Кибербезопасность
👉 от %username%
Подборка ресурсов по кибербезопасности
На русском 🇷🇺
Securitylab
последний пост 1 час назад
Индустрия 4.0: Россия строит сверхбыстрые сети для «тактильного интернета»
Индустрия 4.0: Россия строит сверхбыстрые сети для «тактильного интернета» Индустрия 4.0: Россия строит сверхбыстрые сети для «тактильного интернета»

Индустрия 4.0: Россия строит сверхбыстрые сети для «тактильного интернета»Alexander AntipovНовый проект снизит задержку до 1 мс для ключевых сфер.

В России планируется создание магистральных сетей связи с минимальной задержкой сигнала, около 1 мс.

Это необходимо для внедрения так называемого тактильного интернета, который включает в себя телемедицину, управление промышленными объектами, виртуальную и дополненную реальность (VR/AR).

По их мнению, добиться задержки менее 1 мс на длинных дистанциях крайне сложно из-за физических ограничений.

Например, для управления промышленными процессами достаточно задержки в 100 мс, а в телемедицине допустимая задержка может составлять 10–20 мс.Дополнитель…

1 час назад @ securitylab.ru
MeshCentral в конфетной обертке: как шпионы проникают в системы крупных ведомств РФ
MeshCentral в конфетной обертке: как шпионы проникают в системы крупных ведомств РФ

Awaken Likho меняет тактику против госструктур.

4 часа назад @ securitylab.ru
Келлская книга: загадочная рукопись из средневековья теперь доступна онлайн
Келлская книга: загадочная рукопись из средневековья теперь доступна онлайн

Тысячи страниц и иллюстраций – что скрывает оцифрованный шедевр?

4 часа назад @ securitylab.ru
GPU орган: ИИ делает музыку из кода и воздуха
GPU орган: ИИ делает музыку из кода и воздуха

Новый органный инструмент стирает грань между живым и искусственным.

5 часов назад @ securitylab.ru
SOC-команды разочарованы своими инструментами кибербезопасности
SOC-команды разочарованы своими инструментами кибербезопасности

Почему специалисты тратят по два часа в день на ложные тревоги?

5 часов назад @ securitylab.ru
Нобелевская премия 2024: как микрoРНК уничтожает рак на клеточном уровне
Нобелевская премия 2024: как микрoРНК уничтожает рак на клеточном уровне Нобелевская премия 2024: как микрoРНК уничтожает рак на клеточном уровне

Нобелевская премия 2024: как микрoРНК уничтожает рак на клеточном уровнеAlexander AntipovДостижение ученых становится ключом к пониманию развития и болезней.

В 2024 году Нобелевская премия по физиологии и медицине присуждена Виктору Амбросу и Гэри Рувкуну за открытие микроРНК и её роли в посттранскрипционной регуляции генов.

Сегодня известно, что более тысячи микроРНК закодированы в геноме человека и выполняют важные функции для развития и работы организма.

Понимание механизмов регуляции генов стало одной из ключевых целей науки на протяжении многих десятилетий.

Это привлекло огромное внимание к теме микроРНК, и вскоре были выявлены сотни таких молекул у различных организмов.

5 часов назад @ securitylab.ru
Буря в Automattic: 159 сотрудников одномоментно решили покинуть компанию
Буря в Automattic: 159 сотрудников одномоментно решили покинуть компанию

Как спорные действия Мулленвега поставили под угрозу будущее WordPress?

6 часов назад @ securitylab.ru
Код с привкусом ностальгии: MicroText восстал из пепла спустя 30 лет
Код с привкусом ностальгии: MicroText восстал из пепла спустя 30 лет

Как забытый язык программирования 80-х покорил сердца современных гиков.

6 часов назад @ securitylab.ru
Apache Avro на грани: хакеры нашли способ захватить контроль над кодом
Apache Avro на грани: хакеры нашли способ захватить контроль над кодом

Уязвимость CVE-2024-47561 позволяет взломать тысячи систем.

6 часов назад @ securitylab.ru
Купидон промахнулся: студент-инцел осуждён за международный киберсталкинг
Купидон промахнулся: студент-инцел осуждён за международный киберсталкинг

Неразделенная любовь перешла в одержимость.

6 часов назад @ securitylab.ru
«Автономию Окинаве»: кто и зачем вбрасывает фейки о маршах независимости в Японии?
«Автономию Окинаве»: кто и зачем вбрасывает фейки о маршах независимости в Японии?

Тайная сеть из сотен аккаунтов ловко манипулирует общественным мнением.

6 часов назад @ securitylab.ru
Шах и мат патентному троллю: Apple отстояла свое право на Secure Enclave в суде
Шах и мат патентному троллю: Apple отстояла свое право на Secure Enclave в суде

Как корпорация спаслась от многомиллионных штрафов.

7 часов назад @ securitylab.ru
LEGO Token: мошенники использовали бренд для обмана криптоинвесторов
LEGO Token: мошенники использовали бренд для обмана криптоинвесторов

Компания разоблачает попытку масштабной аферы с поддельной монетой.

7 часов назад @ securitylab.ru
$37 млн в 21 год: взлет и падение юного криптогения из США
$37 млн в 21 год: взлет и падение юного криптогения из США

Минюст США рассказал, как студент обчистил криптокошельки нескольких сотен людей.

7 часов назад @ securitylab.ru
APT10 расширяет арсенал: новые детали операции Cuckoo Spear
APT10 расширяет арсенал: новые детали операции Cuckoo Spear

Вредоносное ПО прячется в XML-файлах прямо под носом у администраторов.

8 часов назад @ securitylab.ru
Anti-Malware Anti-Malware
последний пост 4 часа назад
Как коллективные усилия банков в России помогли снизить количество атак мошенников
Как коллективные усилия банков в России помогли снизить количество атак мошенников Как коллективные усилия банков в России помогли снизить количество атак мошенников

Информация весьма разнообразна:Сведения из банковской системы (Ф. И. О., паспортные данные, физические и электронные адреса, номера телефонов).

Звонки в нетипичное время суток или в выходные дни.

С 25 июля 2024 года в России вступили в силу новые «правила игры» в борьбе с мошенничеством.

Новые правила распространяются как на платёжные карты, так и на переводы через СБП.

Важно продолжать развивать совместные инициативы и технологии, чтобы обеспечить надёжную защиту клиентов и минимизировать риски в будущем.

4 часа назад @ anti-malware.ru
Безопасность в машинном обучении: от проектирования до внедрения
Безопасность в машинном обучении: от проектирования до внедрения Безопасность в машинном обучении: от проектирования до внедрения

Разработка и обучение модели — выбор алгоритмов и тренировка модели на подготовленных данных.

Переоценка задачи и метрик модели при необходимости — адаптация к новым требованиям или изменениям в данных.

Их три:«Белый ящик» — полный доступ к модели и её внутренним параметрам.

Наконец, в случае с «серым ящиком», когда злоумышленник, например, частично знает внутреннее устройство модели или код, нужно в первую очередь предупредить утечки информации.

ВыводыОбеспечение безопасности в машинном обучении — это постоянный процесс, требующий внимания на каждом этапе разработки и внедрения моделей.

9 часов назад @ anti-malware.ru
Борьба льда и пламени: зачем принимать участие в Standoff
Борьба льда и пламени: зачем принимать участие в Standoff Борьба льда и пламени: зачем принимать участие в Standoff

Мнение атакующихДля Виктора «VeeZy» кибербитва — это и турнир, и интенсив одновременно:«Ты на нём [на Standoff] хочешь выступить как можно лучше.

Так, капитаны команд защитников Максим Шалыгин и Денис Волохов считают Standoff в большей степени образовательной площадкой, нежели соревнованием.

Иван Булавин, руководитель отдела экспертизы промышленных систем управления в Positive TechnologiesИван Булавин, например, видит в Standoff весомый аргумент на собеседовании:«Как сказал Паша, топ-10 в рейтинге пользователей Standoff — это весомая штука.

В некоторых сегментах инфраструктуры вступает в силу механика реагирования: защитники противодействуют атакующим, но не в полную силу, чтобы дать красны…

3 days, 3 hours назад @ anti-malware.ru
Обзор бета-версии Kaspersky NGFW, межсетевого экрана следующего поколения
Обзор бета-версии Kaspersky NGFW, межсетевого экрана следующего поколения Обзор бета-версии Kaspersky NGFW, межсетевого экрана следующего поколения

Учитывая потребности бизнеса, «Лаборатория Касперского» выпустила решение Kaspersky NGFW — межсетевой экран нового поколения (бета-версия).

Интеграционный сценарий № 1 для Kaspersky NGFW и Kaspersky Symphony XDRРисунок 11.

Интеграционный сценарий № 2 для Kaspersky NGFW и Kaspersky Symphony XDRРисунок 12.

Интеграционный сценарий № 3 для Kaspersky NGFW и Kaspersky Symphony XDRИнтеграция с Kaspersky Anti Targeted Attack планируется на 2025 год.

Kaspersky NGFW в экосистеме Kaspersky Symphony XDRСистемные требования и лицензирование Kaspersky NGFWKaspersky NGFW отличается прозрачной моделью лицензирования и отсутствием дополнительных модулей и расширений.

4 days, 7 hours назад @ anti-malware.ru
Как выбрать DCAP-систему для своей организации
Как выбрать DCAP-систему для своей организации Как выбрать DCAP-систему для своей организации

Тем не менее на этапе проектирования систем защиты стоит заранее исключать продукты на основании веских причин для конкретного потребителя, а не предположений умозрительного характера.

Некоторые вендоры продвигают идею неагентского сбора данных, аргументируя это простотой запуска и эксплуатации, и с этим трудно поспорить.

Также стоит учесть, что DCAP-система работает не в вакууме, а в естественной корпоративной среде и является одним из компонентов комплексной защиты.

Больше возможностей у интегрированной системы будет и в плане проверки поведения пользователей (UBA) и выявления аномалий.

Выше упоминалось, что DCAP нужен не только для работы подразделений ИБ, но и для решения ИТ- и даже биз…

5 days, 5 hours назад @ anti-malware.ru
Как DevSecOps помогает проактивной безопасности
Как DevSecOps помогает проактивной безопасности Как DevSecOps помогает проактивной безопасности

Киберпреступники отправляли жертвам специально созданные архивные файлы, чтобы обойти проверки безопасности и внедрить вредоносный код.

Исследователи заключили, что ИБ-специалистам и поставщикам нейросетей нужно уже сейчас продумывать, как интегрировать большие языковые модели в системы защиты, как злоумышленники могут применять LLM и как им в этом помешать.

Глобально внедрение DevSecOps означает принципиально новый подход к безопасности, который получил название «сдвиг влево» (Shift Left).

Источник: APIsecИнтеграция безопасности в ранние этапы SDLC помогает нейтрализовать эти угрозы без лишних затрат, а главное — без риска реальных инцидентов.

Инструменты IAST действуют во время работы при…

6 days, 4 hours назад @ anti-malware.ru
Мог ли Дуров вместе с Telegram попасть под финансовое давление
Мог ли Дуров вместе с Telegram попасть под финансовое давление Мог ли Дуров вместе с Telegram попасть под финансовое давление

Очевидно, что Telegram был клиентом Apple и Google, что позволило, например, компании Statista получить оценку клиентской базы Telegram и динамики её роста.

из приложения Telegram (по странам)Напомним, что Telegram — это коммерческая компания.

Она была создана братьями Дуровыми в 2006 г. В 2007 г. уже названный фонд DST приобрёл 24,99 % её акций.

Известно также, что в 2014 г. Дуров обратился к В. Евтушенкову, руководителю АФК «Система», с просьбой об инвестициях с целью развития Telegram в размере 30 млн долларов.

Собрав эти данные, Financial Times смогла получить оценку финансового состояния Telegram на 2022 г. и дать прогноз до 2024 г.

6 days, 9 hours назад @ anti-malware.ru
Российские операционные системы для рабочих станций
Российские операционные системы для рабочих станций Российские операционные системы для рабочих станций

Мы рассмотрим актуальные (которые обновлялись в течение последнего календарного года) отечественные операционные системы, предназначенные для рабочих станций.

Мы разделили их на три группы: системы для государственных и корпоративных пользователей, ОС для домашних пользователей и СМБ, ОС для опытных пользователей и энтузиастов.

Операционные системы для государственных и корпоративных пользователейТакие ОС предназначены для построения инфраструктур рабочих мест в крупных компаниях и госорганах.

Позиционируется как универсальное решение, пригодное для использования в качестве ОС для серверов, рабочих станций, терминалов, а также встроенных систем.

Достаточный набор ПО в составе системы и в ре…

1 week назад @ anti-malware.ru
Обзор Личного кабинета ИБ — единой точки входа в экосистему продуктов и сервисов ГК «Солар»
Обзор Личного кабинета ИБ — единой точки входа в экосистему продуктов и сервисов ГК «Солар» Обзор Личного кабинета ИБ — единой точки входа в экосистему продуктов и сервисов ГК «Солар»

Создание обращений и заявок в техподдержкуВ ЛК ИБ для пользователей предусмотрен инструмент создания как стандартных заявок в техподдержку, так и запросов на доработку.

Интерфейс «Заявки»Реагирование на инцидентыРабота с инцидентами доступна для пользователей сервиса MDR как в «Личном кабинете ИБ», так и в соответствующем телеграм-боте.

Интерфейс «Инциденты» в ЛК ИБДоступ ко всем подключённым сервисам и продуктамЛК ИБ поддерживает ролевую модель и позволяет задать уровень полномочий пользователя.

Пример оповещения об уязвимостиКак получить доступ в ЛК ИБНа стадии подписания контракта с ГК «Солар» следует указать, кому необходим доступ в ЛК ИБ, к какому сервису или продукту.

Архитектура «Лич…

1 week назад @ anti-malware.ru
Почему взрывались электронные устройства в Ливане
Почему взрывались электронные устройства в Ливане Почему взрывались электронные устройства в Ливане

Введение17 сентября 2024 года около 5000 пейджеров AR924 почти одновременно взорвались в Ливане и в некоторых местах в Сирии.

Интервью основателя компании Gold Apollo Су Чин-куанаОбвинения заставили отреагировать основателя компании Gold Apollo Су Чин-куана.

В частности, в них использовался чип, который Gold Apollo не применяет в своих моделях.

Отмечается, что в прошлом году издание Associated Press сообщало об обвинениях, выдвинутых Ираном против Израиля.

ВыводыЧтобы предвидеть риски и предотвращать инциденты, подобные тому, который произошёл в Ливане, надо больше знать о том, что и как происходит вокруг.

1 week, 3 days назад @ anti-malware.ru
Погоня за Microsoft Exchange в России близка к финалу
Погоня за Microsoft Exchange в России близка к финалу Погоня за Microsoft Exchange в России близка к финалу

ВведениеТемой очередной дискуссии в эфире AM Live стали практические вопросы миграции с Microsoft Exchange на отечественные решения.

Учитывая, что уязвимости в Exchange давно стали легендарными, вопрос о замене поднялся со всей остротой даже без требований регуляторов.

Любой простой почтового сервера имеет критическое значение для бизнеса, и для обеспечения непрерывности его работы применяют все возможные средства.

В Exchange они встроены.

Также, как обратил внимание Игорь Коптелов, связка Exchange с клиентским приложением Outlook выходит далеко за рамки стандартных протоколов.

1 week, 3 days назад @ anti-malware.ru
Как интеграция Security Awareness с SOC помогает эффективно обучать сотрудников киберграмотности
Как интеграция Security Awareness с SOC помогает эффективно обучать сотрудников киберграмотности Как интеграция Security Awareness с SOC помогает эффективно обучать сотрудников киберграмотности

Security Awareness — неотъемлемая часть технологической структуры любой крупной компании, для которой вопросы безопасности стоят не на последнем месте.

Для обеспечения максимальной эффективности эксперты рекомендуют использовать симбиоз Security Awareness с центром мониторинга и реагирования (Security Operations Center).

Это приводит к потенциальным угрозам для компании, особенно если партнёр, предоставляющий Security Awareness, не имеет собственного SOC для оперативного выявления угроз в своём контуре.

Преимущества интеграции SA и SOCКак мы видим, в случае интеграции сервиса Security Awareness с SOC процесс становится более эффективным.

Формирование культуры цифровой безопасности в компани…

1 week, 3 days назад @ anti-malware.ru
Как Fraud Protection от F.A.C.C.T. помогает бизнесу бороться с онлайн-мошенничеством
Как Fraud Protection от F.A.C.C.T. помогает бизнесу бороться с онлайн-мошенничеством Как Fraud Protection от F.A.C.C.T. помогает бизнесу бороться с онлайн-мошенничеством

Fraud Protection — кросс-канальная система от F.A.C.C.T., разработанная для противодействия онлайн-мошенничеству.

Поэтому система нашла применение и в крупных банках России и СНГ, и на ведущих маркетплейсах, и в компаниях из других сфер бизнеса.

Функциональные возможности Fraud ProtectionКросс-канальная система от F.A.C.C.T.

Используемые во Fraud Protection технологииFraud Protection от F.A.C.C.T.

Оповещения о случаях компрометацииИнтеграция этой системы с Fraud Protection позволяет добиться максимальной эффективности каждого из компонентов экосистемы безопасности.

1 week, 4 days назад @ anti-malware.ru
Обзор MIST Insight 1.17, российской системы управления политиками безопасности сети
Обзор MIST Insight 1.17, российской системы управления политиками безопасности сети Обзор MIST Insight 1.17, российской системы управления политиками безопасности сети

Архитектура MIST Insight 1.17В зависимости от потребностей организации MIST Insight поставляется в форме программного обеспечения или в виде преднастроенного образа виртуальной машины.

Системные требования MIST Insight 1.17Развёртывание MIST Insight рекомендуется выполнять на операционных системах Astra Linux или CentOS, учитывая при этом обязательные требования к аппаратному обеспечению.

Функциональные возможности MIST Insight 1.17Система MIST Insight предназначена для анализа и мониторинга настроек сетевого оборудования в корпоративных телекоммуникационных сетях.

Это позволяет автоматизировать процесс назначения ролей и управления пользователями, обеспечивая синхронизацию данных между MIS…

1 week, 4 days назад @ anti-malware.ru
Каким навыкам практической ИБ (Security Awareness) нужно обучать сотрудников?
Каким навыкам практической ИБ (Security Awareness) нужно обучать сотрудников? Каким навыкам практической ИБ (Security Awareness) нужно обучать сотрудников?

Культура Security Awareness в РоссииРазвитие культуры Security Awareness способствует повышению общей безопасности информации и снижению количества уязвимостей.

Методы и инструменты Security Awareness помогают обучить сотрудников лучшим практикам безопасности информации и защитить организацию от потенциальных угроз.

Прогнозы экспертов по развитию рынка Security AwarenessЭксперты отмечают следующие основные тенденции по развитию рынка Security Awareness в России.

ВыводыРазвивать Security Awareness в России необходимо.

Прогнозы экспертов указывают на дальнейший рост рынка Security Awareness, с акцентом на инновационных технологиях.

1 week, 5 days назад @ anti-malware.ru
Хабр: ИБ Хабр: ИБ
последний пост 42 минуты назад
Ретрансляция Kerberos. Как работает RemoteKrbRelay
Ретрансляция Kerberos. Как работает RemoteKrbRelay Ретрансляция Kerberos. Как работает RemoteKrbRelay

Алгоритм повторился и на следующий день: жена вновь осталась без утреннего поцелуя — вышел новый пост.

До конца самого противоречивого на Урале месяца свободное время я посвящал изучению всех существующих в сети материалов про атаки на DCOM и в особенности Kerberos Relay.

Для подключения нужен RPC String Binding, поэтому клиент идет резолвить OXID к OXID Resolver'у.

Вызов функцииТак сделано в том числе и в RemoteKrbRelay .

на OXID Resolver'е тоже аутентифицируются), ну и осуществлялась ретрансляция аутентификации, выстраивался контекст и поднималась консолька от лица системы.

42 минуты назад @ habr.com
Безопасность в машинном обучении: от проектирования до внедрения
Безопасность в машинном обучении: от проектирования до внедрения Безопасность в машинном обучении: от проектирования до внедрения

В своей работе они ориентируются на разные метрики датасетов – для первых важна точность модели, для вторых – производительность и масштабируемость.

Их бывает три:Белый ящик: полный доступ к модели и ее внутренним параметрам;Черный ящик: доступ только к входам и выходам модели;Серый ящик: частичный доступ к внутренним компонентам модели.

Он также может восстановить исходные данные обучения и внести изменения в модели: сменить функцию активации или удалить слой обучения.

Для защиты от таких атак используют разные библиотеки: например, Adversarial Robustness Toolbox (ART) для проверки модели на устойчивость.

ВыводыБезопасность в машинном обучении — это постоянный процесс, требующий внимания н…

2 часа назад @ habr.com
Горизонты высшего образования
Горизонты высшего образования Горизонты высшего образования

15 мая 2018 года преобразовано в Министерство просвещения и Министерство науки и высшего образования[МП – министерство просвещенияМинистерство просвещения Российской Федерации образовано в мае 2018 года и представляет собой часть существовавшего в 2004—2018 годах Министерства образования и науки (Минобрнауки), оставшуюся после выделения из него Министерства науки и высшего образования Российской Федерации в качестве отдельного органа.

Выступал за активное развитие среднего профессионального образования, слияние вузов, оптимизацию их работы и сокращение доли бюджетных мест, модернизацию дошкольного образования, введение электронных версий учебников, повышение зарплат работникам образования и…

4 часа назад @ habr.com
В ногу с дипфейками: применение технологии и этические аспекты
В ногу с дипфейками: применение технологии и этические аспекты В ногу с дипфейками: применение технологии и этические аспекты

Преступная деятельность с применением дипфейковСегодня существует бесчисленное множество законных применений дипфейков, в таких отраслях, как искусство, развлечения и образование.

Дополнительно он получил электронное письмо подписанное директором и юристом, которое выглядело как настоящее, но и документ, и голос были фейковыми.

Атаки на медицинскую инфраструктуруХотя угроза дипфейков в здравоохранении остаётся в значительной степени гипотетической, отрасль активно занимается упреждающим устранением этой опасности.

Киберпреступники становятся виртуозами в обращении с искусственным интеллектом, и для того чтобы им помешать может потребоваться бороться с огнём тоже огнём.

По мере развития техн…

6 часов назад @ habr.com
Самые горячие новости инфобеза за сентябрь 2024 года
Самые горячие новости инфобеза за сентябрь 2024 года Самые горячие новости инфобеза за сентябрь 2024 года

Рации были закуплены примерно в то же время, что и пейджеры с подвохом — пять месяцев назад.

А пока будем надеяться, что в один прекрасный день и айфоны в карманах у кого следует нагреваться не начнут.

Товарищ с начала нулевых был активен на Mazafaka и по сей день решал вопросики с горами налички для солидных людей.

Иначе и быть не может, особенно когда ты ИБ-фирма, и за инцидент довольно стыдно.

Предположительно, её использовали для слежки за оппозицией и в ходе президентских выборов.

8 часов назад @ habr.com
Абсолютно все способы обхода блокировки Ютуб
Абсолютно все способы обхода блокировки Ютуб Абсолютно все способы обхода блокировки Ютуб

Возможность выбора серверов в разных странах для обхода региональных ограничений.

Ссылка на статьюОбход блокировки YouTube для любых Smart TV с GoodbyeDPI + V2ray + MaraDNSСтатья рассказывает о способе обхода блокировок и замедлений для Smart TV с использованием комбинации программ GoodbyeDPI, V2Ray и MaraDNS.

Автор приводит пошаговую инструкцию по настройке маршрутизации на роутере Mikrotik, что позволяет за несколько минут настроить систему для обхода блокировок.

Второй метод менее сложный, с фокусом на использование GoodbyeDPI для обхода DPI, что может быть проще для некоторых пользователей, но требует настройки нескольких программ вручную.

Все эти и много других способов и инструкций я …

11 часов назад @ habr.com
Как перехватывают зашифрованный HTTS-трафик на мобильном устройстве
Как перехватывают зашифрованный HTTS-трафик на мобильном устройстве Как перехватывают зашифрованный HTTS-трафик на мобильном устройстве

Реверс-инжиниринг VPN-сервиса Onavo Protect под Android позволил определить методы, которые можно использовать для перехвата зашифрованного HTTPS-трафика на мобильном устройстве. Если вкратце, злоумышленник должен поставить на телефон собственное приложение и сертификат УЦ (удостоверяющего центра). Например, в РФ вступил в действие закон, который требует с 2025 года обязательной предустановки на все смартфоны конкретных приложений. Теоретически, при наличии уязвимостей это может угрожать безопасности многих пользователей. Читать дальше →

23 часа назад @ habr.com
Как «достать абонента»
Как «достать абонента» Как «достать абонента»

На номер девушки (ещё тогда не жены) стали приходить СМСки с кодами подтверждений от различных сервисов и стали названивать номера от роботов, диктующих код подтверждения.

В полицию не пойдёшь - это не спам, а корректная работа сервисов.

Даже если и дадут, то что с этим делать - в полицию не пойдешь по причине выше.

Но как минимум возникает главный вопрос - почему многие сервисы не делают выдержку времени на запросы восстановления/регистрации и где ограничение на количество попыток.

"Перехвата" кодов, когда после пришедшей СМС тебе звонят мошенники, чтобы узнать код - такого не было, просто бомбежка смсками от сервисов.

1 day, 3 hours назад @ habr.com
Чем заменить Outlook? 8 российских аналогов почтовых решений на 2024 год
Чем заменить Outlook? 8 российских аналогов почтовых решений на 2024 год Чем заменить Outlook? 8 российских аналогов почтовых решений на 2024 год

Сравните функции, стоимость и преимущества российских аналогов Outlook для Windows и Linux, чтобы найти подходящее решение для бизнеса!

При получении нового письма в Outlook можно получать оповещения со звуками, всплывающее уведомление о письме или просто изменение логотипа Outlook в строке состояния.

Честно, даже представить сложно, что спустя какое-то время Outlook с трудом вспомнят его многочисленные пользователи.

Обзор 8 аналогов Outlook для импортозамещенияПочтовый клиент Кому подходит Особенность Стоимость Сайт 1.

Поддержка обмена информацией по электронной почте, в виде коротких сообщений или по телефону, в том числе по видеоконференцсвязи.

1 day, 8 hours назад @ habr.com
[Перевод] Как хакеры «красной команды» в роли злоумышленников проникают в здания и системы
[Перевод] Как хакеры «красной команды» в роли злоумышленников проникают в здания и системы [Перевод] Как хакеры «красной команды» в роли злоумышленников проникают в здания и системы

— Накануне вечером, порывшись в мусорном контейнере на улице, мы нашли в нём учётные данные от корпоративной сети Wi-Fi.

«Мы рассказали о причине нашего визита, и она тут же пригласила директора по безопасности, чьё имя я указала в заказ-наряде».

Тогда я могу сказать: «Давайте я отправлю его ещё раз, пока мы с вами на связи?

Можете уделить внимание и выполнить то, что в нём указано?

В одной из недавних задач Денис нужно было проникнуть в сеть компании по разработке ПО.

1 day, 8 hours назад @ habr.com
Не Flipper Zero единым: хакерский мультитул из старого смартфона
Не Flipper Zero единым: хакерский мультитул из старого смартфона Не Flipper Zero единым: хакерский мультитул из старого смартфона

Но у каждого такого устройства есть набор интерфейсов для взаимодействия с окружающим миром, и это будет изначально ограничивать его возможности.

Теперь я точно знаю, что с подключением почти любого смартфона к обычной проводной сети или сетевому устройству нет никаких проблем.

Дело в том, что для успешных атак такого рода Wi-Fi-адаптер должен быть переведен в специальный «неразборчивый» режим (monitor mode).

Я проверял в нескольких эмуляторах Android, но ни один из них так корректно и не заработал.

Портирование того же Kali NetHunter на свое устройство — отличная задача не на один вечер.

1 day, 9 hours назад @ habr.com
Как я с LSB баловался
Как я с LSB баловался Как я с LSB баловался

В свете того, что тема маркировки генераций ИИ все набирает обороты, я вспомнил про такую штуку, как стеганография.

Ну я и решил попробовать реализовать этот метод.

Тут можно было схалтурить и взять готовое решение из библиотеки Crypto, что я и сделал.

РасшифровкаДля расшифровки секрета необходимо иметь: изображение со встроенными данными и ключ, который содержит количество частей секрета, на которое изображение было разделено.

Вместе с информацией о количестве частей секрета я решил передавать и число k - количество частей секрета, нужное для расшифровки исходного сообщения.

1 day, 20 hours назад @ habr.com
[Перевод] Перехват учетных данных SQL Server с помощью заданий агента для повышения привилегий в домене
[Перевод] Перехват учетных данных SQL Server с помощью заданий агента для повышения привилегий в домене [Перевод] Перехват учетных данных SQL Server с помощью заданий агента для повышения привилегий в домене

Что такое объект учетных данных в SQL Server?

Как уже упоминалось, объекты учетных данных SQL Server предназначены для доступа к внешним ресурсам и выполнения задач от имени другого пользователя.

Далее приведен процесс, который можно использовать для "перехвата" существующего объекта учетных данных, настроенного на сервере SQL Server, позволяя выполнять код в контексте предоставленного пользователя с использованием заданий агента SQL Server.

ЗаключениеЕсли вам интересно изучить другие материалы по наступательной безопасности, связанные с SQL Server, вы можете найти их на сайте powerupsql.com .

На сайте представлены код PowerUpSQL, шаблоны атак на SQL Server, шаблоны обнаружения, инструкции …

1 day, 22 hours назад @ habr.com
SafeCode – конференция, которой мне не хватало
SafeCode – конференция, которой мне не хватало SafeCode – конференция, которой мне не хватало

Помню 100500 лет назад (ну ладно, всего 12), я писал на Хабре, что мне не хватает в России хардкорной C++ конференции.

Статью на эту тему я не писал, но желание исполнилось и даже побыстрее, чем с C++.

Но "это не те дроиды", которых я и думаю многие разработчики искали.

Но это не та безопасность и не тот тип ПО, которое мне интересно изучать и обсуждать.

Он просто стал для меня откровением на тему новых вызовов безопасности, которые ставят перед нами системы на базе LLM.

2 days, 4 hours назад @ habr.com
Что и зачем почитать DevSecOps-у: личный опыт
Что и зачем почитать DevSecOps-у: личный опыт Что и зачем почитать DevSecOps-у: личный опыт

Кроме этого — в книге The Phoenix Project авторы выделяют «четыре типа работы», которые помогают лучше организовать и управлять задачами в IT и DevOps.

«Python и DevOps: Ключ к автоматизации Linux» и «Learning Python».

Сфокусированность на автоматизации: Manning и O'Reilly активно продвигают автоматизацию всех аспектов работы в DevOps и администрировании.

Здесь — коротко о наиболее полезных книгах обеих серий.Книги издательства O’Reilly:Общие темы и «плюшки» этих книг:На книги надейся — но и в документациях не плошай!

В ней художественным языком объясняют, что такое DevOps, для чего эта методология придумана и как она помогает компаниям развиваться и приносить пользу.

2 days, 4 hours назад @ habr.com
Хакер Хакер
последний пост 1 час назад
ВГТРК подвергалась «беспрецедентной хакерской атаке»
ВГТРК подвергалась «беспрецедентной хакерской атаке» ВГТРК подвергалась «беспрецедентной хакерской атаке»

В ночь на 7 октября 2024 года ИТ-системы Всероссийской государственной телевизионной и радиовещательной компании (ВГТРК) подверглись «беспрецедентной хакерской атаке».

Утром 7 октября издание «Газета.ру» сообщило со ссылкой на собственный источник, что онлайн-вещание и внутренние сервисы ВГТРК перестали работать из-за хакерской атаки.

«ВГТРК подверглась беспрецедентной хакерской атаке.

Вскоре факт атаки подтвердили и сами представители медиахолдинга:«В ночь на 7 октября онлайн-сервисы ВГТРК подверглись беспрецедентной хакерской атаке, однако существенный урон работе медиахолдинга нанесен не был, — сообщили ВГТРК.

Как пишут специалисты компании FACCT, информация об атаке на ВГТРК впервые поя…

1 час назад @ xakep.ru
Хакерская атака на игровую студию Red Barrels повлияла на график разработки
Хакерская атака на игровую студию Red Barrels повлияла на график разработки Хакерская атака на игровую студию Red Barrels повлияла на график разработки

Канадская игровая студия Red Barrels, стоящая за разработкой серии игр Outlast, сообщила, что пострадала от кибератаки.

Представители компании предупредили, что этот инцидент, скорее всего, повлияет на производственные циклы и приведет к задержкам в некоторых проектах.

«Команда Red Barrels с сожалением сообщает, что ее внутренние ИТ-системы недавно подверглись кибератаке, в результате которой был получен доступ к некоторым данным, — гласит официальное сообщение Red Barrels.

Мы сделаем все возможное, чтобы придерживаться нашей дорожной карты, но, к сожалению, некоторые вещи придется отложить», — предупреждают в Red Barrel.

Теперь, по информации журналистов, Nitrogen требует выкуп от Red Barr…

2 часа назад @ xakep.ru
Майнер SilentCryptoMiner уклоняется от обнаружения с помощью агента SIEM-системы Wazuh
Майнер SilentCryptoMiner уклоняется от обнаружения с помощью агента SIEM-системы Wazuh Майнер SilentCryptoMiner уклоняется от обнаружения с помощью агента SIEM-системы Wazuh

Операторы SilentCryptoMiner используют агент SIEM-системы Wazuh (опенсорсное решение для мониторинга событий) для обхода детектирования и закрепления на устройствах пользователей, предупредили в «Лаборатории Касперского».

С такими атаками столкнулись пользователи в нескольких странах мира, в том числе в Беларуси, Индии, Узбекистане и Казахстане.

При этом хакеры активно продвигали эти сайты, и в итоге те отображались на первых строчках поисковой выдачи «Яндекса».

После этого, в ходе многоступенчатой цепочки заражения, в систему жертвы устанавливался вредоносный скрипт и SilentCryptoMiner.

Хакеры использовали эту технику для уклонения от обнаружения защитными решениями и для закрепления на ус…

6 часов назад @ xakep.ru
Свежая уязвимость в CUPS может использоваться для усиления DDoS-атак
Свежая уязвимость в CUPS может использоваться для усиления DDoS-атак Свежая уязвимость в CUPS может использоваться для усиления DDoS-атак

Исследователи объясняют, что уязвимость CVE-2024-47176 в демоне cups-browsed (которую можно объединить с тремя другими багами для удаленного выполнения кода) также может применяться и для усиления DDoS-атак.

Суть проблемы заключается в том, что злоумышленник может отправить специально подготовленный пакет, обманом вынудив сервер CUPS воспринимать жертву как принтер, который необходимо добавить.

Каждый пакет, отправленный на уязвимые серверы CUPS, побуждает их генерировать объемные запросы IPP/HTTP, направленные на целевое устройство.

Причем это влияет как на целевое устройство, так и на сам сервер CUPS.

Коэффициент амплификации DDoS-атаки при этом может варьироваться в зависимости от ряда ф…

8 часов назад @ xakep.ru
Вынесен приговор мошенникам, обменявшим 6000 фальшивых iPhone на настоящие
Вынесен приговор мошенникам, обменявшим 6000 фальшивых iPhone на настоящие Вынесен приговор мошенникам, обменявшим 6000 фальшивых iPhone на настоящие

Они обманом получили от компании Apple товары на 2,5 млн долларов, обменяв более 6000 поддельных iPhone на настоящие.

Напомним, что мошенническая схема строилась на том факте, что компания Apple предоставляет пользователям годовую гарантию на новые iPhone, позволяя возвращать неисправные устройства для бесплатной замены.

Среди вариантов: бесплатная доставка телефона в Apple через UPS, FedEx или DLH, посещение розничного магазина Apple или обращение в авторизованный ремонтный и сервисный центр.

Затем Сунь и Сюэ сдавали фальшивые iPhone с поддельными серийными номерами и IMEI в розничные магазины Apple или авторизованным поставщикам, а взамен получали от компании новые смартфоны.

В начале тек…

2 days, 21 hours назад @ xakep.ru
Более 4000 сайтов Adobe Commerce и Magento взломаны через уязвимость CosmicSting
Более 4000 сайтов Adobe Commerce и Magento взломаны через уязвимость CosmicSting Более 4000 сайтов Adobe Commerce и Magento взломаны через уязвимость CosmicSting

Интернет-магазины на базе Adobe Commerce и Magento подвергаются хакерским атакам из-за проблемы в CosmicSting.

Уязвимость в CosmicSting (CVE-2024-34102) представляет собой проблему раскрытия информации, но в случае объединения с CVE-2024-2961, то есть с уязвимостью в функции glibc iconv, злоумышленник может добиться удаленного выполнения произвольного кода на целевом сервере.

Этот критический баг затрагивает следующие продукты:Adobe Commerce 2.4.7 и более ранние версии (включая 2.4.6-p5, 2.4.5-p7, 2.4.4-p8);Adobe Commerce Extended Support 2.4.3-ext-7 и более ранние версии, 2.4.2-ext-7 и более ранние версии, 2.4.1-ext-7 и более ранние версии, 2.4.0-ext-7 и более ранние версии, 2.3.7-p4-ext-7…

2 days, 22 hours назад @ xakep.ru
Хакеры Core Werewolf продолжают атаки на российский ОПК
Хакеры Core Werewolf продолжают атаки на российский ОПК Хакеры Core Werewolf продолжают атаки на российский ОПК

Эксперты предупредили, что группировка Core Werewolf (также известная как PseudoGamaredon), которая уже не первый год атакует российский ОПК и критическую информационную инфраструктуру с целью шпионажа, делает свои атаки более изощренными.

Исследователи BI.ZONE рассказывают, что кластер Core Werewolf атакует российский оборонно-промышленный комплекс и организации КИИ с 2021 года.

Напомним, что в апреле текущего года стало известно об атаке Core Werewolf, предполагаемой целью которой была 102-я российская военная база.

Также подчеркивается, что с июня текущего года хакеры стали экспериментировать со способами доставки вредоносных файлов.

Так, теперь предполагаемым жертвам пишут не только по …

3 days назад @ xakep.ru
Потрошилка API. Используем Nuclei и кастомные шаблоны для фаззинга OpenAPI
Потрошилка API. Используем Nuclei и кастомные шаблоны для фаззинга OpenAPI Потрошилка API. Используем Nuclei и кастомные шаблоны для фаззинга OpenAPI

По дороге научим­ся писать кас­томные шаб­лоны для Nuclei, которые помогут искать уяз­вимос­ти на авто­мате.

В этой статье я покажу, как улуч­шить DAST, нас­тро­ив динами­чес­кое ска­ниро­вание под кон­крет­ное при­ложе­ние с помощью аутен­тифика­ции и фаз­зинга OpenAPI, на при­мере ска­нера уяз­вимос­тей Nuclei.

}Для начала запус­тим Nuclei с нас­трой­ками по умол­чанию (дос­таточ­но передать цель для ска­ниро­вания):nuclei -u http:/ / 127.

Мы можем передать реаль­ные зап­росы из дам­па тра­фика дру­гих инс­тру­мен­тов, логов или спе­цифи­кации OpenAPI в Nuclei.

Пе­редать OpenAPI в Nuclei мож­но сле­дующим обра­зом:nuclei - l openapi .

3 days, 1 hour назад @ xakep.ru
Уязвимые серверы Redis атакует майнер Skidmap, и его скрывает руткит
Уязвимые серверы Redis атакует майнер Skidmap, и его скрывает руткит Уязвимые серверы Redis атакует майнер Skidmap, и его скрывает руткит

Руткит выполнен в виде вредоносного модуля ядра, который скрывает деятельность майнера, подменяя информацию о загрузке процессора и сетевой активности.

По словам исследователей, такие атаки являются массовыми и нацелены в основном на корпоративный сектор (крупные серверы и облачные среды), так как именно в этом случае эффективность майнинга будет максимальной.

Эксперты объясняют, что изначальное применение Redis не предполагало его установку на сетевой периферии, поэтому в конфигурации по умолчанию поддерживаются только базовые защитные функции, а в версиях до 6.0 и вовсе отсутствуют механизмы контроля доступа и шифрования.

Этот майнер в основном встречается в корпоративных сетях, так как н…

3 days, 4 hours назад @ xakep.ru
Группировка FIN7 создает фальшивые ИИ-генераторы «обнаженки»
Группировка FIN7 создает фальшивые ИИ-генераторы «обнаженки» Группировка FIN7 создает фальшивые ИИ-генераторы «обнаженки»

По данным специалистов Silent Push, хак-группа FIN7 запустила сеть сайтов с фейковыми ИИ-генераторами контента для взрослых.

Группировка FIN7 (она же Sangria Tempest, Carbon Spider и Carbanak) активна более десяти лет, с 2013 года.

Так, FIN7 связывали с такими вымогательскими группировками, как DarkSide, BlackMatter и BlackCat.

Обычно FIN7 специализируется на сложных фишинговых и инжиниринговых атаках для получения первичного доступа к корпоративным сетям.

Фальшивые сайты FIN7 служат приманками для людей, заинтересованных в создании дипфейков обнаженных знаменитостей и других людей.

3 days, 6 hours назад @ xakep.ru
Cloudflare отразила рекордную DDoS-атаку мощностью 3,8 Тбит/с
Cloudflare отразила рекордную DDoS-атаку мощностью 3,8 Тбит/с Cloudflare отразила рекордную DDoS-атаку мощностью 3,8 Тбит/с

Специалисты Cloudflare сообщили, что недавно отразили DDoS-атаку, которая установила новый рекорд.

По словам главы Cloudflare Мэтью Принса (Matthew Prince), мощность атаки достигла 3,8 Тбит/с и 2,14 млрд пакетов в секунду (Pps).

Для сравнения напомним, что предыдущий рекорд в этой области был установлен еще в конце 2021 года, когда компания Microsoft зафиксировала атаку мощностью 3,47 Тбит/с и 340 млн PPS.

В блоге аналитики Cloudflare рассказали, что атака длилась почти месяц и состояла более чем из ста отдельных гиперобъемных (hyper-volumetric) DDoS-атак.

Cloudflare заявляет, что успешно нейтрализовала все эти атаки, пиковая мощность одной из них составила 3,8 Тбит/с, и атака длилась 65 се…

3 days, 8 hours назад @ xakep.ru
В 2024 году Wikipedia проигнорировала 200 требований Роскомнадзора
В 2024 году Wikipedia проигнорировала 200 требований Роскомнадзора В 2024 году Wikipedia проигнорировала 200 требований Роскомнадзора

СМИ сообщают, что с начала 2024 года Wikipedia удалила лишь один материал запрещенным контентом по требованию Роскомнадзора, хотя РКН требовал удалить 201 материал.

По информации «Ведомостей», представители регулятора уточнили, что из общего количества требований об удалении материалов с ресурса в текущем году 129 были связаны с фейками о ходе специальной военной операции.

В РКН сообщили, что из-за неудаления контента в отношение Wikipedia действуют меры понуждения.

В частности, поисковики по-прежнему обязаны отмечать Wikipedia как нарушителя российского законодательства в поисковой выдаче.

Еще в марте 2024 года заместитель председателя комитета ГД по информационной политике Антон Горелкин …

3 days, 23 hours назад @ xakep.ru
После OAuth. Разбираем атаки на OpenID Connect
После OAuth. Разбираем атаки на OpenID Connect После OAuth. Разбираем атаки на OpenID Connect

Разница между OAuth 1.0 и OAuth 2.0Преж­де чем мы перей­дем к OpenID Connect, давай нем­ного отка­тим­ся назад и выяс­ним, в чем же все‑таки раз­ница меж­ду OAuth 1.0 и OAuth 2.0 и почему нам при­ходит­ся раз­бирать нес­коль­ко ите­раций про­токо­ла.

com/)%2Foauth%2Fcallback%2Ftwitter", oauth_ consumer_ key="cChZNFj6T5R0TigYB9yd1w", oauth_ nonce="ea9ec8429b68d6b77cd5600adbbb0456", oauth_ signature_ method="HMAC- SHA1", oauth_ timestamp="1318467427", oauth_ version="1.

Рань­ше такого парамет­ра не было, он появил­ся в OAuth 1.0a;— URL, на который сер­вис‑про­вай­дер перенап­равит поль­зовате­ля пос­ле завер­шения вза­имо­дей­ствия с ним.

comАутентификация пользователя и получение согласияСер…

4 days, 1 hour назад @ xakep.ru
Хакеры эксплуатируют критическую уязвимость в Zimbra, отправляя письма на SMTP-сервер
Хакеры эксплуатируют критическую уязвимость в Zimbra, отправляя письма на SMTP-сервер Хакеры эксплуатируют критическую уязвимость в Zimbra, отправляя письма на SMTP-сервер

Исследователи предупреждают, что хакеры уже активно эксплуатируют недавно раскрытую RCE-уязвимость в Zimbra.

Проблема удаленного выполнения кода в Zimbra отслеживается под идентификатором CVE-2024-45519 и связана со службой Zimbra postjournal, которая используется для парсинга входящих через SMTP писем.

Согласно бюллетеню безопасности Zimbra, проблема CVE-2024-45519 уже устранена в версии 9.0.0 Patch 41 или более поздней, в версиях 10.0.9 и 10.1.1, а также в Zimbra 8.8.15 Patch 46 или более поздней.

В частности, письма содержат строки в base-64, которые выполняются с помощью curl для создания и размещения веб-шелла на сервере Zimbra.

В итоге исследователи обнаружили, что можно отправлять SM…

4 days, 2 hours назад @ xakep.ru
Облачный хостер Rackspace взломан через 0-day уязвимость в ScienceLogic
Облачный хостер Rackspace взломан через 0-day уязвимость в ScienceLogic Облачный хостер Rackspace взломан через 0-day уязвимость в ScienceLogic

Злоумышленники скомпрометировали Rackspace через уязвимость нулевого дня в стороннем инструменте платформы ScienceLogic SL1.

Компания Rackspace, предоставляющая услуги управляемых облачных вычислений (хостинг, хранение данных, ИТ-поддержка), использует ScienceLogic SL1 для мониторинга своей ИТ-инфраструктуры и сервисов.

При этом в ScienceLogic отказалась сообщить название проблемной сторонней утилиты, чтобы не давать подсказок злоумышленникам, которые могут попытаться использовать ее в своих атаках.

Пользователь под ником ynezz предупредил о сбоях в работе Rackspace, вызванных активной эксплуатацией в бага в ScienceLogic SL1 (ранее ScienceLogic EM7).

В беседе с изданием Bleeping Computer пр…

4 days, 4 hours назад @ xakep.ru
In English 🇺🇸
The Hacker News The Hacker News
последний пост 5 часов назад
Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually
Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually

Bot Attacks: A Persistent and Evolving ThreatAlongside the rise in attacks on APIs, bot attacks have become a widespread and costly threat, resulting in up to $116 billion in losses annually.

Automated API abuse alone is now costing businesses up to $17.9 billion annually.

Similarly, large enterprises are prime targets for bot attacks due to their extensive digital presence and valuable assets.

Integrate API security and bot management: Bot management and API security must be used in tandem to successfully mitigate automated attacks on API libraries.

This combined approach helps identify vulnerable APIs, continuously monitors for automated attacks, and provides actionable insights for rapid…

5 часов назад @ thehackernews.com
Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless
Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless Modernization of Authentication: Webinar on MFA, Passwords, and the Shift to Passwordless

The interest in passwordless authentication has increased due to the rise of hybrid work environments and widespread digitization.

This has led to a greater need for reliable data security and user-friendly interfaces.

However, passwordless methods such as biometrics, smartcards, and multi-factor authentication prioritize both data security and user satisfaction.

Nevertheless, not all passwordless authentication systems are the same and exhibit their own challenges.

In the webinar "Modernization of Authentication: Passwords vs Passwordless and MFA," co-hosts James Azar, CISO, and Darren James, Sr.

7 часов назад @ thehackernews.com
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries

Cybersecurity researchers have discovered a new botnet malware family called Gorilla (aka GorillaBot) that is a variant of the leaked Mirai botnet source code.

Cybersecurity firm NSFOCUS, which identified the activity last month, said the botnet "issued over 300,000 attack commands, with a shocking attack density" between September 4 and September 27, 2024.

No less than 20,000 commands designed to mount distributed denial-of-service (DDoS) attacks have been issued from the botnet every day on average.

The botnet is said to have targeted more than 100 countries, attacking universities, government websites, telecoms, banks, gaming, and gambling sectors.

Besides supporting multiple CPU archite…

7 часов назад @ thehackernews.com
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications
Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications Critical Apache Avro SDK Flaw Allows Remote Code Execution in Java Applications

A critical security flaw has been disclosed in the Apache Avro Java Software Development Kit (SDK) that, if successfully exploited, could allow the execution of arbitrary code on susceptible instances.

"Schema parsing in the Java SDK of Apache Avro 1.11.3 and previous versions allows bad actors to execute arbitrary code," the project maintainers said in an advisory released last week.

Apache Avro, analogous to Google's Protocol Buffers (protobuf), is an open-source project that provides a language-neutral data serialization framework for large-scale data processing.

The Avro team notes that the vulnerability affects any application if it allows users to provide their own Avro schemas for pa…

7 часов назад @ thehackernews.com
THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)
THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6) THN Cybersecurity Recap: Top Threats and Trends (Sep 30 - Oct 6)

This week's cybersecurity recap has it all – government showdowns, sneaky malware, and even a dash of app store shenanigans.

🔥 Cybersecurity Resources & InsightsLIVE Webinars Modernization of Authentication: Passwords vs Passwordless and MFA: Are you sure your passwords are enough?

Cybersecurity Tools capa Explorer Web is a browser-based tool that lets you interactively explore program capabilities identified by capa.

Regularly update this list, integrate it into your development process, watch for new vulnerabilities, and educate your team about these parts.

ConclusionWow, this week really showed us that cyber threats can pop up where we least expect them—even in apps and networks we trust.

8 часов назад @ thehackernews.com
Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection
Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection Google Blocks Unsafe Android App Sideloading in India for Improved Fraud Protection

Google has announced that it's piloting a new security initiative that automatically blocks sideloading of potentially unsafe Android apps in India, after similar tests in Singapore, Thailand, and Brazil.

The enhanced fraud protection feature aims to keep users safe when they attempt to install malicious apps from sources other than the Google Play Store, such as web browsers, messaging apps, and file managers.

Should any of the permissions be declared in the app's manifest ("AndroidManifest.xml") file, Google Play Protect will intervene to automatically block the installation on the end user's Android device.

The pilot is expected to start next month and is expected to be gradually rolled …

8 часов назад @ thehackernews.com
E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads
E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads E.U. Court Limits Meta's Use of Personal Facebook Data for Targeted Ads

"An online social network such as Facebook cannot use all of the personal data obtained for the purposes of targeted advertising, without restriction as to time and without distinction as to type of data," the Court of Justice of the European Union (CJEU) said in a ruling on Friday.

In other words, social networks, such as Facebook, cannot keep using users' personal data for ad targeting indefinitely, the court said, adding limits must be set in place in order to comply with the bloc's General Data Protection Regulation (GDPR) data minimization requirements.

"Meta and many players in the online advertisement space have simply ignored this rule and did not foresee any deletion periods or lim…

10 часов назад @ thehackernews.com
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability
Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability Apple Releases Critical iOS and iPadOS Updates to Fix VoiceOver Password Vulnerability

Apple has released iOS and iPadOS updates to address two security issues, one of which could have allowed a user's passwords to be read out aloud by its VoiceOver assistive technology.

The vulnerability, tracked as CVE-2024-44204, has been described as a logic problem in the new Passwords app impacting a slew of iPhones and iPads.

"A user's saved passwords may be read aloud by VoiceOver," Apple said in an advisory released this week, adding it was resolved with improved validation.

The problem has been fixed with improved checks, it added, crediting Michael Jimenez and an anonymous researcher for reporting it.

Users are advised to update to iOS 18.0.1 and iPadOS 18.0.1 to safeguard their de…

2 days, 12 hours назад @ thehackernews.com
U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown
U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown

Microsoft and the U.S. Department of Justice (DoJ) on Thursday announced the seizure of 107 internet domains used by state-sponsored threat actors with ties to Russia to facilitate computer fraud and abuse in the country.

"The Russian government ran this scheme to steal Americans' sensitive information, using seemingly legitimate email accounts to trick victims into revealing account credentials," said Deputy Attorney General Lisa Monaco.

Active since at least 2012, the group is assessed to be an operational unit within Center 18 of the Russian Federal Security Service (FSB).

Parallel to the announcement, Microsoft said it filed a corresponding civil action to seize 66 additional internet d…

3 days, 4 hours назад @ thehackernews.com
How to Get Going with CTEM When You Don't Know Where to Start
How to Get Going with CTEM When You Don't Know Where to Start How to Get Going with CTEM When You Don't Know Where to Start

Continuous Threat Exposure Management (CTEM) is a strategic framework that helps organizations continuously assess and manage cyber risk.

But where the rubber meets the road – especially for CTEM neophytes - implementing CTEM can seem overwhelming.

Stage 3: PrioritizationEffective prioritization is crucial because it ensures that your security teams concentrate on the most impactful threats - ultimately reducing the overall risk to your organization.

CTEM – This is the WayXM Cyber's unified approach to CTEM simplifies implementation by integrating multiple stages into one cohesive platform.

(To learn more about why XM Cyber is the most complete answer to CTEM, grab a copy of our CTEM Buyer'…

3 days, 7 hours назад @ thehackernews.com
Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors
Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors Cloudflare Thwarts Largest-Ever 3.8 Tbps DDoS Attack Targeting Global Sectors

Cloudflare has disclosed that it mitigated a record-breaking distributed denial-of-service (DDoS) attack that peaked at 3.8 terabits per second (Tbps) and lasted 65 seconds.

The hyper-volumetric L3/4 DDoS attacks have been ongoing since early September 2024, it noted, adding they targeted multiple customers in the financial services, Internet, and telecommunication industries.

The previous record for the largest volumetric DDoS attack hit a peak throughput of 3.47 Tbps in November 2021, targeting an unnamed Microsoft Azure customer in Asia.

The surge in frequency of DDoS attacks, primarily due to hacktivist activities targeting global organizations and industries, have also been coupled by …

3 days, 7 hours назад @ thehackernews.com
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks
WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks WordPress LiteSpeed Cache Plugin Security Flaw Exposes Sites to XSS Attacks

A new high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable malicious actors to execute arbitrary JavaScript code under certain conditions.

The flaw, tracked as CVE-2024-47374 (CVSS score: 7.2), has been described as a stored cross-site scripting (XSS) vulnerability impacting all versions of the plugin up to and including 6.5.0.2.

"It could allow any unauthenticated user from stealing sensitive information to, in this case, privilege escalation on the WordPress site by performing a single HTTP request," Patchstack said in a report.

With LiteSpeed Cache boasting over six million active installations, flaws in the plugin pose a lucrative …

3 days, 8 hours назад @ thehackernews.com
Android 14 Adds New Security Features to Block 2G Exploits and Baseband Attacks
Android 14 Adds New Security Features to Block 2G Exploits and Baseband Attacks Android 14 Adds New Security Features to Block 2G Exploits and Baseband Attacks

Google has revealed the various security guardrails that have been incorporated into its latest Pixel devices to counter the rising threat posed by baseband security attacks.

"For instance, malicious actors can employ false base stations to inject fabricated or manipulated network packets.

Google has since introduced a new security feature in Android 14 that allows IT administrators to turn off support for 2G cellular networks in their managed devices.

It has also highlighted the role played by Clang sanitizers (IntSan and BoundSan) in hardening the security of the cellular baseband in Android.

"Similar to stack canaries, CFI makes sure code execution is constrained along a limited number o…

4 days назад @ thehackernews.com
The Secret Weakness Execs Are Overlooking: Non-Human Identities
The Secret Weakness Execs Are Overlooking: Non-Human Identities The Secret Weakness Execs Are Overlooking: Non-Human Identities

On the other hand, we have another type of identity: machine identities, also referenced as non-human identities (NHIs), which account for the vast majority of all identities (it's estimated they outnumber human identities at least by a factor of 45 to 1).

They are overwhelmingly over-privileged and very often 'stale': unlike human identities, NHIs are much more likely to stay long after they have been used.

Accompanying Fortune 500 customers in this process for the past 7 years is what made GitGuardian the industry leader in secrets security.

GitGuardian's partnership with CyberArk Conjur, the leader in secrets management and identity security, is an industry first.

The time to act is now—…

4 days, 2 hours назад @ thehackernews.com
New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking
New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking New Perfctl Malware Targets Linux Servers for Cryptocurrency Mining and Proxyjacking

Linux servers are the target of an ongoing campaign that delivers a stealthy malware dubbed perfctl with the primary aim of running a cryptocurrency miner and proxyjacking software.

It's worth noting that some aspects of the campaign were disclosed last month by Cado Security, which detailed a campaign that targets internet-exposed Selenium Grid instances with both cryptocurrency mining and proxyjacking software.

Specifically, the perfctl malware has been found to exploit a security flaw in Polkit (CVE-2021-4043, aka PwnKit) to escalate privileges to root and drop a miner called perfcc.

The attack chain, as observed by the cloud security firm against its honeypot servers, involves breaching…

4 days, 3 hours назад @ thehackernews.com
threatpost threatpost
последний пост None
DarkReading
последний пост None
WeLiveSecurity
последний пост 3 days, 5 hours назад
The complexities of attack attribution – Week in security with Tony Anscombe
The complexities of attack attribution – Week in security with Tony Anscombe The complexities of attack attribution – Week in security with Tony Anscombe

Attributing a cyberattack to a specific threat actor is no easy task, as highlighted by new ESET research published this week.

ESET experts recently uncovered a new China-aligned APT group that they named CeranaKeeper and that takes aim at governmental institutions in Thailand, leveraging some tools previously attributed to Mustang Panda.

However, a thorough review of the group's tactics, techniques and procedures (TTPs), code, and infrastructure discrepancies suggests that CeranaKeeper and MustangPanda should be tracked as two separate entities.

How exactly were the attacks executed, and what more is there to know about CeranaKeeper and its relentless hunt for data?

Find out in the video a…

3 days, 5 hours назад @ welivesecurity.com
Separating the bee from the panda: CeranaKeeper making a beeline for Thailand
Separating the bee from the panda: CeranaKeeper making a beeline for Thailand Separating the bee from the panda: CeranaKeeper making a beeline for Thailand

Key points of this blogpost: ESET researchers discovered a new China-aligned threat actor, CeranaKeeper, targeting governmental institutions in Thailand.

CeranaKeeper abuses popular, legitimate cloud and file-sharing services such as Dropbox and OneDrive to implement custom backdoors and extraction tools.

Compromising machines in the same networkThe compromise vectors that CeranaKeeper used in the case we analyzed have yet to be found.

Additionally, CeranaKeeper used the compromised server to store updates for TONESHELL, turning it into an update server.

CeranaKeeper uses cloud and file-sharing services for exfiltration and probably relies on the fact that traffic to these popular services …

5 days, 4 hours назад @ welivesecurity.com
Why system resilience should mainly be the job of the OS, not just third-party applications
Why system resilience should mainly be the job of the OS, not just third-party applications Why system resilience should mainly be the job of the OS, not just third-party applications

One point that caught my interest during the ensuing debate was the suggestion that future incidents of this magnitude could be avoided by some form of automated system recovery.

In my view, the recovery process should be the same in all circumstances, regardless of the third-party software (or spark plugs) involved.

The same scenario could be used for all third-party software that has kernel-mode access.

Having a recovery option built into the OS for all third-party software would be more efficient than relying on each software vendor to develop their own solution.

It would, of course, need consultation and collaboration between OS and third-party software vendors to ensure the mechanism f…

6 days, 4 hours назад @ welivesecurity.com
Cybersecurity Awareness Month needs a radical overhaul – it needs legislation
Cybersecurity Awareness Month needs a radical overhaul – it needs legislation Cybersecurity Awareness Month needs a radical overhaul – it needs legislation

Next year’s Cybersecurity Awareness Month could be void of this topic entirely if all companies storing PII are required to enable MFA on all user accounts by default.

However, this is not to say that it’s acceptable to use weak passwords or reuse passwords across sites.

What I am saying instead is that the emphasis on strong and unique passwords will decrease, as the added layer of MFA will greatly help prevent credential theft.

However, GDPR changed this dynamic, as hefty regulatory fines justify the budget for proper data security measures.

Legislation to the rescueNow imagine Cybersecurity Awareness Month next year without the lecturing about basic security practices such as strong and …

6 days, 8 hours назад @ welivesecurity.com
Gamaredon's operations under the microscope – Week in security with Tony Anscombe
Gamaredon's operations under the microscope – Week in security with Tony Anscombe Gamaredon's operations under the microscope – Week in security with Tony Anscombe

ESET research examines the group's malicious wares as used to spy on targets in Ukraine in the past two yearsThis week, ESET researchers published an extensive analysis of the tools and techniques of Gamaredon, a Russia-aligned threat actor that is currently the most active APT group in Ukraine.

Their research examines the group's malicious wares as used to conduct its cyberespionage activities in 2022 and 2023 and answers questions such as:who were the group's most frequent targets?

what kinds of tactics did the group use and how successful were they?

did the group use tried-and-tested tactics or did it innovate heavily?

Learn more in the video and make sure to read the blogpost and the wh…

1 week, 3 days назад @ welivesecurity.com
Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023
Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023 Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023

These tactics pose a significant challenge to tracking efforts, as they make it harder for systems to automatically detect and block the group’s tools.

The lack of sophistication of Gamaredon tools is compensated by frequent updates and use of regularly changing obfuscation.

Despite the relative simplicity of its tools, Gamaredon’s aggressive approach and persistence make it a significant threat.

For a more detailed analysis and technical breakdown of Gamaredon’s tools and activities, you can access the full ESET Research white paper here.

A comprehensive list of indicators of compromise (IoCs) can be found in our GitHub repository and the Gamaredon white paper.

1 week, 4 days назад @ welivesecurity.com
Don’t panic and other tips for staying safe from scareware
Don’t panic and other tips for staying safe from scareware Don’t panic and other tips for staying safe from scareware

How to stay clear of scarewareThe good news is that it isn’t hard to stay safe from scareware.

Keep your browsers and computer software updated and on the latest and most secure version.

Install legitimate security software from a trusted provider to block scareware from your devices.

Remember that legitimate security software vendors won’t flood your screen with a flurry of pop-ups warning you about malware.

Simply run your legitimate security tool to scan for it manually, and follow the prompts for removal.

1 week, 5 days назад @ welivesecurity.com
Time to engage: How parents can help keep their children safe on Snapchat
Time to engage: How parents can help keep their children safe on Snapchat Time to engage: How parents can help keep their children safe on Snapchat

Yet on the flip side of any discussion about social media is online privacy and safety.

Snapchat may also collect information about a user's activity on other services that use its cookies to improve advertising.

Here are some other concerns parents may have with Snapchat:Cyberbullying: It’s a problem on any social media site, just as it is in the real world.

It’s a problem on any social media site, just as it is in the real world.

Adult strangers could theoretically send Snaps or messages to children, and the platform’s Snap Map feature enables kids to share their location.

1 week, 6 days назад @ welivesecurity.com
FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe
FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe FBI, CISA warning over false claims of hacked voter data – Week in security with Tony Anscombe

With just weeks to go before the US presidential election, the FBI and the CISA are warning about attempts to sow distrust in the electoral processWith just weeks to go before the US presidential election, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are urging the public to ignore claims of stolen voter information.

The agencies emphasize that "having access to voter registration data is not by itself an indicator of a voter registration database compromise", as that information can actually be purchased legitimately..What else is there to know about the latest campaigns that attempt to undermine trust in US elections and institu…

2 weeks, 3 days назад @ welivesecurity.com
Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6)
Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6) Influencing the influencers | Unlocked 403 cybersecurity podcast (ep. 6)

VideoInfluencing the influencers | Unlocked 403 cybersecurity podcast (ep.

6)How do analyst relations professionals 'sort through the noise' and help deliver the not-so-secret sauce for a company's success?

We spoke with ESET's expert to find out.

19 Sep 2024

2 weeks, 4 days назад @ welivesecurity.com
Understanding cyber-incident disclosure
Understanding cyber-incident disclosure Understanding cyber-incident disclosure

All the above mandatory disclosure regulations are required within the first day or days of an incident being identified, while the incident is still under investigation and recovery is the business priority.

The examples above are UK regulations, and the mandatory disclosure requirements in most countries are just as stringent.

Understanding regulatory obligations should be a vital part of cyber-incident planning, which in itself rolls up under a wider cyber-resilience plan.

This weaponization of a mandatory disclosure is yet another pressure point inflicted by the bad actor to get a company to pay the demand.

What is needed for a successful cyber insurance model in the dynamic risk enviro…

2 weeks, 5 days назад @ welivesecurity.com
ESET Research Podcast: EvilVideo
ESET Research Podcast: EvilVideo ESET Research Podcast: EvilVideo

Telegram, with nearly a billion monthly users, is a juicy target for cybercriminals, especially if they can exploit a zero-day vulnerability to spread malicious code.

ESET malware researcher Lukáš Štefanko ran into one such exploit – which ESET named EvilVideo – being sold on an underground forum and went in to explore and report it.

In the discussion with our podcast host ESET Distinguished Researcher Aryeh Goretsky, Štefanko describes the findings of his analysis, including the fact that the flaw affected only the Android version of the app but not the versions for Windows and iOS.

If you want to know how Telegram developers reacted to ESET reporting the vulnerability, how long it took to…

2 weeks, 6 days назад @ welivesecurity.com
AI security bubble already springing leaks
AI security bubble already springing leaks AI security bubble already springing leaks

With a recent spate of AI-infested startups launching against a backdrop of pre-acquisition-as-a-service posturing, and stuffed with caches of freshly minted “AI experts” on pre-sale to Big Tech, AI fluff had to go big.

Meanwhile, we’ve always considered AI and machine learning (ML) to be just a spoke in the wheel of security.

Complicating matters further (for the purveyors of fledgling security AI tech, anyway), CISA doesn’t seem wowed by what emerging AI tools could do for federal cyberoperations, either.

It’s not just AI security that’s hard.

But it’s still possible to create some AI security niche product that does something cool – and then sell it to the big guys before your money ball…

3 weeks назад @ welivesecurity.com
CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe
CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe CosmicBeetle joins the ranks of RansomHub affiliates – Week in security with Tony Anscombe

ESET research also finds that CosmicBeetle attempts to exploit the notoriety of the LockBit ransomware gang to advance its own endsThis week, ESET researchers published a deep dive into the recent activities of the CosmicBeetle cybercrime group.

Among other notable things, CosmicBeetle was found to abuse the infamy of the LockBit ransomware gang for its own ends.

This ransomware, however, exhibits decryption issues to the point that it's actually impossible to restore some encrypted files.

How does CosmicBeetle attack its targets and what else is there to know about their recent campaigns?

Learn more in the video and read the full write-up here: CosmicBeetle steps up: Probation period at Ra…

3 weeks, 3 days назад @ welivesecurity.com
6 common Geek Squad scams and how to defend against them
6 common Geek Squad scams and how to defend against them 6 common Geek Squad scams and how to defend against them

Geek Squad scams exposedAll Geek Squad scams are variations on existing themes.

Tech support: One of the oldest scams going is tech support fraud, where victims are often called out of the blue by tech ‘experts’ claiming their machine is compromised with malware.

Geek Squad will never do this out of the blue.

How to stay safe from Geek Squad scamsForewarned is forearmed.

If you receive a phone call out of the blue from Geek Squad, get their name and where they’re calling from, put the phone down and call Geek Squad direct to check.

3 weeks, 5 days назад @ welivesecurity.com
Naked Security Naked Security
последний пост None
Help Net Security Help Net Security
последний пост 4 часа назад
Action1 offers extended endpoint management capabilities for macOS devices
Action1 offers extended endpoint management capabilities for macOS devices Action1 offers extended endpoint management capabilities for macOS devices

As part of its platform enhancements, Action1 has introduced a new agent for macOS, enabling organizations with diverse IT environments to ensure unified, cross-platform patching automation and integrated software vulnerability management.

Now becoming cross-platform, Action1 is revolutionizing macOS patching while consolidating multiple patch management approaches for different platforms.

In addition, it offers extended endpoint management capabilities such as software deployment, scripting, and IT asset inventory for macOS devices.

According to the Action1 Software Vulnerability Ratings Report 2024, macOS experienced a 30% increase in exploited vulnerabilities in 2023, making it increasin…

4 часа назад @ helpnetsecurity.com
Linux systems targeted with stealthy “Perfctl” cryptomining malware
Linux systems targeted with stealthy “Perfctl” cryptomining malware Linux systems targeted with stealthy “Perfctl” cryptomining malware

Thousands of Linux systems are likely infected with the highly elusive and persistent “perfctl” (or “perfcc“) cryptomining malware and many others still could be at risk of getting compromised, Aqua Security researchers revealed last week.

“Perfctl” malwareThough the actual cryptomining is performed by XMRIG Monero cryptomining software, the name of the malware – perfctl – was derived from the name of the cryptominer process established on affected systems.

“[We] have also observed the malware serving as a backdoor to install other families of malware,” the researchers noted.

Spotting “perfctl” malware on your system can be achieved through inspection of directories, processes, system logs …

4 часа назад @ helpnetsecurity.com
The case for enterprise exposure management
The case for enterprise exposure management The case for enterprise exposure management

Recently, a new framework of cybersecurity practices and tools has emerged – exposure management (EM).

The following three principles provide the path away from EASM towards exposure management.

Operational simplicity – Reducing mean-time-to-repair (MTTR) is vital for exposure management.

The path from legacy EASM to emerging exposure management is more than a question of semantics.

As such, exposure management is more than just Gartner’s “next big thing”; it’s the most viable approach to securing your organization’s assets and reputation.

12 часов назад @ helpnetsecurity.com
Transforming cloud security with real-time visibility
Transforming cloud security with real-time visibility Transforming cloud security with real-time visibility

In this Help Net Security interview, Amiram Shachar, CEO at Upwind, discusses the complexities of cloud security in hybrid and multi-cloud environments.

To achieve that, security teams need deep visibility into configurations, behaviors, and context of their infrastructure (cloud or on-prem), workloads, and applications.

Misconfigurations and lack of visibility are some of the biggest challenges in cloud security.

How can CIOs and CISOs balance business innovation and speed with the need to implement cloud security measures, especially in fast-moving cloud deployments?

Balancing business innovation with the need for robust cloud security is one of the top priorities for CIOs and CISOs.

12 часов назад @ helpnetsecurity.com
Rspamd: Open-source spam filtering system
Rspamd: Open-source spam filtering system Rspamd: Open-source spam filtering system

Rspamd is an open-source spam filtering and email processing framework designed to evaluate messages based on a wide range of rules, including regular expressions, statistical analysis, and integrations with custom services like URL blacklists.

The system analyzes each message and assigns a verdict, which the MTA can use to take further actions, such as rejecting the message or adding a spam indicator header.

Additionally, Rspamd provides valuable information like potential DKIM signatures and suggested message modifications, enhancing overall email security and handling.

Rspamd can function as a Milter, enabling seamless integration with popular MTA systems like Postfix and Sendmail.

It of…

13 часов назад @ helpnetsecurity.com
SOC teams are frustrated with their security tools
SOC teams are frustrated with their security tools SOC teams are frustrated with their security tools

This creates more opportunities for attackers and challenges for security teams who are already struggling with security alert noise and false positives.

SOC teams struggle with security toolsSOC teams are increasingly frustrated with their current security tools, which are causing more challenges than they solve.

60% of SOC practitioners say vendors are selling threat detection tools that create too much noise and too many alerts, while 71% say vendors need to take more responsibility for failing to stop a breach.

Adoption and trust in AI for threat detection is growingSOCs are increasingly adopting AI to improve threat detection and response, driven by a growing trust in AI’s capabilities…

13 часов назад @ helpnetsecurity.com
Meet the shared responsibility model with new CIS resources
Meet the shared responsibility model with new CIS resources Meet the shared responsibility model with new CIS resources

Depending on the cloud services you’re using, you’re responsible for configuring different things.

But much has changed in the past few years since we released guidance — the first of its kind that the Center for Internet Security (CIS) published on the shared responsibility model.

Tailored security measures aligned to cloud componentsWe’ve expanded guidance on cloud components with the new CIS Cloud Service Category Benchmarks and additional CIS Foundations Benchmarks.

Take the next step in your cloud security programWe continue to build security guidance in cloud computing environments.

With the releases discussed above, we’re taking it a step further to include CIS Kubernetes, Container,…

14 часов назад @ helpnetsecurity.com
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast
Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations.

Businesses turn to private AI for enhanced security and data managementIn this Help Net Security interview, Joe Baguley, CTO EMEA at Broadcom, shares insights on private AI and its significance in data security.

What bots mean for businesses and consumersIn this Help Net Security video, Antoine Vastel, VP of Research at DataDome, explains what bots mean for businesses and consumers online.

Whitepaper: Reach higher in your career with cloud securityThe cybersecuri…

1 day, 9 hours назад @ helpnetsecurity.com
100+ domains seized to stymie Russian Star Blizzard hackers
100+ domains seized to stymie Russian Star Blizzard hackers 100+ domains seized to stymie Russian Star Blizzard hackers

Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor.

Example of Star Blizzard phishing email (Source: Microsoft)“[Star Blizzard] meticulously study their targets and pose as trusted contacts to achieve their goals.

Disrupting Star Blizzard operationsMicrosoft, along with the NGO Information Sharing and Analysis Center, were granted permission to seize 66 internet domains used by Star Blizzard, while the US Justice Department simultaneously seized 41.

Microsoft is not under the illusion that seizing the domain will stop Star Blizzard, but this successful legal action will allow them to quickly disrupt any new infrast…

3 days, 6 hours назад @ helpnetsecurity.com
October 2024 Patch Tuesday forecast: Recall can be recalled
October 2024 Patch Tuesday forecast: Recall can be recalled October 2024 Patch Tuesday forecast: Recall can be recalled

This release also introduces Windows 11 Enterprise LTSC 2024, which follows the last LTSC release, Windows 10 Enterprise LTSC 2021.

Last month’s updatesSeptember 2024 Patch Tuesday provided updates addressing 31 CVEs in Windows 11 and 45 CVEs in Windows 10.

The final updates for Windows 11, 21H2 Enterprise and Education versions, and Windows 11 22H2 Home and Professional are coming next week.

October 2024 Patch Tuesday forecastThe usual updates are expected from Microsoft, including one for the new Windows 11 24H2.

This should be a pretty easy October 2024 Patch Tuesday with only Microsoft and Google in the forecast.

3 days, 12 hours назад @ helpnetsecurity.com
Best practices for implementing threat exposure management, reducing cyber risk exposure
Best practices for implementing threat exposure management, reducing cyber risk exposure Best practices for implementing threat exposure management, reducing cyber risk exposure

In this Help Net Security interview, Sanaz Yashar, CEO at Zafran, discusses the role of threat exposure management (TEM) in modern cybersecurity strategies.

As traditional vulnerability management evolves, TEM addresses the overwhelming risks arising from expanded attack surfaces and fragmented security tools.

Why has Threat Exposure Management (TEM) become critical in modern cybersecurity strategies?

Threat exposure management is the evolution of traditional vulnerability management.

Threat exposure management is essential because it continuously identifies and prioritizes risks—such as vulnerabilities and misconfigurations—across all assets, using the risk context applicable to your organ…

3 days, 13 hours назад @ helpnetsecurity.com
MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more!
MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more! MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more!

MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection.

At its core, the project features a custom-built C# LDAP parser designed for tokenization and syntax tree parsing.

It also incorporates specialized properties to ensure precise obfuscation, deobfuscation, and detection of LDAP SearchFilters.

Complementing this is a PowerShell wrapper, crafted for flexibility and randomization, with pipeline capabilities that allow seamless integration of all desired functions within a single command.

Required packages: PowerShell 7.1, .NET 6.0 (LTS).

3 days, 13 hours назад @ helpnetsecurity.com
Cybercriminals capitalize on poorly configured cloud environments
Cybercriminals capitalize on poorly configured cloud environments Cybercriminals capitalize on poorly configured cloud environments

Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface, according to Elastic.

Adversaries are utilizing off-the-shelf toolsOffensive security tools (OSTs), including Cobalt Strike and Metasploit, made up ~54% of observed malware alerts.

Credential access accounted for ~23% of all cloud behaviors, primarily in Microsoft Azure environments.

“Adversaries are more focused on abusing security tools and investing in legitimate credential gathering to act on their objectives, which reinforces the need for organizations to have well-tuned security capabilities and policies.

As a result, there’s been an explosion of no- to low-experience…

3 days, 13 hours назад @ helpnetsecurity.com
New infosec products of the week: October 4, 2024
New infosec products of the week: October 4, 2024 New infosec products of the week: October 4, 2024

Here’s a look at the most interesting products from the past week, featuring releases from Balbix, Halcyon, Metomic, Red Sift, SAFE Security, Veeam Software, and Legit Security.

Powered by AI, it delivers instant answers on an organization’s cyber risk posture and offers personalized risk mitigation recommendations.

Red Sift Radar diagnoses issues through AI-powered insightsRed Sift Radar simplifies complex cybersecurity queries with its intuitive LLM-powered chat interface.

Veeam Recon Scanner identifies adversary tactics, techniques, and proceduresAs part of Veeam Data Platform Premium, Recon Scanner offers customers the ability to identify threats before they can cause damage.

It also ma…

3 days, 14 hours назад @ helpnetsecurity.com
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824) Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency has confirmed by adding the bug to its Known Exploited Vulnerabilities catalog.

Ivanti did the same by updating the relevant security advisory to say that they are aware of a limited number of customers who have been exploited.

They all affect the core server of Ivanti EPM 2022 SU5 and prior versions, can lead to code execution in the context of the service account, and all have been fixed through a security hot patch.

The addition of CVE-2024-29824 to the KEV catalog means that all US federal civili…

4 days, 2 hours назад @ helpnetsecurity.com
IT Security Guru IT Security Guru
последний пост 1 month, 2 weeks назад
How Immigration Can Solve America’s Cybersecurity Shortage
How Immigration Can Solve America’s Cybersecurity Shortage How Immigration Can Solve America’s Cybersecurity Shortage

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

1 month, 2 weeks назад @ itsecurityguru.org
Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days
Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

1 month, 2 weeks назад @ itsecurityguru.org
The 8 Most Common Website Design Mistakes According to Pros
The 8 Most Common Website Design Mistakes According to Pros The 8 Most Common Website Design Mistakes According to Pros

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

1 month, 2 weeks назад @ itsecurityguru.org
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack Dodging the Cyber Bullet: Early Signs of a Ransomware Attack

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

1 month, 2 weeks назад @ itsecurityguru.org
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves Cyber insurance claims fall as businesses refuse ransom payments and recover themselves

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

1 month, 2 weeks назад @ itsecurityguru.org
AI-powered cyber threats are too overpowering for over 50% of security teams
AI-powered cyber threats are too overpowering for over 50% of security teams AI-powered cyber threats are too overpowering for over 50% of security teams

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

1 month, 3 weeks назад @ itsecurityguru.org
New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands
New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

1 month, 3 weeks назад @ itsecurityguru.org
New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity
New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

1 month, 3 weeks назад @ itsecurityguru.org
Kicking cyber security down the road can come back to bite you
Kicking cyber security down the road can come back to bite you Kicking cyber security down the road can come back to bite you

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

1 month, 3 weeks назад @ itsecurityguru.org
What skills can cyber security experts develop to adapt to AI and quantum computing?
What skills can cyber security experts develop to adapt to AI and quantum computing? What skills can cyber security experts develop to adapt to AI and quantum computing?

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

1 month, 3 weeks назад @ itsecurityguru.org
HealthEquity Data Breach Compromises Customer Information
HealthEquity Data Breach Compromises Customer Information

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

2 months, 1 week назад @ itsecurityguru.org
Accenture and SandboxAQ Expand Cybersecurity Partnership
Accenture and SandboxAQ Expand Cybersecurity Partnership

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

2 months, 1 week назад @ itsecurityguru.org
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

2 months, 1 week назад @ itsecurityguru.org
Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester
Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

2 months, 1 week назад @ itsecurityguru.org
Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands
Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

2 months, 1 week назад @ itsecurityguru.org
SecurityTrails
последний пост None
Блоги 👨‍💻
Бизнес без опасности Бизнес без опасности
последний пост None
Жизнь 80 на 20 Жизнь 80 на 20
последний пост None
ZLONOV ZLONOV
последний пост None
Блог Артема Агеева Блог Артема Агеева
последний пост None
Киберпиздец Киберпиздец
последний пост None
Schneier on Security Schneier on Security
последний пост 6 часов назад
Largest Recorded DDoS Attack is 3.8 Tbps
Largest Recorded DDoS Attack is 3.8 Tbps Largest Recorded DDoS Attack is 3.8 Tbps

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

6 часов назад @ schneier.com
Friday Squid Blogging: Map of All Colossal Squid Sightings
Friday Squid Blogging: Map of All Colossal Squid Sightings Friday Squid Blogging: Map of All Colossal Squid Sightings

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 days, 20 hours назад @ schneier.com
Weird Zimbra Vulnerability
Weird Zimbra Vulnerability Weird Zimbra Vulnerability

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

4 days, 6 hours назад @ schneier.com
California AI Safety Bill Vetoed
California AI Safety Bill Vetoed California AI Safety Bill Vetoed

California AI Safety Bill VetoedGovernor Newsom has vetoed the state’s AI safety bill.

There’s a lot to like about it, and I want governments to regulate in this space.

(Related, the Council of Europe treaty on AI is ready for signature.

It’ll be legally binding when signed, and it’s a big deal.)

Posted on October 2, 2024 at 7:01 AM • 0 Comments

5 days, 6 hours назад @ schneier.com
Hacking ChatGPT by Planting False Memories into Its Data
Hacking ChatGPT by Planting False Memories into Its Data Hacking ChatGPT by Planting False Memories into Its Data

Hacking ChatGPT by Planting False Memories into Its DataThis vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user.

A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model.

This time, he included a PoC that caused the ChatGPT app for macOS to send a verbatim copy of all user input and ChatGPT output to a server of his choice.

All a target needed to do was instruct the LLM to view a web link that hosted a malicious image.

From then on, all input and output to and from ChatGPT was sent to the attack…

6 days, 6 hours назад @ schneier.com
AI and the 2024 US Elections
AI and the 2024 US Elections AI and the 2024 US Elections

A Republican FCC commissioner alleged that the Democratic National Committee was orchestrating the rule change because Democrats are falling behind the GOP in using AI in elections.

Plus, he argued, this was the Federal Election Commission’s job to do.

The Federal Trade Commission has jurisdiction over truth in advertising, but political ads are largely exempt—again, part of our First Amendment tradition.

This makes it conceivable that something might be done, but probably not until after the 2024 election and only if legislators overcome major roadblocks.

The Protect Elections From Deceptive AI Act would ban materially deceptive AI-generated content from federal elections, as in California…

1 week назад @ schneier.com
Squid Fishing in Japan
Squid Fishing in Japan Squid Fishing in Japan

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 2 days назад @ schneier.com
NIST Recommends Some Common-Sense Password Rules
NIST Recommends Some Common-Sense Password Rules NIST Recommends Some Common-Sense Password Rules

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 3 days назад @ schneier.com
An Analysis of the EU’s Cyber Resilience Act
An Analysis of the EU’s Cyber Resilience Act An Analysis of the EU’s Cyber Resilience Act

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 4 days назад @ schneier.com
New Windows Malware Locks Computer in Kiosk Mode
New Windows Malware Locks Computer in Kiosk Mode New Windows Malware Locks Computer in Kiosk Mode

Clever:A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.

Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys.

The goal is to frustrate the user enough that they enter and save their Google credentials in the browser to “unlock” the computer.

Once credentials are saved, the StealC information-stealing malware steals them from the credential store and sends them back to the attacker.

1 week, 5 days назад @ schneier.com
Israel’s Pager Attacks and Supply Chain Vulnerabilities
Israel’s Pager Attacks and Supply Chain Vulnerabilities Israel’s Pager Attacks and Supply Chain Vulnerabilities

Israel used this tactic against a Hamas bomb maker in 1996 and a Fatah activist in 2000.

The National Security Agency has intercepted communications equipment in transit and modified it not for destructive purposes but for eavesdropping.

More than a decade ago, the US military investigated the security risks of using Chinese parts in its equipment.

We can’t imagine Washington passing a law requiring iPhones to be made entirely in the United States.

And developed countries like the United States will be especially vulnerable, simply because of the sheer number of vulnerable devices we have.

1 week, 6 days назад @ schneier.com
Hacking the “Bike Angels” System for Moving Bikeshares
Hacking the “Bike Angels” System for Moving Bikeshares Hacking the “Bike Angels” System for Moving Bikeshares

Hacking the “Bike Angels” System for Moving BikesharesI always like a good hack.

Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones.

At 10 a.m. on a Tuesday last month, seven Bike Angels descended on the docking station at Broadway and 53rd Street, across from the Ed Sullivan Theater.

The algorithm, mistaking this manufactured setup for a true emergency, offered the maximum incentive: $4.80 for every bike returned to the Ed Sullivan Theater.

Thinking aloud, it could try to detect this sort of behavior in the Bike Angels data—and then ban people who are deliberately trying to game the system.

2 weeks назад @ schneier.com
Friday Squid Blogging: Squid Game Season Two Teaser
Friday Squid Blogging: Squid Game Season Two Teaser Friday Squid Blogging: Squid Game Season Two Teaser

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks, 2 days назад @ schneier.com
Clever Social Engineering Attack Using Captchas
Clever Social Engineering Attack Using Captchas Clever Social Engineering Attack Using Captchas

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks, 3 days назад @ schneier.com
FBI Shuts Down Chinese Botnet
FBI Shuts Down Chinese Botnet FBI Shuts Down Chinese Botnet

The FBI has shut down a botnet run by Chinese hackers:The botnet malware infected a number of different types of internet-connected devices around the world, including home routers, cameras, digital video recorders, and NAS drives.

Those devices were used to help infiltrate sensitive networks related to universities, government agencies, telecommunications providers, and media organizations….

The botnet was launched in mid-2021, according to the FBI, and infected roughly 260,000 devices as of June 2024.

The U.S. Department of Justice received a court order to take control of the botnet infrastructure by sending disabling commands to the malware on infected devices.

The hackers tried to coun…

2 weeks, 4 days назад @ schneier.com
Krebs On Security
последний пост 4 days, 4 hours назад
A Single Cloud Compromise Can Feed an Army of AI Sex Bots
A Single Cloud Compromise Can Feed an Army of AI Sex Bots A Single Cloud Compromise Can Feed an Army of AI Sex Bots

Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services.

Within minutes, their bait key was scooped up and used to power a service that offers AI-powered sex chats online.

But over the past six months, Ahl said, Bedrock has emerged as one of the top targeted cloud services.

“Bad guy hosts a chat service, and subscribers pay them money,” Ahl said of the business model for commandeering Bedrock access to power sex chat bots.

In June 2024, security experts at Sysdig documented a new attack that leveraged stolen cl…

4 days, 4 hours назад @ krebsonsecurity.com
Crooked Cops, Stolen Laptops & the Ghost of UGNazi
Crooked Cops, Stolen Laptops & the Ghost of UGNazi Crooked Cops, Stolen Laptops & the Ghost of UGNazi

“Damn my guy actually filed the warrant,” Iza allegedly texted someone after the location warrant was entered.

Iza’s indictment says he also harassed a man identified only as T.W., and refers to T.W.

According to the feds, Iza paid the associate $50,000 to craft the event to his liking, but on the day of the party Iza allegedly told R.C.

balked, Iza allegedly surrounded the man with armed LASD officers, who then extracted the payment by seizing his phone.

The complaint says Iza ran this business with another individual identified only as “T.H.,” and that at some point T.H.

6 days, 19 hours назад @ krebsonsecurity.com
U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex
U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex

Joker’s Stash also was unique because it claimed to sell only payment cards that its own hackers had stolen directly from merchants.

At the time, card shops typically resold payment cards that were stolen and supplied by many third-party hackers of unknown reliability or reputation.

BRIANS CLUBIn late 2015, a major competitor to Joker’s Stash emerged using UAPS for its back-end payments: BriansClub.

Experts say most of those ATM inflows to Cryptex are bitcoin ATM cash deposits from customers of carding websites like BriansClub and Jokers Stash.

Treasury’s Financial Crimes Enforcement Network (FinCEN) levied sanctions today against PM2BTC under a powerful new “Section 9714” authority include…

1 week, 4 days назад @ krebsonsecurity.com
Timeshare Owner? The Mexican Drug Cartels Want You
Timeshare Owner? The Mexican Drug Cartels Want You Timeshare Owner? The Mexican Drug Cartels Want You

This is the story of a couple who recently lost more than $50,000 to an ongoing timeshare scam that spans at least two dozen phony escrow, title and realty firms.

Mrs. Dimitruk even sent them a $5,000 wire to pay off her remaining balance on the timeshare they thought they were selling.

The FBI warns the timeshare fraud schemes have been linked to the Jalisco New Generation drug cartel in Mexico.

But after acknowledging it could help prevent harm to other would-be victims, Mr. Dimitruk said he would consider it.

If you are the victim of a timeshare scam like this, please consider filing a report with the FBI’s Internet Crime Complaint Center (IC3), at ic3.gov.

1 week, 5 days назад @ krebsonsecurity.com
This Windows PowerShell Phish Has Scary Potential
This Windows PowerShell Phish Has Scary Potential This Windows PowerShell Phish Has Scary Potential

Many GitHub users this week received a novel phishing email warning of critical security holes in their code.

While it’s unlikely that many programmers fell for this scam, it’s notable because less targeted versions of it are likely to be far more successful against the average Windows user.

A reader named Chris shared an email he received this week that spoofed GitHub’s security team and warned: “Hey there!

Step 3 — pressing the “Enter” key — causes Windows to launch a PowerShell command, and then fetch and execute a malicious file from github-scanner[.

Still, it wouldn’t hurt to share this article with the Windows users in your life who fit the less-savvy profile.

2 weeks, 3 days назад @ krebsonsecurity.com
Scam ‘Funeral Streaming’ Groups Thrive on Facebook
Scam ‘Funeral Streaming’ Groups Thrive on Facebook Scam ‘Funeral Streaming’ Groups Thrive on Facebook

Scammers are flooding Facebook with groups that purport to offer video streaming of funeral services for the recently deceased.

George said their friend’s funeral service page on Facebook included a link to the supposed live-streamed service at livestreamnow[.

]com, which displays links to multiple funeral service streaming groups on Facebook.

for a town social event this summer called Plympton Night Out was quickly made into two different Facebook groups that informed visitors they could stream the festivities at either espnstreamlive[.

The “browser history” folder from the admin of Apkdownloadweb shows Khondokar recently left a comment on the Facebook page of Mohammod Mehedi Hasan, and Kh…

2 weeks, 5 days назад @ krebsonsecurity.com
The Dark Nexus Between Harm Groups and ‘The Com’
The Dark Nexus Between Harm Groups and ‘The Com’ The Dark Nexus Between Harm Groups and ‘The Com’

Top Com members are constantly sniping over who pulled off the most impressive heists, or who has accumulated the biggest pile of stolen virtual currencies.

Some of the largest such known groups include CVLT, Court, Kaskar, Leak Society, 7997, 8884, 2992, 6996, 555, Slit Town, 545, 404, NMK, 303, and H3ll.

“The abuse perpetrated by members of com groups is extreme,” Wired’s Ali Winston wrote.

Beige group members also have claimed credit for a breach at the domain registrar GoDaddy.

Prosecutors allege Kalana Limkin, 18, of Hilo, Hawaii, admitted he was an associate of CVLT and 764, and that he was the founder of a splinter harm group called Cultist.

3 weeks, 3 days назад @ krebsonsecurity.com
Bug Left Some Windows PCs Dangerously Unpatched
Bug Left Some Windows PCs Dangerously Unpatched Bug Left Some Windows PCs Dangerously Unpatched

Microsoft Corp. today released updates to fix at least 79 security vulnerabilities in its Windows operating systems and related software, including multiple flaws that are already showing up in active attacks.

Microsoft also corrected a critical bug that has caused some Windows 10 PCs to remain dangerously unpatched against actively exploited vulnerabilities for several months this year.

Those include Windows 10 systems that installed the monthly security update for Windows released in March 2024, or other updates released until August 2024.

“To correct this issue, users need to apply both the September 2024 Servicing Stack Update and the September 2024 Windows Security Updates,” Narang sai…

3 weeks, 5 days назад @ krebsonsecurity.com
Sextortion Scams Now Include Photos of Your Home
Sextortion Scams Now Include Photos of Your Home Sextortion Scams Now Include Photos of Your Home

The missive threatens to release the video to all of your contacts unless you pay a Bitcoin ransom.

In this case, the ransom demand is just shy of $2,000, payable by scanning a QR code embedded in the email.

Following a salutation that includes the recipient’s full name, the start of the message reads, “Is visiting [recipient’s street address] a more convenient way to contact if you don’t take action.

Nice location btw.” Below that is the photo of the recipient’s street address.

Previous innovations in sextortion customization involved sending emails that included at least one password they had previously used at an account online that was tied to their email address.

1 month назад @ krebsonsecurity.com
Owners of 1-Time Passcode Theft Service Plead Guilty
Owners of 1-Time Passcode Theft Service Plead Guilty Owners of 1-Time Passcode Theft Service Plead Guilty

]agency, a once popular online service that helped attackers intercept the one-time passcodes (OTPs) that many websites require as a second authentication factor in addition to passwords.

Launched in November 2019, OTP Agency was a service for intercepting one-time passwords needed to log in to various websites.

KrebsOnSecurity profiled OTP Agency in a February 2021 story about arrests tied to another phishing-related service based in the U.K.

Within hours of that publication, OTP Agency shuttered its website and announced it was closing up shop and purging its user database.

NCA investigators said more than 12,500 people were targeted by OTP Agency users during the 18 month the service was…

1 month назад @ krebsonsecurity.com
When Get-Out-The-Vote Efforts Look Like Phishing
When Get-Out-The-Vote Efforts Look Like Phishing When Get-Out-The-Vote Efforts Look Like Phishing

“We have you in our records as not registered to vote,” the unbidden SMS advised.

WDIV even interviewed a seventh-grader from Canada who said he also got the SMS saying he wasn’t registered to vote.

Another version of this SMS campaign told recipients to check their voter status at a site called votewin.org, which DomainTools says was registered July 9, 2024.

The same voter registration query form advertised in the SMS messages is available if one clicks the “check your registration status” link on voteamerica.org.

Cleaver said her office had received several inquiries about the messages, which violate a key tenet of election outreach: Never tell the recipient what their voter status may be.

1 month, 1 week назад @ krebsonsecurity.com
New 0-Day Attacks Linked to China’s ‘Volt Typhoon’
New 0-Day Attacks Linked to China’s ‘Volt Typhoon’ New 0-Day Attacks Linked to China’s ‘Volt Typhoon’

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers.

Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the ability to disrupt communications between the United States and Asia during any future armed conflict with China.

Versa Director systems are primarily used by Internet service providers (ISPs), as well as managed service providers (MSPs) that cater to the IT needs of many small to mid-sized businesses simultaneously.

In January 2024, the U.S. Department of Justice disclosed the F…

1 month, 1 week назад @ krebsonsecurity.com
Local Networks Go Global When Domain Names Collide
Local Networks Go Global When Domain Names Collide Local Networks Go Global When Domain Names Collide

The proliferation of new top-level domains (TLDs) has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didn’t exist at the time.

But problems can arise when an organization has built their Active Directory network on top of a domain they don’t own or control.

From then on, anyone who registered company.llc would be able to passively intercept that organization’s Microsoft Windows credentials, or actively modify those connections in some way — such as redirecting them somewhere malicious.

When Caturegli discovered an encryption certificate being actively used for the domain memrtcc.…

1 month, 2 weeks назад @ krebsonsecurity.com
National Public Data Published Its Own Passwords
National Public Data Published Its Own Passwords National Public Data Published Its Own Passwords

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online.

KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.

Very informative.”The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment.

This is notable because the leaked…

1 month, 2 weeks назад @ krebsonsecurity.com
NationalPublicData.com Hack Exposes a Nation’s Data
NationalPublicData.com Hack Exposes a Nation’s Data NationalPublicData.com Hack Exposes a Nation’s Data

Many media outlets mistakenly reported that the National Public data breach affects 2.9 billion people (that figure actually refers to the number of rows in the leaked data sets).

TWISTED HISTORYWhere did National Public Data get its consumer data?

It remains unclear how thieves originally obtained these records from National Public Data.

USDoD said the data stolen from National Public Data had traded hands several times since it was initially stolen in December 2023.

The breach at National Public Data may not be the worst data breach ever.

1 month, 3 weeks назад @ krebsonsecurity.com
Graham Cluley Graham Cluley
последний пост 1 час назад
Your robot vacuum cleaner might be spying on you
Your robot vacuum cleaner might be spying on you

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

1 час назад @ bitdefender.com
Sellafield nuclear site hit with £332,500 fine after “significant cybersecurity shortfalls”
Sellafield nuclear site hit with £332,500 fine after “significant cybersecurity shortfalls” Sellafield nuclear site hit with £332,500 fine after “significant cybersecurity shortfalls”

The UK's Sellafield nuclear waste processing and storage site has been fined £332,500 by regulators after its IT systems were found to have been left vulnerable to hackers and unauthorised access for years.

The Office for Nuclear Regulation (ONR) described the Sellafield site as "one of Europe's largest industrial complexes, managing more radioactive waste in one place than any other nuclear facility in the world."

These included a failure by Sellafield to ensure there was adequate protection of sensitive nuclear information on its network.

“We take cyber security extremely seriously at Sellafield, as reflected in our guilty pleas," said Sellafield spokesperson Matt Legg.

“We’ve already mad…

3 days, 9 hours назад @ bitdefender.com
Tick tock.. Operation Cronos arrests more LockBit ransomware gang suspects
Tick tock.. Operation Cronos arrests more LockBit ransomware gang suspects

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

4 days, 4 hours назад @ tripwire.com
Smashing Security podcast #387: Breaches in your genes, and Kaspersky switcheroo raises a red flag
Smashing Security podcast #387: Breaches in your genes, and Kaspersky switcheroo raises a red flag Smashing Security podcast #387: Breaches in your genes, and Kaspersky switcheroo raises a red flag

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

4 days, 18 hours назад @ grahamcluley.com
The AI Fix #18: ChatGPT’s false memories, and would an inner critic stop AI hallucinations?
The AI Fix #18: ChatGPT’s false memories, and would an inner critic stop AI hallucinations? The AI Fix #18: ChatGPT’s false memories, and would an inner critic stop AI hallucinations?

Mark discovers what Darth Vader really said on Cloud City, Graham rummages through ChatGPT’s false memories, and our hosts find out why AIs need an inner critic.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Hosts:Graham Cluley – @gcluleyMark Stockley – @markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @TheAIFix, subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

Follow Grah…

6 days назад @ grahamcluley.com
British man used genealogy websites to fuel alleged hacking and insider trading scheme
British man used genealogy websites to fuel alleged hacking and insider trading scheme British man used genealogy websites to fuel alleged hacking and insider trading scheme

39-year-old Robert Westbrook is said to have used genealogy websites to gather personal information about company executives, which he then used to break into their email accounts and steal confidential corporate data.

This insider information, it is alleged, was then used by Westbrook to generate over $3 million by making profitable trades on the stock market before it became known to the general public.

Despite Westbrook's efforts to conceal his identity through the use of VPNs, anonymous email accounts, and cryptocurrency payments, his alleged scheme was ultimately uncovered by experts at the SEC.

According to reports, Westbrook is also said to have subscribed to at least five CAPTCHA-so…

1 week назад @ bitdefender.com
Deepfake Ukrainian diplomat targeted US senator on Zoom call
Deepfake Ukrainian diplomat targeted US senator on Zoom call Deepfake Ukrainian diplomat targeted US senator on Zoom call

The chair of the United States Foreign Relations Committee was targeted by a sophisticated deepfake operation which impersonated a top Ukrainian official in what was an apparent attempt at election interference.

The office of Ben Cardin, the Democratic Senator for Maryland, reportedly received an email on Thursday September 19 from someone claiming to be former Ukrainian Foreign Affairs Minister Dmytro Kuleba, requesting a Zoom call.

According to Punchbowl News, which first reported the news, Senator Cardin and his staff were faced with bizarre questions such as "Do you support long-range missiles into Russian territory?

The security office warning sent to senior Senate staff underlined tha…

1 week, 3 days назад @ bitdefender.com
When UK rail stations’ Wi-Fi was defaced by hackers the only casualty was the truth
When UK rail stations’ Wi-Fi was defaced by hackers the only casualty was the truth When UK rail stations’ Wi-Fi was defaced by hackers the only casualty was the truth

If you believed some of the news headlines in the UK on Thursday, you would think that something much more serious had happened.

Yes, it is true that the public Wi-Fi systems at 19 UK railways stations was hacked this week.

The hackers could have made a bogus login page and attempted to steal personal identifiable information and passwords.

The hackers could have attempted to dupe travellers into believing they had won a lottery or promoted a cryptocurrency scam.

The hackers could even have displayed a fake payment page and attempted to grift a few pounds from commuters.

1 week, 4 days назад @ bitdefender.com
CISA warns hackers targeting industrial systems with “unsophisticated methods” as claims made of Lebanon water hack
CISA warns hackers targeting industrial systems with “unsophisticated methods” as claims made of Lebanon water hack

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

1 week, 4 days назад @ tripwire.com
Smashing Security podcast #386: The $230 million crypto handbag heist, and misinformation on social media
Smashing Security podcast #386: The $230 million crypto handbag heist, and misinformation on social media Smashing Security podcast #386: The $230 million crypto handbag heist, and misinformation on social media

And social media comes under the spotlight once more, as we ask if you are delving into misinformation in your most private moments…All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get $1000 off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the…

1 week, 4 days назад @ grahamcluley.com
Warnings after new Valencia ransomware group strikes businesses and leaks data
Warnings after new Valencia ransomware group strikes businesses and leaks data

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

1 week, 6 days назад @ tripwire.com
The AI Fix #17: Why AI is an AWFUL writer and LinkedIn’s outrageous land grab
The AI Fix #17: Why AI is an AWFUL writer and LinkedIn’s outrageous land grab The AI Fix #17: Why AI is an AWFUL writer and LinkedIn’s outrageous land grab

News and views from the world of artificial intelligence.

Graham explains how his career in fashion came to an end, LinkedIn morphs into a feather-duster-wielding polyphase avatron with an insatiable appetite for B2B sales, and Mark delves into the intricate tapestry of terrible AI writing.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Hosts:Graham Cluley – @gcluleyMark Stockley – @markstockleyEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow Graham Cluley on Twitter, Mastodon, or Threads to re…

1 week, 6 days назад @ grahamcluley.com
Citing security fears, Ukraine bans Telegram on government and military devices
Citing security fears, Ukraine bans Telegram on government and military devices Citing security fears, Ukraine bans Telegram on government and military devices

The government of Ukraine imposed a ban on the Telegram messaging app being used on official devices belonging to government officials, military staff, and critical infrastructure workers, citing security fears.

In an announcement on Friday, Ukraine's National Security and Defence Council (Rnbo) claimed that Telegram posed a security threat to the nation, particularly during the war between Russia and Ukraine.

The restrictions on using Telegram only appear applicable to official devices, not when the messaging app is used on personal phones.

Also, any officials whose work duties include the use of the app (such as those who maintain and update Ukraine's official Telegram pages) are exempt f…

1 week, 6 days назад @ bitdefender.com
Two men arrested one month after $230 million of cryptocurrency stolen from a single victim
Two men arrested one month after $230 million of cryptocurrency stolen from a single victim Two men arrested one month after $230 million of cryptocurrency stolen from a single victim

Two men have been arrested by the FBI and charged in relation to their alleged involvement in a scam which saw almost a quarter of a billion dollars worth of cryptocurrency stolen from a single victim.

20-year-old Malone Lam of Miami, and Jeandiel Serrano, 21, of Los Angeles, are charged with conspiring to steal and launder 3,100 Bitcoin (worth over $230 million) from a victim in Washington DC in August 2024.

Videos posted on social media showed armed FBI officers raid a property in Miami, seizing luxury cars.

Lam and Serrano are accused with conspiring with others to steal cryptocurrency and then launder their ill-gotten gains through exchanges and mixing services.

Cryptocurrency investiga…

1 week, 6 days назад @ bitdefender.com
Cybersecurity and compliance: The dynamic duo of 2024
Cybersecurity and compliance: The dynamic duo of 2024 Cybersecurity and compliance: The dynamic duo of 2024

It’s almost the end of 2024, and one thing is clear: cybersecurity and compliance are no longer optional; they’re inseparable pillars of survival.

Think about it—without the right tools, cybersecurity and compliance are like scaling a mountain in flip-flops.

Enter ManageEngine: Your Cybersecurity and Compliance SaviorIn the midst of this chaos, ManageEngine has proven itself as a trusted partner for organizations grappling with the twin challenges of compliance and cybersecurity.

If this year has shown us anything, it’s that failing to prioritize both cybersecurity and compliance is a recipe for disaster.

That’s why ManageEngine is hosting an exclusive webinar, diving deep into how businesses…

2 weeks назад @ grahamcluley.com
Компании 🏢
Блог Касперского Блог Касперского
последний пост 8 часов назад
Приложения «Лаборатории Касперского» больше недоступны в Google Play: почему и что делать? | Блог Касперского
Приложения «Лаборатории Касперского» больше недоступны в Google Play: почему и что делать? | Блог Касперского Приложения «Лаборатории Касперского» больше недоступны в Google Play: почему и что делать? | Блог Касперского

По решению компании Google наши приложения для защиты устройств на базе Android в настоящее время недоступны в официальном магазине приложений Google Play.

Это решение Google основано на недавнем запрете правительства США на распространение и продажу продуктов «Лаборатории Касперского» в Соединенных Штатах после 29 сентября 2024 года.

Что будет с уже установленными из Google Play приложениями?

Все наши приложения, установленные из Google Play на Android-устройства, продолжат нормально работать.

На официальной странице нашей технической поддержки есть подробная статья с актуальными ссылками на все магазины приложений, в которых мы представлены, и на прямое скачивание APK-файлов, плюс инструк…

8 часов назад @ kaspersky.ru
Как можно подсмотреть, что вводит пользователь Apple Vision Pro | Блог Касперского
Как можно подсмотреть, что вводит пользователь Apple Vision Pro | Блог Касперского Как можно подсмотреть, что вводит пользователь Apple Vision Pro | Блог Касперского

Как устроен ввод информации в Apple visionOSСперва немного поговорим о том, как вообще устроен ввод информации в visionOS — операционной системе, на базе которой работает Apple Vision Pro.

Одной из наиболее впечатляющих инноваций гарнитуры смешанной реальности Apple стало чрезвычайно эффективное использование окулографии, то есть отслеживания движения глаз пользователя.

Вторая важная особенность AR-гарнитуры Apple — в способе реализации видеозвонков с участием пользователя Vision Pro.

Поэтому в Apple придумали чрезвычайно оригинальную технологию, в которой используется так называемая виртуальная камера.

На основе 3D-скана лица пользователя Vision Pro создает его цифровой аватар (в Apple наз…

4 days назад @ kaspersky.ru
Как защитить школу от кибератак | Блог Касперского
Как защитить школу от кибератак | Блог Касперского Как защитить школу от кибератак | Блог Касперского

Попробуем разобраться, почему так происходит и как школам правильно защищать свои компьютеры.

Образовательные учреждения быстро цифровизируются и, как следствие, все больше зависят от ИТ-инфраструктуры — как непосредственно в учебном процессе, так и в административной работе.

Образовательные учреждения быстро цифровизируются и, как следствие, все больше зависят от ИТ-инфраструктуры — как непосредственно в учебном процессе, так и в административной работе.

В образовательных учреждениях наблюдается серьезная нехватка бюджетов, а также квалифицированных ИТ-специалистов — и в особенности в сфере информационной безопасности.

Как правильно защитить школу от кибератакКак правильно подойти к вопрос…

4 days, 21 hours назад @ kaspersky.ru
Как решить проблему нехватки кадров в кибербезопасности
Как решить проблему нехватки кадров в кибербезопасности Как решить проблему нехватки кадров в кибербезопасности

Одна из ведущих организаций, занимающихся сертификацией специалистов в области ИБ, — ISC2 — публикует ежегодные отчеты о состоянии дел с трудовыми ресурсами в кибербезопасности.

Кибербезопасность в высшем образованииЧтобы получить ответ на этот вопрос, мы провели масштабное исследование, в ходе которого опросили более 1000 профессионалов в сфере ИТ и кибербезопасности из 29 стран мира.

Основная проблема формального образования в сфере кибербезопасности состоит в том, что оно категорически не успевает за теми изменениями, которые происходят в реальном мире.

Решение проблемы дефицита кадров в ИБРазумеется, проблема недостатка кадров в сфере кибербезопасности слишком масштабна, чтобы для нее с…

1 week, 3 days назад @ kaspersky.ru
Как сделать офлайновую копию документов, фото, музыки и видео с веб-страницы или онлайн-сервиса | Блог Касперского
Как сделать офлайновую копию документов, фото, музыки и видео с веб-страницы или онлайн-сервиса | Блог Касперского Как сделать офлайновую копию документов, фото, музыки и видео с веб-страницы или онлайн-сервиса | Блог Касперского

Поэтому для информации, которая важна лично вам, нужно организовывать запасное хранилище и защищать его от шифровальщиков и шпионского ПО.

Как следует обдумайте, что в цифровом мире для вас важно и ценно — и где оно хранится.

Просто скачать файлы себе на дискПрямолинейный и простой способ для фотографий, офисных документов и других файлов, хранящихся онлайн и легко открывающихся на компьютере.

Почитайте помощь и изучите настройки, чтобы узнать, как и в каком формате экспортируются данные.

В некоторых странах и регионах право пользователя скачать свои данные и перенести их в другой сервис (data portability) закреплено законодательно: в их числе Евросоюз, Индия и Бразилия, штат Калифорния в С…

1 week, 5 days назад @ kaspersky.ru
Эксфильтрация данных методами RAMBO и PIXHELL | Блог Касперского
Эксфильтрация данных методами RAMBO и PIXHELL | Блог Касперского Эксфильтрация данных методами RAMBO и PIXHELL | Блог Касперского

В случае атаки RAMBO вредоносное программное обеспечение инициирует запись данных в оперативную память.

Осталось выбрать наиболее подходящую частоту и на ней уже передавать данные, используя один из доступных методов кодирования.

Поэтому в данной работе Мордехай Гури рассматривает ситуацию, когда эксфильтрация данных происходит ночью: компьютер (и монитор) работают, но в помещении никого нет.

Атака PIXHELL выглядит менее надежной, но и защититься от такой атаки сложно, разве что принудительно наполнять помещение случайным шумом, делая атаку невозможной.

Но, как и в других подобных случаях, крайне важным является предотвращение запуска нежелательного ПО.

1 week, 6 days назад @ kaspersky.ru
Троян Necro заразил 11 миллионов Android-устройств | Блог Касперского
Троян Necro заразил 11 миллионов Android-устройств | Блог Касперского Троян Necro заразил 11 миллионов Android-устройств | Блог Касперского

Ведь даже в Google Play могут затесаться приложения с вредоносным ПО, чего уж говорить о неофициальных источниках с модифицированными или взломанными версиями.

Сегодня расскажем историю, как 11 миллионов пользователей Android по всему миру стали жертвами трояна Necro.

Вероятнее всего, разработчики этих приложений использовали непроверенное решение для интеграции рекламы, через которое Necro и проник в код.

В приложениях в Google PlayЕсли мод для Spotify распространялся по неофициальным каналам, то приложение Wuta Camera с Necro — находилось прямо в Google Play, откуда это приложение с трояном внутри скачали более 10 миллионов раз.

Necro проник в код приложения в версии 1.2.0.

2 weeks назад @ kaspersky.ru
Уловки целевого фишинга в массовой рассылке | Блог Касперского
Уловки целевого фишинга в массовой рассылке | Блог Касперского Уловки целевого фишинга в массовой рассылке | Блог Касперского

Тенденция к использованию в массовых рассылках уловок, характерных для целевого фишинга продолжает нарастать.

Но и это еще не все.

Поэтому, в теории, защитное решение может проанализировать файл и содержащиеся в нем текст и ссылки.

То есть жертве на почту прислали какие-то конфиденциальные корпоративные гайдлайны, но, чтобы их прочитать, нужно просканировать код мобильным телефоном.

Может быть, на том сайте жертву ждало еще несколько неординарных трюков, но на момент активной рассылки фишинговых писем сайт уже не работал.

2 weeks, 4 days назад @ kaspersky.ru
SambaSpy — новый RAT-троян | Блог Касперского
SambaSpy — новый RAT-троян | Блог Касперского SambaSpy — новый RAT-троян | Блог Касперского

Сегодня поговорим о крысах, но не о тех, что с длинными хвостами, а о компьютерных — RAT (remote access trojan).

В мае 2024 года в нашу крысоловку попался новый представитель RAT-троянов: SambaSpy.

Что такое SambaSpySambaSpy — это многофункциональный RAT-троян, обфусцированный с помощью Zelix KlassMaster, что существенно затрудняет его обнаружение и анализ.

Тем не менее мы справились с обеими задачами и выяснили, что новый RAT-троян умеет:управлять файловой системой и процессами;загружать и выгружать файлы;управлять веб-камерой;делать скриншоты;красть пароли;загружать дополнительные плагины;удаленно управлять рабочим столом;регистрировать нажатия клавиш;управлять буфером обмена.

Вероятнее в…

2 weeks, 5 days назад @ kaspersky.ru
Подростки продают свои банковские карты: что им грозит? | Блог Касперского
Подростки продают свои банковские карты: что им грозит? | Блог Касперского Подростки продают свои банковские карты: что им грозит? | Блог Касперского

В России и Беларуси получила распространение схема с покупкой различными темными личностями реквизитов банковских карт через объявления в Интернете.

Теперь и с угрозамиНедавно нам стало известно о случае, когда данная схема получила дополнительный сюжетный поворот.

Интересная деталь состояла в том, что при покупке реквизитов мошенники заключили с подростком некий «договор» и потребовали сканы паспорта.

В России с 14 лет ребенок может самостоятельно открыть счет и вклад в банке, и все, что ему для этого понадобится, это паспорт РФ.

Однако из-за отсутствия опыта подростку, естественно, нелегко разобраться в том, с какими вариантами заработка стоит связываться, а каких следует категорически из…

2 weeks, 6 days назад @ kaspersky.ru
Центр экспертизы Kaspersky AI Technology Research
Центр экспертизы Kaspersky AI Technology Research Центр экспертизы Kaspersky AI Technology Research

Наш центр Kaspersky AI Technology Research объединяет исследователей данных, ML-инженеров, экспертов по угрозам и инфраструктуре, чтобы решать самые амбициозные задачи на стыке сфер AI/ML и кибербезопасности.

Однако с ростом количества задач и значимости ML-технологий было решено выделить экспертизу по созданию систем на базе искусственного интеллекта в отдельный Центр Kaspersky AI Technology Research.

Повышение осведомленностиНаконец, важнейшей функцией Центра экспертизы Kaspersky AI Technology Research является повышение осведомленности как наших клиентов, так и широкой общественности о плюсах и минусах AI-технологий и об угрозах, которые от них исходят.

Команда FT Technology Research орг…

2 weeks, 6 days назад @ kaspersky.ru
Нотификация о тревоге как фишинговая приманка | Блог Касперского
Нотификация о тревоге как фишинговая приманка | Блог Касперского Нотификация о тревоге как фишинговая приманка | Блог Касперского

Фишинговое письмоПисьмо, с которого начинается недавно встреченная нами фишинговая атака, притворяется нотификацией от Office 365 и делает это весьма неплохо.

Логотип Microsoft великоват, и в данном случае он нелогично используется без названия компании.

Что в действительности должно броситься в глаза — так это адрес отправителя.

Нотификации Office 365, подписанные «The Office 365 Team», все-таки приходят с почтовых серверов Microsoft, а не от администратора, имеющего почту на сервере совершенно другой компании.

Финал схемы очевиден: простенькая страничка для сбора учетных данных от Office 365.

3 weeks, 6 days назад @ kaspersky.ru
Как киберпреступники атакуют юных геймеров? Самые распространенные и опасные схемы | Блог Касперского
Как киберпреступники атакуют юных геймеров? Самые распространенные и опасные схемы | Блог Касперского Как киберпреступники атакуют юных геймеров? Самые распространенные и опасные схемы | Блог Касперского

Но мир гейминга не такое дружелюбное пространство, каким хочет казаться на первый взгляд, и без киберзащиты в нем не обойтись.

Эксперты «Лаборатории Касперского» провели исследование и выяснили, с какими играми сопряжено больше всего опасностей, каких игроков атакуют чаще и что с этим делать.

Виной всему — рост числа желающих загрузить моды и читы для Minecraft, которые зачастую оказываются вредоносными приложениями.

Популярные фишинговые схемыЕсли научить детей загружать приложения только из проверенных источников и пользоваться надежной защитой несложно, то обезопасить их от фишинга — задача не из легких.

С другими советами и рекомендациями для юных геймеров можно ознакомиться в полной ве…

1 month назад @ kaspersky.ru
Librarian Ghouls охотятся за файлами САПР | Блог Касперского
Librarian Ghouls охотятся за файлами САПР | Блог Касперского Librarian Ghouls охотятся за файлами САПР | Блог Касперского

Теперь стоящая за рассылкой группировка, получившая название Librarian Ghouls, интересуется не только офисными документами, но и файлами, используемыми ПО для моделирования и разработки промышленных систем.

Как Librarian Ghouls охотятся за информациейМетоды, используемые злоумышленниками для распространения зловреда и кражи данных, равно как и применяемые ими инструменты, с июля не изменились.

Если быть кратким, то Librarian Ghouls рассылают вредоносные архивы RAR с файлами .SCR, названия которых имитируют офисные документы.

Кого атакуют Librarian GhoulsПеречень адресатов, которым Librarian Ghouls отправляют вредоносные письма, состоит из предприятий, связанных с проектно-конструкторской де…

1 month назад @ kaspersky.ru
Постквантовое шифрование: где внедрено и что со совместимостью
Постквантовое шифрование: где внедрено и что со совместимостью Постквантовое шифрование: где внедрено и что со совместимостью

Тестовая поддержка ПКШ для установки TLS-соединений появилась в августе 2023 года, а с выходом версии 124 в апреле 2024 года она была включена по умолчанию.

Администраторам рекомендовано проверить вверенные им веб-сайты и веб-приложения, включив поддержку Kyber в Firefox или Chrome и попытавшись зайти на сайт.

Для ПКШ этот процесс идет, но далек от завершения.

По сути, это CRYSTALS-Kyber для согласования ключей, а также CRYSTALS-Dilithium и SPHINCS+ для разных сценариев цифровой подписи.

Профильная ассоциация криптографов (Chinese Association for Cryptologic Research, CACR) объявила алгоритмы-финалисты в 2020 году: Aigis-sig и Aigis-enc (модифицированные родственники CRYSTALS-Kyber и CRYSTA…

1 month назад @ kaspersky.ru
Блог Group-IB
последний пост None
Cisco Security Blog Cisco Security Blog
последний пост 3 days, 5 hours назад
Open-Source Security Through the Lens of Tidelift
Open-Source Security Through the Lens of Tidelift Open-Source Security Through the Lens of Tidelift

Today, we wanted to share some exciting improvements related to open-source security that our development teams are now able to leverage.

Corona also provides validation of applicable security posture characteristics within released Cisco software through forensic analysis of software components and associated risks.

This new data source is provided by Tidelift, a company that partners directly with open-source maintainers to implement and validate industry-leading secure software development practices.

Cisco developers can quickly review recommended versions of packages in application languages such as Java, JavaScript and Python.

Our developers also have a more comprehensive view of risk,…

3 days, 5 hours назад @ blogs.cisco.com
Stopping Attacks Early: The Power of Endpoint Telemetry in Cybersecurity
Stopping Attacks Early: The Power of Endpoint Telemetry in Cybersecurity Stopping Attacks Early: The Power of Endpoint Telemetry in Cybersecurity

In cybersecurity, endpoint telemetry refers to data collected by monitoring activities on endpoint devices, such as computers and servers.

Endpoint telemetry also serves as a crucial data source for XDR, enhancing its ability to detect, analyze and respond to security threats across multiple environments.

Capturing telemetry using Cisco Secure EndpointCisco Secure Endpoint is an Endpoint Detection and Response (EDR) tool that collects and records a wide range of endpoint telemetry.

Device trajectory telemetryCisco Secure Endpoint (CSE) captures two types of telemetry under Device Trajectory view: Activity Telemetry and Behavioral Telemetry.

ConclusionThe exploration of Cisco Secure Endpoint…

5 days, 5 hours назад @ blogs.cisco.com
Password Advice for the Rest of Us
Password Advice for the Rest of Us Password Advice for the Rest of Us

But it’s not, thanks to password reuse (also called password recycling), and passwords created with common words, phrases and patterns.

Essentially, if you can find the word in a dictionary, it likely isn’t going to make a good password.

In fact, attempting to guess a 12-character truly random password can take 54 days or so on SHA1, even longer on SHA3.

At the end of the day, a password manager means no more password recycling, and no more easily guessed words or phrases.

For now, if your password manager offers to enable this option of defense (most do), you should take advantage and enable it.

6 days, 10 hours назад @ blogs.cisco.com
Black Hat 2024: SOC in the NOC
Black Hat 2024: SOC in the NOC Black Hat 2024: SOC in the NOC

The Black Hat Network Operations Center (NOC) provides a high-security, high-availability network in one of the most demanding environments in the world: the Black Hat event.

We appreciate alphaMountain.ai, Pulsedive and Recorded Future donating full licenses to the Black Hat USA 2024 NOC.

Compare this to Black Hat 2024, just a few months later, where the total number has jumped to 194.

The deployment was further improved and streamlined at Black Hat London and Black Hat Asia.

Mobile device management at Black Hat: The role of Meraki Systems ManagerBy: Dalton RossThe Black Hat cybersecurity event in Las Vegas is renowned for its cutting-edge technology and seamless attendee experience.

1 week, 3 days назад @ blogs.cisco.com
Forrester Named Cisco a Leader in the 2024 Microsegmentation Wave
Forrester Named Cisco a Leader in the 2024 Microsegmentation Wave Forrester Named Cisco a Leader in the 2024 Microsegmentation Wave

After a rigorous evaluation of 11 microsegmentation vendors, Cisco was named a Leader in The Forrester Wave™: Microsegementation Solutions, Q3 2024 report.

This approach provides complete visibility, faster detection and mitigation of security threats, without a patchwork of security products.

Secure Workload segments customers’ applications and networks agentlessly with Cisco Secure Firewall and cloud firewalls.

Cisco continues to innovate in microsegmentation through its world-class solution, acquisitions and technology investments.

Below are the innovations and acquisitions Cisco has made since the last Microsegmentation Wave in 2022:Secure Firewall integration, enabling firewall policy …

1 week, 5 days назад @ blogs.cisco.com
Layered Protection for RADIUS With Cisco
Layered Protection for RADIUS With Cisco Layered Protection for RADIUS With Cisco

Layered protection with RADIUSOne of these under-rated, but common, authentication protocols is RADIUS (Remote Authentication Dial-In User Service).

If your organization is in a position where routers, switches, wireless access points and VPNs all use RADIUS, Cisco can help.

First, Cisco Identity Services Engine (ISE) provides a layer of Network Access Control by offering AAA protection (Authentication, Authorization, and Access).

When combining the network protection through Cisco ISE with User Protection Suite tools, Cisco can provide the solutions you need today while you continue to modernize for the future.

To learn more about how Cisco’s User Protection Suite can protect your workforc…

1 week, 6 days назад @ blogs.cisco.com
Synergizing Cybersecurity: The Benefits of Technology Alliances
Synergizing Cybersecurity: The Benefits of Technology Alliances Synergizing Cybersecurity: The Benefits of Technology Alliances

Since we adopted an open ecosystems approach, we have witnessed numerous integrations made available by Cisco Security and our technology partners.

As we wrap up our fiscal year 2024, our open and inclusive cybersecurity technology alliance, Cisco Security Technical Alliance, now boasts over 400 technology partners and 825 integrations across Cisco’s cybersecurity product portfolio.

In our annual roundup, Cisco Security extends a warm welcome to all new and expanding technology partners in our ecosystem.

CrowdStrike also developed the Cisco Secure Email Gateway Data Connector to ingest Secure Email Gateway data into their Falcon platform.

MicrosoftMicrosoft Azure Active Director — Users: Mi…

2 weeks, 3 days назад @ blogs.cisco.com
Re-Imagining Zero Trust With an In-Office Experience, Everywhere
Re-Imagining Zero Trust With an In-Office Experience, Everywhere Re-Imagining Zero Trust With an In-Office Experience, Everywhere

Most people don’t trust zero trust.

No matter how you slice it, zero trust access is an elusive but desirable goal for many organizations, and yet most teams haven’t achieved zero trust maturity1 — especially for securing remote work.

Cisco on Cisco: Zero trust access at scaleWe started with an enterprise rollout of Cisco Duo for our remote-first workforce back in 2020, and we are currently deploying Cisco Secure Access.

Cisco Zero Trust AccessOur Cisco Zero Trust Access solution is different: Our architecture is purpose-built to provide an in-office experience, everywhere.

Start making zero trust easier, effective and efficientOnly Cisco Zero Trust Access provides strong identity security …

2 weeks, 4 days назад @ blogs.cisco.com
Improving Operational Efficiencies and Providing Tighter Integrations with Cisco Security Products
Improving Operational Efficiencies and Providing Tighter Integrations with Cisco Security Products Improving Operational Efficiencies and Providing Tighter Integrations with Cisco Security Products

The 2023 Cisco Security Outcomes Report found that 61% of respondents had experienced a breach that impacted the resilience of the business.

Cisco Secure Network Analytics (SNA) helps bolster the network’s resilience by providing early detection and response to issues that could impact connectivity.

There are many other important features packed into this release, providing customers with greater operational efficiencies and tighter integration with several products in the Cisco security portfolio.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

3 weeks, 6 days назад @ blogs.cisco.com
Leveraging Threat Intelligence in Cisco Secure Network Analytics
Leveraging Threat Intelligence in Cisco Secure Network Analytics Leveraging Threat Intelligence in Cisco Secure Network Analytics

First, we will cover the threat intelligence feed, and then we will look at using your own internal threat intelligence in the product.

Secure Network Analytics can use the product of the threat intelligence process to immediately alert you to that activity in your network.

Threat Intelligence FeedSecure Network Analytics offers a global threat intelligence subscription feed to help make use of a variety of Cisco and information security industry sources to detect on analyzed threat intelligence indicators.

Enabling the Threat Intelligence FeedTo enable the threat intelligence feed, use the following instructions.

If your organization has internal threat intelligence capabilities, you can u…

1 month назад @ blogs.cisco.com
Zero touch provisioning with Cisco Firewall Management Center Templates
Zero touch provisioning with Cisco Firewall Management Center Templates Zero touch provisioning with Cisco Firewall Management Center Templates

Cisco FMC 7.6 brings Template support for easy, scalable zero-touch provisioning and SD-WAN setups.

1 month, 1 week назад @ feedpress.me
Unifying Cyber Defenses: How Hybrid Mesh Firewalls Shape Modern Security
Unifying Cyber Defenses: How Hybrid Mesh Firewalls Shape Modern Security Unifying Cyber Defenses: How Hybrid Mesh Firewalls Shape Modern Security

The Hybrid Mesh Firewall emerges as a vital component in this landscape, offering the flexibility and comprehensive protection required to meet modern cybersecurity challenges.

Before we delve into “What is Hybrid Mesh Firewall”, let us discuss a few customer problems:Key problem areas for customers1.

The hybrid mesh firewall solutionHybrid mesh firewall platforms enable security policy enforcement between workloads and users across any network, especially in on-premises-first organizations.

Benefits of hybrid mesh firewallsUnified security management: By consolidating various security functions into a single platform, Hybrid Mesh Firewalls simplify management and reduce the likelihood of m…

1 month, 1 week назад @ blogs.cisco.com
Three Reasons for Cisco Umbrella for Government
Three Reasons for Cisco Umbrella for Government Three Reasons for Cisco Umbrella for Government

Cisco Umbrella for Government has been granted FedRAMP Moderate Authority-To-Operate (ATO) and is now available to U.S. federal, state, and local government agencies, as well as other organizations that require FedRAMP authorization.

The commercial Cisco Umbrella version — a mature, proven and extensively validated cloud security solution trusted by over 30,000 customers — serves as the foundation for Umbrella for Government.

This integration with CISA PDNS and Umbrella DNS-layer security powered by Cisco Talos allows agencies to be compliant with the CISA mandate while leveraging the advanced threat protection from Cisco Umbrella for Government.

Reason #2: Cisco Talos threat intelligenceCi…

1 month, 1 week назад @ blogs.cisco.com
Enabling Cybersecurity Incident Response
Enabling Cybersecurity Incident Response Enabling Cybersecurity Incident Response

Security teams and the tools they use to operationalize incident response are the cornerstone of a robust defense.

A measure of effectiveness for a security operations team is how quickly they identify and respond to significant security incidents.

These tasks can include activities such as log analysis, threat detection, incident response, and vulnerability scanning.

The goal of automation is to reduce the workload on security analysts and speed up the detection and response to security incidents.

Orchestration aims to ensure that different security solutions communicate and collaborate effectively to improve response coordination, reduce the likelihood of errors, and enhance overall secur…

1 month, 3 weeks назад @ blogs.cisco.com
Seamless Secure Work on a Plane
Seamless Secure Work on a Plane Seamless Secure Work on a Plane

Anyone who has tried to work on a plane knows that the quality of connection when you’re in the air can be inconsistent.

Rather than establish a VPN connection to access applications on the network, Cisco Secure Access provides a direct connection to the application through unique Zero Trust Network Access (ZTNA) capabilities.

Another requirement for seamless and secure access is to be able to authenticate your identity, even if you can’t connect to your phone.

We are continuing to research new ways to provide secure and simple offline access.

When we think about seamless and secure access there are multiple requirements to make that happen.

1 month, 3 weeks назад @ blogs.cisco.com
Microsoft Security Microsoft Security
последний пост 6 days, 1 hour назад
Cybersecurity Awareness Month: Securing our world—together
Cybersecurity Awareness Month: Securing our world—together Cybersecurity Awareness Month: Securing our world—together

As Cybersecurity Awareness Month marks its 21st year, it’s clear that this year stands out.

Empower everyone to be a cybersecurity champion Help educate everyone in your organization with cybersecurity awareness resources and training curated by the security experts at Microsoft.

The Be Cybersmart Kit is a great starting point, and it’s just one of the many resources Microsoft has put together on its Cybersecurity Awareness site.

And for students pursuing the field of cybersecurity, the Microsoft Cybersecurity Scholarship Program and many more educational opportunities are here to help.

“CISA is excited to lead the federal government’s efforts to reduce online risk during this 21st Cybersec…

6 days, 1 hour назад @ microsoft.com
Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Storm-0501: Ransomware attacks expanding to hybrid cloud environments Storm-0501: Ransomware attacks expanding to hybrid cloud environments

Microsoft Entra Connect Sync is a component of Microsoft Entra Connect that synchronizes identity data between on-premises environments and Microsoft Entra ID.

Microsoft recently implemented a change in Microsoft Entra ID that restricts permissions on the Directory Synchronization Accounts (DSA) role in Microsoft Entra Connect Sync and Microsoft Entra Cloud Sync and helps prevent abuse.

This backdoor enables an attacker to sign in as any user of the Microsoft Entra ID tenant in hand if the Microsoft Entra ID user property ImmutableId is known or set by the attackers.

Mitigation and protection guidanceMicrosoft recently implemented a change in Microsoft Entra ID that restricts permissions on…

1 week, 4 days назад @ microsoft.com
​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms
​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms ​​Microsoft is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms

We are excited to announce that Gartner has named Microsoft a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time.

Recognizing that sophisticated cyberthreats go beyond the endpoint, Microsoft offers Microsoft Defender Experts for XDR.

Learn moreIf you’re not yet taking advantage of Microsoft’s leading endpoint security solution, visit Microsoft Defender for Endpoint and start a free trial today to evaluate our leading endpoint protection platform.

Gartner, Magic Quadrant for Endpoint Protection Platforms, Evgeny Mirolyubov, Franz Hinner, Deepak Mishra, Satarupa Patnaik, Chris Silva, September 23, 2024.

Gartner research publications c…

1 week, 4 days назад @ microsoft.com
Activate your data responsibly in the era of AI with Microsoft Purview
Activate your data responsibly in the era of AI with Microsoft Purview Activate your data responsibly in the era of AI with Microsoft Purview

This week, teams across Microsoft Fabric and Microsoft Purview are gathered in Stockholm, Sweden, for the inaugural European Microsoft Fabric Community Conference.

CluedIn brings native master data management and Data Quality functionality to Microsoft Fabric, Microsoft Purview, and the Azure stack.

brings native master data management and Data Quality functionality to Microsoft Fabric, Microsoft Purview, and the Azure stack.

Semarchy combines master data management, data intelligence, and data integration into a singular application in any environment.

combines master data management, data intelligence, and data integration into a singular application in any environment.

1 week, 5 days назад @ microsoft.com
Microsoft Trustworthy AI: Unlocking human potential starts with trust
Microsoft Trustworthy AI: Unlocking human potential starts with trust Microsoft Trustworthy AI: Unlocking human potential starts with trust

Building on those, today we’re announcing two new capabilities:Evaluation s in Azure AI Studio to support proactive risk assessments.

capability in Microsoft Azure AI Content Safety’s Groundedness detection feature that helps fix hallucination issues in real time before users see them.

Protected Material Detection for Code is now in preview in Azure AI Content Safety to help detect pre-existing content and code.

Muse Chat uses content-filtering models in Azure AI Content Safety to ensure responsible use of the software.

Related:CommitmentsCapabilitiesTags: AI, Azure AI Content Safety, Azure AI Studio, Azure Confidential Computing, Azure OpenAI Service, Copilot, GitHub, Microsoft 365, Micros…

1 week, 6 days назад @ blogs.microsoft.com
​​Securing our future: September 2024 progress update on Microsoft’s Secure Future Initiative (SFI)
​​Securing our future: September 2024 progress update on Microsoft’s Secure Future Initiative (SFI) ​​Securing our future: September 2024 progress update on Microsoft’s Secure Future Initiative (SFI)

In May 2024, we expanded the initiative to focus on six key security pillars, incorporating industry feedback and our own insights.

Since the initiative began, we’ve dedicated the equivalent of 34,000 full-time engineers to SFI—making it the largest cybersecurity engineering effort in history.

To ensure accountability and transparency at the highest levels, Microsoft’s senior leadership team reviews SFI progress weekly and updates are provided to Microsoft’s Board of Directors quarterly.

SFI Progress Report Discover the key updates and milestones from the first SFI Progress Report.

Read the report​​Learn moreTo learn more about Microsoft Security solutions and Microsoft’s Secure Future Init…

2 weeks назад @ microsoft.com
Join us at Microsoft Ignite 2024 and learn to build a security-first culture with AI
Join us at Microsoft Ignite 2024 and learn to build a security-first culture with AI Join us at Microsoft Ignite 2024 and learn to build a security-first culture with AI

Register nowMicrosoft Security at Microsoft Ignite: An expanded experienceWe’re excited to welcome back security leaders and other security professionals to Microsoft Ignite.

The Microsoft Ignite Security Forum is for businesses of all sizes to hear from Microsoft security experts on threat intelligence insights, learnings, and trends in security.

Register for Microsoft Ignite today and add on the Microsoft Ignite Security Forum.

Date Topic Description Monday, November 18, 2024 Microsoft Ignite Security Forum Join us one day early at Microsoft Ignite for a security-only program, designed for decision makers from businesses of all sizes.

Register now for Microsoft Ignite 2024You won’t want t…

2 weeks, 4 days назад @ microsoft.com
How comprehensive security simplifies the defense of your digital estate
How comprehensive security simplifies the defense of your digital estate How comprehensive security simplifies the defense of your digital estate

End-to-end security focuses on fully securing your entire digital estate pre- and post-breach, with management, mitigation, and assessment capabilities.

End-to-end security is a comprehensive and proactive approach to protecting your environment that is grounded in a Zero Trust security strategy.

ING consolidated a fragmented, complicated mix of security tools into an end-to-end security approach for better protection of their private, public, and multicloud environments.

And end-to-end security paves the way for security assessments of your resources and other benefits of continuous posture management.

It’s been a leap in our security maturity level.”Explore how adopting end-to-end securit…

2 weeks, 5 days назад @ microsoft.com
North Korean threat actor Citrine Sleet exploiting Chromium zero-day
North Korean threat actor Citrine Sleet exploiting Chromium zero-day North Korean threat actor Citrine Sleet exploiting Chromium zero-day

The FudModule rootkit described in this blog has now been tied to Citrine Sleet as shared tooling with Diamond Sleet.

Exploiting CVE-2024-7971The observed zero-day exploit attack by Citrine Sleet used the typical stages seen in browser exploit chains.

Strengthen Microsoft Defender Antivirus configurationTurn on cloud-delivered protection in Microsoft Defender Antivirus, or the equivalent for your antivirus product, to help cover rapidly evolving attacker tools and techniques.

For the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To hear stories and insights from the Microsoft Threa…

1 month, 1 week назад @ microsoft.com
The art and science behind Microsoft threat hunting: Part 3
The art and science behind Microsoft threat hunting: Part 3 The art and science behind Microsoft threat hunting: Part 3

Putting it together: Threat intelligence and iterative threat huntingArmed with this breakdown, threat hunters can now turn their attention to using varied threat intelligence to execute threat hunts and track down threat actors.

Enriching a threat hunt with tactical threat intelligence artifacts in the form of IOCs concentrates investigation scope and allows for rapid identification of threat actor activity.

For more security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog.

1The art and science behind Microsoft threat hunting: Part 1, Microsoft Incident Response Team.

2The art and science behind Microsoft threat hunting: Part 2, M…

1 month, 1 week назад @ microsoft.com
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations
Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations Peach Sandstorm deploys new custom Tickler malware in long-running intelligence gathering operations

Peach Sandstorm attack chainIntelligence gathering on LinkedInGoing back to at least November 2021 and continuing through mid-2024, Microsoft observed Peach Sandstorm using multiple LinkedIn profiles masquerading as students, developers, and talent acquisition managers based in the US and Western Europe.

Tickler malwareMicrosoft Threat Intelligence identified two samples of the Tickler malware, a custom multi-stage backdoor, that Peach Sandstorm deployed in compromised environments as recently as July 2024.

Network information collected by Tickler after deployment on target hostWe subsequently observed Peach Sandstorm iterating and improving on this initial sample.

]netTickler samples and r…

1 month, 1 week назад @ microsoft.com
How Microsoft Entra ID supports US government agencies in meeting identity security requirements
How Microsoft Entra ID supports US government agencies in meeting identity security requirements How Microsoft Entra ID supports US government agencies in meeting identity security requirements

Microsoft Entra ID is helping US government customers meet the M-22-09 requirements for identityUS government agencies are adopting Microsoft Entra ID to consolidate siloed identity solutions, reduce operational complexity, and improve control and visibility across all their users, as the memo requires.

With Microsoft Entra ID, agencies can enforce multifactor authentication at the application level for more granular control.

Microsoft Entra ID Establish Zero Trust access controls, prevent identity attacks, and manage access to resources.

Try for freeUsing Microsoft Entra ID as a centralized identity management systemAnyone who has struggled to manage multiple identity systems understands t…

1 month, 1 week назад @ microsoft.com
Microsoft AI Tour: Hear the latest product innovations to elevate your security strategy
Microsoft AI Tour: Hear the latest product innovations to elevate your security strategy Microsoft AI Tour: Hear the latest product innovations to elevate your security strategy

For the second year, the Microsoft AI Tour will bring together security practitioners, developers, and other technology professionals to learn about the latest AI innovations across the full Microsoft Security stack in multiple cities around the globe.

Find a Microsoft AI Tour event in a city near you—and get started early by signing up for our Microsoft Security Discovery Day events in Colombia and Mexico.

Learn moreTurn AI vision into transformative impactThe Microsoft AI Tour showcases our commitment to answering the overwhelming call to alleviate AI confusion and organizational inertia.

At the Microsoft AI Tour, we’ll showcase how Microsoft Copilot for Security lets you protect at the s…

1 month, 2 weeks назад @ microsoft.com
Microsoft again ranked number one in modern endpoint security market share
Microsoft again ranked number one in modern endpoint security market share Microsoft again ranked number one in modern endpoint security market share

We are excited to share that Microsoft has again been ranked number one in market share in the IDC Worldwide Modern Endpoint Security Market Shares, 2023: Evolving to Address New Work Modalities (doc #US52341924, June 2024).

And with more than 25.8% of the market share, Microsoft has the endpoint security solution more customers use to defend their multiplatform devices than any other vendor.

2IDC MarketScape: Worldwide Modern Endpoint Security for Enterprises 2024 Vendor Assessment (doc #US50521223, January 2024).

3IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment (doc #US50521323, February 2024).

4IDC MarketScape: Worldwide Modern Endpoint S…

1 month, 2 weeks назад @ microsoft.com
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE

Attackers could chain and remotely exploit some of the discovered vulnerabilities to achieve an attack chain consisting of remote code execution (RCE) and local privilege escalation (LPE).

Information on the security fixes released by OpenVPN to address these vulnerabilities can be found here: OpenVPN 2.6.10.

OpenVPN analysisWe discovered the vulnerabilities while examining the OpenVPN open-source project to enhance enterprise security standards.

Openvpn_defer_auth – OpenVPN plugin to perform deferred authentication requests.

Named pipe impersonationThe ImpersonateNamedPipeClient function impersonates a named pipe client application.

1 month, 4 weeks назад @ microsoft.com
Google Online Security Blog Google Online Security Blog
последний пост 4 days назад
Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems
Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems

Most smartphones use cellular baseband processors with tight performance constraints, making security hardening difficult.

The Cellular BasebandThe cellular baseband within a smartphone is responsible for managing the device's connectivity to cellular networks.

The firmware within the cellular baseband, similar to any software, is susceptible to bugs and errors.

For example, 0-day exploits in the cellular baseband are being used to deploy the Predator malware in smartphones.

Pixel's proactive approach to security demonstrates a commitment to protecting its users across the entire software stack.

4 days назад @ security.googleblog.com
Evaluating Mitigations & Vulnerabilities in Chrome
Evaluating Mitigations & Vulnerabilities in Chrome Evaluating Mitigations & Vulnerabilities in Chrome

The Chrome Security Team is constantly striving to make it safer to browse the web.

We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue.

Historically the Chrome Security Team has made major investments and driven the web to be safer.

In the longer-term the Chrome Security Team advocates for operating system improvements like less-capable lightweight processes, less-privileged GPU and NPU containers, improved application isolation, and support for hardware-based isolation, memory safety and flow control enforcement.

Good Bugs and Ba…

4 days, 1 hour назад @ security.googleblog.com
Eliminating Memory Safety Vulnerabilities at the Source
Eliminating Memory Safety Vulnerabilities at the Source Eliminating Memory Safety Vulnerabilities at the Source

Memory safety vulnerabilities remain a pervasive threat to software security.

We’ll also share updated data on how the percentage of memory safety vulnerabilities in Android dropped from 76% to 24% over 6 years as development shifted to memory safe languages.

This decision was driven by the increasing cost and complexity of managing memory safety vulnerabilities.

We first reported this decline in 2022, and we continue to see the total number of memory safety vulnerabilities dropping3.

As the number of memory safety vulnerabilities have dropped, the overall security risk has dropped along with it.

1 week, 5 days назад @ security.googleblog.com
Google & Arm - Raising The Bar on GPU Security
Google & Arm - Raising The Bar on GPU Security Google & Arm - Raising The Bar on GPU Security

Arm Product Security and GPU TeamsArm has a central product security team that sets the policy and practice across the company.

Working together to secure Android devicesGoogle’s Android Security teams and Arm have been working together for a long time.

So “application ⇒ kernel ⇒ firmware ⇒ kernel” is a known attack flow in this area.

The Arm Product Security Team is actively involved in security-focused industry communities and collaborates closely with its ecosystem partners.

The Android Red Team and Arm continue to work together to proactively raise the bar on GPU security.

1 week, 6 days назад @ security.googleblog.com
A new path for Kyber on the web
A new path for Kyber on the web A new path for Kyber on the web

We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients.

The hybrid key exchange used both the pre-quantum X25519 algorithm, and the new post-quantum algorithm Kyber.

As a result, the codepoint in TLS for hybrid post-quantum key exchange is changing from 0x6399 for Kyber768+X25519, to 0x11EC for ML-KEM768+X25519.

Post-quantum cryptography is too big to be able to offer two post-quantum key share predictions at the same time.

Longer term, we hope to avoid the chicken-and-egg problem for post-quantum key share predictions through our emerging IETF draft for key share prediction.

3 weeks, 3 days назад @ security.googleblog.com
Deploying Rust in Existing Firmware Codebases
Deploying Rust in Existing Firmware Codebases Deploying Rust in Existing Firmware Codebases

The Android team has discussed Rust for bare-metal firmware previously, and has developed training specifically for this domain.

The shim serves as a wrapper around the Rust library API, bridging the existing C API and the Rust API.

Choosing a Pre-Existing Crate (Rust Library)Picking the right open-source crate (Rust library) to replace the chosen component is crucial.

[no_std]#[cfg(feature = "std")] extern crate std; extern crate alloc;Then, iteratively fix all occurring compiler errors as follows:Move any use directives from std to either core or alloc.

Memory Safety for Firmware, TodayUsing the process outlined in this blog post, You can begin to introduce Rust into large legacy firmware…

1 month назад @ security.googleblog.com
Private AI For All: Our End-To-End Approach to AI Privacy on Android
Private AI For All: Our End-To-End Approach to AI Privacy on Android Private AI For All: Our End-To-End Approach to AI Privacy on Android

As a pioneer in responsible AI and cutting-edge privacy technologies like Private Compute Core and federated learning, we made sure our approach to the assistant experience with Gemini on Android is aligned with our existing Secure AI framework, AI Principles and Privacy Principles.

From privacy on-device when handling sensitive data to the world’s best cloud infrastructure, here are six key ways we keep your information private and protected.

For some AI features, like Summarize in Recorder on Pixel, that benefit from additional data privacy or processing efficiency, we utilize on-device AI.

It can be thought of as extending the user’s device and its security boundaries into our cloud infr…

1 month, 3 weeks назад @ security.googleblog.com
Post-Quantum Cryptography: Standards and Progress
Post-Quantum Cryptography: Standards and Progress Post-Quantum Cryptography: Standards and Progress

The National Institute of Standards and Technology (NIST) just released three finalized standards for post-quantum cryptography (PQC) covering public key encapsulation and two forms of digital signatures.

Here's a brief overview of what PQC is, how Google is using PQC, and how other organizations can adopt these new standards.

Practical large-scale quantum computers are still years away, but computer scientists have known for decades that a cryptographically relevant quantum computer (CRQC) could break existing forms of asymmetric key cryptography.

Google began testing PQC in Chrome in 2016 and has been using PQC to protect internal communications since 2022.

As we make progress on our own …

1 month, 3 weeks назад @ security.googleblog.com
Keeping your Android device safe from text message fraud
Keeping your Android device safe from text message fraud Keeping your Android device safe from text message fraud

In particular, there is increasingly more evidence of the exploitation of weaknesses in cellular communication standards leveraging cell-site simulators to inject SMS phishing messages directly into smartphones.

The method is straightforward and replicates known techniques to trick mobile devices to an attacker-controlled 2G network.

Spreading SMS phishing messages commonly yields a small return as it is very difficult to get these messages to fly undetected by sophisticated anti-spam filters.

Android has built-in spam protection that helps to identify and block spam SMS messages.

We are constantly working to improve our security features and protect users from phishing, fraud, and other th…

2 months, 1 week назад @ security.googleblog.com
Improving the security of Chrome cookies on Windows
Improving the security of Chrome cookies on Windows Improving the security of Chrome cookies on Windows

Cybercriminals using cookie theft infostealer malware continue to pose a risk to the safety and security of our users.

We already have a number of initiatives in this area including Chrome’s download protection using Safe Browsing, Device Bound Session Credentials, and Google’s account-based threat detection to flag the use of stolen cookies.

Today, we’re announcing another layer of protection to make Windows users safer from this type of malware.

On Windows, Chrome uses the Data Protection API (DPAPI) which protects the data at rest from other users on the system or cold boot attacks.

In Chrome 127 we are introducing a new protection on Windows that improves on the DPAPI by providing Appli…

2 months, 1 week назад @ security.googleblog.com
Building security into the redesigned Chrome downloads experience
Building security into the redesigned Chrome downloads experience Building security into the redesigned Chrome downloads experience

Last year, we introduced a redesign of the Chrome downloads experience on desktop to make it easier for users to interact with recent downloads.

Adding context and consistency to download warningsThe redesigned Chrome downloads experience gives us the opportunity to provide even more context when Chrome protects a user from a potentially malicious file.

Our legacy, space-constrained warning vs. our redesigned oneWe also made download warnings more understandable by introducing a two-tier download warning taxonomy based on AI-powered malware verdicts from Google Safe Browsing.

The Chrome Security team works closely with Safe Browsing, Google's Threat Analysis Group, and security researchers …

2 months, 2 weeks назад @ security.googleblog.com
Sustaining Digital Certificate Security - Entrust Certificate Distrust
Sustaining Digital Certificate Security - Entrust Certificate Distrust Sustaining Digital Certificate Security - Entrust Certificate Distrust

The Chrome Security Team prioritizes the security and privacy of Chrome’s users, and we are unwilling to compromise on these values.

The Chrome Root Program Policy states that CA certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.

Apple policies prevent the Chrome Certificate Verifier and corresponding Chrome Root Store from being used on Chrome for iOS.

Website operators can determine if they are affected by this issue by using the Chrome Certificate Viewer.

Beginning in Chrome 127, enterprises can override Chrome Root Store constraints like those described for Entrust in this blog post by installing the …

3 months, 1 week назад @ security.googleblog.com
Virtual Escape; Real Reward: Introducing Google’s kvmCTF
Virtual Escape; Real Reward: Introducing Google’s kvmCTF Virtual Escape; Real Reward: Introducing Google’s kvmCTF

To this end we are excited to announce the launch of kvmCTF, a vulnerability reward program (VRP) for the Kernel-based Virtual Machine (KVM) hypervisor first announced in October 2023.

Google is an active contributor to the project and we designed kvmCTF as a collaborative way to help identify & remediate vulnerabilities and further harden this fundamental security boundary.

Similar to kernelCTF, kvmCTF is a vulnerability reward program designed to help identify and address vulnerabilities in the Kernel-based Virtual Machine (KVM) hypervisor.

Finally, given how critical a hypervisor is to overall system security, kvmCTF will reward various levels of vulnerabilities up to and including code …

3 months, 1 week назад @ security.googleblog.com
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge
Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge Hacking for Defenders: approaches to DARPA’s AI Cyber Challenge

OSS-Fuzz is free, open source, and its projects and infrastructure are shaped very similarly to AIxCC challenges.

Competitors can easily reuse its existing toolchains, fuzzing engines, and sanitizers on AIxCC projects.

To enable kernel fuzzing, we followed a similar approach to an older blog post from Cloudflare.

Some changes to Cloudflare’s harness were required in order for this to be pluggable with the provided kernel challenges.

AIxCC challenges come with their own main() which takes in a file path.

3 months, 2 weeks назад @ security.googleblog.com
Staying Safe with Chrome Extensions
Staying Safe with Chrome Extensions Staying Safe with Chrome Extensions

Chrome extensions can boost your browsing, empowering you to do anything from customizing the look of sites to providing personalized advice when you’re planning a vacation.

Just type “run safety check” in Chrome’s address bar and select the corresponding shortcut: “Go to Chrome safety check.”User flow of removing extensions highlighted by Safety Check.

In 2024, less than 1% of all installs from the Chrome Web Store were found to include malware.

We're proud of this record and yet some bad extensions still get through, which is why we also monitor published extensions.

Monitoring published extensionsThe same Chrome team that reviews extensions before they get published also reviews extensio…

3 months, 2 weeks назад @ security.googleblog.com