СПЧ: Утечка персональных данных – причина для смены паспортаAlexander AntipovСоюз по правам человека предложил сделать основанием для замены паспорта утечку персональных данных.

Член Совета по правам человека (СПЧ) Кирилл Кабанов заявил, что в случае утечки данных нужно менять паспорт.

Это должно стать основание для получения нового документа.

"В рамках защиты интересов и прав граждан необходимо изменить состав оснований для замены общегражданского паспорта, дополнив его попаданием паспортных данных гражданина в свободный доступ в результате утечки/хищения персональных данных", - написал Кабанов.

Кабанов также отметил, что граждане должны получить право в случае утечки своих персональных да…

Несмотря на старания ФБР, хакерское дело оказалось ничтожным

Киберпреступники используют неизвестное вредоносное ПО, которое использует правительственную почту для сбора данных.

1000 серверов, способных выполнять 240 миллионов операций в секунду, планируется использовать для глобального контроля.

Вредоносный пакет будет работать до тех пор, пока устройство не будет сброшено до заводских настроек или пока оно не будет удалено вручную.

Эксперты предупреждают, что злоумышленники ищут альтернативы отключённым макросам Microsoft Office.

Программы подписаны Microsoft и обладают совершенными функциями «невидимости».

Китай в рамках шпионской миссии запустил над США смертоносный воздушный шарAlexander AntipovАэростат парит вблизи складов с ядерным вооружением, но сбивать его не спешат.

Райдер заявил, что за аэростатом тщательно следят, и в настоящее время он не представляет угрозы.

Правительство США уверено в том, что воздушный шар принадлежит Китаю.

В один момент времени аэростат кружил над Монтаной — одним из трех штатов, в которых хранится ядерное оружие.

Так как шар видно без специального оборудования, и многие американцы лицезрели его лично, полёт аэростата не прокомментировал в Интернете только ленивый.

Хакер смог вручную увеличить курс украденной криптовалюты и обменять её на другие токены.

Группировка Gamaredon имеет большой опыт атак на IT-системы Украины и постоянно обновляет свои инструменты.

Студента из Ульяновска будут судить за взлом страницы школьникаAlexander AntipovЕму грозит до двух лет лишения свободы.

В Вологодской области завершено расследование уголовного дела в отношении 19-летнего студента, взломавшего страницу в соцсети 12-летнего школьника.

Как сообщается, в полицию обратилась мама школьника и пожаловалась, что кто-то взломал страницу сына и от его имени разместил в одном из школьных чатов непристойную картинку.

После расследования выяснилось, что преступление совершил студент из Ульяновска 2003 года рождения.

Он рассказал, что вошел в социальную сеть при помощи чужих данных, затем поменял пароль и нашел в сообщениях школьный чат, где разместил картинку с нецензур…

Китайскую социальную сеть хотят запретить в США по соображениям национальной безопасности.

Жертвой преследования стала бывшая девушка полицейского.

Инженер взломал сети своего работодателя и потребовал у него выкуп.

Программное обеспечение брокеров сетевых пакетов DS Integrity NG включено в Единый реестр российской радиоэлектронной продукции (запись № 6916 от 1 сентября 2020 года).

Схема активного подключения DS Integrity NG с функцией BypassАрхитектура DS Integrity NGБрокеры DS Integrity NG представлены в двух модификациях, различающихся наличием функции Bypass, которая обеспечивает прохождение трафика через устройство при отключении питания.

Сценарии использования DS Integrity NGКонфигурирование и администрирование DS Integrity NG осуществляются через веб-интерфейс.

Интерфейс администратора DS Integrity NG.

Интерфейс администратора DS Integrity NG.

Одними из самых массовых и в то же время опасных являются атаки злоумышленников 3-го уровня квалификации (киберкриминал или кибермошенники).

Итак, рассмотрим атаку на средний банк (до 2500 сотрудников) с использованием вируса-шифровальщика.

Да, этот случай никак не связан с кибератакой, но очевидно, что и в результате внешнего воздействия могут наступить аналогичные последствия.

ВыводыВ очередной раз подчеркнём, что и взятые за основу показатели, и сам кейс являются типовыми, но каждый наступивший киберинцидент требует индивидуальных расчётов.

Именно по этой причине мы можем говорить, что инвестиции в ИБ и их возврат — это не миф, а реальность.

В то же время анонимность, которая была главной привлекательной особенностью дарквеба, постепенно стала проникать и в обычную Всемирную паутину.

В то же время государства активно борются за то, чтобы заставить частные компании повысить безопасность собранных ими данных.

Рассматривалась также возможность подключения других, нетипичных сетей: голографических коммуникаций, виртуальной реальности, систем с невербальным и тактильным вводом, дистанционной хирургии и телемедицины и пр.

Накопленный опыт и достигнутые результаты можно будет в дальнейшем использовать и для более масштабного проекта, если таковой появится.

В то же время интернет был и остаётся всемирной системой, которая объединяет лю…

ВведениеТема DDoS-атак в 2022 году очень громко звучала в информационном пространстве, причём далеко не только в специализированных медиа.

2022 год в сфере защиты от DDoS-атакОткрывая прямой эфир, Рустэм Хайретдинов попросил экспертов рассказать, чем запомнился 2022 год в сфере защиты от DDoS-атак.

Проводили ли клиенты анализ, выбирая провайдера защиты от DDoS, или в панике бросались к первому попавшемуся претенденту?

Практика использования и выбора системы защиты от DDoS-атакКак выбрать Anti-DDoSКак сейчас компании выбирают систему защиты от DDoS?

Что должно быть указано в SLAВедущий решил затронуть тему ответственности сервис-провайдера и попросил экспертов рассказать о том, что входит в …

VPT (Vulnerability Prioritization Technology) — технология определения приоритетов среди уязвимостей в программном обеспечении, операционных системах, прошивках оборудования.

Расчёт рейтинга производится по особой формуле, учитывающей ряд факторов, таких как вектор атаки, сложность эксплуатации уязвимости, воздействие на систему и другие.

Чем выше эта оценка, тем больше вероятность эксплуатации уязвимостей в течение ближайших 30 дней.

Как видно из рисунка, реально эксплуатируемые бреши могут как попадать в рейтинг CVSS 7+, так и быть вне этой категории.

Алгоритм выбора действия в отношении уязвимости по версии CISAСистемы управления уязвимостями с применением VPTИнструменты управления уязви…

Подробно о TIP мы рассказывали в статье «Обзор рынка платформ и сервисов киберразведки (Threat Intelligence) в России и в мире».

Основные сходства:SGRC и IRP / SOAR могут применяться для управления ИБ-инцидентами (можно создавать карточки инцидентов и сценарии реагирования, выполнять автоматическое реагирование);в SGRC и IRP / SOAR можно вести перечни активов организации.

В отличие от IRP / SOAR, в XDR есть встроенные детектирующие технологии, возможность корреляции «сырых» данных, объединение уведомлений в инцидент.

Основные сходства:в XDR и IRP / SOAR есть поддержка автоматизированного реагирования на инциденты в ИБ на основе плейбуков.

Основные сходства:в TIP, XDR и IRP / SOAR возможно ф…

Этапы процесса управления уязвимостями по версии GartnerОсобенности построения процесса управления уязвимостями обсуждались экспертами на одном из эфиров AM Live, краткие итоги которого можно прочитать в нашей статье.

Российский рынок систем управления уязвимостямиНесмотря на то что средства управления уязвимостями занимают доминирующее положение в сегменте средств защиты приложений, российский рынок систем VM развит весьма слабо.

Опрос Anti-Malware.ru об изменениях в процессе управления уязвимостями в 2022 г.Если же анализировать изменение подхода к управлению уязвимостями за последние два года, то можно наблюдать удивительные тенденции.

Vulns.IO VMVulns.IO VM — многофункциональное решение…

Функциональные возможности UserGate Next Generation FirewallНабор функциональных возможностей UserGate Next Generation Firewall охватывает разнообразные потребности в сфере защиты трафика и фильтрации контента.

Защита от DoSОдним из механизмов безопасности в UserGate Next Generation Firewall является функция ограничения числа соединений, открытых одним пользователем.

Раздел настройки DNS в UserGate Next Generation FirewallАвторизация неизвестных пользователей (не идентифицированных Windows или агентами терминальных серверов либо не имеющих явно указанного IP-адреса в свойствах) осуществляется в UserGate Next Generation Firewall при помощи перехватывающего портала.

Создание политикОсновным и…

Разберём и покажем интеграцию киберразведывательного сервиса RST Threat Feed с решением IBM Security QRadar SOAR.

Возможности по интеграции IBM Security QRadar SOAR со внешними системами можно проиллюстрировать на примере сервисов киберразведки (Threat Intelligence, TI), таких как RST Threat Feed.

SOAR-система от IBM и интеграция с TIIBM Security QRadar SOAR, ранее известная как IBM Resilient, представляет собой инструмент SOAR, повышающий эффективность центра обеспечения безопасности (SOC).

Требования для интеграции с RST CloudДля интеграции нам потребуются:подписка RST Cloud (приобрести можно у ИБ-интеграторов),инсталляция IBM SOAR, включающая в себя сервер интеграции,базовые знания по Py…

Импортонезависимость — это некое состояние, которого необходимо достигнуть, либо в котором, в некоторых сегментах, мы уже оказались.

Пока же заказчики вынуждены в ряде случаев выбирать: переходить на не всегда совершенное отечественное оборудование или же надеяться на параллельный импорт.

Наши спикеры напомнили, что именно такая система существует в оборонной промышленности, а сфера ИБ сегодня может рассматриваться и в контексте обеспечения безопасности страны.

Анна Кулашова, управляющий директор компании «Лаборатория Касперского» в России и странах СНГЭльман Бейбутов:— Я оптимист в сфере кибербезопасности, но пессимист в части ИТ, приложений и бизнес-систем.

В целом игроки рынка позитивно …

Но в Сети присутствует ряд «врождённых» изъянов, устранить которые не может ни одна из существующих ИБ-систем.

Где тонко, там и рвётся«Всемирная паутина» обеспечивает доступ к документам с использованием разнообразных технологий: HTML, DOM, CSS, JavaScript и др.

Аналогичная уязвимость может эксплуатироваться в отношении протокола безопасности TLS, но для этого потребуется участие центра сертификации, обеспечивающего выдачу сертификатов для доменов.

Это не так.

Агентство появилось в ответ на запуск в СССР первого искусственного спутника Земли «Спутник-1» в 1957 году.

При вызове Google Maps кажется, что всё осталось как прежде.

Дело в том, что при вызове Google Maps сервис получает данные о местоположении устройства.

«Понижение» состоит в том, что если раньше эти данные передавались только в сервер поддержки Google Maps, то теперь они станут доступными любым сервисам Google, запущенным в домене «google.com».

Подмена изнутриЧтобы понять, что происходит и как это влияет на конфиденциальность, давайте сначала рассмотрим в общих чертах, как работает браузер.

Эксперты говорят, что Google может переместить в свой «общий» домен и другие сервисы, такие как Google Drive, Calendar и Meet.

Расскажем, как выбрать средство криптографической защиты информации для АИС «Налог-3», а также дадим подробный обзор продуктов трёх производителей СКЗИ.

Почему выбор СКЗИ для АИС «Налог-3» актуален именно сейчасАИС «Налог-3» представляет собой единую информационную систему ФНС России, обеспечивающую автоматизацию деятельности налоговой службы по всем выполняемым ею функциям.

Поэтому январь 2023 года — подходящее время для того, чтобы начать подготовку к переходу на АИС «Налог-3» и без суеты и нервотрёпки выбрать подходящее для этой цели СКЗИ.

Какой из продуктов лучше всего соответствует требованиям регуляторовВыше был сделан обзор трёх программно-аппаратных решений, рекомендованных ФНС для …

Расскажем, как DCAP помогает избежать штрафов и позволяет контролировать данные компании и все действия с ними.

Система «Спектр» от компании «СайберПик» применяет различные технологии и аналитику в части безопасности данных и действий по отношению к ним.

Рассмотрим, как данный процесс выстраивается в организациях и как на практике «Спектр» может снизить риски утечки данных и попадания под штрафные санкции со стороны регулятора.

Перечень отчётовКомплексный контроль и защита данных, подпадающих под 152-ФЗКрайне важно иметь целостную картину состояния безопасности данных в соответствии с 152-ФЗ.

ВыводыФедеральный закон «О персональных данных» описывает общий для всей страны подход к требования…

Голубиная наружная слежкаПеред вами один из рассекреченных снимков, предоставленный ЦРУ для публичного использования.

Тогда было подготовлено около 600 голубей, в основном они обеспечивали быструю коммуникацию между подразделениями.

Но позднее выяснилось, что с помощью голубей можно подобраться значительно ближе к интересующим разведку объектам, даже если вокруг них была выстроена серьёзная эшелонированная охрана.

По сравнению с ними, как сообщается в отчёте ЦРУ, «съёмка с помощью голубей позволяет значительно лучше распознавать объекты на изображениях и разглядывать более мелкие детали».

Деньги выделялись как на проведение обучения голубей, так и на разработку фотокамер нового типа и систе…

Если пользователь не аутентифицирован, перенаправить его по пути /sign-in :Если пользователь не аутентифицирован, показать ему форму входа по URL страницы, которую он пытался открыть, без перенаправления и отдельного пути:Проблемы пути /sign-in1.

По-прежнему существует ситуация анонимного просмотра пути//profile/profile/edit/profile/edit/sign-in/profileСоздание формы входа на страницеСоздаю блок или любой другой объект бизнес-логики, являющийся источником истины для состояния аутентификации в приложении.

Создаю AuthenticatedOrNotWidget с двумя билдерами: один для случая с аутентификацией, другой для случая без аутентификации.

_authenticationCubit.initialState), ); } Widget _buildWithState(B…

Именно поэтому в составе универсального шлюза безопасности (UTM) Traffic Inspector Next Generation (TING) имеется встроенный антивирус, который дополняет защитное ПО на рабочих местах.

Антивирусная защита на шлюзе безопасностиВ Traffic Inspector Next Generation (TING) антивирусную проверку трафика можно организовать несколькими методами.

Для этого в Traffic Inspector Next Generation используется технология SSL Bump.

Поскольку работающие на уровне шлюза антивирусы проверяют только транслируемый в сеть трафик, они не в состоянии обеспечить максимальную степень защиты.

Эшелонированная антивирусная защитаДополнительные меры для повышения уровня информационной безопасности могут предусматривать …

Ниже представлена подборка самых интересных уязвимостей за январь 2023 года!

Подробнее: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0077Повышение привилегий в Nessus (CVE-2023-0101)Уязвимость была обнаружена в Nessus в версиях от 8.10.1 до 8.15.7 и от 10.0.0 до 10.4.1.

Подробнее: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0101Многочисленные уязвимости в Google ChromeМножество идентификаторов CVE было присвоено в январе уязвимостям в Google Chrome.

Оценка уязвимости по версии NIST – 4.3 балла.

Подробнее:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24059https://twitter.com/TezFunz2/status/1616575783215964166https://www.reddit.com/r/gtaonline/comments/10hsos…

Мы прогнозировали, что Cloud Atlas продолжит атаки, в первую очередь на госучреждения стран Азии и Восточной Европы (они входят в сферу интересов группировки).

Портрет Cloud AtlasCloud Atlas появилась на киберпреступной арене в 2014 году, мы в экспертном центре отслеживаем ее активность с 2019 года.

Это говорит о хорошей подготовленности Cloud Atlas и о том, что они продумывают свои нападения до мелочей.

На рисунке желтым и красным цветом выделены последовательности байтов, на основании которых мы и высчитывали различные смещения до ссылки на вредоносный шаблон.

Киберпреступники используют сервис как для хранения загружаемых ВПО-модулей, так и для загрузки собранных данных.

В прошлый раз мы рассказывали о том, как взлом сайта может привести к компрометации корпоративной переписки через контроль содержимого трафика.

Очень часто крупные и не очень предприятия берут на практику студентов, те в свою очередь пишут отчеты.

Вот и в данном случае поиск по юридическому лицу в поисковике вывел нас на дипломный проект 2010 года.

Восстановленный NTLMv2 хэшПолучен пароль пользователя - 123 (о, да, и не говорите).

Использование лишь одного фактора небезопасно и совсем не подходит для таких критичных узлов, как VPN.

Тему можно разделить на два направления – приведение в соответствие и оценка соответствия для кредитных и некредитных финансовых организаций.

Здесь я рассмотрю скорее общие вопросы оценки соответствия и приведения в соответствие системы ИБ финансовых организаций.

Требования к таким подсистемам могут разниться в строгости, в зависимости от критичности систем и важности данных, которые в них крутятся.

Что с этим делатьКак специалисты вы поняли, что нам «оно надо» в обязательном порядке (или регулятор недвусмысленно подсказал), что же дальше?

В общем, оставляйте свои пожелания в комментариях в цензурном и не очень виде, буду улучшать качество подачи материала.

Все это делает практически невозможным модернизацию ЛВС СИМ помере развития вычислительных платформ и ПО, совершенствованиясетевого оборудования, кабельной системы.

Но это объективность развития.Аналогичный стенд был развёрнут и в НИИ СВТ:Примечательно то, что сеть получила наименование «OrLAN» — сеть Орлова (ORlov LAN).

И я в этот момент вспомнил о тех копьях, которые мною были сломаны в борьбе за отстаивание языка Си.Был ещё один момент.

Мне звонили из управления кадров и говорили, чтобы я не нервничал (а я и не нервничал), звание будет присвоено задним числом.

На что я резонно заметил: «А кто мне присвоил это высокое звание?».

часть (VK Kubernetes Conference 2021) Kubernetes Resource Model (KRM): Everything-as-Code о том, что всё происходящее в Kubernetes, можно выразить через тот или иной yaml.

Упоминание о SOAR в Kubernetes уже также можно встретить в документе Kubernetes DevSecOps Reference Design:Kubernetes Policy ManagementДавайте для начала посмотрим, как индустрия и CNCF сообщество подходит к этому вопросу.

Работа с PolicyReportsНа сегодняшний день существует много инструментов, которые умеют складировать результаты своей работы в PolicyReport или в ClusterPolicyReport.

Он не генерирует отчет в формате PolicyReport, а позволяет в достаточно в удобном интерфейсе просматривать всю информацию об отчетах.

SOAR…

В прошлой статье я рассказал о том, как правильно искать уязвимости и составлять отчёты для программы Bug Bounty VK, сегодня я хочу раскрыть тему вознаграждений.

Если вы когда-либо изучали правила программ Bug Bounty VK на разных платформах, то могли заметить закономерность в формировании стоимости.

Поэтому внутри каждой программы Bug Bounty VK вводится собственная система вознаграждения (таблица «Размер вознаграждения»), в которой заявлены оплачиваемые уязвимости.

Искусство конфликтаОсновные конфликты в Bug Bounty возникают именно из-за выплат или их размера.

В любой конфликтной для вас ситуации помните, что в программе Bug Bounty VK работают люди, которые всегда открыты к диалогу с исслед…

Рейтинг отказоустойчивости интернета в целом достаточно стабильный показатель развития связи уже много лет подряд, и в 2022 году в нем произошло сразу несколько значительных изменений.

Лишь осенью 2018 года представители Radionomy неожиданно сообщили, что в 2019 году Winamp преобразится, станет лучше и вернется в строй.

Хотя в Winamp 5.9 устранили множество ошибок, разработчики обещают, что в версии 5.9.1 будет исправлено еще больше известных багов.

В составленный в итоге список вошли зарплаты в офисах Google в Калифорнии, Вашингтоне и Нью-Йорке.

Атака длилась около 14 ч и на пиках достигала мощности в 853,7 Гбит/с и 659,6 миллиона пакетов в секунду.

Давление на нее в виде распределенных DDoS-атак, попыток эксплуатации уязвимостей выросла в десятки раз по сравнению с 2021 годом.

Этот тип атак неплохо распознавался и блокировался действующей системой защиты от DDoS-атак.

Фильтрация по GEO IP возможна как на уровне WAF, так и на уровне действующей системы защиты от DDoS-атак.

Разумнее пользоваться фильтрацией систем защиты от DDoS-атак.

Средства защиты от DDoS на уровне WAFПоследними по списку, но не по назначению являются средства защиты от DDoS-атак на уровне WAF.

Лука Сафонов в своё время написал хорошую статью про Bug Bounty, а недавно представил публике ещё одну — «Bug Bounty vs Penetration testing».

Также мы за уважение багхантерского комьюнити, это и мы в прошлом сами, и наши друзья и коллеги, поэтому к их просьбам и предложениям относимся очень серьёзно.

Тем не менее аналог open bug bounty и приёма багов есть у ФСТЭК (Федеральная служба по техническому и экспортному контролю).

Зарегистрирован и у PT, и у BI.ZONE.

Вот такой вышел у нас разговор с Лукой Сафоновом о программах Bug Bounty в целом и о платформе BugBounty.ru в частности.

В этот раз заказчик поручил проверить три домена и выдал учетную запись с типовыми, популярными и распространенными правами.

Заходишь на адрес на корпоративном домене, вводишь логин и пароль, и открывается интерфейс для запуска неких заранее выбранных приложений.

Доверительные отношения между доменамиВместе домены образовывали лес, где были и отдельные администраторы для каждого из доменов, и администратор леса, обладающий полными правами в каждом из них.

Это основной сервер аутентификации Active Directory, там хранятся учетные записи всех пользователей домена и выполняется их аутентификация.

Потребовалось с десяток попыток, Rubeus пришлось урезать и облегчить, но с радаров он пропал и запу…

Каждый белый хакер уникален и имеет собственный стиль, так же как художники, учителя и специалисты любого другого профиля.

Однако бывает так, что в результате действий пользователя полезная нагрузка может оказаться в теге

Компания Rockstar Games наконец выпустила патч для опасной уязвимости в GTA Online, допускавшей потерю игрового прогресса, кражу игровых денег, бан и другие неприятные последствия.

Об RCE-баге в GTA Online стало известно еще в январе.

В итоге всех пользователей Windows призывали держаться от GTA Online подальше, пока ошибка не будет исправлена.

Исследователи писали, что весь этот хаос спровоцировал разработчик читов North GTA Online, который добавил в свой продукт новые «функции», связанные с этой уязвимостью.

Кроме того, исправление создало немало проблем для Speyedr, разработчика известного кастомного брандмауэра для GTA V под названием Guardian.

В письме Google Fi сообщает, что в результате инцидента были раскрыты номера телефонов пользователей, серийные номера их SIM-карт, статусы учетных записей (активный или неактивный), даты активации учетных записей, сведения о тарифном плане.

Также заявление гласит, что злоумышленники не получили доступа к собственным системам Google или любым системам, контролируемым Google.

Хотя Google не сообщает, о каком именно операторе связи идет речь, эксперты предполагают, что речь идет о компрометации T-Mobile.

Дело в том, что в прошлом месяце стало известно об атаке на телекоммуникационного гиганта, произошедшей в ноябре 2022 года.

Несмотря на перенос SIM-карты, доступ к вашей голосовой почте был не…

Вслед за исправленным на прошлой неделе багом в маршрутизаторах Zyxel, разработчики компании устранили еще четыре уязвимости в роутерах, оптических сетевых терминалах, интернет-шлюзах и усилителях Wi-Fi.

Две другие уязвимости позволяли злоумышленнику внедрять системные команды от имени пользователя, прошедшего аутентификацию (CVE-2022-43391 — 7,1 балла по шкале CVSS, и CVE-2022-43392, так же 7,1 балла).

Еще одна уязвимость (CVE-2022-43390 — 5,4 балла по шкале CVSS), как и первая, связана с переполнением буфера.

Аналитик Positive Technologies пишет, что на момент проведения исследования уязвимые устройства Zyxel можно было обнаружить c помощью поисковых систем, в основном в ЮАР и странах Евр…

Аналитики Group-IB подсчитали точное количество баз данных российских компаний, впервые выложенных в открытый доступ в 2022 году: 311 баз.

Для сравнения, в 2021 году «слили» только 61 базу.

Общее количество строк данных пользователей, содержащихся во всех опубликованных утечках, по оценкам экспертов, превысило 1,4 млрд.

Больше всего объявлений было обнаружено на форумах — 241 база, а в Telegram были опубликованы 70 баз.

Как было сказано выше, общее количество строк данных пользователей в утечках 2022 году составило 1,4 млрд, тогда как в 2021 году их насчитывалось лишь 33 млн.

Исследователи Aqua Security обнаружили малварь HeadCrab, предназначенную для поиска и взлома уязвимых серверов Redis.

Вредонос, начавший свою активность еще в сентябре 2021 года, уже заразил более тысячи серверов и создал ботнет для добычи криптовалюты Monero.

Создатели этого ботнета пользуются тем, что на серверах Redis по умолчанию не включена аутентификация, ведь они предназначены для использования в сетях организаций и не должны быть доступны через интернет.

После установки и запуска HeadCrab предоставляет своим операторам все необходимое для получения полного контроля над системой и добавляет ее в свой майнинговый ботнет.

Полезные нагрузки загружаются через memfd, файлы присутствуют то…

Мошенники, специализирующиеся на фальшивых инвестициях в якобы перспективные криптовалютные проекты, акции, облигации, фьючерсы и опционы, были обнаружены в магазинах приложений Apple и Google.

Такие атаки называют «забоем свиней», и против своих жертв («свиней») скамеры используют социальную инженерию, находя с ними контакт в социальных сетях и приложениях для знакомств.

Правоохранители писали, что мошенники используют социальную инженерию и выходят на контакт с людьми («свиньями») в социальных сетях и приложениях для знакомств.

Как пишут эксперты из компании Sophos, «забой свиней» уже проник и в официальные магазины приложений.

Вредоносные приложения, которые обнаружили аналитики, называл…

Что дол­жно про­изой­ти, что­бы твор­чес­тво искусс­твен­ного интеллек­та смог­ло вый­ти из юри­дичес­кой «серой зоны»?

Кар­тинки, которые выда­ют ней­росети, вов­сю исполь­зуют­ся для соз­дания иллюс­тра­ций (в том чис­ле и в «Хакере») — и в исходном виде, и худож­никами в качес­тве осно­вы.

Круп­ные ком­пании обхо­дят твор­чес­тво ней­росетей сто­роной, опа­саясь воз­можных юри­дичес­ких пос­ледс­твий, а час­тные поль­зовате­ли о легаль­ных аспектах даже не задумы­вают­ся.

Юри­дичес­кая база, регули­рующая деятель­ность искусс­твен­ного интеллек­та, не нарабо­тана; законы об автор­ском пра­ве нуж­дают­ся в уточ­нени­ях.

Погово­рим вот о чем: кому при­над­лежит резуль­тат работы искусс­тве…

Хакеры атакуют компании, занимающиеся онлайн-играми и азартными играми, с помощью ранее неизвестного бэкдора, который исследователи назвали IceBreaker.

Исследователи из компании Security Joes, полагают, что бэкдор IceBreaker — это работа весьма продвинутых злоумышленников, которые используют «очень специфическую технику социальной инженерии».

Для доставки бэкдора в сеть цели злоумышленники обычно обращаются в службу поддержки компании, выдавая себя за обычных пользователей, у которых возникли проблемы со входом в систему или регистрацией.

Как видно на иллюстрации ниже, значок ярлыка Windows изменен таким образом, чтобы он выглядел максимально безобидно и походил на изображение.

Это 64-битны…

Эксперты компании Radware утверждают, что новая платформа для DDoS-атак Passion использовалась пророссийскими хактивистами для атак на медицинские учреждения в США и Европе.

«Ботнет Passion использовался во время атак 27 января 2023 года, нацеленных на медицинские учреждения в США, Португалии, Испании, Германии, Польше, Финляндии, Норвегии, Нидерландах и Великобритании в ответ на поставку танков на Украину», — пишут исследователи в своем отчете.

Всего в арсенале Passion доступно десять векторов атак, что позволяет хакерам настраивать свои кампании и комбинировать векторы для обхода защиты жертв:HTTP Raw;Crypto;UAM Browser;HTTPS Mix;Browser;Bypass;DNS l4;Mixamp l4;OVH-TCP l4;TCP-Kill l4.

Сем…

Многие пользователи Windows 10 столкнулись с навязчивыми полноэкранными уведомлениями, которые информируют о возможном «бесплатном обновлении» до Windows 11 и предлагают ознакомиться с возможностями новой версии ОС.

Исходное полноэкранное всплывающее окно похоже на первую загрузку Windows 11, и, судя по всему, использует XAML.

Сообщение информирует пользователя, что на его устройстве теперь «разблокировано» бесплатное обновление до Windows 11, и можно продолжать работать с Windows 10, пока Windows 11 загружается в фоновом режиме.

Несмотря на наличие в этом окне кнопки «Keep Windows 10» («Остаться на Windows 10»), ее нажатие не поможет избавиться от раздражающего уведомления.

Здесь пользоват…

Хакерская группа InTheBox рекламирует на русскоязычных хак-форумах набор из 1894 веб-инжектов (оверлеев для фишинговых окон) для кражи учетных и конфиденциальных данных из банковских, криптовалютных и e-commerce приложений.

Аналитики компании Cyble пишут, что оверлеи группировки совместимы с различными банковскими вредоносами для Android и имитируют самые разные приложения, принадлежащие крупным организация в десятках стран мира.

Доступность оверлеев в таком количестве и по низким ценам позволяет киберпреступникам сосредоточиться на других аспектах своих вредоносных кампаний, разработке малвари, а также расширить атаки на другие регионы, предупреждают исследователи.

Для тех, кто не хочет по…

«Известия» сообщают, что до конца текущего года компания «Яндекс» намерена интегрировать в свои сервисы новую нейросеть YaLM 2.0, основанную на языковой модели YaLM (Yet another Language Model), вдохновленной GPT-3 от компании OpenAI и другими языковыми моделями на архитектуре Transformer.

Как сообщил журналистам источник, знакомый с планами «Яндекс», в ближайшее время начнется обучение YaLM 2.0, а первые интеграции с сервисами могут запустить до конца этого года.

А в «Почте» нейросеть поможет отправителю быстро составить развернутое письмо в выбранной стилистике, а получателю изложить краткое содержание полученных сообщений.

Внедрение YaLM 2.0 позволит поиску самому генерировать ответы, ис…

Тут тебе и филь­тры, и хороший интерфейс, и докумен­тация, и под­робней­ший вывод о каж­дом пакете.

info Ос­нователь ком­пании Brim, раз­работ­чика ZUI, — это не кто иной, как Стив Мак­кейн, соз­датель фор­мата PCAP, BPF и соав­тор tcpdump.

Этих зна­ний нам хва­тит, что­бы исполь­зовать ZUI в его самом инте­рес­ном для нас вари­анте при­мене­ния — ана­лизе тра­фика.

Применяем ZUI на практике и пишем запросыНа­чать сто­ит с того, что писать зап­росы с помощью ZQL query сов­сем не труд­но.

Я под­готовил для тебя при­меры зап­росов поис­ка, которые пок­роют основные юзкей­сы при работе с ZUI.

Специалисты сообщили, что в открытый доступ попали данные, принадлежащие российскому производителю оборудования и разработчику программного обеспечения для автоматизации торговли «Атол».

В компании повредили факт взлома и отметили, что около 5% клиентов и партнеров получили спам-сообщения от злоумышленников.

Также в архиве был обнаружен текстовый файл, судя по всему, содержащий данные для почтовых и SMS-рассылок, в котором насчитывается 157 101 строка.

Сообщается, что в файле можно найти сведении о клиентах и партнерах компании, в том числе адресе электронной почты, ФИО, ИНН, наименования организаций и контактные телефоны.

Сервисы и оборудование АТОЛ продолжают работать в нормальном режиме»…

Представители «Яндекс» сообщили СМИ, что Алиса никогда не прослушивала пользователей «умных» устройств, а алгоритм, посредством которого микрофон включается без упоминания «Алисы», работает только в бета-версии, тестируемой самими сотрудниками компании.

Как теперь сообщает РБК, в «Яндекс» прокомментировали ситуацию, подчеркнув, что компания никогда не прослушивала пользователей «умных» устройств, а алгоритм, посредством которого микрофон включается без упоминания «Алисы», работает только в бета-версии, тестируемой сотрудниками компании.

Данный алгоритм работает только в “бете”, и результатом его работы является уменьшение количества ложных срабатываний ассистента для всех пользователей», — …

A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform.

"PixPirate belongs to the newest generation of Android banking trojan, as it can perform ATS (Automatic Transfer System), enabling attackers to automate the insertion of a malicious money transfer over the Instant Payment platform Pix, adopted by multiple Brazilian banks," researchers Francesco Iubatti and Alessandro Strino said.

Besides stealing passwords entered by users on banking apps, the threat actors behind the operation have leveraged code obfuscation and encryption using a framework known as Auto.js to resist reverse engineering efforts.

The dro…

VMware ESXi hypervisors are the target of a new wave of attacks designed to deploy ransomware on compromised systems.

French cloud services provider OVHcloud said the attacks are being detected globally with a specific focus on Europe.

It's being suspected that the attacks are related to a new Rust-based ransomware strain called Nevada that emerged on the scene in December 2022.

However, Bleeping Computer reports that the ransom notes seen in the attacks bear no similarities to Nevada ransomware, adding the strain is being tracked under the name ESXiArgs.

Users are recommended to upgrade to the latest version of ESXi to mitigate potential threats as well as restrict access to the OpenSLP se…

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild.

Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon.

Alternatively, the cybersecurity company said it's possible for threat actors to exploit reused, weak, or default credentials to obtain administrative access to the console.

There is no patch currently available for the zero-day vulnerability, although Fortra has released workarounds to remove the "License Response Servlet" configuration from the web.xml file.

Vulnerabilities in file transfer solutions have become appealing targets for threat actors, what with flaws i…

Two new security weaknesses discovered in several electric vehicle (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft.

The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing the EV charging infrastructure.

The issues have been identified in version 1.6J of the Open Charge Point Protocol (OCPP) standard that uses WebSockets for communication between EV charging stations and the Charging Station Management System (CSMS) providers.

The forging is made possible owing to the fact that CSMS providers are configured to solely rely on the charging point identity for authenticat…

In a continuing sign that threat actors are adapting well to a post-macro world, it has emerged that the use of Microsoft OneNote documents to deliver malware via phishing attacks is on the rise.

Enterprise firm Proofpoint said it detected over 50 campaigns leveraging OneNote attachments in the month of January 2023 alone.

In some instances, the email phishing lures contain a OneNote file, which, in turn, embeds an HTA file that invokes a PowerShell script to retrieve a malicious binary from a remote server.

"Most file types that can be processed by MSHTA, WSCRIPT, and CSCRIPT can be executed from within OneNote," TrustedSec researcher Scott Nusbaum said.

"These file types include CHM, HTA,…

The Iranian nation-state hacking group known as OilRig has continued to target government organizations in the Middle East as part of a cyber espionage campaign that leverages a new backdoor to exfiltrate data.

"The campaign abuses legitimate but compromised email accounts to send stolen data to external mail accounts controlled by the attackers," Trend Micro researchers Mohamed Fahmy, Sherif Magdy, and Mahmoud Zohdy said.

Also put to use in the second stage is a dynamic-link library (DLL) file that's capable of harvesting credentials from domain users and local accounts.

The most notable aspect of the .NET backdoor is its exfiltration routine, which involves using the stolen credentials to…

Cybersecurity is quickly becoming one of the most significant growth drivers for Managed Service Providers (MSPs).

Service providers have a huge opportunity to expand their business and win new customers by developing their cybersecurity offerings.

In other words, MSPs have a unique opportunity to build a security brand by better serving their customers' needs.

Building a competitive advantageMSPs are first and foremost service companies, looking to help their customers in their digital operations.

There lies a unique opportunity to re-think security as a process, or security as a service.

Atlassian has released fixes to resolve a critical security flaw in Jira Service Management Server and Data Center that could be abused by an attacker to pass off as another user and gain unauthorized access to susceptible instances.

The vulnerability is tracked as CVE-2023-22501 (CVSS score: 9.4) and has been described as a case of broken authentication with low attack complexity.

"An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances," Atlassian said.

The Australian software services provider said the vulnerabilit…

F5 has warned of a high-severity flaw impacting BIG-IP appliances that could lead to denial-of-service (DoS) or arbitrary code execution.

"In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary."

Given that the iCOntrol SOAP interface runs as root, a successful exploit could permit a threat actor to remotely trigger code execution on the device as the root user.

F5 noted that it has addressed the problem in an engineering hotfix that is available for supported versions of BIG-IP.

As a workaround, the company is recommending users restrict access to the iControl SOAP API to only trusted users.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on February 2 added two security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, citing evidence of active exploitation.

The first of the two vulnerabilities is CVE-2022-21587 (CVSS score: 9.8), a critical issue impacting versions 12.2.3 to 12.2.11 of the Oracle Web Applications Desktop Integrator product.

"Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator," CISA said.

The issue was addressed by Oracle as part of its Critical Patch Update released in October 2022.

The development…

GammaLoad is a VBScript dropper malware engineered to download next-stage VBScript from a remote server.

GammaSteel is a PowerShell script that's capable of conducting reconnaissance and executing additional commands.

The disclosure comes as the Computer Emergency Response Team of Ukraine (CERT-UA) disclosed details of a new malicious campaign targeting state authorities of Ukraine and Poland.

However, upon launching the file – a Windows batch script named "Protector.bat" – it leads to the execution of a PowerShell script that's capable of capturing screenshots and harvesting files with 19 different extensions from the workstation.

"As the Ukraine-Russia war continues, the cyber attacks on …

However, despite growing attention and budgets for cybersecurity in recent years, attacks have only become more common and more severe.

Additionally, nearly 70% of cybersecurity workers "feel their organization does not have enough cybersecurity staff to be effective."

Threat intelligence can no longer just be an expense– it must be a business-enabler that provides measurable value to the enterprise.

Cyberint, a leading threat intelligence vendor headquartered in Israel, is driving the evolution to impactful intelligence with the Argos Edge platform.

To learn more about Cyberint's new approach to threat intelligence, check out this webinar on the Journey To Impactful Intelligence with Cyber…

A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems.

That's according to Finnish cybersecurity company WithSecure (formerly F-Secure), which codenamed the incident No Pineapple.

"The threat actor gained access to the network by exploiting a vulnerable Zimbra mail server at the end of August," WithSecure said in a detailed technical report shared with The Hacker News.

This step was succeeded by the installation of web shells and the exploitation of local privilege escalation vulnerability in the Zimbra server (i.e., Pwnkit aka CVE-2021-4034), thereby ena…

At least 1,200 Redis database servers worldwide have been corralled into a botnet using an "elusive and severe threat" dubbed HeadCrab since early September 2021.

"This advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by agentless and traditional anti-virus solutions to compromise a large number of Redis servers," Aqua security researcher Asaf Eitani said in a Wednesday report.

The findings come two months after the cloud security firm shed light on a Go-based malware codenamed Redigo that has been found compromising Redis servers.

The attack is designed to target Redis servers that are exposed to the internet, followed by issuing a SLAVEOF command…

Cybersecurity researchers have disclosed details of two security flaws in the open source ImageMagick software that could potentially lead to a denial-of-service (DoS) and information disclosure.

The two issues, which were identified by Latin American cybersecurity firm Metabase Q in version 7.1.0-49, were addressed in ImageMagick version 7.1.0-52, released in November 2022.

The specially crafted image, for its part, can be created by inserting a text chunk that specifies some metadata of the attacker's choice (e.g., "-" for the filename).

"If the specified filename is '-' (a single dash), ImageMagick will try to read the content from standard input potentially leaving the process waiting f…

EdFinancial and the Oklahoma Student Loan Authority (OSLA) are notifying over 2.5 million loanees that their personal data was exposed in a data breach.

The target of the breach was Nelnet Servicing, the Lincoln, Neb.-based servicing system and web portal provider for OSLA and EdFinancial, according to a breach disclosure letter.

That exposed information included names, home addresses, email addresses, phone numbers and social security numbers for a total of 2,501,324 student loan account holders.

“With recent news of student loan forgiveness, it’s reasonable to expect the occasion to be used by scammers as a gateway for criminal activity,” Bischoping said.

Last week, the Biden administrati…

Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

The threat actor, according to researchers, is believed to be the China-based APT TA423, also known as Red Ladon.

In lieu of malware, attackers can use ScanBox in conjunction with watering hole attacks.

Adversaries load the malicious JavaScript onto a compromised website where the ScanBox acts as a keylogger snagging all of a user’s typed activity on the infected watering hole website.

This allows ScanBox to connect to a set of pre-configured targets,” researchers explain.

The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.

“These users received text messages containing links to phishing sites that mimicked the Okta authentication page of their organization.”Impacted were 114 US-based firms, with additional victims of sprinkled across 68 additional countries.

“The 0ktapus campaign has been incredibly successful, and the full scale of it may not be known for some time,” he said.

What the 0ktapus Hackers WantedThe 0ktapus attackers are believed to have begun their campaign by targeting telecommunications companies in hopes of winning access to potential targets’…

Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

After a recent dip, ransomware attacks are back on the rise.

With data gathered by “actively monitoring the leak sites used by each ransomware group and scraping victim details as they are released,” researchers have determined that Lockbit was by far the most prolific ransomware gang in July, behind 62 attacks.

It may well be that the resurgence in ransomware attacks, and the rise of these two particular groups, are intimately connected.

Why Ransomware Has BouncedResearchers from NCC Group counted 198 successful ransomware campaigns in July – up 47 percent from June.

New research indicates that over 80,000 Hikvision surveillance cameras in the world today are vulnerable to an 11 month-old command injection flaw.

Hikvision – short for Hangzhou Hikvision Digital Technology – is a Chinese state-owned manufacturer of video surveillance equipment.

Last Fall, a command injection flaw in Hikvision cameras was revealed to the world as CVE-2021-36260.

According to David Maynor, senior director of threat intelligence at Cybrary, Hikvision cameras have been vulnerable for many reasons, and for a while.

Furthermore, IoT devices might not give users any indication that they’re unsecured or out of date.

Twitter is blasted for security and privacy lapses by the company’s former head of security who alleges the social media giant’s actions amount to a national security risk.

Twitter has responded alleging that Zatko is a “disgruntled employee” who was fired for poor performance and leadership.

This, according to Zatko, elevates his concerns to a matter of national security.

Twitter allowed some foreign governments “… to infiltrate, control, exploit, surveil and/or censor the ‘company’s platform, staff, and operations,” according to the redacted whistleblower report submitted to congress.

NEW: First time Twitter CEO @paraga weighs in on whistleblower story.

CISA is warning that Palo Alto Networks’ PAN-OS is under active attack and needs to be patched ASAP.

Earlier this month, Palo Alto Networks issued a fix for the high-severity bug (CVE-2022-0028) that it says adversaries attempted to exploit.

PAN-OS versions vulnerable to attack, with patches available, include PAN-OS prior to 10.2.2-h2, PAN-OS prior to 10.1.6-h6, PAN-OS prior to 10.0.11-h1, PAN-OS prior to 9.1.14-h4, PAN-OS prior to 9.0.16-h3 and PAN-OS prior to 8.1.23-h1.

CISA Adds Bug to KEV CatalogOn Monday, CISA added the Palo Alto Networks bug to its list of Known Exploited Vulnerabilities Catalog.

This type of attack allows an adversary to magnify the amount of malicious traffic they …

Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.

Warnings come from security researchers who say TA558 cybercriminals have revamped their 2018 campaigns with fake reservation emails that contain links – that if clicked – deliver a malicious malware payload containing a potpourri of malware variants.

ISO and RAR are single compressed files, that if executed, decompress the file and folder data inside of them.

TA558 conducted 27 campaigns with URLs in 2022, compared to just five campaigns total from 2018 through 2021.

This actor used a variety of delivery mechanisms including URLs, RAR attachments…

Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.

Apple is urging macOS, iPhone and iPad users immediately to install respective updates this week that includes fixes for two zero-days under active attack.

One of the flaws is a kernel bug (CVE-2022-32894), which is present both in iOS and macOS.

“For most folks: update software by end of day,” tweeted Rachel Tobac, the CEO of SocialProof Security, regarding the zero-days.

The flaws in iOS are especially worrying, given the ubiquity of iPhones and users’ utter reliance on mobile devices for their daily lives, he said.

Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday.

Google credits Ashley Shen and Christian Resell of its Google Threat Analysis Group (TAG) for reporting the zero-day bug, which could allow for arbitrary code execution, on July 19.

FedCM—short for the Federated Credential Management API–provides a use-case-specific abstraction for federated identity flows on the web, according to Google.

Fifth Chrome 0Day Patch So FarThe zero-day patch is the fifth Chrome bug under active attack that Google has patched so far this year.

In April, Google patched CVE-2022-136…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

As our latest APT Activity Report makes abundantly clear, the threat of cyberespionage and stealthy attacks remains very realThe threat of cyberespionage and stealthy cyberattacks remains very real, and the data from ESET’s T3 2022 APT Activity Report released this week backs this up.

In this video, Tony shares some of the key takeaways from the report, which reviews the operations of some of the world’s most notorious nation state-affiliated and state-sponsored hacking collectives from September to December 2022.

So what have various APT groups aligned with Russia, China, Iran and North Korea been up to lately?

The full report is available here: ESET APT Activity Report T3 2022Connect with…

Tell-tale signs of scam surveysThese scam campaigns are increasingly big business for cybercriminals.

In December 2022, a popular survey scam abused the brand of chocolate-maker Cadbury to do this – promising recipients the chance to win ‘an exclusive Christmas Chocolate Magic Basket’ if they took a short quiz.

In December 2022, a popular survey scam abused the brand of chocolate-maker Cadbury to do this – promising recipients the chance to win ‘an exclusive Christmas Chocolate Magic Basket’ if they took a short quiz.

en route to the fake survey, as was the case with this scam, which promised a $500 Ulta Beauty gift card to victims.

How to protect yourselfWith the above in mind, it makes se…

Restricting what you publish and share online makes sense in a digital world increasingly populated by cyber-thieves and shady data brokers.

If over the years you’ve set up online accounts you don’t really need and use anymore, shut them down.

That doesn’t just put your digital privacy at risk, it can also imperil physical safety.

Others may be downright criminal efforts designed to steal your personal information for use in phishing campaigns and/or to sell on the dark web.

If the answer is still “yes,” do you need to sync all of your personal data to it?

An overview of the activities of selected APT groups investigated and analyzed by ESET Research in T3 2022ESET APT Activity Report T3 2022 summarizes the activities of selected advanced persistent threat (APT) groups that were observed, investigated, and analyzed by ESET researchers from September until the end of December 2022.

In the monitored timespan, Russia-aligned APT groups continued to be particularly involved in operations targeting Ukraine, deploying destructive wipers and ransomware.

Malicious activities described in ESET APT Activity Report T3 2022 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry and has been verified by ESET Resea…

Data Privacy Week is a reminder to protect your data – all year round.

Every action we take on the internet generates data that is shared with online services and other parties.

It stands to reason, then, that we need to assert control over how much and what kind of personal information we hand over to online services and generally limit the amount of our data floating around in cyberspace.

This week is Data Privacy Week and it’s a reminder to review your data protection habits and, indeed, to make protecting your online privacy a priority – all year round.

Start by taking simple steps that will protect your privacy online!

Sandworm continues to conduct attacks against carefully chosen targets in the war-torn countryESET researchers have uncovered a new wiper attack in Ukraine that they attribute to the Sandworm APT group.

Dubbed SwiftSlicer, the destructive malware was spotted on the network of a targeted organization on January 25th.

Attackers deployed a new wiper we named #SwiftSlicer using Active Directory Group Policy.

The #SwiftSlicer wiper is written in Go programing language.

An Industroyer2 attack was thwarted with help from ESET researchers in April of last year.

The process is often invisible, with data covertly collected from the actions that we take and the snippets of information that we openly disclose.

Educating consumers on the value and importance of their personal data is the very reason that back in January 2008, the US and Canada created Data Privacy Day.

The day itself, January 28th, commemorates the 1981 signing of Convention 108, an international treaty dealing with privacy and data protection.

The value of data is now recognized by companies and governments, thus leading to the significant capturing of personal data.

Awareness-driving activities such as Data Privacy Week are important, as they drive conversations between individuals, …

Centralized vs. decentralizedTwitter is owned and operated by Twitter, Inc., a single company that defines the social network’s policy, moderation rules, and general organization.

Mastodon gGmbH is a nonprofit responsible for developing open-source software, in this case Mastodon.

That is to say, each Mastodon server is a completely independent entity, able to interoperate with others to form one global social network.

Switching from Twitter to Mastodon could, therefore, assuage your data privacy concerns that stem from the former’s data collection practices.

On both Twitter and Mastodon: Remember to choose a strong and unique password or passphrase and enable two-factor authentication (2FA…

How playing videogames helps kids learn valuable skills1.

Cognitive skillsIt’s not out of nowhere that kids seem to get glued to the screen when playing a game.

For one, gaming can help kids learn how to break problems down into smaller pieces and then work on one piece at a time.

Reasoning skillsUnderstanding how to read data, how different tools work and how to read different metrics are all valuable skills that help kids understand the world around them.

Kids should game only while under adult supervisionWhile these are great skills to learn, they are not sufficient to warrant giving kids the green light to play whenever and whatever they want.

Does VALORANT’s approach to cheating signal a turning point in how we deal with the continued hacks afflicting our hybrid world of work and play?

Finally, how will this approach affect other parts of our hybrid, cloud-enabled world, and is there a link?

But just as the cyber-battle against hacks threatening our hybrid lives persists, so does the battle against cheating in games.

Can the gaming community’s response to cheating be instructive for our own hybrid world?

And so ends our mini-series of articles about the benefits and costs of our hybrid world – the world that opens new opportunities to collaborate and socialize, to mix business and leisure, and to work and play.

Ransomware revenue plunges to $456 million in 2022 as more victims refuse to pay up.

Ransomware gangs extorted at least $456 million from victims in 2022, which represents a drop of 40 percent from$765 million the year prior, according to research by Chainalysis.

Couple this with a fall of 24 percent in ransomware detections between May and August of 2022 as recorded by ESET Threat Report T2 2022.

What’s behind the drop in ransomware payments last year?

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center Submit

Tech support scammers have been offering bogus technical support services and “resolving” people’s non-existent problems with their devices or software for years.

How do (the latest) tech support scams work?

Tech support scams have evolved significantly over the past more than a decade.

Of course, this is not the only variation on the tech support scam doing the rounds.

Tech support scams have been with for more than a decade, and they’ll be around for a long time to come.

Common Venmo scams to watch out forVenmo scams can take many forms.

One of the simplest scams is for a fraudster to persuade the victim to send money (or part of it) without delivering the item in question.

Venmo phishingIn one variety, a fraudster manages to log into the victim’s Venmo account, perhaps by buying their username and password from a dark web site.

Or the scammer may pay using stolen card details, which means the payment is subsequently removed from the victim’s Venmo account.

Venmo also offers a contact form for users who have received a request they aren’t sure about, and a mechanism to report suspected scams.

Everything was possible without even having an official business account with pro features and complex analytics; it was anyone’s game.

This concentration of data, data processing and creation tools (your camera included), and communication tools, all in one, is a big shift in how we organize our lives.

In parallel, there are a host of other messaging apps being repurposed for business that several million people use: dating apps.

The risks of mixing professional and personal livesMixing business with your social life is a growing trend.

Blurring use cases for apps across the personal and professional can have serious consequences.

StrongPity’s backdoor is fitted with various spying features and can record phone calls, collect texts, and gather call logs and contact listsThis week, the ESET research team published their findings about an espionage campaign by the StrongPity APT group that spreads a fully functional, but trojanized version of the legitimate Telegram app for Android.

The malicious app – which has various spying features, including recording phone calls and collecting SMS messages – is distributed via a copycat website that mimics Shagle, an adult video-chat service.

Watch the video to learn more not just about the platform, but especially about the StrongPity attacks and its targets and tactics.

For a f…

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Apple patches are out – old iPhones get an old zero-day fix at last!

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

ExtraHop partners with Binary Defense to offer Reveal(x) 360, ExtraHop’s SaaS-based network detection and response (NDR) solution, as a managed service.

To better address this vulnerability, ExtraHop and Binary Defense are partnering to help customers protect their business and achieve rapid time to value with a human-driven, technology-assisted approach.

With this partnership, customers will have access to 24/7/365 monitoring via Binary Defense’s security operations center (SOC) utilizing ExtraHop to eliminate blindspots, detect lateral movement, and resolve advanced threats 87% faster than other detection tools.

“We are honored and excited to be selected as the preferred partner for deliv…

Gigamon announced that Chaim Mazal has been named Chief Security Officer (CSO), joining the Gigamon executive leadership team and will report directly to President and CEO Shane Buckley.

Mr. Mazal will be responsible for global security, information technology, network operations, governance, risk, compliance, and internal business systems, as well as the security of Gigamon product offerings.

Prior to joining Gigamon, Mr. Mazal served in several executive leadership positions, most recently at Kandji as the SVP of technology and CISO.

In this new role, Ms. Sagar will provide strategic and operational leadership to the executive leadership team and the broader organization.

“On behalf of ev…

Drata has launched Audit Hub, a new tool to amplify customer-auditor collaboration and real-time audit correspondence.

Integrating feedback directly from its Auditor Alliance, Drata designed Audit Hub to centralize key communication and audit needs in its own platform to further simplify audit readiness and streamline the continuous compliance journey.

When pursuing relevant compliance frameworks, an open line of communication between the company and auditor is integral to a successful audit.

Audit Hub addresses these challenges by integrating key communication features and eliminating the need to toggle between multiple tools, saving both customers and auditors valuable time otherwise spen…

Deepwatch and Trace3 announced Trace3 Managed Detection and Response (MDR) Services powered by Deepwatch.

Together, Deepwatch and Trace3 will deliver end-to-end solutions that enable clients to keep pace with the dynamic cyber threat landscape and deliver exceptional service and security outcomes.

In addition, Trace3 has selected Deepwatch as its MDR partner for protecting its internal environment.

Seeing first hand what Deepwatch can do, we proudly continue to integrate their services into the cybersecurity solutions we architect for our clients,” Kissinger continued.

Under an enhanced partnership, Trace3 will integrate Deepwatch services into their solutions, designated with a “powered by…

MITRE released the Cyber Resiliency Engineering Framework (CREF) Navigator — a free, visualization tool that allows organizations to customize their cyber resiliency goals, objectives, techniques, as aligned with NIST SP 800-160, Volume 2 (Rev.

“We’ve taken the original cyber resiliency framework we created with NIST and now made it searchable and visualized,” said Shane Steiger, principal cybersecurity engineer, MITRE.

“During the last year of development, we integrated the CREF Navigator with MITRE ATT&CK techniques and mitigations found in ATT&CK and NIST SP 800-160 Volume 2 (Rev.

We also are using the Navigator to encourage engineers to characterize their cyber resiliency capabilities,”…

Australian software maker Atlassian has released patches for CVE-2023-22501, a critical authentication vulnerability in Jira Service Management Server and Data Center, and is urging users to upgrade quickly.

“Installing a fixed version of Jira Service Management is the recommended way to remediate this vulnerability.

If you are unable to immediately upgrade Jira Service Management, you can manually upgrade the version-specific servicedesk-variable-substitution-plugin JAR file as a temporary workaround,” they advised.

About CVE-2023-22501Jira Service Management Server and Data Center are enterprise solutions for IT service management, connecting and allowing collaboration between development…

Here’s a look at the most interesting products from the past week, featuring releases from Arkose Labs, Hornetsecurity, HYCU, KELA, and Trulioo.

Hornetsecurity unveils two tools to counter rise in phishing attacks and malicious linksHornetsecurity launched two new tools – the QR Code Analyzer and Secure Links – to combat growing cyber threats.

KELA launches cyber intelligence platform to empower proactive digital crime preventionKELA launched a new and consolidated cyber intelligence platform, consisting of a new intuitive user interface and four complementary modules: Threat Landscape, Monitor, Hunt, and Tactical Intelligence.

Trulioo identity verification platform helps businesses achieve…

The UK has encouraged CNI providers to improve their security, but the frequency of attacks continues to increase.

Protect critical infrastructure: Layering securityOne of the preferred methods for keeping CNI safe is by layering the perimeter with multiple walls of protection.

There is no need for downtime for installation or updates, vital for CNI organizations that need to maintain continuous operations.

While the threat level remains high, the organizations that maintain CNI will need to step up their security posture.

An agentless approach is recommended, providing a reliable approach for monitoring in real time—but it is not enough on its own.

ManageEngine’s study has also revealed a surge in cloud adoption, with 72% of respondents using multi-cloud applications and another 5% using hybrid cloud systems.

Amid this situation, enterprises are forced to tackle numerous cloud security threats, including compromised accounts.

Enterprises are hampered by short-staffed SOCs, leading to concerns about cloud security resiliency.

As many as 77% of respondents stated that they only have three to five security analysts running their SOCs.

The three most common and impactful cloud security threats are identity-based.

In addition, 4% of U.S. security professionals report not using a SIEM platform, and of those respondents, 81% were confident.

Prevention a higher priority than threat detection, investigation, and response (TDIR)One reason security teams struggle to prevent breaches is that adversaries are often already in the network, undetected.

Prevention has failed.”Teams overconfident in ability to prevent attacksWhile nearly all respondents are certain they can prevent attacks, this confidence drops when challenged.

“Business leaders are asking, ‘Why do bad things keep happening?’ The answer is security teams are overconfident,” said Tyler Farrar, CISO, Exabeam.

With blind spots and noisy alerts, it’…

Netwrix has released new multi-tenant, software-as-a-service (SaaS) auditing solution Netwrix 1Secure designed to meet the needs of MSPs.

Its cloud architecture helps MSPs ensure the security and compliance of their clients’ systems and data from a single console.

— Netwrix 1Secure uses a transparent pricing model in which MSPs pay per managed AD user, the same way they charge their own clients.

Enriched ecosystem of professional services automation (PSA) tools— Netwrix 1Secure integrates seamlessly with ConnectWise and ServiceNow.

“With Netwrix 1Secure, MSPs can easily audit the IT environments of multiple clients, both on premises and in the cloud.

HYCU unveiled R-Cloud to allow Software as a Service (SaaS) companies and Independent Software Vendors (ISVs) to provide, in days, backup and recovery services for their SaaS offerings.

That is why we have re-thought the way data protection is done and found a way to provide ISVs and SaaS vendors the ability to add data protection with ease.

At its foundation, the R-Cloud platform empowers SaaS companies to leverage HYCU’s data protection expertise, orchestration, identity and access management, policy management, and analytics to ensure all SaaS data is protected.

Now, IT admins and developers that need data protection regardless of SaaS-based application will be able to access data protec…

Keepit has launched its backup and recovery solution for Power BI.

With the release of Keepit for Power BI, Keepit is extending its data protection service for Microsoft’s cloud solutions.

Power BI is the first of the Microsoft Power Platform services to be added to Keepit’s solutions, with support for Power Apps and Power Automate planned for later in 2023.

Keepit’s protection for Power BI is secure and simple, and recovery of data is swift.

With smart search and restore features, Keepit’s Power BI customers can restore multiple terabytes per day and get Power BI data back into its original location, along with original metadata and relationships.

Pixalate has released new iCloud Private Relay (iCPR) IVT detection features in the Pixalate Analytics dashboard to help clients measure their exposure to iCPR traffic.

Pixalate found 21% of US mobile and desktop Safari traffic in Q4 2022 was associated with iCloud Private Relay traffic.

The new IVT type covers potentially fraudulent behavior within iCPR traffic including:Data Centers: Traffic originating from an invalid data center IP range;Traffic originating from an invalid data center IP range; Device Types: Traffic that has inappropriate device types associated with it, and;Traffic that has inappropriate device types associated with it, and; Traffic Patterns: Traffic featuring suspicio…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

 

Сделал презентацию по обновлению ISO 27001:2022 ISO 27001:2022 What has changed.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

Моя презентация "ISO Survey 2021: ISO 27001 certificates".Сырые данные - https://www.iso.org/the-iso-survey.html

Как вы наверное знаете, я уже несколько лет собираю на Патреоне комплекты документов (рекомендации, чек-листы и шаблоны) полезные для внедрения СУИБ по ISO 27001 и обеспечения privacy (GDPR и ISO 27701):1. ISMS Implementation Toolkit (ISO 27001)2. Privacy Implementation Toolkit (GDPR and ISO 27701)Теперь все документы можно скачать и на российском сервисе Boosty - https://boosty.to/isms8020Подписывайтесь и поддержите этот проект!

Хочу вам напомнить, что рекомендации по внедрению СУИБ по стандарту ISO 27001 и подготовке к аудитам выложены на Boosty, язык русский - https://boosty.to/isms8020/posts/0f6f575a-26c3-4ff9-88fa-64799c3c9772

Обновил и опубликовал на Slideshare свою презентацию про стандарты и руководства по управлению ИБ при взаимодействии с поставщиками. Supply management 1.1.pdf from Andrey Prozorov, CISM

Опубликовал на SlideShare несколько своих старых презентаций по GDPR и Privacy:All about a DPIA - https://www.slideshare.net/AndreyProzorov/all-about-a-dpia-by-andrey-prozorov-20-220518pdfEmployee Monitoring and Privacy - https://www.slideshare.net/AndreyProzorov/employee-monitoring-and-privacypdfGDPR and Personal Data Transfers - https://www.slideshare.net/AndreyProzorov/gdpr-and-personal-data-transfers-11pdfGDPR and Security - https://www.slideshare.net/AndreyProzorov/gdpr-and-securitypdfGDPR RACI - https://www.slideshare.net/AndreyProzorov/gdpr-racipdfGDPR EU Institutions and bodies - https://www.slideshare.net/AndreyProzorov/gdpr-eu-institutions-and-bodiespdf

Я люблю и использую майндкарты уже 15 лет, а недавно обновил свою "Майндкарту о майндкартах", теперь она на английском языке.Скачать ее в PDF и Xmind можно тут - https://www.patreon.com/posts/65251502 или тут - https://boosty.to/isms8020/posts/c69bdcee-f0eb-48be-ab4a-29b1f84d1996А посмотреть прошлый вариант на русском языке тут - https://80na20.blogspot.com/2012/07/blog-post_10.html

А вы знали, что OpenSSH на macOS позволяет пасс-фразы от ваших ssh-ключей добавить в keychain, чтобы автоматом подтягивать их при подключении?Делаем:ssh-add --apple-use-keychain ~/.ssh/[priv-key]И подключаем в конфиге агента ~/.ssh/config:Host * UseKeychain yes AddKeysToAgent yes IdentityFile ~/.ssh/id_rsaГотово, вы сэкономили немного своего времени на ввод passphrase.Если ключей несколько, то агент по имени ключа будет доставать нужную фразу.P.S На старых версиях MacOS команда чуть отличается, вот тут подглядите.Ну а теперь похоливарим за безопасность такого метода, особенно если у вас включен iCloud sync? 🤪

Понял тут, что не рассказывал о trufflehog, наверное лучшем на сегодншний день решении для поиска секретов. SSH и API ключи, пароли к бд, токены, облачные учетные данные и многое другое. Там уже 700 детекторов/регулярок, причем для некоторых есть сразу автоматическая проверка. Нашли например креды к AWS или GCP, нажали кнопочку и trufflehog любезно постучал в нужную апишку для валидации.Еще помимо привычных множественных сканов репозиториев, есть возможность поиска по файловой системе и даже s3 бакетам. Бонусом можно скачать плагин для браузера чтобы и по JS пройтись.Короче, мастхев для безопасности ваших пайплайнов и обнаружения секретов, которые кто-то случайно забыл положить куда следует…

Пссс, завезем немного движа в ИБ?Давно вынашивал идею закрытого сообщества для безопасников, где можно было бы черпать экспертизу, обмениваться опытом, получать актуальную информацию и просто общаться с крутыми и интересными людьми.Почему закрытого? Потому что сами знаете специфику нашего направления, когда далеко не все готовы обсуждать многие вещи публично. Но согласитесь, у многих есть опыт, которым можно поделиться и который может быть очень полезен. Мне кажется закрытый формат может хотя бы частично эту проблему решить.В общем, не буду ходить вокруг да около, сейчас я на этапе проверки гипотезы поэтому очень хочется получить от вас обратную связь.Основную идею постарался изложить тут >…

Я снова пропал, но тут такая новость сегодня, что нельзя было не поделиться — поддержка Passkeys теперь официально доехала до Google Chrome (Chrome Stable M108 если быть точным).На всякий случай Passkeys — это инициатива альянсов FIDO и W3C по разработке стандарта аутентификации без использования паролей, которые являются занозой в заднице в современном мире: утечки, брутфорс, сменяемость, желание написать его на листочке и приклеить к монитору и пр.Короче крутые чуваки собрались как-то, подумали и изобрели WebAuthn. Потом инициативу поддержали Apple, Google и Microsoft, обернули это в Passkeys и вот он, продукт который можно внедрять и нести людям (многие уже давно принесли даже, только Go…

Вопрос который меня в последнее время сильно волнует. Будет очень круто если поучаствуете анонимно.Если вы еще не касались истории с импортозамещением — игнорируйте (хотя предположу, что коснулось многих).Собственно вопрос ↓

Наверное лучший роадмап по сертификациям в ИБ, отсортированный по направлениям и уровню сложности.В очередной раз в этом убедился.> https://pauljerimy.com/security-certification-roadmap/ <p.s выглядит это конечно страшно, но что не сделать ради многострочного статуса в Linkedin, да? 😁

Там в либе Apache Commons Text нашли уязвимость, позволяющую выполнять удаленное выполнение кода — CVE-2022-42889. Но несмотря на CVSS 9.8, уязвимость затрагивает только несколько методов, связанных с интерполяцией данных, что в целом выглядит не так критично.Поискать в коде можно по:StringLookupFactory.INSTANCE.interpolatorStringLookup().lookup()или StringSubstitutor.createInterpolator().replace()В любом случае возьмите на вооружение и если лень читать код просто пропатчите либы до новой версии 1.10, благо она уже вышла.Уязвимость затрагивает версии Apache Commons Text 1.5–1.9.Reports:https://www.rapid7.com/blog/post/2022/10/17/cve-2022-42889-keep-calm-and-stop-saying-4shell/https://securi…

Если моделирование угроз (threat modeling) у вас тоже вызывает боль, либо это увлекательное занятие вам только предстоит, попробую сэкономить вам несколько десятков часов вашего времени и просто порекомендую начать с > https://shellsharks.com/threat-modelingИ неважно делаете вы модель угроз для приложения или инфраструктурного компонента. А еще пришла в голову мысль, что доступ к таким материалам при пентесте может сильно ускорить процесс получения результата :) Удачи!Никогда не забуду свою первую... ⛔️

Google опубликовала очень стильный проект H4CK1NG.GOOGLE (фактически GoogleCTF 22) с набором своих новых челленджей по разным направлениям, каждое из которых сопровождается крутейшими видео-историями. Если вдруг заскучали после рабочего понедельника, можно провести вечер с пользой. В случае ступора можно сходить в дискорд проекта за подсказками или writeups — это уже для совсем ленивых :)Are you ready? [Y/N]https://h4ck1ng.googlePlaylist > https://www.youtube.com/playlist?list=PL590L5WQmH8dsxxz7ooJAgmijwOz0lh2H

В новой iOS 16 появился бекдор фича Rapid Security Responses, позволяющая патчить iPhone и аксессуары не дожидаясь обновления ОС. Должна включаться автоматом при обновлении на новую ОС.Идея с точки зрения ИБ конечно прикольная, но усложнит жизни любителям джейблрейка.

Cybershit8 471 subscribersО канале: http://telegra.ph/Cybershit-08-14Связь: Полезный канал про технологии и информационную безопасность.

Нам не поИБ на ИБ.

А вам?О канале: http://telegra.ph/Cybershit-08-14Связь: @cybrsht_botIf you have Telegram, you can view postand join Cybershit right away.

Если вы находитесь в поиске бюджетного инструмента для решения проблемы с паразитивным бот-трафиком, и у вас нет свободных финансов для приобретения какого-нибудь Cloudflare, можно посмотреть в сторону вот этих ультимативных репок для прокачки ваших Nginx или Apache.Настроенный веб-сервер под ключ одной кнопкой (почти). Ну либо если вам нужен какой-то докрученный кастом, то придется курить доки и конфиги из репы.https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blockerhttps://github.com/mitchellkrogza/apache-ultimate-bad-bot-blocker

Для тех, кто пропустил увлекательный доклад с недавнего BlackHat и DEFCON от представителей Rapid7 про их исследования ПО для Cisco ASA.В текущих реалиях, когда многие остались отрезанными от обновлений и подписок, готовы скачивать различные кряки, образа и клиенты для администрирования штата своих Cisco, такая тема кажется более чем актуальна.Если опустить рассказ про то, как Cisco выпустила патч не закрывающий зарепорченную уязвимость, то основные темы доклада всего две:– Установка вредоносного программного обеспечения для ASA и простые способы внедрения бекдоров в ПО администрирования Cisco ASDM.– Создание вредоносных установочных пакетов и загрузочных образов для модуля FirePOWER. Там в…

Наткнулся на проект Casdoor — это достаточно функциональная платформа для организации IAM и SSO с множеством интеграций, провайдеров и удобным интерфейсом. Может использоваться не только как IdP для OAuth, OIDC, SAML и CAS, но и как сервисный провайдер, а внутри куча крутилок для мапинга атрибутов, разные модели управления доступом (RBAC, ABAC, ACL), политики и даже поддержка WebAuthn!В целом выглядит все очень круто — репа с 3,5к звездочек, удобные демо, если хочется потыкать в живую, документация, API, готовый SDK и пр.Но нет ничего идеального. На гите десятки свежих issue, релизы выходят каждый день, а в демке бывает что-то не работает. Сложилось впечатление, что пытаются охватить необъя…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

A Hacker’s Mind NewsA Hacker’s Mind will be published on Tuesday.

I have done a written interview and a podcast interview about the book.

It’s been chosen as a “February 2023 Must-Read Book” by the Next Big Idea Club.

Amazon and others will start shipping the book on Tuesday.

Posted on February 3, 2023 at 3:03 PM • 0 Comments

These backdoors force the system to err only on specific persons which are preselected by the attacker.

Uniquely, we show that multiple backdoors can be independently installed by multiple attackers who may not be aware of each other’s existence with almost no interference.

We have experimentally verified the attacks on a FaceNet-based facial recognition system, which achieves SOTA accuracy on the standard LFW dataset of 99.35%.

When we tried to individually anonymize ten celebrities, the network failed to recognize two of their images as being the same person in 96.97% to 98.29% of the time.

In all of our experiments, the benign accuracy of the network on other persons was degraded by no m…

It’s the software vulnerability lifecycle.

A system called Mayhem, created by a team of Carnegie-Mellon computer security researchers, won.

Research on the individual components of the software vulnerability lifecycle does continue.

The rest have been Chinese only: teams from Chinese universities, teams from companies like Baidu and Tencent, teams from the military.

Present-day attacks pit the relative advantages of computers and humans against the relative weaknesses of computers and humans.

This is the result of a security audit:More than a fifth of the passwords protecting network accounts at the US Department of the Interior—including Password1234, Password1234!, and ChangeItN0w!—were weak enough to be cracked using standard methods, a recently published security audit of the agency found.

In all, the auditors cracked 18,174—or 21 percent—­of the 85,944 cryptographic hashes they tested; 288 of the affected accounts had elevated privileges, and 362 of them belonged to senior government employees.

In the first 90 minutes of testing, auditors cracked the hashes for 16 percent of the department’s user accounts.

The audit uncovered another security weakness—the failure to consist…

Chainalysis reports that worldwide ransomware payments were down in 2022.

Ransomware attackers extorted at least $456.8 million from victims in 2022, down from $765.6 million the year before.

When we published last year’s version of this report, for example, we had only identified $602 million in ransomware payments in 2021.

Still, the trend is clear: Ransomware payments are significantly down.

Instead, we believe that much of the decline is due to victim organizations increasingly refusing to pay ransomware attackers.

NIST Is Updating Its Cybersecurity FrameworkNIST is planning a significant update of its Cybersecurity Framework.

Are the proposed changes sufficient and appropriate?

For those using CSF 1.1, would the proposed changes affect continued adoption of the Framework, and how so?

For those not using the Framework, would the proposed changes affect the potential use of the Framework?

The NIST Cybersecurity Framework has turned out to be an excellent resource.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Kevin Mitnick Hacked California Law in 1983Early in his career, Kevin Mitnick successfully hacked California law.

This was the Southwestern Law School in Los Angeles.

What’s interesting to me is how he approaches legal code in the same way a hacker approaches computer code: pouring over the details, looking for a bug—a mistake—leading to an exploitable vulnerability.

Legal code isn’t the same as computer code, but it’s a series of rules with inputs and outputs.

And just like computer code, legal code has bugs.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

On Alec Baldwin’s ShootingWe recently learned that Alec Baldwin is being charged with involuntary manslaughter for his accidental shooting on a movie set.

Why was an actual gun used on the set?

The light sabers in Star Wars weren’t real; the lighting effects and “wooj-wooj” noises were add afterwards.

The phasers in Star Trek weren’t real either.

Jar Jar Binks was 100% computer generated.

The head of both US Cyber Command and the NSA, Gen. Paul Nakasone, broadly discussed that first organization’s offensive cyber operations during the runup to the 2022 midterm elections.

He didn’t name names, of course:We did conduct operations persistently to make sure that our foreign adversaries couldn’t utilize infrastructure to impact us,” said Nakasone.

“We understood how foreign adversaries utilize infrastructure throughout the world.

We had that mapped pretty well.

“We were doing operations well before the midterms began, and we were doing operations likely on the day of the midterms.” And they continued until the elections were certified, he said.

Just another obscure warrantless surveillance program.

US law enforcement can access details of money transfers without a warrant through an obscure surveillance program the Arizona attorney general’s office created in 2014.

Leber told The Journal that there haven’t been any known breaches or instances of law enforcement misuse.

However, Wyden noted that the surveillance program included more states and countries than previously mentioned in briefings.

There have also been subpoenas for bulk money transfer data from Homeland Security Investigations (which withdrew its request after Wyden’s inquiry), the DEA and the FBI.

No-Fly List ExposedI can’t remember the last time I thought about the US no-fly list: the list of people so dangerous they should never be allowed to fly on an airplane, yet so innocent that we can’t arrest them.

The list is back in the news today, having been left exposed on an insecure airline computer.

(The airline is CommuteAir, a company so obscure that I’ve never heard of it before.)

This is, of course, the problem with having to give a copy of your secret list to lots of people.

Posted on January 23, 2023 at 7:02 AM • 0 Comments

“Hacking is something that the rich and powerful do, something that reinforces existing power structures,” contends security technologist Schneier (Click Here to Kill Everybody) in this excellent survey of exploitation.

Taking a broad understanding of hacking as an “activity allowed by the system that subverts the… system,” Schneier draws on his background analyzing weaknesses in cybersecurity to examine how those with power take advantage of financial, legal, political, and cognitive systems.

Legal loopholes constitute another form of hacking, Schneier suggests, discussing how the inability of tribal courts to try non-Native individuals means that many sexual assaults of Native American wo…

This week, however, Experian acknowledged that the security failure persisted for nearly seven weeks, between Nov. 9, 2022 and Dec. 26, 2022.

Normally, Experian’s website will ask a series of multiple-choice questions about one’s financial history, as a way of validating the identity of the person requesting the credit report.

A security researcher friend who tested it at Experian found she also could bypass Experian’s four or five multiple-choice security questions and go straight to her full credit report at Experian.

As it stands, using Kushnir’s exploit was the only time I’ve ever been able to get Experian’s website to cough up a copy of my credit report.

To make matters worse, a majori…

Later in its existence, the RSOCKS botnet expanded into compromising Android devices and conventional computers.

In June 2022, authorities in the United States, Germany, the Netherlands and the United Kingdom announced a joint operation to dismantle the RSOCKS botnet.

Inspired by that takedown, KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Emelyantsev’s personal blog, where he went by the name Denis Kloster.

Some of the top Russian cybercrime forums have been hacked over the years, and leaked private messages from those forums show the RSOCKS administrator claimed ownership of the RUSdot spam forum.

Emelyantsev pleaded guilty on Monday t…

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years.

In October, mobile provider Optus disclosed that hackers abused a poorly secured API to steal data on 10 million customers in Australia.

Last year, T-Mobile agreed to pay $500 million to settle all class action lawsuits stemming from the 2021 breach.

The settlement related to the 2021 breach says T-Mobile will make $350 million available to customers who file a claim.

Regardless of which mobile provider you patronize, please consider removing your phone number from as many online accounts as you can.

This was the Justice Department’s second such mass takedown targeting DDoS-for-hire services and their accused operators.

“I have been aware of the recent law enforcement actions against other operators of stress testing services,” Dobbs explained.

Nixon says she has a message for anyone involved in operating a DDoS-for-hire service.

It’s a compelling one to ponder, particularly now that investigators in the United States, U.K. and elsewhere have started going after booter service customers.

“When a booter service claims they don’t share logs, they’re lying because logs are legal leverage for when the booter service operator gets arrested,” Nixon said.

Microsoft today released updates to fix nearly 100 security flaws in its Windows operating systems and other software.

Highlights from the first Patch Tuesday of 2023 include a zero-day vulnerability in Windows, printer software flaws reported by the U.S. National Security Agency, and a critical Microsoft SharePoint Server bug that allows a remote, unauthenticated attacker to make an anonymous connection.

This is a Critical security bypass flaw that could allow a remote, unauthenticated attacker to make an anonymous connection to a vulnerable SharePoint server.

But patching this bug may not be as simple as deploying Microsoft updates.

Some browsers will automatically download and install ne…

Identity thieves have been exploiting a glaring security weakness in the website of Experian, one of the big three consumer credit reporting bureaus.

For example, there were four phone numbers on my Experian credit file: Only one of them was mine, and that one hasn’t been mine for ages.

But it remains unclear how long Experian’s website was making it so easy to access anyone’s credit report.

But there are some concrete steps that everyone can take which will dramatically lower the risk that identity thieves will ruin your financial future.

“security freeze”) with the alternative that the bureaus will likely steer you towards when you ask for a freeze: “Credit lock” services.

Until recently, I was fairly active on Twitter, regularly tweeting to more than 350,000 followers about important security news and stories here.

Here’s a look at some of the more notable cybercrime stories from the past year, as covered by KrebsOnSecurity and elsewhere.

The records also reveal how Conti dealt with its own internal breaches and attacks from private security firms and foreign governments.

Twitter acknowledges that it was relieved of phone numbers and email addresses for 5.4 million users.

A cybercriminal starts selling account data scraped from 400 million Twitter users, including email addresses and in many cases phone numbers.

Those who did file a claim probably started receiving emails or other communications earlier this year from the Equifax Breach Settlement Fund, which has been messaging class participants about methods of collecting their payments.

Some readers shared copies of letters they got in the mail along with a paper check from the Equifax Breach Settlement Fund (see screenshot above).

Others said they got emails from the Equifax Breach Settlement domain that looked like an animated greeting card offering instructions on how to redeem a virtual prepaid card.

Tim Helming, security evangelist at DomainTools.com, today flagged several new domains that mimic the name of the real Equifax Breach Settlemen…

Prosecutors say the duo used the compromised Ring devices to stream live video footage on social media of police raiding their targets’ homes, and to taunt authorities when they arrived.

“ChumLul,” 22, of Racine, Wisc., conspired to hack into Yahoo email accounts belonging to victims in the United States.

From there, the two allegedly would check how many of those Yahoo accounts were associated with Ring accounts, and then target people who used the same password for both accounts.

Ring, Inc., which is owned by Amazon, said it learned bad actors used stolen customer email credentials obtained from external (non-Ring) services to access other accounts, and took immediate steps to help those …

Booter services are advertised through a variety of methods, including Dark Web forums, chat platforms and even youtube.com.

Prosecutors in Los Angeles say the booter sites supremesecurityteam[.

The complaint against Miller alleges Royalstresser launched nearly 200,000 DDoS attacks between November 2021 and February 2022.

Defendant Angel Manuel Colon Jr., a.k.a Anonghost720 and Anonghost1337, is a 37-year-old from Belleview, Fla. Colon is suspected of running the booter service securityteam[.]io.

]sx; and Shamar Shattock, 19, of Margate, Fla., for allegedly operating the booter service astrostress[.

Microsoft has released its final monthly batch of security updates for 2022, fixing more than four dozen security holes in its various Windows operating systems and related software.

The security updates include patches for Azure, Microsoft Edge, Office, SharePoint Server, SysInternals, and the .NET framework.

The bug already seeing exploitation is CVE-2022-44698, which allows attackers to bypass the Windows SmartScreen security feature.

For a closer look at the patches released by Microsoft today (indexed by severity and other metrics) check out the always-useful Patch Tuesday roundup from the SANS Internet Storm Center.

As always, please consider backing up your system or at least your im…

On Dec. 10, 2022, the relatively new cybercrime forum Breached featured a bombshell new sales thread: The user database for InfraGard, including names and contact information for tens of thousands of InfraGard members.

“InfraGard connects critical infrastructure owners, operators, and stakeholders with the FBI to provide education, networking, and information-sharing on security threats and risks,” the FBI’s InfraGard fact sheet reads.

KrebsOnSecurity contacted the seller of the InfraGard database, a Breached forum member who uses the handle “USDoD” and whose avatar is the seal of the U.S. Department of Defense.

USDoD said after their InfraGard membership was approved, they asked a friend t…

Last month, the U.S. Department of Health and Human Services (HHS) warned that Venus ransomware attacks were targeting a number of U.S. healthcare organizations.

Holden said the internal discussions among the Venus group members indicate this gang has no problem gaining access to victim organizations.

“The Venus group has problems getting paid,” Holden said.

Security firm Tripwire points out that the HHS advisory on Venus says multiple threat actor groups are likely distributing the Venus ransomware.

Running up-to-date security solutions and ensuring that your computers are protected with the latest security patches against vulnerabilities.

The judge in the case was not amused, found for the plaintiff, and ordered the defendants and their U.S. attorney to pay Google’s legal fees.

Glupteba also rents out infected systems as “proxies,” directing third-party traffic through the infected devices to disguise the origin of the traffic.

The defendants said they could potentially help Google by taking the botnet offline.

“The Defendants insisted that they were not engaged in criminal activity, and that any alleged activity in which they were engaged was legitimate,” U.S. District Court Judge Denise Cote wrote.

“From the beginning of the case, she acted as if she needed to protect Google from something.

ImageUK banking group TSB is calling on social networks and dating apps to better protect their users from fake profiles, following an alarming spike in romance fraud.

Examining data from December 2020 - January 2022, TSB determined that romance fraud almost doubled compared to pre-pandemic levels, with a record increase in losses of 91% - averaging £6,1000 per incident.

Female customers make up 66% of the romance fraud cases examined by the bank, losing £6,300 on average compared to £4,600 for men.

TSB says that the latest UK Finance figures show that only 35% of funds lost in romance scams are returned to victims.

According to the bank, that's a pretty poor show compared to its own "Fraud…

All this and more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

DigiCert – DigiCert’s Trust Lifecycle Manager sets a new bar for unified management of digital trust.

Learn more and take advantage of Sealit’s special offer to “Smashing Security” listeners.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Graham Cluley Security News is sponsored this week by the folks at Edgescan.

Edgescan simplifies Vulnerability Management (VM) by delivering a single full-stack SaaS solution integrated with world-class security professionals.

Edgescan helps enterprise companies consolidate managing multiple point scanning tools for each layer of the attack surface – focusing on what matters.

Learn more by taking an interactive tour of the Edgescan Cybersecurity Platform now!

About EdgescanEdgescan offers a unique, holistic Vulnerability Management Security as a Service (SaaS) solution.

Planet Ice, which operates 14 ice rinks up and down the UK, has revealed that criminal hackers managed to break into its systems and steal the personal details of over 240,000 customers. Read more in my article on the Hot for Security blog.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

But hey, good to know the backups were encrypted…We also have evidence that a threat actor exfiltrated an encryption key for a portion of the encrypted backups.

So when you said the backups were encrypted, you actually meant that they were encrypted but they could be unencrypted with ease?

To say the backups were encrypted is a bit like trying to argue that a locked box is locked, if the key to the locked box is stolen at the same time as the box.

The affected information, which varies by product, may include account usernames, salted and hashed passwords, a portion of Multi-Factor Authentication (MFA) settings, as well as some product settings and licensing information.

In addition, while …

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Websites used by the Hive ransomware-as-a-service gang to extort ransoms and leak data stolen from corporate victims have been seized in a joint operation involving police around the world.

Hive was a particularly notorious ransomware group because, unlike some of its rivals, it appeared to have no qualms about targeting healthcare institutions.

However, today, if you venture onto the dark web and visit Hive’s leak website, this is what you will see…THIS HIDDEN SITE HAS BEEN SEIZED The Federal Bureau of Investigation seized this site as part of a coordinated law enforcement action taken against Hive Ransomware.

In all, the FBI says it has provided over 300 decryption keys to Hive victims si…

ImageA 22-year-old suspected of being "Seyzo", a member of the ShinyHunters cybercrime gang, has been extradited from Morocco to the United States, where - if convicted - he could face up to 116 years in prison.

Sebastien Raoult, a French national, was arrested at Rabat international airport in Morocco on May 31 2022, while trying to take a flight to Brussels.

Since his arrest, Raoult has been held in the Tiflet prison, near Rabat, while his family and lawyers attempted to thwart his extradition to the United States.

The Moroccon Prime Minister signed off Raoult's extradition, and the young Frenchman has been taken to the United States, under the watchful eye of FBI agents.

Curiously, other…

All this and much more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

ManageEngine PAM360 – A fully functional privileged access management suite that offers a holistic picture of all the privileged devices, users, and credentials in the IT infrastructure.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

The important thing to realise about the (most recently) reported data breach at email newsletter service Mailchimp is that it’s not just Mailchimp’s customer data that was put at risk.

Even if you’re not personally a customer of Mailchimp, even if you’ve never even heard of Mailchimp, you may be affected.

On Sunday evening, the vendor confirmed that FanDuel customer names and email addresses were acquired by an unauthorized actor.

No customer passwords, financial account information, or other personal information was acquired in this incident.

I would recommend that FanDuel customers be on their guard, and – if they haven’t already done so – enable two-factor authentication (2FA) on their …

You know the old thought experiment about the AI designed to make paper clips, that quickly decides that in order to maximize paper clips, it will have to get rid of all the humans?

That way of thinking has brought us to the current state of endpoint security, which is dominated by MDMs that hamper device performance and turn every laptop into Big Brother.

Kolide is an endpoint security and fleet management solution that takes a different approach.

Kolide works by notifying your employees of security issues, educating them on why compliance matters, and giving them step-by-step instructions to resolve issues themselves.

If you’ve read this far, it’s because you’re intrigued by an approach t…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

T-Mobile’s preliminary investigation has found that the details of “approximately 37 million current postpaid and prepaid customer accounts” have been stolen by hackers.

T-Mobile says it is informing affected customers about the data breach, and has notified federal authorities and law enforcement.

The confirmation from T-Mobile came days after a hacker offered for sale on an underground forum data related to what they claimed were 100 million T-Mobile users.

November 2019 – T-Mobile confirmed that more than one million prepaid customers were impacted by a breach which saw hackers access their names, phone numbers, billing addresses, T-Mobile account numbers, and details about rates and pla…

По мере истечения контрактов и накопления ресурсов в организации отдельные задачи ИБ переводятся на выбранных российских поставщиков из Единого реестра отечественного ПО.

Наиболее частой российской заменой становится Kaspersky Security для почтовых серверов.

Для спама и фишинга это наиболее актуально, поскольку такие угрозы всегда очень специализированы для каждого языка и страны.

Не всякое ИБ-решение легко «переварит» такой рост, но Kaspersky Security для почтовых серверов поддерживает кластерную архитектуру для масштабирования (как горизонтального, так и вертикального).

В дополнение к Kaspersky Security для почтовых серверов «Лаборатория Касперского» предлагает интерактивную платформу Kas…

Но обязательно ли пользоваться именно аутентификатором Google или можно предпочесть ему одну из многочисленных альтернатив вроде Microsoft Authenticator или Twilio Authy?

Идея в том, что аутентифицирующая и аутентифицируемая стороны — то есть сервис, которым вы пользуетесь, и ваш аутентификатор — запоминают одинаковый секретный ключ.

Отмечу, что в качестве бонуса Microsoft Authenticator генерирует и стандартные аутентификационные токены, что делает его неплохой альтернативой Google Authenticator.

Отмечу, что в качестве бонуса Microsoft Authenticator генерирует и стандартные аутентификационные токены, что делает его неплохой альтернативой Google Authenticator.

Во всех сервисах, которые работ…

Может быть, была повреждена карточка, может быть, выходит из строя считывающий NFC-чип, но не исключено, что причина в другом — POS-терминал заражен зловредом Prilex, способным клонировать транзакции.

Дело в том, что Prilex теперь умеет блокировать оплату через NFC.

Что такое Prilex и зачем он блокирует транзакции по NFC?

Дело в том, что при оплате с применением NFC может генерироваться уникальный идентификатор, действительный только для одной транзакции, а это не в интересах мошенников.

Однако современные киберпреступники часто заимствуют инструменты друг друга, так что не исключено, что тот же самый зловред будут использовать и в других регионах.

Чтобы изменить отношение к проблемам ИБ в организации, крайне важно заручиться поддержкой на высшем уровне, в совете директоров.

Некоторым руководителям стоит предложить личную помощь кого-то из отдела ИБ для разбирательства с особо подозрительными ссылками или файлами.

Вот вопросы, которые службы ИБ и профильные специалисты из других подразделений должны ставить и решать, принимая организационные и технические меры.

Они должны четко понимать, что делать сейчас и что ожидать в будущем.

Взаимодействие бизнеса и ИБ — это постоянный процесс, в котором обе стороны должны прилагать усилие, чтобы понимать друг друга лучше.

Точно так же ведет себя и Untappd: по дефолту ваши крафтовые приключения доступны всем желающим.

Поэтому имеет смысл потратить немного времени, чтобы правильно настроить приватность в Untappd, — рассказываем, как же это сделать.

Подумайте, нужно ли доверять пивоварнямСтоит упомянуть, что в Untappd существует отдельный тип аккаунтов для пивоварен.

Если вам это не нравится, можно спрятать свой профиль и от них — в Untappd есть и такая возможность.

Как сделать аккаунт в Untappd еще более приватнымКак и любая социальная сеть, при создании профиля Untappd просит поделиться пользователей некоторыми личными данными.

Рассказываем, как устроена многоуровневая защита менеджеров паролей и как вы сами можете ее усилить — на примере Kaspersky Password Manager.

При первом запуске Kaspersky Password Manager предлагает вам создать тот самый мастер-пароль, с помощью которого вы будете открывать свой цифровой сейф.

Однако менеджер паролей Kaspersky Password Manager обычно распространяется вместе с Kaspersky Security Cloud, и это значительно сокращает вероятность того, что менеджер паролей будет запущен на зараженном компьютере.

Суть его в том, что для «Лаборатории Касперского» ваше хранилище паролей остается таким же зашифрованным, как и для всех остальных.

К счастью, сейчас многие менеджеры паролей, в том числе …

В блоге эксперта по кибербезопасности Джона Джексона появилось исследование двух уязвимостей в десктопном клиенте мессенджера Signal — CVE-2023-24068 и CVE-2023-24069.

Если отправить в чат файл, десктопный клиент сохраняет его в локальной директории.

Причем несмотря на то, что в целом Signal позиционируется как безопасный мессенджер, и все сообщения в нем шифруются, сохраняются файлы в незащищенном виде.

То есть если на десктопном клиенте был открыт пересланный файл, то злоумышленник может подменить его в локальной папке на посторонний.

Они утверждают, что их продукт не должен и не может защищать данные пользователей от злоумышленников с таким уровнем доступа к системе.

В большинстве случаев доступ к ним будет только у владельца ключа, и даже сама Apple не сможет прочитать эту информацию.

Это крайне полезная функция, которая помогает восстановить все данные на новый девайс в том виде, в котором они были на старом на момент последнего бэкапа.

По умолчанию в бэкап Apple сохраняется вся информация на вашем устройстве, включая и сообщения в iMessage.

При сквозном шифровании бэкапов и отправителем, и получателем данных являетесь только вы, и только вам доступен ключ для их расшифровки.

Точных дат запуска других функций Apple не называет, обещая внедрить их в начале 2023 года.

Но терминология — не единственная и даже не главная проблема взаимоотношений бизнеса и информационной безопасности.

И как, соответственно, объяснить управленцам, почему что-то все-таки надо закрыть, потратив на это деньги.

Это может выглядеть абсурдно, но это именно то, как думает бизнес, и это наиболее разумный вывод при имеющихся вводных.

Это позволит качественнее оценивать и классифицировать потенциальные угрозы, не тратить свои и чужие время и нервы на заведомо бесперспективные начинания и в целом работать эффективнее.

Важно уметь оценить и обозначить срок точно так же, как и потенциальные риски.

Поэтому к контенту из ChatGPT нужно относиться осторожно.

Полностью переложить это на ChatGPT не получится, но вот быстро объяснять, что делает конкретный фрагмент кода, чат-бот уже может.

Консультации по безопасностиПоскольку ChatGPT знает, что про кибербезопасность пишут в Интернете, его советы по этой теме выглядят убедительно.

Впрочем, советы со скриншота ниже все достаточно разумны:Фишинг и BECУбедительно выглядящие тексты — сильная сторона GPT-3 и ChatGPT, поэтому автоматизация целевых фишинговых атак с помощью чат-бота наверняка уже происходит.

И чат-бот будет одинаково убедителен и в e-mail, и в соцсетях, и в мессенджерах.

Собеседования в Zoom или Teams, заполнение анкет на «сайте работодателя», «первый рабочий день» в Slack или Bitrix24 — на первый взгляд убедительно и не отличается от честной работы.

Для убедительности «учебная платформа» может выглядеть независимой и не связанной с конкретным работодателем, но все это — части одной схемы.

Подобная схема особенно популярна в США при трудоустройстве на работу в госорганы.

Пересылка товаровВам могут предложить и простую работу на дому, связанную с получением товаров, проверкой и дальнейшей отправкой их по почте.

После отправки этой анкеты вы никогда не увидите и не услышите своего «работодателя».

В конце концов, сервис может кто-то взломать — и в этом случае доступ к переписке может получить взломщик.

Не все чаты в Telegram одинаково безопасныНачнем с корня проблемы: Telegram — это такой уникальный мессенджер, в котором есть два типа чатов: обычные и секретные.

Ох уж эти умолчанияПо умолчанию чат в Telegram не использует сквозное шифрование и не рассказывает пользователям о возможности создания особого, защищенного чата.

Никаких секретовПодведем итог: хотя в теории в Telegram действительно есть возможность общаться безопасно, используя секретные чаты, на практике оказывается, что сделать это не так-то просто.

В результате люди предпочитают избегать сложностей и в большинстве случаев…

Жертва кетфишинга верит, что общается с тем, чьи данные, в первую очередь — фото, представлены в профиле.

Всего через несколько часов личную информацию Люси слили в Сеть, после чего толпа хейтеров набросилась и на нее, и на ее семью с угрозами физической расправы.

Пересмотрите свое понимание персональных данныхПоследствия доксинга практически необратимы, поэтому важно переосмыслить собственное отношение к тому, что вы подразумеваете под персональными данными.

Поэтому важно максимально ограничить к ним доступ, и в первую очередь — пересмотреть свое отношение к геотегам в социальных сетях.

Так что проверьте все свои приложения и убедитесь, что вы не делитесь своим местоположением без особой н…

Например, в одном из вариантов требуется заставить жертву отправить в Threema сообщение очень странного содержания.

Хотелось бы, чтобы в Threema вняли совету авторов из ETH Zurich — проводить внешний аудит протоколов на ранних этапах разработки, а не после выпуска «в поле».

Если данные компании нельзя подвергать даже гипотетическому риску, стоит перейти на Threema OnPrem, в которой у организации будет собственный сервер Threema.

Обязательно перепроверяйте и верифицируйте в офлайне Threema ID своих новых собеседников и используйте парольные фразы для защиты входа в приложение.

Организациям среднего и большого размера, которые используют Threema в бизнес-процессах, стоит всерьез изучить перех…

Мы все очень надеемся, что 2023 год будет спокойнее и лучше, и хотим внести в это свой вклад.

Подобная функция есть у многих производителей: у Apple она называется Screen time, у Google — Digital wellbeing, а у Huawei — Digital balance.

Кроме соцсетей, похожая функция есть и в YouTube, она называется Take a break.

Остается самая мелочь — не открывать личные сайты, почту, соцсети на рабочем устройстве и не заходить в рабочие аккаунты с личного.

В этих советах нет ничего нового, но миллионы людей продолжают их игнорировать, некоторые — по незнанию, а некоторые — потому что это кажется слишком трудоемким.

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

Использованная в атаке программа-вымогатель DeadBolt представляет собой 32-битную программу для Linux/ARM формата ELF, разработанную на языке программирования Go.

Программа была обфусцирована и сжата упаковщиком UPX.

Также из программы удалена идентифицирующая информация о сборке Go.

Анализ такого образца может вызывать некоторые затруднения, поэтому мы более подробно остановимся на описании логики работы DeadBolt.

Для этого мы дополнительно провели полную декомпиляцию кода Go вымогателя.

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

Secure Firewall Threat Defense Virtual is available on Alkira’s service marketplace through Bring-Your-Own-License (BYOL) and Pay-As-You-Go licensing options.

The auto-scaled firewall instance receives the configuration and licenses automatically (Cisco Secure Firewall Threat Defense auto-scale coming in Q2CY23).

Alkira Cloud Exchange Platform (CXP) connects branches and Cisco Secure Firewall Threat Defense protects N/S and E/W branch traffic.

Management OptionsCisco Secure Firewall Threat Defense Virtual is managed using Cisco Secure Firewall Management Center (FMC).

Additional Resources:Cisco Secure Firewall Threat DefenseCisco Secure Firewall Data SheetCisco Secure Firewall Management Ce…

The phrase zero trust does not inspire trust, clarity, or transparency.

So… how do we build the trust necessary for zero trust adoption?

Relationships build trust – an essential ingredient for zero trust momentum.

Perhaps we can apply these drivers within the context of zero trust security:Authenticity – are we truly aligned on the goals of a zero trust rollout?

Download Cisco’s Guide to Zero Trust Maturity to see how teams with mature implementations of zero trust found quick wins and built organizational trust.

We understand that working remotely can be an adjustment — that’s why we’ve compiled the 10 parts of remote work that surprised our team members most and their advice for navigating the nuances.

Intentional online socializing strengthens teams working remotelyFor folks sharing an office, collaboration can happen through casual chats over coffee.

When Ting first started working remotely, he felt that every meeting needed to be formal and have a business objective.

Senior Software Engineer Mario Lopez finds that the variety of information sources contributes to an easeful remote working experience.

As the structures of remote, distributed and hybrid work evolve, it’s important to stay flexibl…

What is business email compromise?

cricketsBusiness Email Compromise (BEC) is a type of cybercrime that involves compromising or imitating legitimate business email accounts to carry out fraudulent transactions or steal sensitive information.

The Cisco Secure Email Threat Defense solution leverages hundreds of detection engines that utilize state-of-the-art artificial intelligence/machine learning and natural language processing to convict messages from the most creative attackers!

In summary, Business Email Compromise (BEC) is a serious threat to organizations of all sizes and in all industries.

See how Secure Email Threat Defense identifies specific business risk factors to protect your o…

Cybersecurity professionals are often perceived as sole practitioners, plying their craft in dimly lit rooms.

We are pleased to introduce the nominees for the Cybersecurity Defender of the Year Award in EMEA.

We have five distinguished nominees, and while we have yet to select a winner, you will see how each of their contributions to Cisco’s cybersecurity community raised our attention.

His contributions to the Insider Advocacy platform reflect a tireless commitment to the cybersecurity community.

Part of his proactive approach is to freely communicate his ideas, leading to his involvement in the Insider Advocacy community.

As part of Cisco’s recognition of International Data Privacy Day, today we released the Cisco 2023 Data Privacy Benchmark Study, our sixth annual review of key privacy issues and their impact on business.

Ninety-five percent (95%) of survey respondents said that “all of their employees” need to know how to protect data privacy.

Among the security professionals who completed our survey, one-third (33%) included data privacy in their top three areas of responsibility.

Another important indication of privacy’s importance to the organization is the use of privacy metrics.

To learn more, check out the Cisco 2023 Data Privacy Benchmark Study, Infographic, and our Principles for Responsible AI.

Toward the end of 2018, EMA conducted a survey of customers regarding their TLS 1.3 implementation and migration plans.

Here are the three biggest takeaways from this most recent survey:Remote work, regulatory and vendor controls, and improved data security are drivers.

Eighty-seven percent that have implemented TLS 1.3 require some level of infrastructure changes to accommodate the update.

Eighty-seven percent that have implemented TLS 1.3 require some level of infrastructure changes to accommodate the update.

Even with improved technologies (since the first announcement of TLS 1.3), organizations still cannot overcome these challenges.

As privacy professionals, we live and breathe the importance of privacy every day and understand its value.

We’re excited today to share this new, jointly-published research report Business Benefits of Investing in Data Privacy Management Programs.

Most organizations are using some form of a privacy maturity model to show accountability, including the CIPL Accountability Framework, ISO standards, Generally Accepted Privacy Principles, and the NIST Privacy Framework, among others.

There is considerable interest in further understanding the value DPMPs bring to their organization.

Check out this report Business Benefits of Investing in Data Privacy Management Programs and more related privacy…

I am excited to announce the release of Cisco’s annual flagship cybersecurity report, the Security Outcomes Report, Volume 3: Achieving Security Resilience.

The Security Outcomes Report, Vol.3 looks at the most important factors that will help you build that foundation and give you the most successful security outcomes.

Seven success factorsThe report analyses the seven success factors that have shown to improve overall security resilience:Establishing executive support can increase security resilience by 39%.

Cultivating a culture of security boosts security resilience by 46%.

About the Security Outcomes ReportThe report is based on an anonymous survey 4,751 active cybersecurity experts fr…

Using this information, last year I wrote a blog summing up the nine top of mind issues I believed will most impact CISOs as we headed into 2022.

Here are the topics that I think will be top of mind in 2023, and what CISOs can do to prepare.

How Zero Trust will progressAccording to Forrester, the term Zero Trust was born in 2009.

For more on where to start check out our eBook which explores the five phases to achieving zero trust, and if you have already embarked on the journey, read our recently published Guide to Zero Trust Maturity to help you find quick wins along the way.

And CISOs don’t need that extra worry of being the reason behind that kind of ‘brain drain’.

In this post we will explore how SecureX, Secure Cloud Analytics (NDR), Secure Endpoint (EDR) with their seamless integration accelerate the ability to achieve XDR outcomes.

Automatic incident provisioning accelerates incident response by bringing focus on the most impactful incidents.

SecureX Incident Manager’s automatic enrichment capability completes this data collection for high impact incidents automatically.

This is a pre-existing SecureX workflow which can be taken advantage of today see workflow 0005 – SCA – Generate Case book with Flow Links.

SCA can send alerts via Webhooks and SecureX Orchestration receive them as triggers to launch an NDR- EDR workflow to isolate hosts automatic…

Simultaneously, the topic of security resilience has risen up the C-level agenda and is now another focus for security teams.

Meanwhile, zero trust is best known as a “never trust, always verify” principle.

The top security resilience outcomesThe Security Outcomes Report summarizes the results of a survey of more than 4,700 security professionals.

A mature zero trust environment has also been found to almost double a team’s ability to streamline these processes when compared to a limited zero trust implementation.

With zero trust and other keys to achieving security resilience, security now is a partner in business change.

2022 was Cisco’s sixth year as a NOC partner for Black Hat Europe.

We used experiences of Black Hat Asia 2022 and Black Hat USA 2022 to refine the planning for network topology design and equipment.

Designing the Black Hat Network, by Evan BastaWe are grateful to share that Black Hat Europe 2022 was the smoothest experience we’ve had in the years at Black Hat.

We also discussed the challenges in a Webex space with other engineers who worked on past Black Hat events.

Black Hat Briefings and Trainings are held annually in the United States, Europe and USA.

Since joining the Black Hat NOC in 2016, my goal remains integration and automation.

As a NOC team comprised of many technologies and companies, we are pleased that this Black Hat NOC was the most integrated to date, to provide an overall SOC cybersecurity architecture solution.

We have ideas for even more integrations for Black Hat Asia and Black Hat USA 2023.

First Time at Black Hat, by Jérémy Couture, Head of SOC, Paris 2024 Olympic GamesMy first time at Black Hat turned out to be an incredible journey!

Black Hat Europe 2022 was the best planned and executed NOC in my experience, with the most integrations and visibility.

60% of organizations will embrace zero trust as a starting point for security by 2025.

This may benefit CISOs to position cyber security as part of the Risk calculation and perhaps unlock more support for risk reduction initiatives.

CISOs now talk about culture change in cyber security, making business colleagues identify as part of the overall security of the organisation.

This may increase as requests come in from business partners, current and potential, on the organisation’s cyber security posture.

On a positive side a majority of organisation will adopt zero trust as a starting point for their security (3).

Pam likened escalating identity attacks to threats in a voyage in her talk.

Multifactor authentication attacksIf you have enabled multifactor authentication, you can pat yourself on the back and be happy that you’ve effectively deflected the dominant identity attacks.

To defeat these attacks, it is critical not just to use multifactor authentication, but to use the right multifactor authentication.

Limit on-premises exposure and integrate your SOC and identity efforts to ensure you are defending your identity infrastructure.

If you’re interested in a comprehensive security solution that includes identity and access management, extended detection and response, and security information and ev…

Introducing the Kernel AddressSanitizerThe Kernel AddressSanitizer (KASAN) is a variation of the user-mode ASAN that has been architected to work specifically for the Windows kernel and its drivers.

As the KASAN shadow is a region of kernel memory, it resides within the kernel virtual address space and therefore implicitly backs itself too:Fig.

Telling the kernel to export KASAN supportBy default, the kernel does not create the KASAN shadow, and does not export the KASAN runtime.

Introducing SKASAN…The Secure kernel is a different kernel, completely separated from the Windows kernel, that executes in a more privileged domain and is in charge of a number of security operations in the system.…

Microsoft Chief Executive Officer Satya Nadella announced that Microsoft Security has surpassed USD20 billion in revenue.

Microsoft Security solutions are notably designed to help you eliminate inefficient silos and patchwork fixes, closing the gaps with simplified, comprehensive protection.

We integrate more than 50 categories into six product lines which form one Microsoft Security Cloud.

Even better, your organization can realize up to 60 percent cost savings when you use Microsoft security, compliance, and identity end-to-end solutions.8 Learn more on this topic from my recent blog: 3 ways Microsoft helps simplify security.

To learn more about Microsoft Security solutions, visit our web…

Since July 2022, Microsoft Security has delivered more than 300 product innovations—from minor updates to major launches like Microsoft Entra Workload Identities (November 2022).

Microsoft Defender Cloud Security Posture Management (in preview), helps your security teams save time and remediate critical risks with contextual cloud security.

(in preview), helps your security teams save time and remediate critical risks with contextual cloud security.

Microsoft Defender for DevOps (also in preview) integrates with Defender Cloud Security Posture Management to further connect the dots for security operations (SecOps) teams.

(also in preview) integrates with Defender Cloud Security Posture Mana…

This is why I’m so excited about our upcoming digital event, Go Beyond Data Protection with Microsoft Purview, on February 7, 2023.

Microsoft Purview works across clouds and platforms to simplify data protection, offering a range of solutions for unified data governance, information protection, risk management, and compliance.

Vasu Jakkal, Corporate Vice President, Microsoft Security, and I will announce these innovations at the Microsoft Purview digital event, which will also include a product deep dive by Rudra Mitra, Corporate Vice President, Microsoft Data Protection, Risk, and Compliance, and members of his team.

Join us at the Microsoft Purview digital eventExplore how to secure your …

In addition, this blog presents five simple actions that can help any business protect against cyberattacks—starting today.

A phishing email address or domain will usually be slightly off (for example, microsotf.com instead of microsoft.com).

A phishing email address or domain will usually be slightly off (for example, microsotf.com instead of microsoft.com).

To learn more about Microsoft Security solutions, visit our website.

9Microsoft launches Defender for Business to help protect small and medium businesses, Microsoft.

Protect access holistically by configuring identity and network access solutions to work together.

To assist your Defense in Depth approach, Microsoft provides unified, customizable experiences across Microsoft Entra, Microsoft Defender for Identity, and Microsoft Sentinel.

Protect access holistically by configuring identity and network access solutions to work together.

Microsoft Entra Identity Governance is a complete identity governance solution that helps you comply with regulatory requirements while increasing employee productivity through real-time, self-service, and workflow-based entitlements.

Because it’s cloud-delivered, Microsoft Entra Identity Governance scales to complex cloud …

The Microsoft Defender for IoT research team has been monitoring Zerobot (also called ZeroStresser by its operators) for months.

Upon gaining device access, Zerobot injects a malicious payload, which may be a generic script called zero.sh that downloads and attempts to execute Zerobot, or a script that downloads the Zerobot binary of a specific architecture.

Microsoft Defender Antivirus and Microsoft Defender for Endpoint detect Zerobot malware variants and malicious behavior related to this threat.

With these capabilities, Microsoft 365 Defender customers using Microsoft Defender for IoT have visibility into security recommendations for devices with the following vulnerabilities:CVE-2014-8…

With that in mind, I would like to share five predictions for 2023 that resonated with me and explain what they could mean for endpoint management in your organization.

After reviewing these predictions, I encourage you to review your current endpoint security posture, and how Microsoft Intune can help further improve it in 2023.

Gartner® predicts that by 2025 more than 90 percent of clients will use cloud-based unified endpoint management (UEM) tools, up from 50 percent in 2022.

As such, CISOs need to ensure their endpoint management solutions (and, indeed, their entire technology architecture) can adapt to handle extra local requirements.

Learn more about how Microsoft Intune can simplify…

After carefully reviewing the implications, we shared the vulnerability with Apple in July 2022 through Coordinated Vulnerability Disclosure (CVD) via Microsoft Security Vulnerability Research (MSVR).

Unlocking the Gatekeeper security mechanismMany macOS infections are the result of users running malware, oftentimes inadvertently.

Gaining the ability to bypass Gatekeeper has dire implications as sometimes malware authors leverage those techniques for initial access.

Interestingly, when extracting an archive, macOS processes any attached AppleDouble file and assigns the target file with the appropriate metadata.

We named our POC exploit Achilles after its use of ACLs to bypass Gatekeeper.

Here’s my first question:What security basics should an organization build into any cloud platform for a strong security foundation?

For example, identity security is your responsibility as an organization, but a cloud provider can help by offering a strong identity and access management program.

I would expect identity and data security to be very strong from a cloud provider because those are the new perimeter, and data, of course, is the lifeblood of the organization.

Permissions management needs to be built-in, but we need to treat workloads, apps, and services as identity so that we can fold that into our permission management and our broader identity access management tools.

Learn mor…

We’re excited to announce that Microsoft is named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022.

We believe this placement validates our continued investment in Microsoft Sentinel, security research, and threat intelligence.

The Microsoft Sentinel strategyMicrosoft Sentinel is a next-generation SIEM solution that collects security data across multicloud, multi-platform data sources.

Microsoft Security is committed to empowering SecOps teams with security tools and platforms that enable the critical protection your users rely on.

To learn more about Microsoft Security solutions, visit our website.

Attackers update malware to target additional operating systems, ranging from PCs to IoT devices, growing their infrastructure rapidly.

Microsoft tracks this cluster of activity as DEV-1028, a cross-platform botnet that infects Windows devices, Linux devices, and IoT devices.

The DEV-1028 botnet is known to launch distributed denial of service (DDoS) attacks against private Minecraft servers.

Distribution of Minecraft servers that could be affected by MCCrashThe wide range of at-risk Minecraft servers highlights the impact this malware could have had if it was specifically coded to affect versions beyond 1.12.2.

On the IoT device level:For users hosting private Minecraft servers, update to …

Microsoft Security solutions help you eliminate gaps and gain the simplified, comprehensive protection and expertise you need to innovate and grow in a changing world.

Instead, Microsoft Security brings you a comprehensive solution across clouds and platforms and helps you do more with less by enabling you to be more efficient, effective, and unified.

Microsoft Security has replaced multiple security information and event management systems (SIEMs).

Figure 1: Potential cost savings of up to 60 percent when consolidating security solutions by using Microsoft 365 E5 Compliance and Security add-ons to a Microsoft 365 E3 license—instead of using multiple-point solutions.

To learn more about Mic…

Google Chrome communicated its distrust of TrustCor in the public forum on December 15, 2022.

The Chrome Security Team prioritizes the security and privacy of Chrome’s users, and we are unwilling to compromise on these values.

Google includes or removes CA certificates within the Chrome Root Store as it deems appropriate for user safety in accordance with our policies.

The selection and ongoing inclusion of CA certificates is done to enhance the security of Chrome and promote interoperability.

This change was first communicated in the Mozilla “Dev Security Policy” Web PKI public discussion forum Google Group on December 15, 2022.

We are pleased to announce that moving forward, the Chromium project is going to support the use of third-party Rust libraries from C++ in Chromium.

This will enable us to include Rust code in the Chrome binary within the next year.

In this blog post, we will discuss how we arrived at the decision to support third-party Rust libraries at this time, and not broader usage of Rust in Chromium.

And we believe that we can use third-party Rust libraries to work toward this goal.

In this way, Rust can not land in arbitrary C++ code, only in functions passed through the API from C++.

Earlier this year, the App Defense Alliance expanded to include new initiatives outside of malware detection and is now the home for several industry-led collaborations including Malware Mitigation, MASA (Mobile App Security Assessment) & CASA (Cloud App Security Assessment).

Mobile App Security Assessment (MASA)With consumers spending four to five hours per day in mobile apps, ensuring the safety of these services is more important than ever.

That’s why the ADA introduced MASA (Mobile App Security Assessment), which allows developers to have their apps independently validated against the Mobile Application Security Verification Standard (MASVS standard) under the OWASP Mobile Application S…

Today, we’re launching the OSV-Scanner, a free tool that gives open source developers easy access to vulnerability information relevant to their project.

This involved publishing the Open Source Vulnerability (OSV) schema and launching the OSV.dev service, the first distributed open source vulnerability database.

The OSV-Scanner generates reliable, high-quality vulnerability information that closes the gap between a developer’s list of packages and the information in vulnerability databases.

Since the OSV.dev database is open source and distributed, it has several benefits in comparison with closed source advisory databases and scanners:Each advisory comes from an open and authoritative sou…

This blog, and the technical paper reference within, is an example of that commitment: we describe an important new Android privacy infrastructure called Private Compute Core (PCC).

Some of our most exciting machine learning features use continuous sensing data — information from the microphone, camera, and screen.

How Private Compute Core worksPCC is designed to enable innovative features while keeping the data needed for them confidential from other subsystems.

Network calls to improve the performance of these models can be monitored using Private Compute Services.

We'll continue sharing our progress and look forward to hearing feedback from our users and community on the evolution of Pri…

As a follow-up to a previous blog post about How Hash-Based Safe Browsing Works in Google Chrome, we wanted to provide more details about Safe Browsing’s Enhanced Protection mode in Chrome.

To give you a better understanding of how the Enhanced Protection mode in Safe Browsing provides the strongest level of defense it’s useful to know what is offered in Standard Protection.

To this end, we launched Enhanced Protection in 2020, which builds upon the Standard Protection mode in Safe Browsing to keep you safer.

Enhanced ProtectionThis is the fastest and strongest level of protection against dangerous sites and downloads that Safe Browsing offers in Chrome.

As a result, Enhanced Protection use…

For more than a decade, memory safety vulnerabilities have consistently represented more than 65% of vulnerabilities across products, and across the industry.

From 2019 to 2022 the annual number of memory safety vulnerabilities dropped from 223 down to 85.

As the amount of new memory-unsafe code entering Android has decreased, so too has the number of memory safety vulnerabilities.

Over the past few years, memory safety vulnerabilities have accounted for 78% of confirmed exploited “in-the-wild” vulnerabilities on Android devices.

As we make it harder to find and exploit memory safety vulnerabilities, security researchers are pivoting their focus towards other vulnerability types.

In an effort to be a catalyst for collaboration and transparency, today we’re sharing our proposed list of principles around IoT security labeling.

Proposed Principles for IoT Security Labeling SchemesWe believe in five core principles for IoT labeling schemes.

National mandates and labeling schemes must reference broadly applicable, high quality, NGO standards and schemes (as described above) so that they can be reused across multiple national labeling schemes.

Retailers: Retailers of digital products could have a huge impact by preferencing baseline standards compliance for digital products.

---------------------------------------------------------------------------------------------See a…

Supply chain security is at the fore of the industry’s collective consciousness.

It is against this background that Google is seeking contributors to a new open source project called GUAC (pronounced like the dip).

What is GUACGraph for Understanding Artifact Composition (GUAC) aggregates software security metadata into a high fidelity graph database—normalizing entity identities and mapping standard relationships between them.

An open source organization like the Open Source Security Foundation wants to identify critical libraries to maintain and secure.

GUAC aggregates and synthesizes software security metadata at scale and makes it meaningful and actionable.

During login, the service uses the public key to verify a signature from the private key.

Passkeys in the Google Password ManagerOn Android, the Google Password Manager provides backup and sync of passkeys.

Creating or using passkeys stored in the Google Password Manager requires a screen lock to be set up.

Since screen lock PINs and patterns, in particular, are short, the recovery mechanism provides protection against brute-force guessing.

If a user believes their screen lock is compromised, the safer option is to configure a different screen lock (e.g.

And Pixel 7 and Pixel 7 Pro users will receive at least five years of security updates2, so your Pixel gets even more secure over time.

With Google Tensor G2 and our custom Titan M2 security chip, Pixel 7 and Pixel 7 Pro have multiple layers of hardware security to help keep you and your personal information safe.

Google Tensor G2 is Pixel’s newest powerful processor custom built with Google AI, and makes Pixel 7 faster, more efficient and secure3.

Tensor’s built-in security core works with our Titan M2 security chip to keep your personal information, PINs and passwords safe.

To learn more about Pixel 7 and Pixel 7 Pro, check out the Google Store.

Or, they can exploit a bug in a more powerful, privileged part of Chrome - like the “browser” process.

Here’s a sample of 100 recent high severity Chrome security bugs that made it to the stable channel, divided by root cause and by the process they affect.

We anticipate that MiraclePtr meaningfully reduces the browser process attack surface of Chrome by protecting ~50% of use-after-free issues against exploitation.

As future work, we are exploring options to expand the pointer coverage to on-stack pointers so that we can protect against more use-after-free bugs.

Note that the primary goal of MiraclePtr is to prevent exploitation of use-after-free bugs.

Google created OSS-Fuzz to fill this gap: it's a free service that runs fuzzers for open source projects and privately alerts developers to the bugs detected.

Since its launch, OSS-Fuzz has become a critical service for the open source community, helping get more than 8,000 security vulnerabilities and more than 26,000 other bugs in open source projects fixed.

Google Cloud’s Assured Open Source Software Service, which provides organizations a secure and curated set of open source dependencies, relies on OSS-Fuzz as a foundational layer of security scanning.

All of these efforts are part of Google’s $10B commitment to improving cybersecurity and continued work to make open source software mo…

Today, we are launching Google’s Open Source Software Vulnerability Rewards Program (OSS VRP) to reward discoveries of vulnerabilities in Google’s open source projects.

Last year saw a 650% year-over-year increase in attacks targeting the open source supply chain, including headliner incidents like Codecov and the Log4j vulnerability that showed the destructive potential of a single open source vulnerability.

We also encourage you to check out our Patch Rewards program, which rewards security improvements to Google’s open source projects (for example, up to $20K for fuzzing integrations in OSS-Fuzz).

Appreciation for the open source communityGoogle is proud to both support and be a part of …