security breach

Cybercriminals have succeeded in stealing the payment card information from over 110,000 animal lovers over several months after meddling with Oregon Zoo's online ticket payment system.

Sensitive information belonging to 117,815 people including their names, payment card numbers, CVV codes, and card expiry dates were stolen after being entered onto the Oregon Zoo's website by visitors buying tickets online.

What you don’t normally see in a data breach, however, is full payment card information stolen - such as a card's CVV security code - because the vast majority of companies simply do not store such details.

However, a malicious script planted on a website form which asks purchasers to en…

3 weeks, 4 days назад @ bitdefender.com
Компании 🏢
Блог Касперского Блог Касперского
последний пост 5 days, 19 hours назад
Нотификация о тревоге как фишинговая приманка | Блог Касперского
Нотификация о тревоге как фишинговая приманка | Блог Касперского Нотификация о тревоге как фишинговая приманка | Блог Касперского

Фишинговое письмоПисьмо, с которого начинается недавно встреченная нами фишинговая атака, притворяется нотификацией от Office 365 и делает это весьма неплохо.

Логотип Microsoft великоват, и в данном случае он нелогично используется без названия компании.

Что в действительности должно броситься в глаза — так это адрес отправителя.

Нотификации Office 365, подписанные «The Office 365 Team», все-таки приходят с почтовых серверов Microsoft, а не от администратора, имеющего почту на сервере совершенно другой компании.

Финал схемы очевиден: простенькая страничка для сбора учетных данных от Office 365.

5 days, 19 hours назад @ kaspersky.ru
Как киберпреступники атакуют юных геймеров? Самые распространенные и опасные схемы | Блог Касперского
Как киберпреступники атакуют юных геймеров? Самые распространенные и опасные схемы | Блог Касперского Как киберпреступники атакуют юных геймеров? Самые распространенные и опасные схемы | Блог Касперского

Но мир гейминга не такое дружелюбное пространство, каким хочет казаться на первый взгляд, и без киберзащиты в нем не обойтись.

Эксперты «Лаборатории Касперского» провели исследование и выяснили, с какими играми сопряжено больше всего опасностей, каких игроков атакуют чаще и что с этим делать.

Виной всему — рост числа желающих загрузить моды и читы для Minecraft, которые зачастую оказываются вредоносными приложениями.

Популярные фишинговые схемыЕсли научить детей загружать приложения только из проверенных источников и пользоваться надежной защитой несложно, то обезопасить их от фишинга — задача не из легких.

С другими советами и рекомендациями для юных геймеров можно ознакомиться в полной ве…

1 week, 3 days назад @ kaspersky.ru
Librarian Ghouls охотятся за файлами САПР | Блог Касперского
Librarian Ghouls охотятся за файлами САПР | Блог Касперского Librarian Ghouls охотятся за файлами САПР | Блог Касперского

Теперь стоящая за рассылкой группировка, получившая название Librarian Ghouls, интересуется не только офисными документами, но и файлами, используемыми ПО для моделирования и разработки промышленных систем.

Как Librarian Ghouls охотятся за информациейМетоды, используемые злоумышленниками для распространения зловреда и кражи данных, равно как и применяемые ими инструменты, с июля не изменились.

Если быть кратким, то Librarian Ghouls рассылают вредоносные архивы RAR с файлами .SCR, названия которых имитируют офисные документы.

Кого атакуют Librarian GhoulsПеречень адресатов, которым Librarian Ghouls отправляют вредоносные письма, состоит из предприятий, связанных с проектно-конструкторской де…

1 week, 4 days назад @ kaspersky.ru
Постквантовое шифрование: где внедрено и что со совместимостью
Постквантовое шифрование: где внедрено и что со совместимостью Постквантовое шифрование: где внедрено и что со совместимостью

Тестовая поддержка ПКШ для установки TLS-соединений появилась в августе 2023 года, а с выходом версии 124 в апреле 2024 года она была включена по умолчанию.

Администраторам рекомендовано проверить вверенные им веб-сайты и веб-приложения, включив поддержку Kyber в Firefox или Chrome и попытавшись зайти на сайт.

Для ПКШ этот процесс идет, но далек от завершения.

По сути, это CRYSTALS-Kyber для согласования ключей, а также CRYSTALS-Dilithium и SPHINCS+ для разных сценариев цифровой подписи.

Профильная ассоциация криптографов (Chinese Association for Cryptologic Research, CACR) объявила алгоритмы-финалисты в 2020 году: Aigis-sig и Aigis-enc (модифицированные родственники CRYSTALS-Kyber и CRYSTA…

1 week, 4 days назад @ kaspersky.ru
Как перенести заметки из Notion и сделать офлайновую копию своих данных | Блог Касперского
Как перенести заметки из Notion и сделать офлайновую копию своих данных | Блог Касперского Как перенести заметки из Notion и сделать офлайновую копию своих данных | Блог Касперского

Стоит отметить, что удаление, видимо, планируется только для тех, кто когда-либо платил за Notion из России.

Сегодня мы опишем создание копии данных из приложения для заметок и хранения структурированных знаний Notion.

Экспорт можно провести и на компьютере, и на мобильном устройстве.

Зайдите в настройки и в подразделе Workspace → Settings нажмите кнопку Export all workspace content.

AFFiNE — это open-source-приложение и сервис, который «объединяет документы, базы данных и доски», являясь, по словам разработчиков, заменой одновременно Notion и Miro.

1 week, 5 days назад @ kaspersky.ru
Мифы и суеверия цифрового мира | Блог Касперского
Мифы и суеверия цифрового мира | Блог Касперского Мифы и суеверия цифрового мира | Блог Касперского

Сегодня мы не просто рассказываем мифы, мы их проверяем.

Отличить переписки с ИИ и с человеком на первый взгляд кажется нелегкой задачей, особенно с учетом того, что «роботы» без проблем проходят тест Тьюринга.

Боты могут быть ограничены в области знаний и могут не понимать контекста или нюансов разговора так, как это делает человек.

Так браузер не запомнит ваши действия и не испортит сюрприз какой-нибудь неподходящей контекстной рекламой.

Мы много и часто рассказываем о новых технологиях и угрозах, раскрываем самые изощренные мошеннические схемы и делаем все, чтобы с каждым годом цифровых суеверий становилось все меньше и меньше.

2 weeks назад @ kaspersky.ru
NIST представил первые стандарты постквантового шифрования
NIST представил первые стандарты постквантового шифрования NIST представил первые стандарты постквантового шифрования

После долгих лет исследования и тестирования, в середине августа 2023 года Национальный институт стандартов и технологий США (NIST) наконец-то представил полноценные стандарты постквантового шифрования — FIPS 203, FIPS 204 и FIPS 205.

Собственно, результатом их работы и стали представленные Национальным институтом стандартов и технологий США (NIST) стандарты постквантового шифрования FIPS 203, FIPS 204 и FIPS 205.

Стандарт FIPS 203 включает три варианта параметров для ML-KEM:ML-KEM-512: категория безопасности 1 (эквивалентно AES-128);ML-KEM-768: категория безопасности 3 (эквивалентно AES-192);ML-KEM-1024: категория безопасности 5 (эквивалентно AES-256).

В стандарте FIPS 204 зафиксированы тр…

2 weeks, 2 days назад @ kaspersky.ru
Deep-TEMPEST: перехват изображения через HDMI | Блог Касперского
Deep-TEMPEST: перехват изображения через HDMI | Блог Касперского Deep-TEMPEST: перехват изображения через HDMI | Блог Касперского

Если быть более точным, то из наводок от передачи данных через разъемы и кабели цифрового интерфейса HDMI.

Перехват радиошума от дисплея в соседнем помещении, также известный как подвид TEMPEST-атаки, был описан в исследовании, которое вышло в 1985 году.

Проблема в том, что ван Эйк проделал это с монитором сорокалетней давности, с электронно-лучевой трубкой и аналоговым методом передачи данных.

В паре мест наблюдаются сложности с распознаванием соседних букв, но в целом текст читается достаточно легко.

Мы уже упоминали о том, что на современный монитор по интерфейсу HDMI каждую секунду передается огромный объем данных.

2 weeks, 4 days назад @ kaspersky.ru
Как защитить и сохранить данные в Telegram в 2024 году | Блог Касперского
Как защитить и сохранить данные в Telegram в 2024 году | Блог Касперского Как защитить и сохранить данные в Telegram в 2024 году | Блог Касперского

Конфиденциальность переписки и «ключи от Telegram»Если очень коротко, то большую часть переписки в Telegram нельзя считать конфиденциальной, и так было всегда.

Многие новостные каналы предполагают, что основная претензия к Дурову и Telegram — отказ сотрудничать с властями Франции и предоставить им «ключи от Telegram».

Удаление перепискиНекоторым категориям пользователей рекомендуют удалить в Telegram старую переписку, например служебную.

Окно экспорта можно закрыть, главное, не выключать само приложение Telegram и не отключать компьютер от Интернета или питания.

Арест Дурова отправил на новый круг старый слух об удалении Telegram, который официально опровергали и Apple, и Telegram в 2021 го…

2 weeks, 5 days назад @ kaspersky.ru
Топ-5 самых крупных утечек данных в истории | Блог Касперского
Топ-5 самых крупных утечек данных в истории | Блог Касперского Топ-5 самых крупных утечек данных в истории | Блог Касперского

CAM4Коротко: на сайте для взрослых CAM4 неправильно настроили сервера хранения базы данных с 11 млрд записей о клиентах — чувствительная информация оказалась в открытом доступе.

Когда произошла утечка: в 2012, в 2013… А может, и в 2014 году — в Yahoo не знают точной даты.

В версии Kaspersky Premium, помимо списка e-mail, вы можете указать еще и номера телефонов: обычно их используют для идентификации пользователей в более «серьезных» — например, банковских — онлайн-сервисах.

Масштабная утечка данных была и в 2023 году — тогда пострадали 815 млн индийцев.

Мы же сегодня вспоминаем самую крупную утечку в истории Facebook* — в руки киберпреступников попали имена, номера телефонов и данные о мес…

2 weeks, 6 days назад @ kaspersky.ru
Как можно взломать переключатель передач велосипеда | Блог Касперского
Как можно взломать переключатель передач велосипеда | Блог Касперского Как можно взломать переключатель передач велосипеда | Блог Касперского

Но что с велосипедами?

Электронные переключатели скоростей: Shimano Di2 и не толькоСтоит сделать несколько пояснений для тех, кто не очень разбирается в велосипедах и новейших трендах в велотехнологиях.

Электронные системы переключения передач в велосипедах бывают и проводными — в этом случае между манеткой и переключателем вместо тросика протянут провод, по которому передаются команды.

То же происходит и в модельных рядах главных конкурентов производителя — американской SRAM (которая представила беспроводные переключатели передач первой) и итальянской Campagnolo.

В Shimano обещают позднее сделать апдейт доступным для широкой публики — обновить велосипед можно будет через приложение E-TUBE …

3 weeks, 3 days назад @ kaspersky.ru
Безопасные настройки Libreoffice для всех платформ | Блог Касперского
Безопасные настройки Libreoffice для всех платформ | Блог Касперского Безопасные настройки Libreoffice для всех платформ | Блог Касперского

Мы решили подсветить самые важные моменты при установке LibreOffice в организациях.

Принципы настройкиСоветы ниже пригодятся для безопасной настройки LibreOffice на Linux, MacOS и Windows при их использовании в управляемой корпоративной среде (через групповые политики и другие инструменты централизованного контроля).

На всех платформах применяются настройки в виде XML-файлов (settings.xml), но также они могут дополнительно храниться в платформенном формате (реестр в Windows, dconf в Linux).

В группе org.openoffice.Office.Common/Security/Scripting для настройки MacroSecurityLevel следует установить значение 3:3Чтобы вообще отключить макросы, можно установить значение true с пометкой finalize…

3 weeks, 3 days назад @ kaspersky.ru
Уязвимость Windows Downdate: техника эксплуатации и контрмеры
Уязвимость Windows Downdate: техника эксплуатации и контрмеры Уязвимость Windows Downdate: техника эксплуатации и контрмеры

Именно на механизм обновлений нацелились авторы атаки Windows Downdate, поставив себе задачу незаметно «откатить» актуальную версию Windows до старой, содержащей уязвимые версии служб и файлов.

Одна уязвимость, получившая идентификатор CVE-2024-21302 и чаще называемая Downdate, основана на недочете в процессе установки обновлений.

Затем нужно инициировать восстановление системы — и откат Windows к уязвимой версии состоится.

Обход мер защиты VBS и кража паролейС 2015 года архитектура Windows переработана таким образом, чтобы компрометация ядра Windows не приводила к полной компрометации системы.

В будущем Microsoft обещает выпустить патчи и дополнительные средства защиты для всех релевантных…

3 weeks, 5 days назад @ kaspersky.ru
Технология Privacy-preserving attribution от Mozilla | Блог Касперского
Технология Privacy-preserving attribution от Mozilla | Блог Касперского Технология Privacy-preserving attribution от Mozilla | Блог Касперского

Самое время разобраться более подробно, в чем суть технологии Privacy-preserving attribution, зачем она вообще нужна и почему в Mozilla решили представить ее именно сейчас.

Эта технология уже третье десятилетие повсеместно используется для отслеживания действий пользователей в Интернете.

Далее, в феврале 2022, Mozilla представила разработанную совместно с Meta** технологию IPA (Interoperable private attribution), которая, судя по всему, в итоге и стала прообразом PPA, Privacy-preserving attribution.

Как работает технология Privacy-preserving attribution (PPA)Именно последняя система, совместно созданная Divvi Up и Mozilla, в итоге и используется технологией Privacy-preserving attribution на…

3 weeks, 6 days назад @ kaspersky.ru
Усовершенствования KUMA SIEM за 2 квартал 2024 года
Усовершенствования KUMA SIEM за 2 квартал 2024 года Усовершенствования KUMA SIEM за 2 квартал 2024 года

Мы, в свою очередь, тщательно изучили наиболее часто используемые атакующими техники и оперативно доработали или добавили в нашу SIEM-систему KUMA детектирующую логику для их выявления.

Распространены два способа изменения или отключения хостового файервола: с помощью утилиты netsh или с помощью внесения изменений в параметры реестра Windows.

[OOTB] Extreme Networks Summit Wireless Controller — нормализатор для некоторых событий аудита устройства Extreme Networks Summit Wireless Controller (Модель: WM3700, версия прошивки: 5.5.5.0-018R).

[OOTB] Kaspersky Security for MS Exchange SQL — нормализатор для событий системы Kaspersky Security for Exchange (KSE) версия 9.0, хранящихся в БД.

Итого у…

1 month назад @ kaspersky.ru
Блог Group-IB
последний пост None
Cisco Security Blog Cisco Security Blog
последний пост 6 days назад
Improving Operational Efficiencies and Providing Tighter Integrations with Cisco Security Products
Improving Operational Efficiencies and Providing Tighter Integrations with Cisco Security Products Improving Operational Efficiencies and Providing Tighter Integrations with Cisco Security Products

The 2023 Cisco Security Outcomes Report found that 61% of respondents had experienced a breach that impacted the resilience of the business.

Cisco Secure Network Analytics (SNA) helps bolster the network’s resilience by providing early detection and response to issues that could impact connectivity.

There are many other important features packed into this release, providing customers with greater operational efficiencies and tighter integration with several products in the Cisco security portfolio.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

6 days назад @ blogs.cisco.com
Leveraging Threat Intelligence in Cisco Secure Network Analytics
Leveraging Threat Intelligence in Cisco Secure Network Analytics Leveraging Threat Intelligence in Cisco Secure Network Analytics

First, we will cover the threat intelligence feed, and then we will look at using your own internal threat intelligence in the product.

Secure Network Analytics can use the product of the threat intelligence process to immediately alert you to that activity in your network.

Threat Intelligence FeedSecure Network Analytics offers a global threat intelligence subscription feed to help make use of a variety of Cisco and information security industry sources to detect on analyzed threat intelligence indicators.

Enabling the Threat Intelligence FeedTo enable the threat intelligence feed, use the following instructions.

If your organization has internal threat intelligence capabilities, you can u…

1 week, 5 days назад @ blogs.cisco.com
Zero touch provisioning with Cisco Firewall Management Center Templates
Zero touch provisioning with Cisco Firewall Management Center Templates Zero touch provisioning with Cisco Firewall Management Center Templates

Cisco FMC 7.6 brings Template support for easy, scalable zero-touch provisioning and SD-WAN setups.

2 weeks, 3 days назад @ feedpress.me
Unifying Cyber Defenses: How Hybrid Mesh Firewalls Shape Modern Security
Unifying Cyber Defenses: How Hybrid Mesh Firewalls Shape Modern Security Unifying Cyber Defenses: How Hybrid Mesh Firewalls Shape Modern Security

The Hybrid Mesh Firewall emerges as a vital component in this landscape, offering the flexibility and comprehensive protection required to meet modern cybersecurity challenges.

Before we delve into “What is Hybrid Mesh Firewall”, let us discuss a few customer problems:Key problem areas for customers1.

The hybrid mesh firewall solutionHybrid mesh firewall platforms enable security policy enforcement between workloads and users across any network, especially in on-premises-first organizations.

Benefits of hybrid mesh firewallsUnified security management: By consolidating various security functions into a single platform, Hybrid Mesh Firewalls simplify management and reduce the likelihood of m…

2 weeks, 4 days назад @ blogs.cisco.com
Three Reasons for Cisco Umbrella for Government
Three Reasons for Cisco Umbrella for Government Three Reasons for Cisco Umbrella for Government

Cisco Umbrella for Government has been granted FedRAMP Moderate Authority-To-Operate (ATO) and is now available to U.S. federal, state, and local government agencies, as well as other organizations that require FedRAMP authorization.

The commercial Cisco Umbrella version — a mature, proven and extensively validated cloud security solution trusted by over 30,000 customers — serves as the foundation for Umbrella for Government.

This integration with CISA PDNS and Umbrella DNS-layer security powered by Cisco Talos allows agencies to be compliant with the CISA mandate while leveraging the advanced threat protection from Cisco Umbrella for Government.

Reason #2: Cisco Talos threat intelligenceCi…

2 weeks, 5 days назад @ blogs.cisco.com
Enabling Cybersecurity Incident Response
Enabling Cybersecurity Incident Response Enabling Cybersecurity Incident Response

Security teams and the tools they use to operationalize incident response are the cornerstone of a robust defense.

A measure of effectiveness for a security operations team is how quickly they identify and respond to significant security incidents.

These tasks can include activities such as log analysis, threat detection, incident response, and vulnerability scanning.

The goal of automation is to reduce the workload on security analysts and speed up the detection and response to security incidents.

Orchestration aims to ensure that different security solutions communicate and collaborate effectively to improve response coordination, reduce the likelihood of errors, and enhance overall secur…

1 month назад @ blogs.cisco.com
Seamless Secure Work on a Plane
Seamless Secure Work on a Plane Seamless Secure Work on a Plane

Anyone who has tried to work on a plane knows that the quality of connection when you’re in the air can be inconsistent.

Rather than establish a VPN connection to access applications on the network, Cisco Secure Access provides a direct connection to the application through unique Zero Trust Network Access (ZTNA) capabilities.

Another requirement for seamless and secure access is to be able to authenticate your identity, even if you can’t connect to your phone.

We are continuing to research new ways to provide secure and simple offline access.

When we think about seamless and secure access there are multiple requirements to make that happen.

1 month назад @ blogs.cisco.com
Cisco ISE 3.4 – Here and Now!
Cisco ISE 3.4 – Here and Now! Cisco ISE 3.4 – Here and Now!

If you haven’t heard about what’s available in the latest iteration of Cisco ISE 3.4, let this be your primer.

Cisco ISE 3.4 will empower admins to initiate on-demand synchronization, guaranteeing Cisco ISE access to the most up-to-date endpoint information.

Cisco ISE 3.4 will empower admins to initiate on-demand synchronization, guaranteeing Cisco ISE access to the most up-to-date endpoint information.

Pac-less Communication between Cisco ISE and TrustSec NADsCisco ISE 3.4 introduces Pac-less Communication, a simplified approach to communication between Cisco ISE and TrustSec network devices.

This flexibility empowers Cisco ISE Admins to tailor Cisco ISE to their unique use cases and requi…

1 month, 1 week назад @ blogs.cisco.com
Building a Resilient Network and Workload Security Architecture from the Ground Up
Building a Resilient Network and Workload Security Architecture from the Ground Up Building a Resilient Network and Workload Security Architecture from the Ground Up

Building network and workload security architectures can be a daunting task.

As part of building a resilient architecture, it is essential to include and plan for scenarios in which the endpoint or workload solution might fail.

Generally, there are two main approaches to agent-based architectures:Userspace installing Kernel-Based Modules/Drivers (in-datapath)Userspace transparent to the Kernel (off-datapath)Secure Workload’s agent architecture was designed from the ground up to protect application workloads, even in the event of an agent malfunction, thus preventing crashes in the application workloads.

Agentless-Based ApproachesThe best way to protect your application workloads is undoubte…

1 month, 1 week назад @ blogs.cisco.com
Cisco XDR: Open Ecosystem Accelerated at Black Hat Events
Cisco XDR: Open Ecosystem Accelerated at Black Hat Events Cisco XDR: Open Ecosystem Accelerated at Black Hat Events

The story begins in the Black Hat Network Operations Center, which provides a high security, high availability network in one of the most demanding environments in the world – the Black Hat event.

Protecting these large events required cooperation with companies such as Microsoft and CrowdStrike, now two of the most robust integration partners with Cisco XDR.

We are excited for the 2nd year of Cisco XDR innovation, accelerating the evolution of the SOC of the Future.

We will continue to build upon the lessons learned and relationships developed at Black Hat events globally.

Driven by the needs of the community, Black Hat events showcase content directly from the community through Briefings …

1 month, 1 week назад @ blogs.cisco.com
Cisco Innovating a New Era of Security at Black Hat 2024
Cisco Innovating a New Era of Security at Black Hat 2024 Cisco Innovating a New Era of Security at Black Hat 2024

Black Hat 2024: Events and TrainingCisco will be hosting an incident response workshop on August 7.

Network OperationsCisco has been a longtime supporter and protection partner of the Black Hat security conference.

Cisco Talos: 10 Years of Defending Customers and the InternetTen years ago, during Black Hat 2014, the world met Talos Threat Intelligence for the very first time.

An overview of Splunk’s activities at Black Hat 2024 can be seen here.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

1 month, 2 weeks назад @ blogs.cisco.com
Protect Against Adversary-in-the-Middle with Cisco’s User Protection Suite
Protect Against Adversary-in-the-Middle with Cisco’s User Protection Suite Protect Against Adversary-in-the-Middle with Cisco’s User Protection Suite

In the blog, Understanding & Defending Against Adversary-in-the-Middle (AiTM) Attacks, we reviewed the basics of an AiTM attack and how Duo can protect against it.

Secure Access: Secure ProtocolsWhile Duo is a good first step in protecting against AiTM attacks, it’s important to take a layered approach to user protection.

When a user enrolls in Secure Access, a certificate is issued to that device for that user.

Partner with Cisco: User Protection SuiteWith Cisco’s User Protection Suite, users gain access to both Duo and Secure Access through one central console, the Security Cloud Control.

The User Protection Suite also includes Email Threat Defense to protect against attackers in your inb…

1 month, 2 weeks назад @ blogs.cisco.com
User Protection Suite Secures Against Talos Top Ransomware Attack Trends
User Protection Suite Secures Against Talos Top Ransomware Attack Trends User Protection Suite Secures Against Talos Top Ransomware Attack Trends

In Cisco Talos’ first episode of Talos Threat Perspective (TTP) episode, two Talos Threat Intelligence experts, Nick Biasini and James Nutland, discuss new research on the most prominent ransomware groups.

And what they found is attackers are frequently logging in with valid credentials and user identities, rather than hacking in.

One example of initial access attackers are using is OS credential dumping by extracting legitimate user credentials from Local Security Authority Subsystem Service (LSASS).

Detect the lateral movement before they’re doing data gathering, before they’re doing exfiltration.”Cisco’s User Protection Suite does just that.

By putting users first, this means users won’t…

1 month, 3 weeks назад @ blogs.cisco.com
Introducing the Coalition for Secure AI (CoSAI)
Introducing the Coalition for Secure AI (CoSAI) Introducing the Coalition for Secure AI (CoSAI)

Today, I am delighted to share the launch of the Coalition for Secure AI (CoSAI).

CoSAI collaborates with NIST, Open-Source Security Foundation (OpenSSF), and other stakeholders through collaborative AI security research, best practice sharing, and joint open-source initiatives.

We must equip practitioners with integrated security solutions, enabling them to leverage state-of-the-art AI controls without needing to become experts in every facet of AI security.

Where possible, CoSAI will collaborate with other organizations driving technical advancements in responsible and secure AI, including the Frontier Model Forum, Partnership on AI, OpenSSF, and ML Commons.

Security requires collective a…

1 month, 4 weeks назад @ blogs.cisco.com
Accelerating SaaS solution delivery to the U.S. Federal Government
Accelerating SaaS solution delivery to the U.S. Federal Government Accelerating SaaS solution delivery to the U.S. Federal Government

Synopsis: The Cisco Federal Operational Security Stack streamlines the process for Cisco SaaS solutions on their FedRAMP journey, bringing a myriad of benefits.

Consequently, Cisco SaaS solutions must obtain FedRAMP ATO to conduct business with U.S. Federal agencies.

As such, to streamline these efforts, Cisco has developed a centralized solution – Cisco’s Federal Operational Security Stack or Fed Ops Stack.

The journey map below shows how Cisco provides a clear process and resources for delivering SaaS solutions into regulated federal environments.

It displays the steps for solution teams to move their SaaS solutions throughout the process, while partnering with U.S. federal agencies and t…

2 months назад @ blogs.cisco.com
Microsoft Security Microsoft Security
последний пост 2 weeks, 2 days назад
North Korean threat actor Citrine Sleet exploiting Chromium zero-day
North Korean threat actor Citrine Sleet exploiting Chromium zero-day North Korean threat actor Citrine Sleet exploiting Chromium zero-day

The FudModule rootkit described in this blog has now been tied to Citrine Sleet as shared tooling with Diamond Sleet.

Exploiting CVE-2024-7971The observed zero-day exploit attack by Citrine Sleet used the typical stages seen in browser exploit chains.

Strengthen Microsoft Defender Antivirus configurationTurn on cloud-delivered protection in Microsoft Defender Antivirus, or the equivalent for your antivirus product, to help cover rapidly evolving attacker tools and techniques.

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To hear stories and insights from the Microsoft Threa…

2 weeks, 2 days назад @ microsoft.com
The art and science behind Microsoft threat hunting: Part 3
The art and science behind Microsoft threat hunting: Part 3 The art and science behind Microsoft threat hunting: Part 3

Putting it together: Threat intelligence and iterative threat huntingArmed with this breakdown, threat hunters can now turn their attention to using varied threat intelligence to execute threat hunts and track down threat actors.

Enriching a threat hunt with tactical threat intelligence artifacts in the form of IOCs concentrates investigation scope and allows for rapid identification of threat actor activity.

For more security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

1The art and science behind Microsoft threat hunting: Part 1, Microsoft Incident Response Team.

2The art and science behind Microsoft threat hunting: Part 2, M…

2 weeks, 4 days назад @ microsoft.com
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

Peach Sandstorm attack chainIntelligence gathering on LinkedInGoing back to at least November 2021 and continuing through mid-2024, Microsoft observed Peach Sandstorm using multiple LinkedIn profiles masquerading as students, developers, and talent acquisition managers based in the US and Western Europe.

Tickler malwareMicrosoft Threat Intelligence identified two samples of the Tickler malware, a custom multi-stage backdoor, that Peach Sandstorm deployed in compromised environments as recently as July 2024.

Network information collected by Tickler after deployment on target hostWe subsequently observed Peach Sandstorm iterating and improving on this initial sample.

]netTickler samples and r…

2 weeks, 4 days назад @ microsoft.com
How Microsoft Entra ID supports US government agencies in meeting identity security requirements
How Microsoft Entra ID supports US government agencies in meeting identity security requirements How Microsoft Entra ID supports US government agencies in meeting identity security requirements

Microsoft Entra ID is helping US government customers meet the M-22-09 requirements for identityUS government agencies are adopting Microsoft Entra ID to consolidate siloed identity solutions, reduce operational complexity, and improve control and visibility across all their users, as the memo requires.

With Microsoft Entra ID, agencies can enforce multifactor authentication at the application level for more granular control.

Microsoft Entra ID Establish Zero Trust access controls, prevent identity attacks, and manage access to resources.

Try for freeUsing Microsoft Entra ID as a centralized identity management systemAnyone who has struggled to manage multiple identity systems understands t…

2 weeks, 6 days назад @ microsoft.com
Microsoft AI Tour: Hear the latest product innovations to elevate your security strategy
Microsoft AI Tour: Hear the latest product innovations to elevate your security strategy Microsoft AI Tour: Hear the latest product innovations to elevate your security strategy

For the second year, the Microsoft AI Tour will bring together security practitioners, developers, and other technology professionals to learn about the latest AI innovations across the full Microsoft Security stack in multiple cities around the globe.

Find a Microsoft AI Tour event in a city near you—and get started early by signing up for our Microsoft Security Discovery Day events in Colombia and Mexico.

Learn moreTurn AI vision into transformative impactThe Microsoft AI Tour showcases our commitment to answering the overwhelming call to alleviate AI confusion and organizational inertia.

At the Microsoft AI Tour, we’ll showcase how Microsoft Copilot for Security lets you protect at the s…

3 weeks, 3 days назад @ microsoft.com
Microsoft again ranked number one in modern endpoint security market share
Microsoft again ranked number one in modern endpoint security market share Microsoft again ranked number one in modern endpoint security market share

We are excited to share that Microsoft has again been ranked number one in market share in the IDC Worldwide Modern Endpoint Security Market Shares, 2023: Evolving to Address New Work Modalities (doc #US52341924, June 2024).

And with more than 25.8% of the market share, Microsoft has the endpoint security solution more customers use to defend their multiplatform devices than any other vendor.

2IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2024 Vendor Assessment (doc #US50521223, January 2024).

3IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment (doc #US50521323, February 2024).

4IDC MarketScape: Worldwide Modern Endpoint S…

3 weeks, 4 days назад @ microsoft.com
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE

Attackers could chain and remotely exploit some of the discovered vulnerabilities to achieve an attack chain consisting of remote code execution (RCE) and local privilege escalation (LPE).

Information on the security fixes released by OpenVPN to address these vulnerabilities can be found here: OpenVPN 2.6.10.

OpenVPN analysisWe discovered the vulnerabilities while examining the OpenVPN open-source project to enhance enterprise security standards.

Openvpn_defer_auth – OpenVPN plugin to perform deferred authentication requests.

Named pipe impersonationThe ImpersonateNamedPipeClient function impersonates a named pipe client application.

1 month, 1 week назад @ microsoft.com
How Microsoft and NIST are collaborating to advance the Zero Trust Implementation
How Microsoft and NIST are collaborating to advance the Zero Trust Implementation How Microsoft and NIST are collaborating to advance the Zero Trust Implementation

This guide details how to implement a Zero Trust strategy, and what an end to end security approach using Zero Trust means for you and your organization.

NIST: Implementing a Zero Trust Architecture This guide from NIST shares practical guidance to implement Zero Trust from the NCCoE labs.

Read the guideMicrosoft and the NIST NCCoE: United in prioritizing Zero Trust modelBoth Microsoft and the NCCoE have been strong advocates of the Zero Trust model for years.

This diagram illustrates how Microsoft technology maps to the NIST Zero Trust model:NIST’s role in cybersecurity cannot be overstated.

As part of this effort, the NCCoE just announced the general availability of the Zero Trust Archite…

1 month, 1 week назад @ microsoft.com
New Microsoft whitepaper shares how to prepare your data for secure AI adoption
New Microsoft whitepaper shares how to prepare your data for secure AI adoption New Microsoft whitepaper shares how to prepare your data for secure AI adoption

The era of AI brings many opportunities to companies, from boosts in productivity to generative AI applications and more.

Data security as a foundation for secure AI adoption Learn the four steps organizations can take to prepare their data for AI.

The stages include knowing your data, governing your data, protecting your data, and preventing data loss.

And with Microsoft Purview, Copilot customers receive real-time data security and compliance controls seamlessly integrated into their organization’s Microsoft 365 deployment.

Secure and govern usage of Copilot for Microsoft 365As organizations deploy Copilot and other generative AI applications, they want to get ahead of the inherent risks …

1 month, 2 weeks назад @ microsoft.com
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption

Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors.

Microsoft disclosed the findings to VMware through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR), and VMWare released a security update.

During this attack, the threat actor used the CVE-2024-37085 vulnerability to gain elevated privileges to the ESXi hypervisors within the organization.

Microsoft Defender Antivirus and automatic attack disruption in Microsoft Defender for Endpoint were able to stop these encryption attempts in devices that had th…

1 month, 2 weeks назад @ microsoft.com
Windows Security best practices for integrating and managing security tools
Windows Security best practices for integrating and managing security tools Windows Security best practices for integrating and managing security tools

In addition, we share how customers and security vendors can better leverage the integrated security capabilities of Windows for increased security and reliability.

.trap Resetting default scope STACK_TEXT: ffff9405`8305e9f8 fffff806`5388c1e4 : 00000000`00000050 ffff8405`00000074 00000000`00000000 ffff9405`8305ec20 : nt!KeBugCheckEx ffff9405`8305ea00 fffff806`53662d8c : 00000000`00000000 00000000`00000000 00000000`00000000 ffff8405`00000074 : nt!MiSystemFault+0x1fcf94 ffff9405`8305eb00 fffff806`53827529 : ffffffff`00000030 ffff8405`af8351a2 ffff9405`8305f020 ffff9405`8305f020 : nt!MmAccessFault+0x29c ffff9405`8305ec20 fffff806`715114ed : 00000000`00000000 ffff9405`8305eeb0 ffff8405`b0bcd00c…

1 month, 2 weeks назад @ microsoft.com
Onyx Sleet uses array of malware to gather intelligence for North Korea
Onyx Sleet uses array of malware to gather intelligence for North Korea Onyx Sleet uses array of malware to gather intelligence for North Korea

Microsoft Threat Intelligence collaborated with the Federal Bureau of Investigation (FBI) in tracking activity associated with Onyx Sleet.

Onyx Sleet conducts cyber espionage primarily targeting military, defense, and technology industries, predominately in India, South Korea, and the United States.

Onyx Sleet targetsIn pursuit of its primary goal of intelligence collection, Onyx Sleet has focused on targeting entities in the defense and energy industries, predominately in India, South Korea, and the United States.

]comSHA-256TigerRAT f32f6b229913d68daad937cc72a57aa45291a9d623109ed48938815aa7b6005c 0837dd54268c373069fc5c1628c6e3d75eb99c3b3efc94c45b73e2cf9a6f3207 29c6044d65af0073424ccc01abcb…

1 month, 3 weeks назад @ microsoft.com
Zero Trust in the Age of AI: Join our online event to learn how to strengthen your security posture
Zero Trust in the Age of AI: Join our online event to learn how to strengthen your security posture Zero Trust in the Age of AI: Join our online event to learn how to strengthen your security posture

This is why a proactive and integrated Zero Trust approach is needed more than ever.

A Zero Trust approach considers all activity as suspect, and relies on three foundational principles: verify explicitly, ensure least privilege access, and assume breach.

Led by Corporate Vice President of Microsoft Security Vasu Jakkal, the online event will include:A keynote exploring why an end-to-end approach centered around a Zero Trust strategy is crucial in addressing future security challenges.

Zero Trust in the age of AI Join us on July 31, 2024, to learn how to simplify your Zero Trust strategy with the latest end-to-end security innovations.

Register nowSimplifying Zero Trust implementationWith t…

1 month, 3 weeks назад @ microsoft.com
Connect with Microsoft Security at Black Hat USA 2024​​
Connect with Microsoft Security at Black Hat USA 2024​​ Connect with Microsoft Security at Black Hat USA 2024​​

Bill Demirkapi, Security Engineer, Microsoft Security Response CenterStop by our booth (1240) to connect with Microsoft security expertsAt Black Hat 2024, Microsoft Security is here with security leaders and resources that include:Threat researchers and security experts from Microsoft Security, here to connect with the community and share insights.

Partner presence at the Microsoft boothAt the Theater in the Microsoft booth, watch our series of presentations and panels featuring Microsoft Threat Intelligence Center (MSTIC) experts and Microsoft Researchers.

Reserve your spot at the Microsoft Security VIP MixerThe event will be co-hosted by Ann Johnson, Corporate Vice President and Deputy CI…

2 months назад @ microsoft.com
Microsoft Purview Data Governance will be generally available September 1, 2024
Microsoft Purview Data Governance will be generally available September 1, 2024 Microsoft Purview Data Governance will be generally available September 1, 2024

We are excited to announce that the new Microsoft Purview Data Governance solution will be generally available beginning September 1, 2024.

In this post, we will highlight the growing challenges facing today’s data landscape and explore how Microsoft Purview Data Governance is helping customers establish a federated data-driven culture.

AI-powered data discovery in Microsoft Purview Data Governance.

The Data Catalog is an enterprise repository to help data stewards (people responsible for data governance) and data owners (people handling day-to-day maintenance of data) curate assets and enable responsible democratization of data.

Try it todayPlease log on to the Microsoft Purview portal and…

2 months назад @ microsoft.com
Google Online Security Blog Google Online Security Blog
последний пост 2 days, 20 hours назад
A new path for Kyber on the web
A new path for Kyber on the web A new path for Kyber on the web

We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients.

The hybrid key exchange used both the pre-quantum X25519 algorithm, and the new post-quantum algorithm Kyber.

As a result, the codepoint in TLS for hybrid post-quantum key exchange is changing from 0x6399 for Kyber768+X25519, to 0x11EC for ML-KEM768+X25519.

Post-quantum cryptography is too big to be able to offer two post-quantum key share predictions at the same time.

Longer term, we hope to avoid the chicken-and-egg problem for post-quantum key share predictions through our emerging IETF draft for key share prediction.

2 days, 20 hours назад @ security.googleblog.com
Deploying Rust in Existing Firmware Codebases
Deploying Rust in Existing Firmware Codebases Deploying Rust in Existing Firmware Codebases

The Android team has discussed Rust for bare-metal firmware previously, and has developed training specifically for this domain.

The shim serves as a wrapper around the Rust library API, bridging the existing C API and the Rust API.

Choosing a Pre-Existing Crate (Rust Library)Picking the right open-source crate (Rust library) to replace the chosen component is crucial.

[no_std]#[cfg(feature = "std")] extern crate std; extern crate alloc;Then, iteratively fix all occurring compiler errors as follows:Move any use directives from std to either core or alloc.

Memory Safety for Firmware, TodayUsing the process outlined in this blog post, You can begin to introduce Rust into large legacy firmware…

1 week, 4 days назад @ security.googleblog.com
Private AI For All: Our End-To-End Approach to AI Privacy on Android
Private AI For All: Our End-To-End Approach to AI Privacy on Android Private AI For All: Our End-To-End Approach to AI Privacy on Android

As a pioneer in responsible AI and cutting-edge privacy technologies like Private Compute Core and federated learning, we made sure our approach to the assistant experience with Gemini on Android is aligned with our existing Secure AI framework, AI Principles and Privacy Principles.

From privacy on-device when handling sensitive data to the world’s best cloud infrastructure, here are six key ways we keep your information private and protected.

For some AI features, like Summarize in Recorder on Pixel, that benefit from additional data privacy or processing efficiency, we utilize on-device AI.

It can be thought of as extending the user’s device and its security boundaries into our cloud infr…

1 month назад @ security.googleblog.com
Post-Quantum Cryptography: Standards and Progress
Post-Quantum Cryptography: Standards and Progress Post-Quantum Cryptography: Standards and Progress

The National Institute of Standards and Technology (NIST) just released three finalized standards for post-quantum cryptography (PQC) covering public key encapsulation and two forms of digital signatures.

Here's a brief overview of what PQC is, how Google is using PQC, and how other organizations can adopt these new standards.

Practical large-scale quantum computers are still years away, but computer scientists have known for decades that a cryptographically relevant quantum computer (CRQC) could break existing forms of asymmetric key cryptography.

Google began testing PQC in Chrome in 2016 and has been using PQC to protect internal communications since 2022.

As we make progress on our own …

1 month назад @ security.googleblog.com
Keeping your Android device safe from text message fraud
Keeping your Android device safe from text message fraud Keeping your Android device safe from text message fraud

In particular, there is increasingly more evidence of the exploitation of weaknesses in cellular communication standards leveraging cell-site simulators to inject SMS phishing messages directly into smartphones.

The method is straightforward and replicates known techniques to trick mobile devices to an attacker-controlled 2G network.

Spreading SMS phishing messages commonly yields a small return as it is very difficult to get these messages to fly undetected by sophisticated anti-spam filters.

Android has built-in spam protection that helps to identify and block spam SMS messages.

We are constantly working to improve our security features and protect users from phishing, fraud, and other th…

1 month, 2 weeks назад @ security.googleblog.com
Improving the security of Chrome cookies on Windows
Improving the security of Chrome cookies on Windows Improving the security of Chrome cookies on Windows

Cybercriminals using cookie theft infostealer malware continue to pose a risk to the safety and security of our users.

We already have a number of initiatives in this area including Chrome’s download protection using Safe Browsing, Device Bound Session Credentials, and Google’s account-based threat detection to flag the use of stolen cookies.

Today, we’re announcing another layer of protection to make Windows users safer from this type of malware.

On Windows, Chrome uses the Data Protection API (DPAPI) which protects the data at rest from other users on the system or cold boot attacks.

In Chrome 127 we are introducing a new protection on Windows that improves on the DPAPI by providing Appli…

1 month, 2 weeks назад @ security.googleblog.com
Building security into the redesigned Chrome downloads experience
Building security into the redesigned Chrome downloads experience Building security into the redesigned Chrome downloads experience

Last year, we introduced a redesign of the Chrome downloads experience on desktop to make it easier for users to interact with recent downloads.

Adding context and consistency to download warningsThe redesigned Chrome downloads experience gives us the opportunity to provide even more context when Chrome protects a user from a potentially malicious file.

Our legacy, space-constrained warning vs. our redesigned oneWe also made download warnings more understandable by introducing a two-tier download warning taxonomy based on AI-powered malware verdicts from Google Safe Browsing.

The Chrome Security team works closely with Safe Browsing, Google's Threat Analysis Group, and security researchers …

1 month, 3 weeks назад @ security.googleblog.com
Sustaining Digital Certificate Security - Entrust Certificate Distrust
Sustaining Digital Certificate Security - Entrust Certificate Distrust Sustaining Digital Certificate Security - Entrust Certificate Distrust

The Chrome Security Team prioritizes the security and privacy of Chrome’s users, and we are unwilling to compromise on these values.

The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.

Apple policies prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.

Website operators can determine if they are affected by this issue by using the Chrome Certificate Viewer.

Beginning in Chrome 127, enterprises can override Chrome Root Store constraints like those described for Entrust in this blog post by installing the …

2 months, 2 weeks назад @ security.googleblog.com
Virtual Escape; Real Reward: Introducing Google’s kvmCTF
Virtual Escape; Real Reward: Introducing Google’s kvmCTF Virtual Escape; Real Reward: Introducing Google’s kvmCTF

To this end we are excited to announce the launch of kvmCTF, a vulnerability reward program (VRP) for the Kernel-based Virtual Machine (KVM) hypervisor first announced in October 2023.

Google is an active contributor to the project and we designed kvmCTF as a collaborative way to help identify & remediate vulnerabilities and further harden this fundamental security boundary.

Similar to kernelCTF, kvmCTF is a vulnerability reward program designed to help identify and address vulnerabilities in the Kernel-based Virtual Machine (KVM) hypervisor.

Finally, given how critical a hypervisor is to overall system security, kvmCTF will reward various levels of vulnerabilities up to and including code …

2 months, 2 weeks назад @ security.googleblog.com
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge

OSS-Fuzz is free, open source, and its projects and infrastructure are shaped very similarly to AIxCC challenges.

Competitors can easily reuse its existing toolchains, fuzzing engines, and sanitizers on AIxCC projects.

To enable kernel fuzzing, we followed a similar approach to an older blog post from Cloudflare.

Some changes to Cloudflare’s harness were required in order for this to be pluggable with the provided kernel challenges.

AIxCC challenges come with their own main() which takes in a file path.

2 months, 3 weeks назад @ security.googleblog.com
Staying Safe with Chrome Extensions
Staying Safe with Chrome Extensions Staying Safe with Chrome Extensions

Chrome extensions can boost your browsing, empowering you to do anything from customizing the look of sites to providing personalized advice when you’re planning a vacation.

Just type “run safety check” in Chrome’s address bar and select the corresponding shortcut: “Go to Chrome safety check.”User flow of removing extensions highlighted by Safety Check.

In 2024, less than 1% of all installs from the Chrome Web Store were found to include malware.

We're proud of this record and yet some bad extensions still get through, which is why we also monitor published extensions.

Monitoring published extensionsThe same Chrome team that reviews extensions before they get published also reviews extensio…

2 months, 3 weeks назад @ security.googleblog.com
Time to challenge yourself in the 2024 Google CTF
Time to challenge yourself in the 2024 Google CTF Time to challenge yourself in the 2024 Google CTF

It’s Google CTF time!

Join the Google CTF (at goo.gle/ctf), a thrilling arena to showcase your technical prowess.

The Google CTF consists of a set of computer security puzzles (or challenges) involving reverse-engineering, memory corruption, cryptography, web technologies, and more.

The prize pool for this year’s Google CTF and Hackceler8 stands at more than $32,000.

Sign up for the Google CTF to expand your skill set, meet new friends in the security community, and even watch the pros in action.

3 months назад @ security.googleblog.com
On Fire Drills and Phishing Tests
On Fire Drills and Phishing Tests On Fire Drills and Phishing Tests

In this blog, we will analyze the modern practice of Phishing “Tests” as a cybersecurity control as it relates to industry-standard fire protection practices.

This study with 14,000 participants showed a counterproductive effect of phishing tests, showing that “repeat clickers” will consistently fail tests despite recent interventions.

Some (e.g, FedRAMP) phishing tests require bypassing existing anti-phishing defenses.

At larger enterprises with multiple independent products, people can end up with numerous overlapping required phishing tests, causing repeated burdens.

In short - we need to stop doing phishing tests and start doing phishing fire drills.

3 months, 3 weeks назад @ security.googleblog.com
I/O 2024: What’s new in Android security and privacy
I/O 2024: What’s new in Android security and privacy I/O 2024: What’s new in Android security and privacy

And as their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe.

Google Play Protect live threat detectionGoogle Play Protect now scans 200 billion Android apps daily, helping keep more than 3 billion users safe from malware.

The detection of suspicious behavior is done on device in a privacy preserving way through Private Compute Core, which allows us to protect users without collecting data.

This is helpful for apps that want to hide sensitive information from other apps and protect users from scams.

This is helpful for apps that want to hide sensitive information from other…

4 months назад @ security.googleblog.com
Google and Apple deliver support for unwanted tracking alerts in Android and iOS
Google and Apple deliver support for unwanted tracking alerts in Android and iOS Google and Apple deliver support for unwanted tracking alerts in Android and iOS

Google and Apple have worked together to create an industry specification – Detecting Unwanted Location Trackers – for Bluetooth tracking devices that makes it possible to alert users across both Android and iOS if such a device is unknowingly being used to track them.

This will help mitigate the misuse of devices designed to help keep track of belongings.

Google is now launching this capability on Android 6.0+ devices, and today Apple is implementing this capability in iOS 17.5.

If a user gets such an alert on their Android device, it means that someone else’s AirTag, Find My Device network-compatible tracker tag, or other industry specification-compatible Bluetooth tracker is moving with …

4 months назад @ security.googleblog.com