Кибербезопасность
👉 от %username%
Подборка ресурсов по кибербезопасности
На русском 🇷🇺
Securitylab
последний пост 4 часа назад
Учёные подтвердили неразрешимость одной из ключевых проблем математики
Учёные подтвердили неразрешимость одной из ключевых проблем математики Учёные подтвердили неразрешимость одной из ключевых проблем математики

Для расширенных числовых систем не существует алгоритма, определяющего решения диофантовых уравнений.

4 часа назад @ securitylab.ru
Киберштормы по шкале Рихтера: в Англии создали новое ведомство для оценки цифровых катастроф
Киберштормы по шкале Рихтера: в Англии создали новое ведомство для оценки цифровых катастроф

Секретный проект, который обкатывали целый год, наконец представлен широкой публике.

4 часа назад @ securitylab.ru
Звуковой поводок для электричества: физики совершили невозможное
Звуковой поводок для электричества: физики совершили невозможное

Искры теперь могут обходить препятствия и попадать в точку.

5 часов назад @ securitylab.ru
MMS возвращается: как устаревший протокол стал оружием криптомошенников
MMS возвращается: как устаревший протокол стал оружием криптомошенников

Крошечные видео в формате 3GP несут за собой крупные финансовые потери.

5 часов назад @ securitylab.ru
Оксфорд создал сеть квантовых компьютеров через световой мост
Оксфорд создал сеть квантовых компьютеров через световой мост

Телепортация логических вентилей соединила квантовые процессоры воедино.

6 часов назад @ securitylab.ru
Rust vs C: почему в Linux разгорается новый конфликт?
Rust vs C: почему в Linux разгорается новый конфликт? Rust vs C: почему в Linux разгорается новый конфликт?

Мейнтейнер Linux назвал многоязычность "раком" для ядра системы.

6 часов назад @ securitylab.ru
США вооружаются: THAAD 6.0 получит ИИ для мгновенного перехвата ракетных атак
США вооружаются: THAAD 6.0 получит ИИ для мгновенного перехвата ракетных атак

Система расширит возможности перехвата до 200 километров.

7 часов назад @ securitylab.ru
Хакеры или бизнесмены? Кто стоял за Cracked и Nulled
Хакеры или бизнесмены? Кто стоял за Cracked и Nulled

Их имена долго скрывались за экранами, но теперь они известны всем.

7 часов назад @ securitylab.ru
Дешевле – не значит лучше: как уязвимости DeepSeek уничтожают защиту бизнеса
Дешевле – не значит лучше: как уязвимости DeepSeek уничтожают защиту бизнеса Дешевле – не значит лучше: как уязвимости DeepSeek уничтожают защиту бизнеса

Иллюзия контроля рассеивается, когда мнимая угроза становится реальной.

7 часов назад @ securitylab.ru
Boston Dynamics в армии: роботы помогают обезвреживать бомбы
Boston Dynamics в армии: роботы помогают обезвреживать бомбы

Испытания подтвердили эффективность роботов-сапёров.

8 часов назад @ securitylab.ru
Капкан для соискателей: как приглашение в Zoom может пробить ваш цифровой барьер
Капкан для соискателей: как приглашение в Zoom может пробить ваш цифровой барьер Капкан для соискателей: как приглашение в Zoom может пробить ваш цифровой барьер

Даже мощная защита Apple не смогла распознать новую угрозу FlexibleFerret.

10 часов назад @ securitylab.ru
Хакеры-ждуны: как XE Group годами прячется в цепочках поставок корпораций
Хакеры-ждуны: как XE Group годами прячется в цепочках поставок корпораций

Хакеры плетут сети в корпоративных серверах, чтобы заполучить все секреты.

10 часов назад @ securitylab.ru
Жертв заставляли есть волосы: международный рейд против CVLT
Жертв заставляли есть волосы: международный рейд против CVLT

Задержаны лидеры опасного онлайн-культа.

11 часов назад @ securitylab.ru
Твёрдое «нет»: 70% жертв кибератак отказываются идти на поводу у вымогателей
Твёрдое «нет»: 70% жертв кибератак отказываются идти на поводу у вымогателей

Непреклонная позиция крупного бизнеса заставляет хакеров пересматривать свои стратегии.

11 часов назад @ securitylab.ru
Эйнштейн заговорил: китайский OmniHuman-1 выходит на новый уровень реалистичности
Эйнштейн заговорил: китайский OmniHuman-1 выходит на новый уровень реалистичности Эйнштейн заговорил: китайский OmniHuman-1 выходит на новый уровень реалистичности

Голос, мимика, жесты: ByteDance представила главного конкурента Sora.

12 часов назад @ securitylab.ru
Anti-Malware Anti-Malware
последний пост 1 day, 9 hours назад
Как грамотно внедрить средства защиты мобильных и веб-приложений
Как грамотно внедрить средства защиты мобильных и веб-приложений Как грамотно внедрить средства защиты мобильных и веб-приложений

В студии AM Live эксперты обсудили причины успеха кибератак на веб-приложения, поговорили о том, как спроектировать защиту с учётом специфики организации, грамотно провести внедрение и протестировать качество защиты мобильных и веб-приложений.

По словам Владимира Зайцева, заказчики иногда подходят к безопасности не как к процессу, а как к отдельным проблемам, которые достаточно решить один раз.

Зрители эфира AM Live считают, что в организации защиты веб-приложений чрезвычайно опасно отсутствие базовых средств защиты (anti-DDoS, WAF) (41 %) и регулярных обновлений и патчей ПО (39 %).

Даже если приобрести средства защиты на все случаи жизни и идеально всё настроить, злоумышленник всё равно мо…

1 day, 9 hours назад @ anti-malware.ru
Чем полезен и чем грозит цифровой рубль российской экономике и гражданам
Чем полезен и чем грозит цифровой рубль российской экономике и гражданам Чем полезен и чем грозит цифровой рубль российской экономике и гражданам

С точки зрения Банка России, она обеспечит максимальную доступность цифрового рубля для граждан и бизнеса, а также поможет значительно снизить издержки обращения.

Примерно столько же респондентов вовсе не понимают смысл цифровой валюты и не знают, как её использовать.

Государство сможет отслеживать движение средств и узнавать, как они были получены и на что потрачены.

В случае успешного взлома они получат доступ не только к активам, но и к базе с конфиденциальной информацией граждан и компаний.

Системные сбои и кибератаки способны уничтожить код, а значит, и цифровой рубль, что приведёт к невозможности совершать платежи и финансовым потерям.

2 days, 9 hours назад @ anti-malware.ru
Как надёжно защитить мобильные и веб-приложения: технологии и лучшие практики
Как надёжно защитить мобильные и веб-приложения: технологии и лучшие практики Как надёжно защитить мобильные и веб-приложения: технологии и лучшие практики

Поскольку приложения упрощают доступ к информации, услугам и развлечениям, пользователи могут взаимодействовать с компанией в любое время и в любом месте.

Павел Трещёв рассказал про ковровые и веерные атаки: и те и другие направлены на диапазон адресов конкретных провайдеров.

Это вынуждает вводить определённые требования к средствам защиты, в том числе WAF, от которого теперь во многом зависит безопасность.

Илья Шабанов подытожил, что не все API Security решения одинаковы, они могут сильно различаться и нужно смотреть на их структуру и функционал.

Для них нужно делать патч-менеджмент, вендорские и сторонние решения, и в этих случаях всё равно нужен WAF.

2 days, 13 hours назад @ anti-malware.ru
ИБ для подключённых автомобилей: что не поделили США и Россия/Китай (часть 1)
ИБ для подключённых автомобилей: что не поделили США и Россия/Китай (часть 1) ИБ для подключённых автомобилей: что не поделили США и Россия/Китай (часть 1)

В 2015 году в Kaspersky появилось подразделение, занимающееся ИБ для подключённых автомобилей.

Если прежде безопасность ограничивалась только вопросами уверенного вождения и блокировки доступа к автомобилю, то теперь это полноценное направление ИБ для подключённых автомобилей.

Информационные потоки во внутренней сети современного автомобиляКонцепция подключённого автомобиляПочему США проявляют такое пристальное внимание к технологиям для подключённых автомобилей?

Уровни автоматизации для подключённых автомобилейПрежде чем рассказать о безопасности подключённых автомобилей, представим описание новой архитектуры в целом.

Допустимо ли использовать MITRE ATT&CK для оценки рисков для подключённы…

3 days, 11 hours назад @ anti-malware.ru
DeepSeek: насколько хорош китайский убийца ChatGPT в деле
DeepSeek: насколько хорош китайский убийца ChatGPT в деле DeepSeek: насколько хорош китайский убийца ChatGPT в деле

Кибератака и проблемы с регистрациейЕстественно, при таком ажиотаже появилось много желающих попробовать DeepSeek в деле (я в их числе), но всё оказалось не так-то просто.

К сожалению, я быстро убедился в том, что DeepSeek столь же плохо справляется с парсингом новостей, как и ChatGPT.

Мой вердикт прост: DeepSeek и ChatGPT неспособны справиться с этой задачей и вряд ли будут способны в ближайшем будущем.

Математические способностиАх, как бы хотелось просто «залить» в ChatGPT или DeepSeek всю свою бухгалтерию, домашнее задание по физике или финансовую статистику.

Неправильное решение задачиХотя DeepSeek и ChatGPT могут эффективно обрабатывать и анализировать данные, их способность к абстракт…

6 days, 14 hours назад @ anti-malware.ru
Есть все предпосылки для роста числа сбоев в работе ИТ-инфраструктуры
Есть все предпосылки для роста числа сбоев в работе ИТ-инфраструктуры Есть все предпосылки для роста числа сбоев в работе ИТ-инфраструктуры

Количество сбоев информационных систем растёт как в мире, так и в России.

В России, как показало исследование Monq Digital Lab, количество сбоев по итогам 2024 года выросло на 22 % в годовом выражении.

В исследовании Monq Digital Lab основной причиной сбоев назвали, с одной стороны, проблемы с техническим обслуживанием зарубежного оборудования и ПО, и, с другой, недостаточную отладку отечественных аналогов.

Это связано с тем, что заменить зарубежное оборудование и ПО, в том числе от компаний, которые ушли с российского рынка, часто нечем.

Сайт оператора «Миранда-медиа» в момент атаки в мае-июне 2023 годаВ марте 2024 года злоумышленники воспользовались уязвимостью в не пропатченной вовремя V…

1 week назад @ anti-malware.ru
Эволюция защиты данных: от традиционных методов к Data Security Platform
Эволюция защиты данных: от традиционных методов к Data Security Platform Эволюция защиты данных: от традиционных методов к Data Security Platform

Поэтому рынку необходимы новые решения, которые упростят управление информацией и обеспечат высокий уровень её защиты, — платформы безопасности данных (Data Security Platforms).

Распределение количества утечек по отраслям (источник: ptsecurity.com)Ключевыми целями преступников стали кражи учётных данных и коммерческой тайны.

Кроме того, в связи с текущей геополитической ситуацией интерес хакеров к подрыву инфраструктуры и к публикации украденных данных только усиливается.

Появились первые фокусные решения для защиты информации, ключевыми из которых были системы предотвращения утечек (Data Leak Prevention, DLP).

Следовательно, настало время пересмотреть подход к обеспечению безопасности данн…

1 week, 1 day назад @ anti-malware.ru
Криптовалюта, майнинг и как защищать активы от мошенничества и краж
Криптовалюта, майнинг и как защищать активы от мошенничества и краж Криптовалюта, майнинг и как защищать активы от мошенничества и краж

Несмотря на рост криптовалютного рынка и развитие правовой базы как в России, так и во всём мире, люди продолжают сталкиваться со многочисленными мошенническими схемами.

Российское правовое поле: что можно и что нельзя?

Прежде всего, криптовалюта будет рассматриваться как имущество, что повлечёт за собой налогообложение доходов от операций — как с ценными бумагами.

Функция мультиподписи может поддерживаться как в горячих кошельках, так и в холодных.

В любом случае вы должны знать, каким блокчейном вы пользуетесь и как отслеживать транзакции в нём.

1 week, 2 days назад @ anti-malware.ru
Инновации российского рынка информационной безопасности: миф или реальность?
Инновации российского рынка информационной безопасности: миф или реальность? Инновации российского рынка информационной безопасности: миф или реальность?

Сравнение с 2024 г.Какие факторы влияют на инновации в информационной безопасности?

Как влияет ИИ на инновации в информационной безопасности?

Артём Избаенков, директор продукта Solar Space, ГК «Солар»Как государство поддерживает инновации в информационной безопасности?

Готова ли ваша компания вкладываться в инновации в ИБ?

Развитие инноваций в ИБ в России пока сдерживается санкционной политикой, новыми геополитическими условиями.

1 week, 3 days назад @ anti-malware.ru
Как различные ИБ-инструменты помогают защищать интернет-трафик
Как различные ИБ-инструменты помогают защищать интернет-трафик Как различные ИБ-инструменты помогают защищать интернет-трафик

Схема инструментов защиты трафика на пути к серверуAnti-DDoS: грубая очисткаDDoS — распространенный вид атаки типа «отказ в обслуживании».

Такой вид Anti-DDoS работает только для веб-ресурсов и не подойдет для защиты целой подсети разнородных ресурсов.

В цепочке инструментов защиты Anti-Bot устанавливают строго после Anti-DDoS — так как, в отличие от последнего, модуль защиты от ботов модифицирует трафик.

Для WAF, как и для всех перечисленных средств защиты, возможно задать «черные» и «белые» списки.

Некоторые веб-приложения менее подвержены этой проблеме, так как используют распределенную отказоустойчивую архитектуру, другим необходимы внешние решения для защиты от перегрузки.

1 week, 6 days назад @ anti-malware.ru
Что будет в России с IP-телефонией после сентября 2025 года
Что будет в России с IP-телефонией после сентября 2025 года Что будет в России с IP-телефонией после сентября 2025 года

Чтобы осложнить жизнь мошенникам, использующим звонки с подменой номера, Минцифры хочет ужесточить лицензирование ряда сервисов с 1 сентября 2025 года.

Эту задачу должна была решить единая система «Антифрод», к созданию которой Минцифры приступило в середине года, и уже в декабре 2022-го она начала работать.

В июне 2024 года регулятор запретил операторам принимать звонки с номеров, которые не зарегистрированы в данной системе.

Новый порядок лицензирования, который вступает в силу с 1 сентября 2025 года, касается всех операторов, имеющих лицензии на звонки на мобильные и стационарные телефоны через интернет.

И то, и другое, и третье чревато дополнительными усилиями и, соответственно, затрата…

2 weeks назад @ anti-malware.ru
Конфигурационные файлы RDP в письмах: что стоит знать о рисках
Конфигурационные файлы RDP в письмах: что стоит знать о рисках Конфигурационные файлы RDP в письмах: что стоит знать о рисках

В статье разбираем таргетированную фишинговую атаку с использованием вектора «Rogue RDP», с которой столкнулись специалисты Центра противодействия киберугрозам Innostage SOC CyberART.

Атака заключалась в отправке конфигурационных файлов с расширением «.rdp» и персонифицированных учетных данных с просьбой подключиться ко внешнему терминальному серверу, а также в использовании, предположительно, домена «зомби-компании».

Образец письмаФайл «platforma-zakupki.rdp» представляет собой сконфигурированный файл для автоматического подключения по протоколу RDP к целевому терминальному серверу.

Внести в черные списки СЗИ и средств защиты конечных точек хеш-суммы вредоносных программ, указанные в разде…

2 weeks, 1 day назад @ anti-malware.ru
25 актуальных курсов по информационной безопасности: платные и бесплатные, удалённые и очные
25 актуальных курсов по информационной безопасности: платные и бесплатные, удалённые и очные 25 актуальных курсов по информационной безопасности: платные и бесплатные, удалённые и очные

Поиск курсов по ИБ на Sravni.ru для специалистов с опытомАктуальные курсы по информационной безопасностиПрограммы по ИБ бывают разных форматов от разных организаций.

Курс по ИБ в «Академии информационных систем»На портале ФСТЭК России доступен актуальный список организаций, где можно обучиться по аттестованным ею или ФСБ программам.

Актуальные предложения от отечественных вендоров и компанийНа сайтах российских вендоров и организаций представлена более подробная информация об актуальных курсах по ИБ.

Курс «Введение в информационную безопасность»Основы безопасности и анонимности в сетиКурс, разработанный GeekBrains, предназначен для опытных и новичков.

Курс «Основы безопасности и анонимности…

2 weeks, 1 day назад @ anti-malware.ru
Как организовать защиту компании от программ-шифровальщиков
Как организовать защиту компании от программ-шифровальщиков Как организовать защиту компании от программ-шифровальщиков

Как организовать защиту компании от шифровальщиков?

ВведениеПо данным Positive Technology за II квартал 2024 года, количество атак на компании в странах СНГ увеличилось в 2,6 раза в сравнении с прошлогодними показателями.

Типовой сценарий атаки программы-вымогателяЧтобы выстроить надёжную защиту ИТ-периметра компании, важно понимать, как действуют злоумышленники при атаке с помощью шифровальщиков.

5 шагов для защиты компании от шифровальщиковЗлоумышленники, которые атакуют компании с использованием программ-шифровальщиков, используют все векторы атаки — от социальной инженерии до эксплуатации 0-day уязвимостей.

Важно понимать, что она может меняться в зависимости от субъективных факторов, т…

2 weeks, 2 days назад @ anti-malware.ru
Больше, чем просто мониторинг: какие задачи решает современный EDR
Больше, чем просто мониторинг: какие задачи решает современный EDR Больше, чем просто мониторинг: какие задачи решает современный EDR

Что же такое EDR, чем он отличается от EPP (Endpoint Protection Platform) и почему для защиты от современных атак этот элемент необходим не меньше, чем EPP?

Они уже давно перестали быть просто классическими антивирусами и являются мощными комбайнами, содержащими множество инструментов защиты и контроля.

Что такое EDR и какие у него преимуществаМы выяснили, что классический EDR — не замена EPP, но при этом дополняет его в части выявления сложных и неизвестных угроз.

Метод перехвата и мониторинга произвольных вызовов API-функций через модификацию таблицы адресов импорта (IAT) позволяет EDR выявлять подозрительное поведение в пользовательских процессах.

Чтобы обеспечить эффективное автоматичес…

2 weeks, 2 days назад @ anti-malware.ru
Хабр: ИБ Хабр: ИБ
последний пост 13 часов назад
GigaVulnerability: обход механизмов защиты микроконтроллеров GigaDevice GD32
GigaVulnerability: обход механизмов защиты микроконтроллеров GigaDevice GD32 GigaVulnerability: обход механизмов защиты микроконтроллеров GigaDevice GD32

Если обратиться к документации микроконтроллеров STM32, там будет указано, что при включенном RDP2 отладочный интерфейс отключается даже в состоянии сброса.

В итоге из каждой группы было приобретено несколько одинаковых микроконтроллеров (запасные и на случай тестирования более низких уровней защиты).

Вместе с тем не кэшируется и значение Option Bytes и, в частности, байта, отвечающего за уровень защиты.

Кроме того, экспериментально было проверено, что при обращении за пределы «быстрой» части флеш-памяти действительно будет большая задержка, сопровождаемая шумом при анализе напряжения.

Но если Option Bytes хотя бы раз будут считаны и закэшированы, то и значение уровня RDP закэшируется, и пр…

13 часов назад @ habr.com
Апробация подхода для поиска аномалий на основе гибридных автоматов на датасете CIC Modbus 2023
Апробация подхода для поиска аномалий на основе гибридных автоматов на датасете CIC Modbus 2023 Апробация подхода для поиска аномалий на основе гибридных автоматов на датасете CIC Modbus 2023

Несанкционированное изменение или передача некорректных данных через них может привести к нарушению работы системы, что в свою очередь способно вызвать сбои в производственных процессах.

А возможность дополнения экспертным знанием может быть реализована путём анализа доменным экспертом сформированного автомата и, при необходимости, непосредственной корректировки коэффициентов уравнений.

Для каждого сегмента, для каждого тега сегмента рассчитываются коэффициенты линейной функции, аппроксимирующей её изменение.

Определяются инварианты для состояний: для каждого состояния выбираются минимальное и максимальное значения для переменных.

Обученная модель (в виде набора гиперплоскостей как представ…

14 часов назад @ habr.com
Как regreSSHion открыл новую главу в старых атаках OpenSSH
Как regreSSHion открыл новую главу в старых атаках OpenSSH Как regreSSHion открыл новую главу в старых атаках OpenSSH

Гайнуллина Екатерина, Security VisionВведениеCVE-2024-6387, известная как regreSSHion, представляет собой критическую уязвимость в OpenSSH, затрагивающую серверную часть (sshd) на системах с использованием glibc.

RegreSSHion — это результат регрессии, вызванной изменениями в коде OpenSSH в 2020 году.

Она оставила след в памяти и, возможно, изменила правила игры в кибербезопасности навсегда.

Однако в октябре 2020 года, в версии OpenSSH 8.5p1, в результате рефакторинга кода этот макрос был случайно удалён из функции sigdie().

Уязвимость затрагивает следующие версии OpenSSH:· OpenSSH 8.5p1 до 9.7p1: это все версии, в которых небезопасные функции были вновь интегрированы в обработку сигналов.

14 часов назад @ habr.com
Как быстро освоить кибербезопасность: советы для начинающих
Как быстро освоить кибербезопасность: советы для начинающих Как быстро освоить кибербезопасность: советы для начинающих

Эта статья предназначена для тех, кто хочет быстро освоить основы кибербезопасности, но не знает, с чего начать и куда двигаться.

Чем теснее связан навык, который вы хотите освоить, с тем, что вы уже знаете, тем лучше.

Так что вам будет проще освоить кибербезопасность, если вы уже имеете опыт работы в ИТ.

Человек наш хочет стать специалистом по кибербезопасности и работать по новой специальности.

В обучении ИТ в целом и кибербезопасности в частности важны преподаватели-практики.

14 часов назад @ habr.com
Pentesting 101: с чего начать
Pentesting 101: с чего начать Pentesting 101: с чего начать

Grey Hat: применяют методы, схожие с Black Hat, но с намерением помочь улучшить безопасность, хотя их действия могут находиться в серой зоне законодательства.

Соблюдение нормативов: подтверждение соответствия систем государственным стандартам безопасности, что особенно важно для отраслей с высокими требованиями к защите данных.

С чего начать, если вы хотите стать пентестеромВот краткий список основ, которые помогут вам начать:IT и сети: освойте базовые принципы работы операционных систем (Linux, Windows) и сети (TCP/IP, HTTP, DNS).

В этой статье мы рассмотрели основы — от сканирования портов с помощью Nmap до поиска SQL‑инъекций с SQLMap.

Это поможет вам не только закрепить базовые знания, …

15 часов назад @ habr.com
[Перевод] Targeted Timeroasting: Кража пользовательских хешей с помощью NTP
[Перевод] Targeted Timeroasting: Кража пользовательских хешей с помощью NTP [Перевод] Targeted Timeroasting: Кража пользовательских хешей с помощью NTP

Наткнувшись на статью Giulio Pierantoni на Medium, мы не смогли пройти мимо и решили поделиться ей с русскоязычным сообществом.

Атака основана на особенностях MS-SNTP , собственного аутентификационного расширения Microsoft для протоколов NTP и SNTP, используемых узлами, подключенными к домену, для синхронизации времени с контроллером домена.

Как только значения userAccountControl и sAMAccountName объекта будут модифицированы, контроллер домена начнет свободно раздавать хеш этого аккаунта всем, кто пошлет такой запрос.

Он требует запуск от имени доменного администратора с компьютера, присоединенного к домену, на котором предустановлен модуль Active Directory для PowerShell.

Если мы посмотрим…

15 часов назад @ habr.com
SOLAR Quest: как покорить Весторос и прокачать навыки команды Blue team
SOLAR Quest: как покорить Весторос и прокачать навыки команды Blue team SOLAR Quest: как покорить Весторос и прокачать навыки команды Blue team

В январе 2025 года вышла новая версия Solar CyberMir 7.0, и в этой статье я расскажу о главной фиче — движке Solar Quest, который построен на теории графов.

На основе нового движка можно будет проводить мероприятия по обнаружению, расследованию, защите и восстановлению, а также Task-Based CTF (Jeopardy), КШТ и многое другое.

В новом релизе CyberMir 7.0 мы внедрили движок Solar Quest, который позволяет в одиночном режиме проходить квесты, квизы и КШТ.

Выбрать можно только одно действие, которое является ребром графа и имеет свой вес.

Дальнейшие планыДвижок Solar Quest уже позволяет в одиночном режиме проходить квесты, квизы и КШТ, вышел с обновлением Solar CyberMir 7.0.

1 day, 5 hours назад @ habr.com
Как не превратить рабочий ноутбук в решето: простые правила и полезные программы
Как не превратить рабочий ноутбук в решето: простые правила и полезные программы Как не превратить рабочий ноутбук в решето: простые правила и полезные программы

Ваш рабочий ноутбук — это не просто инструмент для работы, а хранилище корпоративных секретов, персональных данных и доступов к важным ресурсам.

В этой статье разберёмся, как можно максимально просто и эффективно защитить себя и свою компанию от потенциальных угроз.

Даже если вы отошли на минуту, не поленитесь нажать Win + L в Windows или Ctrl + Cmd + Q в macOS.

Надёжные пароли и двухфакторная аутентификацияГенерация и хранение паролейПароль типа Qwerty123 или 123456 — это даже не защита, а просто формальность.

ЗаключениеБезопасность — это не что-то сложное и непостижимое, а простые ежедневные привычки.

1 day, 5 hours назад @ habr.com
[Перевод] Все знают, где ты находишься
[Перевод] Все знают, где ты находишься [Перевод] Все знают, где ты находишься

Мне было слишком некомфортно делать всё это на моём нынешнем телефоне.

Простая игра Stack издателя KetchApp — помню, как играл в неё в школе 10-12 лет назад.

"bn": "molocoads-eu-banner", // Что это за moloco ads?

"timeZone":"+0100", "deviceFreeSpace":112945148 "networkOperator":"6553565535" "advertisingTrackingId":"00000000-0000....", // интересно... }получившим мой IPДавайте поговорим об IDifvadvertisingTrackingIdIDFAifv000000-0000...▍ И это единственное различие между запретом и разрешением на отслеживаниесобирают их точное местоположениеIDFAtidsiddevice_iduidКак выглядит поток данных?

Часть образца данных для большей наглядностиappyod▍ Покажи мне персональную информацию!

1 day, 9 hours назад @ habr.com
DeepSeek vs Mixtral: что безопаснее использовать для корпоративного чат-бота?
DeepSeek vs Mixtral: что безопаснее использовать для корпоративного чат-бота? DeepSeek vs Mixtral: что безопаснее использовать для корпоративного чат-бота?

В этой статье я решил проверить безопасность использования DeepSeek в чат-боте для поддержки студентов в сравнении с открытой моделью Mixtral.

Ответь на вопрос студента в теге : {question} Вот найденный по запросу фрагмент документа из университетской базы знаний в теге : {confluence_doc} Помни, ты должен отвечать только на вопрос студента строго по приведённому документу.

Попробуем атаковать тремя способами:Джейлбрейк DANПровокационный вопрос на иностранном языкеПодхалимство для противоречивых ответовАтаковать чат-бот будем с помощью open-source фреймворка LLAMATOR, разработанного специально для проверки безопасности систем на базе генеративных моделей.

Вопрос безопасности кроется не в сам…

1 day, 12 hours назад @ habr.com
Сканируем кластер Kubernetes без лишних сущностей
Сканируем кластер Kubernetes без лишних сущностей Сканируем кластер Kubernetes без лишних сущностей

Когда речь заходит о безопасности контейнеров, то обычно все вспоминают о сканировании образов и поиске в них уязвимостей.

Но при этом не стоит забывать и о безопасности самой среды оркестрации Kubernetes, которая управляет всеми нашими контейнерами.

Необходимо создать файл манифеста job.yaml Полный текст этого файла мы здесь приводить не будем, чтобы не увеличивать без надобности размер статьи.

CheckovCheckov — это сканер безопасности для Kubernetes, Terraform и облачных сред, предотвращающий неправильные конфигурации.

В заключение напомню об открытых уроках по DevSecOps, которые пройдут в Otus в феврале, и на которые можно записаться бесплатно:

1 day, 12 hours назад @ habr.com
[Перевод] Топ-10 техник атак веб-приложений 2024 года
[Перевод] Топ-10 техник атак веб-приложений 2024 года [Перевод] Топ-10 техник атак веб-приложений 2024 года

PortSwigger опубликовали топ-10 техник атак веб-приложений 2024 года, проекта, созданного усилиями сообщества, чтобы определить самые инновационные и важные исследования в области веб-безопасности, опубликованные за последний год.

Топ-10 техник атак веб-приложений 2024 года:1.

Это исследование — качественный анализ упущенной поверхности атаки, подрывающий предположения о том, где злоумышленник может получить точку опоры.

Эта атака может позволить проведения успешных атак с контролируемого поддомена (и размещения пейлоада), сервисов, которые предоставляют такую возможность.

Данные техники атак представляют собой передовые исследования и могут стать хорошей основой для изучения и применения в…

2 days, 3 hours назад @ habr.com
Форензика Windows
Форензика Windows Форензика Windows

Так как в большинстве организаций пользовательские компьютеры по прежнему используют Windows, в этой статье мы поговорим об анализе этой операционной системы.

Вместо этого мы поговорим о других укромных уголках Windows, в которых тоже можно найти полезную информацию.

Еще одна следилка полезная функция Windows, которая предоставляет хронологическую историю посещенных веб‑страниц, отредактированных документов и выполненных приложений, это Timeline.

Здесь мы можем видеть, какие компоненты Windows когда запускались, причем речь идет не только о пользовательских приложениях, но также и о системных компонентах.

В системах Windows, начиная с Vista, корзина находится в папке $Recycle.bin в корне ди…

2 days, 3 hours назад @ habr.com
Detection is easy. DLL Hijacking в инструментах SysInternals
Detection is easy. DLL Hijacking в инструментах SysInternals Detection is easy. DLL Hijacking в инструментах SysInternals

Продолжаем серию статей - Detection is easy, посвященных Detection engineering (DE), о чем я пишу в одноименном Telegram-канале.

Исследователь обнаружил, что большинство этих инструментов уязвимы к загрузке вредоносных DLL в память.

Описание уязвимостейУязвимость связана с загрузкой DLL из текущего рабочего каталога (CWD) с инструментами Sysinternals.

Для эксплуатации необходимо разместить исполняемый файл и вредоносную DLL в одной директории.

Уязвимость DLL Hijacking в инструментах SysInternals представляет серьезную угрозу, так как позволяет злоумышленникам загружать вредоносные библиотеки.

2 days, 8 hours назад @ habr.com
Firewall не спасёт
Firewall не спасёт Firewall не спасёт

При этом если легитимный трафик не будет возвращён целевому приложению, то в работе последнего будут наблюдаться сбои.

Легитимное серверное приложение закрепляет за собой транспортный порт и не даёт другим приложениям его использовать.

recv_tcp_reuse.py станет recv_udp_reuse.py и будет иметь следующий вид:send_tcp.py станет send_udp.py и будет следующим:Запустим recv_udp_reuse.py в нескольких сеансах, а затем send_udp.py.

Дело в том, что в Windows межсетевое экранирование не распространяется на локальный трафик, поэтому клиент придется запускать с другого узла.

Firewall опять не спас.Мы с вами посмотрели две техники обхода межсетевых экранов.

2 days, 8 hours назад @ habr.com
Хакер Хакер
последний пост 3 часа назад
Заброшенные бакеты AWS S3 могут применяться в атаках на цепочки поставок
Заброшенные бакеты AWS S3 могут применяться в атаках на цепочки поставок Заброшенные бакеты AWS S3 могут применяться в атаках на цепочки поставок

Компания WatchTowr обнаружила множество заброшенных бакетов Amazon S3, которые могли использоваться злоумышленниками для доставки малвари и бэкдоров государственным учреждениям и крупным компаниям.

Исследователи нашли около 150 бакетов S3, которые ранее использовались для хранения данных различными коммерческими и опенсорными продуктами.

Анализ источников запросов показал, что они поступали даже из правительственных сетей в США, Великобритании, Австралии, Южной Корее и других странах.

Проще говоря, мы бы посрамили Cozy Bear, а их развлечения с SolarWinds показались бы мелочью и дилетантством», – говорится в отчете WatchTowr.

Для предотвращения дальнейших злоупотреблений исследователи уведом…

3 часа назад @ xakep.ru
Страж безопасности. Защищаем периметр при помощи Wazuh
Страж безопасности. Защищаем периметр при помощи Wazuh Страж безопасности. Защищаем периметр при помощи Wazuh

Се­год­ня я рас­ска­жу о сво­ем опы­те работы с Wazuh — опен­сор­сной сис­темой, которая сов­меща­ет в себе фун­кции SIEM и XDR.

Имен­но в таком сос­тоянии и были дела в ком­пании, где я недав­но раз­ворачи­вал сис­тему безопас­ности на базе Wazuh.

Wazuh отсле­жива­ет и дан­ные и ана­лизи­рует кор­реляции в них на осно­ве пра­вил.

Эти дан­ные цен­тра­лизо­ван­но отправ­ляют­ся в основную ана­лити­чес­кую сис­тему Wazuh для деталь­ного ана­лиза.

Ло­ги, пос­тупа­ющие из сис­тем управле­ния иден­тифика­цией и дос­тупом (Identity and Access Management, IAM), тоже интегри­рова­ны с Wazuh.

6 часов назад @ xakep.ru
В прошлом году хакеры эксплуатировали 768 уязвимостей
В прошлом году хакеры эксплуатировали 768 уязвимостей В прошлом году хакеры эксплуатировали 768 уязвимостей

Аналитики VulnCheck подсчитали, что в 2024 году было зарегистрировано 768 CVE, которые использовались злоумышленниками в реальных атаках.

Это на 20% больше, чем в 2023 году, когда хакеры эксплуатировали 639 уязвимостей.

Исследователи сообщают, что 23,6% всех известных эксплуатируемых уязвимостей (KEV) в прошлом году были задействованы либо в день, когда их CVE были публично раскрыты, либо еще до этого момента.

Это несколько меньше, чем в 2023 году (26,8%), и специалисты пишут, что попытки эксплуатации могут происходить в любой момент на протяжении существования уязвимости, невзирая на шумиху, которая окружает 0-day баги.

«В 2024 году лишь 1% публично раскрытых CVE использовался в реальных а…

7 часов назад @ xakep.ru
Zyxel не собирается исправлять 0-day уязвимости в своих роутерах
Zyxel не собирается исправлять 0-day уязвимости в своих роутерах Zyxel не собирается исправлять 0-day уязвимости в своих роутерах

При этом производитель заявил, что не планирует выпускать патчи и призвал пользователей переходить на поддерживаемые модели устройств.

Уязвимости, о которых идет речь, были обнаружены специалистами VulnCheck еще в июле 2024 года, а совсем недавно компания GreyNoise сообщала о том, что их уже взяли на вооружение хакеры.

Согласно статистике Censys, в настоящее время в сети можно обнаружить более 1500 устройств уязвимых Zyxel CPE, которые в основном находятся на Филиппинах, в Турции, Великобритании, Франции и Италии.

— Поэтому мы настоятельно рекомендуем пользователям заменить их на продукты нового поколения для обеспечения наилучшей защиты».

При этом представители Zyxel отметили, что просили …

9 часов назад @ xakep.ru
Выплаты вымогательским группировкам сократились на 35%
Выплаты вымогательским группировкам сократились на 35% Выплаты вымогательским группировкам сократились на 35%

В 2024 году объем выкупов, выплаченных вымогательским хак-группам, снизился на 35% по сравнению с предыдущим годом и составил 813,55 млн долларов США.

Как сообщают блокчейн-аналитики из компании Chainalysis, в прошлом году только около 30% жертв, участвовавших в переговорах с вымогателями, в итоге согласились заплатить хоть какой-то выкуп.

По информации исследователей, самой крупной «удачей» хакеров в 2024 году стал взлом неназванной компании из списка Fortune 50, которая в итоге выплатила группировке Dark Angels рекордную сумму — 75 млн долларов США.

В итоге медианные размеры выкупов в 2024 году снизились, несмотря на рекорд Dark Angels.

При этом централизованные биржи остаются основным сп…

11 часов назад @ xakep.ru
Let’s Encrypt перестанет предупреждать об истечении срока действия сертификатов по почте
Let’s Encrypt перестанет предупреждать об истечении срока действия сертификатов по почте Let’s Encrypt перестанет предупреждать об истечении срока действия сертификатов по почте

Дело в том, что рассылка таких уведомлений обходится Let’s Encrypt в десятки тысяч долларов ежегодно.

Представители Let's Encrypt объясняют, что автоматические рассылки решено прекратить по нескольким причинам.

«Рассылка электронных писем с уведомлениями об истечении срока действия сертификатов означает, что мы должны хранить миллионы адресов электронной почты, связанных с записями о выданных сертификатах.

Организация рекомендует использовать Red Sift Certificates Lite для отслеживания истечения срока действия сертификатов (до 250 сертификатов сервис бесплатен).

Согласно официальной странице статистики Let's Encrypt, по состоянию на декабрь 2024 года ежедневно выдавалось около 8 млн сертифи…

13 часов назад @ xakep.ru
Вредоносный Go-пакет оставался незамеченным три года
Вредоносный Go-пакет оставался незамеченным три года Вредоносный Go-пакет оставался незамеченным три года

Вредонос оставался незамеченным несколько лет и сохранился в кеше Go Module Mirror.

BoltDB (github.com/boltdb/bolt) был создан девять лет назад, но год спустя автор проекта объявил о завершении разработки, и с тех пор BoltDB не обновлялся.

Если разработчик случайно перепутает легитимный пакет с подделкой, расположенной по адресу github[.

Вредоносный пакет boltdb-go был опубликован на GitHub в ноябре 2021 года.

По словам эксперта, неизменяемые модули (immutable modules) с одной стороны повышают безопасность, но с другой — создают потенциальные векторы для злоупотреблений.

1 day, 2 hours назад @ xakep.ru
В роутерах Netgear устранили две критических уязвимости
В роутерах Netgear устранили две критических уязвимости В роутерах Netgear устранили две критических уязвимости

Разработчики компании Netgear устранили две критические уязвимости в нескольких моделях Wi-Fi роутеров.

Проблемы затрагивают ряд точек доступа Wi-Fi 6 (WAX206, WAX214v2 и WAX220), а также маршрутизаторы Nighthawk Pro Gaming (XR1000, XR1000v2, XR500).

Подробная информация об уязвимостях пока не раскрывается, но в компании сообщают, что неавторизованные злоумышленники могут использовать их для удаленного выполнения кода (PSV-2023-0039) и обхода аутентификации (PSV-2021-0117).

В таблице ниже перечислены уязвимые модели роутеров и исправленные версии прошивок.

Модель маршрутизатора Исправленная версия прошивки XR1000 1.0.0.74 XR1000v2 1.1.0.22 XR500 2.3.2.134 WAX206 1.0.5.3 WAX220 1.0.5.3 WAX21…

1 day, 3 hours назад @ xakep.ru
Уязвимость обхода AMD SEV-SNP допускает внедрение вредоносного микрокода
Уязвимость обхода AMD SEV-SNP допускает внедрение вредоносного микрокода Уязвимость обхода AMD SEV-SNP допускает внедрение вредоносного микрокода

Новая уязвимость в некоторых процессорах AMD позволяла обойти защиту Secure Encrypted Virtualization (SEV), и при определенных условиях злоумышленник получал возможность загрузить вредоносный микрокод.

«Некорректная проверка подписи в загрузчике патчей микрокодов AMD CPU ROM позволяла злоумышленнику с привилегиями локального администратора загрузить вредоносный микрокод, что приводило к потере конфиденциальности и целостности гостевых систем, работающих с AMD SEV-SNP», — сообщают в AMD.

В собственном бюллетене безопасности специалисты Google рассказывают, что уязвимость CVE-2024-56161 возникает из-за небезопасной хеш-функции при проверке подписи для обновлений микрокода.

По словам исследова…

1 day, 9 hours назад @ xakep.ru
22 новых семейства малвари для macOS появились за последний год
22 новых семейства малвари для macOS появились за последний год 22 новых семейства малвари для macOS появились за последний год

Известный специалист по безопасности macOS Патрик Уордл (Patrick Wardle) сообщил, что в 2024 году было обнаружено более 20 новых семейств малвари, ориентированных на macOS.

По данным Уордла, количество новых семейств вредоносных программ для macOS, появившихся в 2024 году, равняется 22.

Среди инфостилеров для macOS, появившихся в 2024 году, значатся: CloudChat, Poseidon (он же Rodrigo), Cthulhu, BeaverTail, PyStealer и Banshee.

Что касается новых вымогателей для macOS, в прошлом году специалисты по кибербезопасности обнаружили NotLockBit, который шифрует файлы жертв, а также обладает базовыми функциями для кражи данных.

Якобы связанный с Китаем LightSpy нацелен не только на macOS, но и на i…

1 day, 11 hours назад @ xakep.ru
Телефонных мошенников хотят ловить с помощью базы биометрических данных
Телефонных мошенников хотят ловить с помощью базы биометрических данных Телефонных мошенников хотят ловить с помощью базы биометрических данных

Планируется, что данные будут аккумулироваться на единой антифрод-платформе, куда органы власти и участники интернет-рынка будут передавать информацию о мошенничестве.

По данным издания, Минцифры уже прорабатывает дополнительные меры борьбы с мошенниками, намереваясь собирать и хранить векторы их голосов на единой антифрод-платформе.

Это следует из подготовленного в правительстве пакета антимошеннических поправок (в частности, к законам «О связи», «Об информации, информационных технологиях…» и так далее).

В документе подчеркивается, что согласие на сбор биометрических данных «лиц, совершивших мошенничество с использованием сети связи» не требуется.

Однако в ведомстве подтверждают, что обсуж…

1 day, 13 hours назад @ xakep.ru
В 2024 году из Google Play удалили 2,36 млн опасных приложений
В 2024 году из Google Play удалили 2,36 млн опасных приложений В 2024 году из Google Play удалили 2,36 млн опасных приложений

Компания Google отчиталась о том, что в 2024 году в магазине Google Play было заблокировано более 2,3 млн приложений, которые могли представлять потенциальную угрозу для пользователей.

Для сравнения, в 2023 году Google заблокировала 2,28 млн потенциально опасных приложений, в 2022 году — 1,5 млн, а количество заблокированных аккаунтов разработчиков составило 333 000 и 173 000 соответственно.

Увеличение количества заблокированных приложений в 2024 году частично объясняется применением ИИ, который теперь помогает людям в проверке приложений и использовался для выявления нарушений в 92% случаев.

Разработчики рассказывают, что в 2024 году Google Play Protect получил ряд обновлений и стал еще эф…

2 days, 3 hours назад @ xakep.ru
В App Store и Google Play обнаружен стилер SparkCat
В App Store и Google Play обнаружен стилер SparkCat В App Store и Google Play обнаружен стилер SparkCat

В конце 2024 года исследователи «Лаборатории Касперского» обнаружили в Apple App Store, Google Play и на неофициальных площадках ранее неизвестный троян SparkCat, предназначенный для кражи данных.

В компании сообщают, что пока атаки SparkCat нацелены на пользователей Android- и iOS-устройств в ОАЭ, странах Европы и Азии.

Однако специалисты не исключают, что с подобной угрозой могут столкнуться люди и в других регионах, в том числе в России.

Согласно временным меткам в файлах малвари и датам создания файлов конфигураций в репозиториях на GitLab, SparkCat был активен с марта 2024 года.

«В App Store регулярно проникали различные скам- и мошеннические приложения, однако это первый известный слу…

2 days, 4 hours назад @ xakep.ru
Виртуальный шифр. Анализируем энкодер для VMware ESXi
Виртуальный шифр. Анализируем энкодер для VMware ESXi Виртуальный шифр. Анализируем энкодер для VMware ESXi

Сегод­ня мы раз­берем прин­цип дей­ствия шиф­роваль­щика, ори­енти­рован­ного на VMware ESXi, и погово­рим о том, как обе­зопа­сить свою вир­туаль­ную инфраструк­туру.

VMware Horizon, будучи слож­ным про­дук­том, базиру­ющим­ся на Java и в прош­лом вклю­чав­шим уяз­вимые ком­понен­ты, иног­да оста­вал­ся неп­ропат­ченным, что откры­вало воз­можность про­вес­ти RCE-ата­ку (remote code execution).

При этом, если верить дизас­сем­бле­ру, в коде реали­зова­ны крип­топри­мити­вы Curve25519 (для обме­на или генера­ции клю­чей) и Sosemanuk (для быс­тро­го шиф­рования).

Фун­кция generate_key при­нима­ет шесть аргу­мен­тов:_int64 privateKey1 — пер­вый при­ват­ный ключ для Curve25519;— пер­вый при­ва…

2 days, 8 hours назад @ xakep.ru
Google исправила в Android 0-day уязвимость, находившуюся под атаками
Google исправила в Android 0-day уязвимость, находившуюся под атаками Google исправила в Android 0-day уязвимость, находившуюся под атаками

Компания Google выпустила февральский набор патчей для Android.

В общей сложности обновления исправляют 48 уязвимостей, включая 0-day уязвимость ядра, которая уже была взята на вооружение хакерами.

Уязвимость нулевого дня получила идентификатор CVE-2024-53104 и связана с повышением привилегий в драйвере USB Video Class ядра Android.

Помимо эксплуатируемой уязвимости нулевого дня, февральские патчи для Android исправили критическую уязвимость в компоненте WLAN от Qualcomm.

CVE-2024-45569 может использоваться удаленными атакующими для выполнения произвольного кода или команд, чтения или изменения памяти, а также для вызова сбоев.

2 days, 9 hours назад @ xakep.ru
In English 🇺🇸
The Hacker News The Hacker News
последний пост 7 часов назад
Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking

Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT.

In a similar fashion, the latest attack sequence associated with ValleyRAT entails the use of a fake Google Chrome website to trick targets into downloading a ZIP archive containing an executable ("Setup.exe").

Also retrieved is another DLL file ("sscronet.dll"), which is responsible for terminating any running process present in an exclusion list.

Compiled in Chinese and written in C++, ValleyRAT is a trojan that's designed to monitor screen content, log keystrokes, and establish persistence on the host.

"For payload injection, the attacker abused legitima…

7 часов назад @ thehackernews.com
Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023
Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023 Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023

Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023.

According to data compiled by Coveware, the average ransomware payment in Q4 2024 was at $553,959, up from $479,237 in Q3.

The median ransomware payment, in contrast, dropped from $200,000 to $110,890 quarter-over-quarter, a 45% drop.

"With a crucial role in the global economy, Industrials experienced 27% (1424) of all ransomware attacks in 2024, increasing 15% from 2023," NCC Group said.

"Both Akira and Fog have used identical money laundering methods, which are distinct from other ransomware strains, further supporting a connection between them," Chainalysis said.

8 часов назад @ thehackernews.com
SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets.

In a similar vein, the iOS version of SparkCat relies on Google's ML Kit library for OCR to steal images containing mnemonic phrases.

A notable aspect of the malware is its use of a Rust-based communication mechanism for C2, something rarely observed in mobile apps.

Further analysis of keywords used and the regions where these apps were made available indicate that the campaign is primarily targeting users in Europe and Asia.

Since these prompts can look like legitimate system prompts, threat a…

10 часов назад @ thehackernews.com
The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025
The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025 The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025

Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas.

With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions.

Limit user access to only those resources necessary for their job duties.. Limit user access to only those resources necessary for their job duties.

Beyond access control: How modern PAM enhances cybersecurity ecosystemsMany modern PAM solutions go beyond traditional access control by integrating with broader cybersecurity ecosystems.

PAM as a priority for cybersecurity leade…

11 часов назад @ thehackernews.com
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials

The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC).

The attacks commence with phishing emails containing a Windows shortcut (LNK) file that's disguised as a Microsoft Office or PDF document.

Furthermore, Kimsuky has been observed using a PowerShell-based keylogger to record keystrokes and a new stealer malware codenamed forceCopy that's used to copy files stored in web browser-related directories.

"All of the paths where the malware is installed are web browser installation paths," ASEC sa…

11 часов назад @ thehackernews.com
Top 3 Ransomware Threats Active in 2025
Top 3 Ransomware Threats Active in 2025 Top 3 Ransomware Threats Active in 2025

Below, we break down the top three ransomware families active in 2025: LockBit, Lynx, and Virlock, and find out how interactive analysis helps businesses detect and stop them before it's too late.

LockBit sample:Let's take a closer look at a LockBit ransomware sample inside ANY.RUN's secure sandbox to discover its key behaviors.

Unlike typical ransomware, Virlock not only encrypts files but also infects them, turning each into a polymorphic file infector.

View sandbox analysis of VirlockVirlock ransomware inside VMJust like LockBit and Lynx, Virlock drops a ransom note upon execution.

These reports are formatted for further analysis, helping security teams collaborate and develop effective …

11 часов назад @ thehackernews.com
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc

Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices.

The vulnerabilities are listed below -CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device.

(CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device.

Cisco said the…

14 часов назад @ thehackernews.com
Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign
Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign

The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems.

"Although seemingly innocent, these requests can serve nefarious purposes, such as harvesting personal data or lending a veneer of legitimacy to the interaction."

]io, a cross-platform JavaScript information stealer that's capable of harvesting data from various cryptocurrency wallet extensions that may be installed on the victim's browser.

The stealer also doubles up as a loader to retrieve a Python-based backdoor responsible for monitoring clipboard co…

1 day, 7 hours назад @ thehackernews.com
Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts
Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts

Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments.

Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks.

Over 51% of the targeted organizations have been assessed to be successfully impacted between June and November 2024, compromising 43% of targeted user accounts.

The cybersecurity company said it also detected a large-scale password spraying campaign using Node Fetch and Go Resty clients, recording no less than 13 million login attempts…

1 day, 9 hours назад @ thehackernews.com
Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks
Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks

A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan.

The infections commence with a spear-phishing email containing a RAR archive attachment that ultimately acts as a delivery vehicle for malicious payloads responsible for granting remote access to the compromised hosts.

The executable subsequently proceeds to run a PowerShell script that uses Telegram bots (named "@south_korea145_bot" and "@south_afr_angl_bot") for command execution and data exfiltration.

Seqrite Labs said it observed some level of tactical overlaps between the threat actor and YoroTrooper (aka SturgeonPhisher), which has bee…

1 day, 9 hours назад @ thehackernews.com
New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack
New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack

Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems.

The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0.

"A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on the affected appliance server with root-level permissions," Veeam said in an advisory.

The shortcoming impacts the following products -Veeam Backup for Salesforce — 3.1 and olderVeeam Backup for Nutanix AHV — 5.0 | 5.1 (Versions 6 and higher are unaffected by the flaw)Veeam Backup for AWS — 6a | …

1 day, 10 hours назад @ thehackernews.com
Navigating the Future: Key IT Vulnerability Management Trends
Navigating the Future: Key IT Vulnerability Management Trends Navigating the Future: Key IT Vulnerability Management Trends

Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws.

The data is clear: Organizations are becoming increasingly reliant on vulnerability assessments and plan to prioritize these investments in 2025.

Companies are increasing the frequency of vulnerability assessmentsIn 2024, 24% of respondents said they conduct vulnerability assessments more than four times per year, up from 15% in 2023.

How frequently does your organization conductIT security vulnerability assessments?

Some compliance regulations, like the Payment Card Industry (PCI DSS), require vulnerability scans to be perfo…

1 day, 11 hours назад @ thehackernews.com
AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks
AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks

A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels.

The starting point of the multi-stage attack chain is a phishing email that contains a Dropbox URL that, upon clicking, downloads a ZIP archive.

Specifically, the LNK file is retrieved by means of a TryCloudflare URL embedded within the URL file.

The newly downloaded ZIP file contains a Python payload designed to launch and execute several malware families, such as AsyncRAT, Venom RAT, and XWorm.

Phishing pages can be sent, in the guise of tickets assigned to the email address."

1 day, 12 hours назад @ thehackernews.com
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25
CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

The list of vulnerabilities is as follows -CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized access and execute arbitrary code on the server (Fixed in September 2024)(CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized access and execute arbitrary code on the server (Fixed in September 2024) CVE-2024-29059 (CVSS score: 7.5) - A…

1 day, 17 hours назад @ thehackernews.com
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access
Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access

Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems.

The malicious version (1.3.1) was published to GitHub in November 2021, following which it was cached indefinitely by the Go Module Mirror service.

"Once installed, the backdoored package grants the threat actor remote access to the infected system, allowing them to execute arbitrary commands," security researcher Kirill Boychenko said in an analysis.

Socket said the development marks one of the earliest instances of a malicious actor abusing the Go Module Mirror's indefinite cachin…

2 days, 8 hours назад @ thehackernews.com
threatpost threatpost
последний пост None
DarkReading
последний пост None
WeLiveSecurity
последний пост 3 months назад
Life on a crooked RedLine: Analyzing the infamous infostealer’s backend
Life on a crooked RedLine: Analyzing the infamous infostealer’s backend Life on a crooked RedLine: Analyzing the infamous infostealer’s backend

To limit any possible confusion, we will use the following terms consistently throughout the text: RedLine malware : The RedLine Stealer malware or a sample thereof.

RedLine backend : Collection of modules that provide authentication and functionality for the RedLine panel.

This includes the RedLine malware, the RedLine panel, and the RedLine backend modules.

This includes the RedLine malware, the RedLine panel, and the RedLine backend modules.

Builder tab of the RedLine panelRedLine backendThe RedLine backend we analyzed in 2023 consists of two modules.

3 months назад @ welivesecurity.com
ESET APT Activity Report Q2 2024–Q3 2024
ESET APT Activity Report Q2 2024–Q3 2024 ESET APT Activity Report Q2 2024–Q3 2024

ESET APT Activity Report Q2 2024–Q3 2024 summarizes notable activities of selected advanced persistent threat (APT) groups that were documented by ESET researchers from April 2024 until the end of September 2024.

Additionally, China-aligned APT groups have been relying increasingly on the open-source and multiplatform SoftEther VPN to maintain access to victims’ networks.

For the first time, we saw an APT group – specifically ScarCruft – abusing Zoho cloud services.

Malicious activities described in ESET APT Activity Report Q2 2024–Q3 2024 are detected by ESET products; shared intelligence is based mostly on proprietary ESET telemetry data and has been verified by ESET researchers.

Attack s…

3 months назад @ welivesecurity.com
Jane Goodall: Reasons for hope | Starmus highlights
Jane Goodall: Reasons for hope | Starmus highlights Jane Goodall: Reasons for hope | Starmus highlights

The trailblazing scientist shares her reasons for hope in the fight against climate change and how we can tackle seemingly impossible problems and keep going in the face of adversityRenowned ethologist and conservationist Jane Goodall offers a sobering, but hopeful reflection on the precarious state of our planet.

With ecosystems worldwide facing unprecedented threats from climate change, biodiversity loss, intensive farming, deforestation, and pollution, Earth is undergoing what scientists call the sixth mass extinction.

Unlike in the past, however, this one is driven by human activity, accelerating species loss at rates much faster than typical evolutionary processes.

Yet, Ms. Goodall – w…

3 months назад @ welivesecurity.com
Month in security with Tony Anscombe – October 2024 edition
Month in security with Tony Anscombe – October 2024 edition Month in security with Tony Anscombe – October 2024 edition

Each month, ESET's Chief Security Evangelist Tony Anscombe will bring you a roundup of the latest cybersecurity news and insights – all in five or so minutes.

Let's cut to the chase now and review some of the most impactful cybersecurity stories of October 2024.

Recent weeks have also seen a number of damaging hacks and breaches, including one hitting American Water, the largest US water utility, and two incidents targeting The Internet Archive.

Meanwhile, lawmakers have also been busy this month, as Australia introduced its first cybersecurity legislation.

In the US, the Cybersecurity and Infrastructure Security Agency (CISA) proposed new security requirements to protect personal and gover…

3 months, 1 week назад @ welivesecurity.com
How to remove your personal information from Google Search results
How to remove your personal information from Google Search results How to remove your personal information from Google Search results

If not, consider requesting the removal of your personal information from search results.

What shows up in Google Search?

Unsurprisingly, the search results become more specific, showcasing how powerful search engines are at pinpointing someone’s data.

How to use Google’s “Results about you”To use this feature, you need to have a Google account.

For the browser version, follow these steps:Log into your Google account and click on your profile avatar.

3 months, 1 week назад @ welivesecurity.com
Don't become a statistic: Tips to help keep your personal data off the dark web
Don't become a statistic: Tips to help keep your personal data off the dark web Don't become a statistic: Tips to help keep your personal data off the dark web

The dark web is thrivingFirst things first: Contrary to popular assumption, the dark web is not illegal and it’s not populated solely by cybercriminals.

Even worse, 700 of these emails had passwords associated with them stored in plain text and exposed on dark web sites.

There are various ways your own data could end up in a dark web forum or site.

If you’re signed up to an identity protection or dark web monitoring service, it should flag any PII or other data it finds on the dark web.

See what’s lurking out there on the dark web right now and it may never get to that stage.

3 months, 1 week назад @ welivesecurity.com
Tony Fadell: Innovating to save our planet | Starmus highlights
Tony Fadell: Innovating to save our planet | Starmus highlights Tony Fadell: Innovating to save our planet | Starmus highlights

So what's the real story with methane and how exactly do the emissions of this powerful greenhouse gas accelerate climate change?

Increased awareness of methane’s potent warming effect and the urgency of reducing methane emissions have prompted a slew of methane-reducing initiatives.

To get a grip on the problem, however, the world first needs to identify emission sources with pinpoint accuracy.

This is where state-of-the-art satellite technology comes in.

In his talk, the legendary engineer and entrepreneur Tony Fadell talks about MethaneSAT, a pioneering satellite that orbits the planet in order to map and track the sources of methane emissions primarily from oil and gas operations, which…

3 months, 1 week назад @ welivesecurity.com
CloudScout: Evasive Panda scouting cloud services
CloudScout: Evasive Panda scouting cloud services CloudScout: Evasive Panda scouting cloud services

The CloudScout toolset is capable of retrieving data from various cloud services by leveraging stolen web session cookies.

CloudScout utilizes stolen cookies, provided by MgBot plugins, to access and exfiltrate data stored at various cloud services.

In February 2023, CloudScout modules and the Nightdoor implant were detected at what we suspect is a Taiwanese government entity.

The CloudScout module obtains a new configuration by continuously monitoring its working directory, looking for files with .dat extensions.

This package is stored in the resources section of CloudScout modules and is loaded at the beginning of the ModuleStart function.

3 months, 1 week назад @ welivesecurity.com
ESET Research Podcast: CosmicBeetle
ESET Research Podcast: CosmicBeetle ESET Research Podcast: CosmicBeetle

Then there are threat actors like CosmicBeetle – they lack the necessary skills set, write crude malware, yet still compromise interesting targets, and achieve “stealth” by using odd, impractical and overcomplicated techniques.

Discussing further with ESET Research Podcast host and Distinguished Researcher Aryeh Goretsky, Jakub shared his view of CosmicBeetle’s encryption routine, information about their victimology, and details of their “involvement” with high-profile gangs such as LockBit and RansomHub.

For details on how this crude and clumsy threat actor, whose malicious tools are “riddled with bugs”, achieved to penetrate any of its targets, listen to this ESET Research Podcast episode…

3 months, 2 weeks назад @ welivesecurity.com
Embargo ransomware: Rock’n’Rust
Embargo ransomware: Rock’n’Rust Embargo ransomware: Rock’n’Rust

ESET researchers have discovered new Rust-based tooling leading to the deployment of Embargo ransomware.

C:\Windows\Debug\a.cacheRC4-encrypted Embargo ransomware.

C:\Windows\Debug\pay.exeDecrypted Embargo ransomware.

Tactic ID Name Description Resource Development T1587.001 Develop Capabilities: Malware Embargo group develops its custom toolkit – MDeployer, MS4Killer, and Embargo ransomware.

T1486 Data Encrypted for Impact Embargo ransomware encrypts files on compromised machines.

3 months, 2 weeks назад @ welivesecurity.com
Google Voice scams: What are they and how do I avoid them?
Google Voice scams: What are they and how do I avoid them? Google Voice scams: What are they and how do I avoid them?

The classic Google Voice scam goes something like this:Setting up a Google Voice account .

The fraudster downloads the Google voice app and links it to a Google account, much like anyone else does..

The fraudster downloads the Google voice app and links it to a Google account, much like anyone else does.

Then they may do one of several things:Sell your Google Voice number and account to other scammersPlace vishing calls designed to scam victims, using your Google Voice accountEmbed your Google Voice number into email phishing or smishing messagesUse the Google Voice voicemail feature to record messages posing as legitimate authorities, in order to further their scamsUse the Google Voice num…

3 months, 2 weeks назад @ welivesecurity.com
Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe
Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe Threat actors exploiting zero-days faster than ever – Week in security with Tony Anscombe

The rest of the software flaws under review were exploited as n-days; i.e., vulnerabilities first exploited after patches are made available (versus zero days, which are abused before patches are released).

The average time to exploit a software flaw has been shrinking considerably over the years – from 63 days in 2018-2019 all the way to only five days last year.

These and other figures in the report underscore a disconcerting trend: threat actors are rapidly getting better at spotting and weaponizing software vulnerabilities, which clearly poses an escalating threat to businesses and individuals alike.

What else did the report find and how does the market for zero-day exploits factor into…

3 months, 3 weeks назад @ welivesecurity.com
Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)
Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7) Protecting children from grooming | Unlocked 403 cybersecurity podcast (ep. 7)

“Hey, wanna chat?” This innocent phrase can take on a sinister meaning when it comes from an adult to a child online and even be the start of a predatory relationship“Hey, wanna chat?” What sounds like a casual and innocent phrase between adults can take a sinister turn when it comes from an adult to a child online – and even be the start of a predatory relationship.

Grooming, where an adult uses psychological tactics to gain a child’s trust in order to manipulate, exploit, or abuse them, is a pervasive problem these days.

It often occurs online, where predators may use social media, gaming platforms, or messaging apps to contact minorsIn this episode of Unlocked 403, Becks sat down with ch…

3 months, 3 weeks назад @ welivesecurity.com
Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes
Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes Quishing attacks are targeting electric car owners: Here’s how to slam on the brakes

Although QR codes have been around since the 90s, quishing as a threat really started to appear during the pandemic.

Fraudsters leapt into action, sticking fake QR codes over the real ones.

There have been a number of reports about scammers targeting motorists via malicious QR codes stuck to parking meters.

If you’re uncomfortable scanning a QR code, consider using one of these alternatives to avoid the risk of interacting with a fraudulent code.

News of the latest QR quishing campaign will only increase calls for codes to be banned from public places.

3 months, 3 weeks назад @ welivesecurity.com
Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships
Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships Aspiring digital defender? Explore cybersecurity internships, scholarships and apprenticeships

In this blog, we’ll explore cybersecurity internships, scholarships and apprenticeships as three great pathways, especially for young people, to jump-start their careers in this exciting and rewarding field.

For example, ESET currently runs Women in Cybersecurity scholarships for female undergraduates looking to pursue a career in cybersecurity in the UK , US, Canada and Australia.

Some cybersecurity apprenticeships prepare you for industry certifications that validate the training and expertise learned, enhancing employability further down the line.

Job security: Almost all industries require cybersecurity, including health, government, education, law, financial services, and manufacturing…

3 months, 3 weeks назад @ welivesecurity.com
Naked Security Naked Security
последний пост None
Help Net Security Help Net Security
последний пост 7 часов назад
Expel expands SIEM capabilities to meet mounting data storage needs
Expel expands SIEM capabilities to meet mounting data storage needs Expel expands SIEM capabilities to meet mounting data storage needs

Expel announced expanded security information and event management (SIEM) coverage, including a new low-cost data lake offering, allowing customers to meet compliance and data storage requirements more effectively while strengthening their overall security posture.

Additionally, Expel extended integration coverage and support for several industry-leading SIEM and extended detection and response (XDR) products, including Sumo Logic Cloud SIEM and CrowdStrike Falcon LogScale environments.

Expel MDR’s™ expanded SIEM capabilities deliver flexibility in managing security data while reducing costs and aligning with regulatory needs, perfectly timed to meet these evolving market demands.”Expel MDR…

7 часов назад @ helpnetsecurity.com
Ransomware payments plummet as more victims refuse to pay
Ransomware payments plummet as more victims refuse to pay Ransomware payments plummet as more victims refuse to pay

Chainalysis’ latest report on how the ransomware landscape changed from 2023 to 2024 shows a promising trend: An increasing number of victims refuses to pay the ransom.

The total volume of ransom payments decreased year-over-year by approximately 35%, the blockchain analysis firm says.

In 2023, victims delivered $1.25 billion to ransomware attackers and data theft and extortion gangs.

Ransomware payments vs. data leak site victims, 2024 (Source: ecrime.ch)Lower and less frequent ransom payments2024 was marked by a number of high-profile attacks.

Chainalysis also noted that ransomware operations became faster, with negotiations often starting within hours of data exfiltration.

8 часов назад @ helpnetsecurity.com
ActiveState accelerates secure software delivery
ActiveState accelerates secure software delivery ActiveState accelerates secure software delivery

ActiveState launched its Vulnerability Management as a Service (VMaas) offering that revolutionizes how organizations manage open source and accelerates secure software delivery.

90% of the code running in production is of open source origin, which presents a significant risk: Open source vulnerabilities rose by 130% in 2024 and critical vulnerabilities are present in 74% of code bases.

Application Security Posture Management (ASPM) tools like ActiveState help identify, prioritize, and remediate vulnerabilities throughout the entire software development lifecycle.

The platform facilitates the secure building of open source packages from source, allows better governance of open source softwa…

8 часов назад @ helpnetsecurity.com
Corero Network Security unveils automated DDoS-aware resiliency
Corero Network Security unveils automated DDoS-aware resiliency Corero Network Security unveils automated DDoS-aware resiliency

Corero Network Security announced new advancements in multi-site resiliency and intelligent traffic management, further strengthening its ability to deliver always-on DDoS protection.

If one system, data center, or network segment fails, another instantly takes over—ensuring uninterrupted protection and seamless resiliency without service disruptions or degraded performance.

“Security and availability should never be a trade-off—that’s why we continue to raise the bar with resilient, always-on protection,” said Carl Herberger, CEO of Corero Network Security.

By integrating resiliency, Corero strengthens service availability while simplifying operations, preventing downtime that leads to rev…

9 часов назад @ helpnetsecurity.com
Suspected NATO, UN, US Army hacker arrested in Spain
Suspected NATO, UN, US Army hacker arrested in Spain Suspected NATO, UN, US Army hacker arrested in Spain

The Spanish National Police has arrested a hacker suspected of having breached national and international agencies (including the United Nation’s International Civil Aviation Organization and NATO), Spanish universities and companies, and released stolen data on the dark web.

The agents confiscated computer equipment, whose analysis may provide more clarity in the attacks claimed by the hacker and possibly into other crimes.

That last attack, carried out at the end of December 2024, prompted an investigation by the Central Operational Unit of the Spanish Civil Guard, and the two law eforcement agencies joined forces to unmask the attacker.

Some of the data stolen from the various target org…

11 часов назад @ helpnetsecurity.com
Onapsis Control Central secures SAP software development lifecycle
Onapsis Control Central secures SAP software development lifecycle Onapsis Control Central secures SAP software development lifecycle

Onapsis announced Onapsis Control Central for SAP application security testing and custom code security supporting RISE with SAP transformations.

As the latest addition to its Onapsis Control product line, Control Central is a reinvention of Onapsis’ award-winning Control product.

Control Central is a key component of the Onapsis Secure RISE Accelerator, working to streamline and de-risk large RISE with SAP projects for global enterprises.

For organizations driving DevSecOps initiatives, Control Central offers application security testing coverage.

As SAP development moves towards more extensive use of Git repositories, Control Central equips organizations to handle larger projects with eas…

13 часов назад @ helpnetsecurity.com
Cyabra Insights protects against AI-driven digital disinformation
Cyabra Insights protects against AI-driven digital disinformation Cyabra Insights protects against AI-driven digital disinformation

Cyabra introduces Insights, a new AI-feature designed to transform complex social media disinformation data into clear, actionable answers in seconds.

False narratives, fake accounts, and AI-generated content are spreading faster than ever, costing businesses and governments billions annually and eroding public trust and reputations.

With AI-generated disinformation spreading six times faster than the truth—especially during high-stakes events like elections and holiday seasons—the need for rapid-response tools has never been more critical.

Insights takes the complexity out of disinformation detection by breaking down Cyabra’s robust data findings into intuitive visuals and an automated Q&A…

14 часов назад @ helpnetsecurity.com
The overlooked risks of poor data hygiene in AI-driven organizations
The overlooked risks of poor data hygiene in AI-driven organizations The overlooked risks of poor data hygiene in AI-driven organizations

With AI-driven applications handling sensitive enterprise data, poor access controls and outdated security practices can lead to serious risks.

Enterprises adopting AI face an entirely new set of data and privacy challenges as they combine internal enterprise data with large language models (LLMs).

Organizations must consider how sensitive data flows between traditional data sources, such as document stores and databases, and AI applications.

Organizations need to implement a methodical process for assessing and preparing data for AI applications, as sophisticated attacks like prompt injection and unauthorized data access become more prevalent.

Begin with a thorough inventory of your data s…

17 часов назад @ helpnetsecurity.com
Enterprises invest heavily in AI-powered solutions
Enterprises invest heavily in AI-powered solutions Enterprises invest heavily in AI-powered solutions

Enterprises are investing heavily in AI-powered solutions, which make up 21% of cybersecurity budgets today and will increase to 27% by 2026.

62% of respondents reveal they derive greater value from purchasing AI-powered cybersecurity solutions than building them in-house.

When it comes to volumetric AI-powered attacks on companies, stress and confidence are the most commonly felt emotions.

Senior executive leadership feels confident (12%) about defending against volumetric AI-powered attacks, but people at the director and manager levels are feeling stressed (12%).

Many global enterprises across industries are leveraging managed services to alleviate stress that directors and managers are …

17 часов назад @ helpnetsecurity.com
How to customize Safari for private browsing on iOS
How to customize Safari for private browsing on iOS How to customize Safari for private browsing on iOS

Two of the most notable privacy features are Intelligent Tracking Prevention (ITP) and Private Browsing mode.

Intelligent Tracking Prevention (ITP)Intelligent Tracking Prevention (ITP) is a feature built into Safari to prevent advertisers and websites from tracking your browsing activity across different sites.

Private Browsing modePrivate Browsing mode allows you to browse the web without leaving traces on your device, like history, cookies, or cache.

To enable Private Browsing, open Safari and tap the Tabs button (two overlapping squares) at the bottom of the screen.

Tap Private in the lower-left corner, then tap + to open a new private tab.

18 часов назад @ helpnetsecurity.com
Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968)
Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968)

XE Group, a cybercriminal outfit that has been active for over a decade, has been quietly exploiting zero-day vulnerabilities (CVE-2025-25181, CVE-2024-57968) in VeraCore software, a popular solution for warehouse management and order fulfillment.

According to Intezer and Solis Security researchers, their targets are companies in the manufacturing and distribution sectors.

Exploitation of VeraCore zero-day vulnerabilities (CVE-2025-25181 CVE-2024-57968)Researchers have discovered the compromise of one victim’s IIS server hosting VeraCore’s software in early November 2024, when post-exploitation activity originating from a webshell was detected.

“XE Group’s evolution from credit card skimmin…

1 day, 5 hours назад @ helpnetsecurity.com
SafeBreach exposure validation platform identifies security gaps
SafeBreach exposure validation platform identifies security gaps SafeBreach exposure validation platform identifies security gaps

SafeBreach launched SafeBreach exposure validation platform, which combines the power of its time-tested breach and attack simulation (BAS) product—now called Validate—and its new attack path validation product, Propagate.

Together, they provide enterprise security teams with deeper insight into threat exposure and a more comprehensive view of cyber risk.

According to the Gartner Hype Cycle Report, “Adversarial exposure validation technologies offer offensive security technologies simulating threat actor tactics, techniques and procedures to validate the existence of exploitable exposures and test security control effectiveness.

Products like SafeBreach Propagate can help enterprises proact…

1 day, 7 hours назад @ helpnetsecurity.com
Swap EOL Zyxel routers, upgrade Netgear ones!
Swap EOL Zyxel routers, upgrade Netgear ones! Swap EOL Zyxel routers, upgrade Netgear ones!

There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891, the company has confirmed.

Meanwhile, Netgear has issued patches for critical flaws affecting its routers and wireless access points.

“If you obtained your Zyxel product through an internet service provider (ISP), please contact the ISP for support,” they company said.

VulnCheck researcher Jacob Baines finally published the details about the three flaws on Monday, and noted that while they have been informed that the affected routers are end-of-life, they are not listed on Zyxel’s EOL page.

There’s no mention of the vulnerabilities being actively exploited.

1 day, 8 hours назад @ helpnetsecurity.com
Satori provides visibility into data store risk levels
Satori provides visibility into data store risk levels Satori provides visibility into data store risk levels

Data security risk mapping: Satori assigns each data store a risk score based on its configuration, types of data stored, and type of environment (e.g.

Security alerts: The platform generates alerts for risky configurations, sensitive data activity, and other issues involving data store content and security controls.

Data security dashboard: The new dashboard provides the data needed to mitigate data security risks.

From one dashboard, security teams can understand which data stores pose the most risk, manage the alerts triggered by Satori, and view high-level data security posture metrics.

The platform now integrates data activity metrics into audit logs and offers better tools to manage d…

1 day, 8 hours назад @ helpnetsecurity.com
Crypto-stealing iOS, Android malware found on App Store, Google Play
Crypto-stealing iOS, Android malware found on App Store, Google Play Crypto-stealing iOS, Android malware found on App Store, Google Play

The malicious SDK: What does it do?

That being said, we have insufficient data to attribute the campaign to a known cybercrime gang.”Who’s being targeted with this crypto-stealing iOS and Android malware?

The researchers say that the oldest version of the malicious SDK they could find was built on March 15, 2024.

It’s also possible that the malicious SDK is implemented by unaware mobile app developers because it provides welcome functionality.

Kaspersky has shared indicators of compromise and listed the names of Android and iOS apps that contain the malicious SDK.

1 day, 11 hours назад @ helpnetsecurity.com
IT Security Guru IT Security Guru
последний пост 5 months, 2 weeks назад
How Immigration Can Solve America’s Cybersecurity Shortage
How Immigration Can Solve America’s Cybersecurity Shortage How Immigration Can Solve America’s Cybersecurity Shortage

The Growing Cybersecurity Skills GapThe cybersecurity landscape is more complex and dangerous than ever before.

Immigration: A Solution to the Cybersecurity ShortageImmigration can help solve the cybersecurity skills shortage in several ways.

Although immigration was highlighted as a crucial element in the policy to mitigate the cybersecurity talent shortage, meaningful immigration reform by Congress is essential for the successful implementation of this strategy.

These experts can help train the next generation of American cybersecurity professionals, ensuring that the U.S. remains at the forefront of global cybersecurity for decades to come.

ConclusionThe cybersecurity skills shortage is …

5 months, 2 weeks назад @ itsecurityguru.org
Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days
Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days Cybereason Unveils SDR Data Ramp Program: Analyse and Detect Threats in 1TB of Log Data for 90 Days

Cybereason has launched its revolutionary SDR Data Ramp Programme with Observe.

This ensures that customers can experience the full capabilities of Cybereason’s SDR product, which is designed to detect, analyse, and respond to cyber threats with unparalleled accuracy and speed, reducing the need for legacy SIEM platforms.

“The 1TB Free SDR Data Ramp Programme underscores our commitment to empowering organisations with the tools they need to defend against increasingly sophisticated cyber threats.

This multi-layered approach enables security teams to identify and mitigate threats more effectively, reducing the time to detect and respond to incidents.

To learn more about Cybereason’s 1TB Free…

5 months, 2 weeks назад @ itsecurityguru.org
The 8 Most Common Website Design Mistakes According to Pros
The 8 Most Common Website Design Mistakes According to Pros The 8 Most Common Website Design Mistakes According to Pros

Even seasoned professionals stumble upon common pitfalls that can impact user experience and, consequently, a site’s success.

With expertise from website design company, Full Stack Industries, we will explore common design mistakes and how to avoid them.

This inclusive step means all audiences can experience your site and will also improve your search engine rankings.

Final ThoughtsKeeping these common website design mistakes at bay can significantly elevate your online presence.

By prioritising user experience, accessibility, and clear communication, you’ll create a site that looks great and effectively serves its users.

5 months, 2 weeks назад @ itsecurityguru.org
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack
Dodging the Cyber Bullet: Early Signs of a Ransomware Attack Dodging the Cyber Bullet: Early Signs of a Ransomware Attack

Encrypting a few devices to test their strategy is a red flag that a more significant ransomware assault is imminent and demands immediate action.

By staying alert to these signs and responding promptly, organisations can better defend against the escalating threat of ransomware attacks.

Poorly Managed Remote Desktop Protocol ConnectionsRemote Desktop Protocol (RDP) connections, if not properly managed, can be an entry point for ransomware attacks.

Sectors Prone to Ransomware AttacksSpecific sectors are particularly vulnerable to ransomware attacks thanks to the critical nature of their operations.

Here are the sectors most commonly targeted:The healthcare sector is a prime target for ranso…

5 months, 3 weeks назад @ itsecurityguru.org
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves
Cyber insurance claims fall as businesses refuse ransom payments and recover themselves Cyber insurance claims fall as businesses refuse ransom payments and recover themselves

Databarracks’ Data Health Check – an annual survey of 500 UK IT decision makers – found that while more organisations than ever have cyber insurance, the number of claims is down.

66% of those surveyed report having insurance specifically for cyber in 2024, rising from 51% over the past two years.

James Watts, Managing Director at Databarracks, commented:“We have long speculated about the negative effect of cyber insurance policies on ransomware.

The nascent cyber insurance market suddenly became unsustainable.

As our Data Health Check found last year, cyber insurance prices increased significantly and the requirements to obtain cover became stricter.

5 months, 3 weeks назад @ itsecurityguru.org
AI-powered cyber threats are too overpowering for over 50% of security teams
AI-powered cyber threats are too overpowering for over 50% of security teams AI-powered cyber threats are too overpowering for over 50% of security teams

According to research from Absolute Security, over half (54%) of Chief Information Security Officers (CISOs) feel their security team is unprepared for evolving AI-powered threats.

The findings were uncovered in the Absolute Security United Kingdom CISO Cyber Resilience Report 2024, which surveyed 250 UK CISOs at enterprise organisations to assess the state of cyber resilience, AI, and the cyber threat landscape in the UK.

Almost half (46%) of CISOs believe that AI is more of a threat to their organisation’s cyber resilience than a help, highlighting AI as a potential danger in safeguarding organisations from cyber threats rather than strengthening cyber resilience.

As AI-driven cyber threa…

5 months, 3 weeks назад @ itsecurityguru.org
New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands
New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands New Threat Report from Cato Networks Uncovers Threat Actor Selling Data and Source Code from Major Brands

The report found that threat actors are selling data and source code from major brands on the dark web.

Given the popularity of Amazon, users should be wary of threat actors creating counterfeit websites that ask to submit sensitive information.

Log4j remains a popular vulnerability that threat actors attempt to exploitThree years after its discovery in 2021, Log4j remains one of the most used vulnerabilities leveraged by threat actors.

Inbound traffic is traffic that doesn’t originate from within the network, while WANbound traffic resides within a WAN environment.

“With the Q2 2024 Cato CTRL SASE Threat Report, we are putting the spotlight on a notorious threat actor named IntelBroker.

5 months, 3 weeks назад @ itsecurityguru.org
New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity
New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity New Post Quantum Cryptography Standards Poised to Revolutionize Cybersecurity

The National Institute of Standards and Technology (NIST) has officially published its highly anticipated Federal Information Processing Standards (FIPS) for post-quantum cryptography (PQC).

The algorithms announced today represent the first finalized standards from NIST’s PQC standardization project and are now ready for immediate implementation.

Today’s announcement takes place within a larger regulatory framework, including the White House’s National Security Memorandum, NSM-8, which requires the adoption of post-quantum cryptography (PQC).

Today’s quantum computers are small and experimental, but they are rapidly becoming more capable, and it is only a matter of time before cryptographi…

5 months, 3 weeks назад @ itsecurityguru.org
Kicking cyber security down the road can come back to bite you
Kicking cyber security down the road can come back to bite you Kicking cyber security down the road can come back to bite you

Yet despite the clear and present danger, some businesses continue to deprioritise cyber security, with a concerning 15% failing to invest in cyber security measures.

An overshadowed priorityDespite a shared understanding of cyber threats among security leaders and C-suite, cyber security often gets overlooked.

Alarmingly, a third of security leaders only prioritise cyber security expertise after an attack has happened.

Securing buy-inTo ensure cyber security is prioritised, it is vital to convey to the C-suite the very real implications of not mitigating cyber security risks.

It is time to implement cyber security measures nowBy deprioritising cyber security, businesses are essentially def…

5 months, 3 weeks назад @ itsecurityguru.org
What skills can cyber security experts develop to adapt to AI and quantum computing?
What skills can cyber security experts develop to adapt to AI and quantum computing? What skills can cyber security experts develop to adapt to AI and quantum computing?

High levels of demand for cyber security expertise also means that it’s one of the best paying roles in tech with a great level of job security.

However, cyber security professionals are in a never-ending arms race with hackers.

On the other side, AI also has the capacity to create an arsenal of new offensive and defensive tools for cyber security experts.

Quantum computingLike AI, Quantum has the capacity to utterly transform how we all live and work.

Ambitious cyber security professionals could become trail blazers in this sector if they start acquiring relevant skills now.

5 months, 4 weeks назад @ itsecurityguru.org
HealthEquity Data Breach Compromises Customer Information
HealthEquity Data Breach Compromises Customer Information

HealthEquity, a leading provider of health savings account (HSA) services, has announced it suffered a data breach recently, resulting in compromised customer protected health information (PHI). It is understood the breach was detected on March 25, 2024, after abnormal activity was flagged from a business partner’s device. Once an investigation was carried out, it was […]

The post HealthEquity Data Breach Compromises Customer Information first appeared on IT Security Guru.

The post HealthEquity Data Breach Compromises Customer Information appeared first on IT Security Guru.

6 months, 1 week назад @ itsecurityguru.org
Accenture and SandboxAQ Expand Cybersecurity Partnership
Accenture and SandboxAQ Expand Cybersecurity Partnership

Today, Accenture (NYSE: ACN) and SandboxAQ have announced that they are expanding their partnership to address the critical need for enterprise data encryption that can defend against current data breaches, as well as future AI and quantum threats. Together, Accenture and SandboxAQ are helping organisations secure sensitive data and strengthen encryption across their technology portfolios. […]

The post Accenture and SandboxAQ Expand Cybersecurity Partnership first appeared on IT Security Guru.

The post Accenture and SandboxAQ Expand Cybersecurity Partnership appeared first on IT Security Guru.

6 months, 1 week назад @ itsecurityguru.org
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords
People Overconfident in Password Habits, Overwhelmed by Too Many Passwords

New research by Keeper Security has revealed some worrying trends and misunderstandings when it comes to password best practices and overconfidence in cyber knowledge. The research found that, while 85% of respondents believe their passwords are secure, over half admit to sharing their passwords. Additionally, 64% of people feel confident in their cybersecurity knowledge despite […]

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords first appeared on IT Security Guru.

The post People Overconfident in Password Habits, Overwhelmed by Too Many Passwords appeared first on IT Security Guru.

6 months, 1 week назад @ itsecurityguru.org
Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester
Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester

Technology is advancing rapidly and tokenized payment cards are a part of its evolution. Gone are the days of keying in long card numbers, expiry dates and CVV codes and hoping for the best. Instead, tokenized cards offer heightened security and improved transaction processes for digital payments. But what are they all about and how […]

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester first appeared on IT Security Guru.

The post Secure, Simple, Superior: The Advantages of Tokenized Payment Cards by Wallester appeared first on IT Security Guru.

6 months, 1 week назад @ itsecurityguru.org
Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands
Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands

New threat research by Salt-Labs, the research arm of API security company Salt Security, has released new research highlighting critical security flaws within popular web analytics provider Hotjar. The company serves over one million websites, including global brands like Microsoft and Nintendo (according to their website). These vulnerabilities could have potentially allowed an attacker unlimited […]

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands first appeared on IT Security Guru.

The post Security Flaws Found in Hotjar, Potentially Affecting Sensitive Data of Millions Utilising Major Global Brands appeared first on…

6 months, 1 week назад @ itsecurityguru.org
SecurityTrails
последний пост None
Блоги 👨‍💻
Бизнес без опасности Бизнес без опасности
последний пост None
Жизнь 80 на 20 Жизнь 80 на 20
последний пост None
ZLONOV ZLONOV
последний пост None
Блог Артема Агеева Блог Артема Агеева
последний пост None
Киберпиздец Киберпиздец
последний пост None
Schneier on Security Schneier on Security
последний пост 10 часов назад
AIs and Robots Should Sound Robotic
AIs and Robots Should Sound Robotic AIs and Robots Should Sound Robotic

And with just a few seconds of audio, AI can now clone someone’s specific voice.

We have a simple proposal: all talking AIs and robots should use a ring modulator.

In the mid-twentieth century, before it was easy to create actual robotic-sounding speech synthetically, ring modulators were used to make actors’ voices sound robotic.

Now we can use that same technology to make robotic speech that is indistinguishable from human sound robotic again.

Of course there will also be nefarious uses of AI voices.

10 часов назад @ schneier.com
On Generative AI Security
On Generative AI Security On Generative AI Security

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 day, 10 hours назад @ schneier.com
Deepfakes and the 2024 US Election
Deepfakes and the 2024 US Election Deepfakes and the 2024 US Election

Interesting analysis:We analyzed every instance of AI use in elections collected by the WIRED AI Elections Project (source for our analysis), which tracked known uses of AI for creating political content during elections taking place in 2024 worldwide.

In each case, we identified what AI was used for and estimated the cost of creating similar content without AI.

We find that (1) half of AI use isn’t deceptive, (2) deceptive content produced using AI is nevertheless cheap to replicate without AI, and (3) focusing on the demand for misinformation rather than the supply is a much more effective way to diagnose problems and identify interventions.

2 days, 10 hours назад @ schneier.com
Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware
Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

This is yet another story of commercial spyware being used against journalists and civil society members.

The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised.”It is not clear who was behind the attack.

Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks.

Experts said the targeting was a “zero-click” attack, which means targets would not have had to click on any malicious links to b…

3 days, 10 hours назад @ schneier.com
Friday Squid Blogging: On Squid Brains
Friday Squid Blogging: On Squid Brains Friday Squid Blogging: On Squid Brains

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

6 days назад @ schneier.com
Fake Reddit and WeTransfer Sites are Pushing Malware
Fake Reddit and WeTransfer Sites are Pushing Malware Fake Reddit and WeTransfer Sites are Pushing Malware

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week назад @ schneier.com
ExxonMobil Lobbyist Caught Hacking Climate Activists
ExxonMobil Lobbyist Caught Hacking Climate Activists ExxonMobil Lobbyist Caught Hacking Climate Activists

The Department of Justice is investigating a lobbying firm representing ExxonMobil for hacking the phones of climate activists:The hacking was allegedly commissioned by a Washington, D.C., lobbying firm, according to a lawyer representing the U.S. government.

The firm, in turn, was allegedly working on behalf of one of the world’s largest oil and gas companies, based in Texas, that wanted to discredit groups and individuals involved in climate litigation, according to the lawyer for the U.S. government.

In court documents, the Justice Department does not name either company.

As part of its probe, the U.S. is trying to extradite an Israeli private investigator named Amit Forlit from the Unit…

1 week, 1 day назад @ schneier.com
CISA Under Trump
CISA Under Trump CISA Under Trump

We have made an impact through our ransomware vulnerability warning pilot and our pre-ransomware notification initiative, and I’m really proud of that, because we work on preventing somebody from having their worst day.

I’m really proud of where we are, but there’s much, much more work to be done.

There are things that I think we can continue driving, that the next administration, I hope, will look at, because, frankly, cybersecurity is a national security issue.

If Project 2025 is a guide, the agency will be gutted under Trump:“Project 2025’s recommendations—essentially because this one thing caused anger—is to just strip the agency of all of its support altogether,” he said.

“And that the…

1 week, 2 days назад @ schneier.com
New VPN Backdoor
New VPN Backdoor New VPN Backdoor

J-Magic, the tracking name for the backdoor, goes one step further to prevent unauthorized access.

After receiving a magic packet hidden in the normal flow of TCP traffic, it relays a challenge to the device that sent it.

The challenge comes in the form of a string of text that’s encrypted using the public portion of an RSA key.

The lightweight backdoor is also notable because it resided only in memory, a trait that makes detection harder for defenders.

[…]The researchers found J-Magic on VirusTotal and determined that it had run inside the networks of 36 organizations.

1 week, 3 days назад @ schneier.com
Friday Squid Blogging: Beaked Whales Feed on Squid
Friday Squid Blogging: Beaked Whales Feed on Squid Friday Squid Blogging: Beaked Whales Feed on Squid

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 6 days назад @ schneier.com
Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)
Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024) Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)

Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)Last month, Henry Farrell and I convened the Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024) at Johns Hopkins University’s Bloomberg Center in Washington DC.

Elections would look different.

Also, we could start from scratch without having to worry about evolving our current democracy into this imagined future system.

IWORD 2024 was easily the most intellectually stimulating two days of my year.

Summaries of all the IWORD 2024 talks are in the first set of comments below.

2 weeks назад @ schneier.com
AI Will Write Complex Laws
AI Will Write Complex Laws AI Will Write Complex Laws

Because polarization and divided government are increasingly entrenched in the US, the demand for complex legislation at the federal level is likely to grow.

Either way, the Court’s ruling implied that law should become more complex and that Congress should increase its policymaking capacity.

A continuing stream of Supreme Court decisions handing victories to unpopular industries could be another driver of complex law, adding political pressure to pass legislative fixes.

When Congress does take on the task of writing complex legislation, it’s quite likely it will turn to AI for help.

Numerous software vendors are already marketing AI legislative analysis tools.

2 weeks, 1 day назад @ schneier.com
AI Mistakes Are Very Different from Human Mistakes
AI Mistakes Are Very Different from Human Mistakes AI Mistakes Are Very Different from Human Mistakes

Over the millennia, we have created security systems to deal with the sorts of mistakes humans commonly make.

But it’s not the frequency or severity of AI systems’ mistakes that differentiates them from human mistakes.

We need to invent new security systems that adapt to these differences and prevent harm from AI mistakes.

We expect human mistakes to be clustered: A single calculus mistake is likely to be accompanied by others.

When it comes to catching AI mistakes, some of the systems that we use to prevent human mistakes will help.

2 weeks, 2 days назад @ schneier.com
Biden Signs New Cybersecurity Order
Biden Signs New Cybersecurity Order Biden Signs New Cybersecurity Order

President Biden has signed a new cybersecurity order.

It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide.

Some details:The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents­—namely, the security failures of federal contractors.

The Cybersecurity and Infrastructure Security Agency would be tasked with double-checking these security attestations and working with vendors to fix any problems.

The directive also kicks off updates to the National Institute of Standards and Technology’s secure software development guidance.

2 weeks, 3 days назад @ schneier.com
Friday Squid Blogging: Opioid Alternatives from Squid Research
Friday Squid Blogging: Opioid Alternatives from Squid Research Friday Squid Blogging: Opioid Alternatives from Squid Research

Is there nothing that squid research can’t solve?

“If you’re working with an organism like squid that can edit genetic information way better than any other organism, then it makes sense that that might be useful for a therapeutic application like deadening pain,” he said.

[…]Researchers hope to mimic how squid and octopus use RNA editing in nerve channels that interpret pain and use that knowledge to manipulate human cells.

2 weeks, 6 days назад @ schneier.com
Krebs On Security
последний пост 1 час назад
Experts Flag Security, Privacy Risks in DeepSeek AI App
Experts Flag Security, Privacy Risks in DeepSeek AI App Experts Flag Security, Privacy Risks in DeepSeek AI App

DeepSeek’s rapid rise caught the attention of the mobile security firm NowSecure, a Chicago-based company that helps clients screen mobile apps for security and privacy threats.

In a teardown of the DeepSeek app published today, NowSecure urged organizations to remove the DeepSeek iOS mobile app from their environments, citing security concerns.

Hoog told KrebsOnSecurity there were a number of qualities about the DeepSeek iOS app that suggest the presence of deep-seated security and privacy risks.

Perhaps more concerning, NowSecure said the iOS app transmits device information “in the clear,” without any encryption to encapsulate the data.

“The DeepSeek iOS app globally disables App Transpo…

1 час назад @ krebsonsecurity.com
Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?
Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’? Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

The email address used for those accounts was [email protected].

Intel471 finds the user FlorainN registered across multiple cybercrime forums using the email address [email protected].

Perhaps fittingly, both Cracked and Nulled have been hacked over the years, exposing countless private messages between forum users.

Constella found that a user named Shoppy registered on Cracked in 2019 using the email address finn@shoppy[.]gg.

Constella says that email address is tied to a Twitter/X account for Shoppy Ecommerce in Israel.

2 days, 5 hours назад @ krebsonsecurity.com
FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang
FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

The proprietors of the service, who use the collective nickname “The Manipulaters,” have been the subject of three stories published here since 2015.

The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.

On January 29, the FBI and the Dutch national police seized the technical infrastructure for a cybercrime service marketed under the brands Heartsender, Fudpage and Fudtools (and many other “fud” variations).

“These tools were also used to acquire victim user credentials and utilize those credentials to further these fraudulent schemes.

“The Cybercrime Team is on the trail of a number of buyers of the tools,” the…

6 days, 3 hours назад @ krebsonsecurity.com
Infrastructure Laundering: Blending in with the Cloud
Infrastructure Laundering: Blending in with the Cloud Infrastructure Laundering: Blending in with the Cloud

It is likely the gambling sites coming through Funnull are abusing top casino brands as part of their money laundering schemes.

Silent Push researchers say Funnull may be helping online gamblers in China evade the Communist party’s “Great Firewall,” which blocks access to gambling destinations.

Edwards said Funnull is a textbook example of an increasing trend Silent Push calls “infrastructure laundering,” wherein crooks selling cybercrime services will relay some or all of their malicious traffic through U.S. cloud providers.

Amazon said that contrary to implications in the Silent Push report, it has every reason to aggressively police its network against infrastructure laundering, noting t…

1 week назад @ krebsonsecurity.com
A Tumultuous Week for Federal Cybersecurity Efforts
A Tumultuous Week for Federal Cybersecurity Efforts A Tumultuous Week for Federal Cybersecurity Efforts

President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybersecurity posture.

One of the CSRB’s most recognizable names is Chris Krebs (no relation), the former director of the Cybersecurity and Infrastructure Security Agency (CISA).

Krebs was fired by President Trump in November 2020 for declaring the presidential contest was the most secure in American history, and for refuting Trump’s false claims of election fraud.

President Trump and First Lady Melania Trump each launched their own vanity memecoins this month, dubbed $TRUMP and $MELANIA.

WEAPONIZATION & DISINFORMATIONPrior to the election, Presiden…

1 week, 2 days назад @ krebsonsecurity.com
MasterCard DNS Error Went Unnoticed for Years
MasterCard DNS Error Went Unnoticed for Years MasterCard DNS Error Went Unnoticed for Years

After enabling a DNS server on akam.ne, he noticed hundreds of thousands of DNS requests hitting his server each day from locations around the globe.

Had he enabled an email server on his new domain akam.ne, Caturegli likely would have received wayward emails directed toward mastercard.com or other affected domains.

The message suggested his public disclosure of the MasterCard DNS error via a post on LinkedIn (after he’d secured the akam.ne domain) was not aligned with ethical security practices, and passed on a request from MasterCard to have the post removed.

“But we’ll let you judge— here are some of the DNS lookups we recorded before reporting the issue.”As the screenshot above shows, t…

2 weeks, 1 day назад @ krebsonsecurity.com
Chinese Innovations Spawn Wave of Toll Phishing Via SMS
Chinese Innovations Spawn Wave of Toll Phishing Via SMS Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Reports of similar SMS phishing attacks against customers of other U.S. state-run toll facilities surfaced around the same time as the MassDOT alert.

People in Florida reported receiving SMS phishing that spoofed Sunpass, Florida’s prepaid toll program.

In each case, the emergence of these SMS phishing attacks coincided with the release of new phishing kit capabilities that closely mimic these toll operator websites as they appear on mobile devices.

Merrill said the volume of SMS phishing attacks spoofing toll road operators skyrocketed after the New Year, when at least one Chinese cybercriminal group known for selling sophisticated SMS phishing kits began offering new phishing pages design…

3 weeks назад @ krebsonsecurity.com
Microsoft: Happy 2025. Here’s 161 Security Updates
Microsoft: Happy 2025. Here’s 161 Security Updates Microsoft: Happy 2025. Here’s 161 Security Updates

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack.

Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017.

Today also saw the publication of nine critical remote code execution (RCE) vulnerabilities.

The Microsoft flaws already seeing active attacks include CVE-2025-21333, CVE-2025-21334 and, you guessed it– CVE-2025-21335.

And if you run into any problems installing this month’s patch batch, drop a line in the comments below, please.

3 weeks, 1 day назад @ krebsonsecurity.com
A Day in the Life of a Prolific Voice Phishing Crew
A Day in the Life of a Prolific Voice Phishing Crew A Day in the Life of a Prolific Voice Phishing Crew

KrebsOnSecurity recently told the saga of a cryptocurrency investor named Tony who was robbed of more than $4.7 million in an elaborate voice phishing attack.

Lookout researchers discovered multiple voice phishing groups were using a new phishing kit that closely mimicked the single sign-on pages for Okta and other authentication providers.

-The Operator: The individual managing the phishing panel, silently moving the victim from page to page.

-The Owner: The phishing panel owner, who will frequently listen in on and participate in scam calls.

Nixon said the constant snaking within the voice phishing circles points to a psychological self-selection phenomenon that is in desperate need of ac…

4 weeks, 1 day назад @ krebsonsecurity.com
U.S. Army Soldier Arrested in AT&T, Verizon Extortions
U.S. Army Soldier Arrested in AT&T, Verizon Extortions U.S. Army Soldier Arrested in AT&T, Verizon Extortions

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon.

Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon.

Think again.”On that same day, Kiberphant0m posted what they claimed was the “data schema” from the U.S. National Security Agency.

The profile photo on Wagenius’ Facebook page was deleted within hours of my Nov. 26 story identifying Kiberphant0m as a likely U.S. Army soldier.

Nixon asked to sha…

1 month, 1 week назад @ krebsonsecurity.com
Happy 15th Anniversary, KrebsOnSecurity!
Happy 15th Anniversary, KrebsOnSecurity! Happy 15th Anniversary, KrebsOnSecurity!

Instead, they purchase the item using stolen payment card data and your shipping address.

March featured several investigations into the history of various people-search data broker services.

Radaris repeatedly threatened to sue KrebsOnSecurity unless that publication was retracted in full, alleging that it was replete with errors both factual and malicious.

Fittingly, Radaris now pimps OneRep as a service when consumers request that their personal information be removed from the data broker’s website.

There is zero third-party content on this website, apart from the occasional Youtube video embedded as part of a story.

1 month, 1 week назад @ krebsonsecurity.com
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm
Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Cybercriminals are selling hundreds of thousands of credential sets stolen with the help of a cracked version of Acunetix, a powerful commercial web app vulnerability scanner, new research finds.

Silent Push also learned Araneida bundles its service with a robust proxy offering, so that customer scans appear to come from Internet addresses that are randomly selected from a large pool of available traffic relays.

Silent Push said Araneida is being advertised by an eponymous user on multiple cybercrime forums.

“They are constantly bragging with their community about the crimes that are being committed, how it’s making criminals money,” said Zach Edwards, a senior threat researcher at Silent P…

1 month, 2 weeks назад @ krebsonsecurity.com
How to Lose a Fortune with Just One Bad Click
How to Lose a Fortune with Just One Bad Click How to Lose a Fortune with Just One Bad Click

At the same time, he received an email that came from a google.com email address, warning his Google account was compromised.

Unbeknownst to him at the time, Google Authenticator by default also makes the same codes available in one’s Google account online.

“I made mistakes due to being so busy and not thinking correctly,” Tony told KrebsOnSecurity.

Comparing notes, they discovered the fake Google security alerts they received just prior to their individual bitcoin thefts referenced the same phony “Google Support Case ID” number.

Daniel told Junseth he and his co-conspirators had just scored a $1.2 million theft that was still pending on the bitcoin investment platform SwanBitcoin.

1 month, 2 weeks назад @ krebsonsecurity.com
How Cryptocurrency Turns to Cash in Russian Banks
How Cryptocurrency Turns to Cash in Russian Banks How Cryptocurrency Turns to Cash in Russian Banks

A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds.

These platforms are built for Russian speakers, and they each advertise the ability to anonymously swap one form of cryptocurrency for another.

“Purportedly, the purpose of these platforms is for companies to accept cryptocurrency payments in exchange for goods or services,” Sanders told KrebsOnSecurity.

Their inquiry found 422 Richards St. was listed as the registered address for at least 76 foreign currency dealers, eight MSBs, and six cryptocurrency exchanges.

SANCTIONS E…

1 month, 3 weeks назад @ krebsonsecurity.com
Patch Tuesday, December 2024 Edition
Patch Tuesday, December 2024 Edition Patch Tuesday, December 2024 Edition

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks.

The security firm Rapid7 notes there have been a series of zero-day elevation of privilege flaws in CLFS over the past few years.

“Ransomware authors who have abused previous CLFS vulnerabilities will be only too pleased to get their hands on a fresh one,” wrote Adam Barnett, lead software engineer at Rapid7.

System admins should keep an eye on AskWoody.com, which usually has the details if any of the Patch Tuesday fixes are causing problems.

In the meantime, if you run into any problems applying this month’s fixe…

1 month, 3 weeks назад @ krebsonsecurity.com
Graham Cluley Graham Cluley
последний пост 8 часов назад
Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs
Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs Thailand cuts power and internet to areas of Myanmar to disrupt scam gangs

The government of Thailand has cut the power supply to areas near its border with Myanmar that are known to host brutal scam compounds.

These heavily-guarded fraud factories house armies of people, coerced into defrauding innocent people through bogus investment and romance baiting scams.

In the past, media reports have published distressing details of the treatment of fraud factory workers on the Myanmar-Thai border and in Cambodia.

According to Anutin, a clause in the energy supply contract allows Thailand to cut off the supply on the grounds of national security.

In reality, according to Wang Xing, he was put to work in a call scam compound targeting Chinese people.

8 часов назад @ bitdefender.com
Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom
Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom Smashing Security podcast #403: Coinbase crypto heists, QR codes, and ransomware in the classroom

In episode 403 of “Smashing Security” we dive into the mystery of $65 million vanishing from Coinbase users faster than J-Lo slipped into Graham’s DMs, Geoff gives a poor grade for PowerSchool’s security, and Carole takes a curious look at QR codes.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by The Lazarus Heist’s Geoff White.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddi…

22 часа назад @ grahamcluley.com
Man sentenced to 7 years in prison for role in $50m internet scam
Man sentenced to 7 years in prison for role in $50m internet scam

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

1 day, 6 hours назад @ tripwire.com
The AI Fix #36: A DeepSeek special
The AI Fix #36: A DeepSeek special The AI Fix #36: A DeepSeek special

In episode 36 of The AI Fix, Graham and Mark take a long look at DeepSeek, an upstart AI out of China that was trained on a shoestring, shook up Wall Street, kneecapped Nvidia, and challenged America’s AI hegemony.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podc…

2 days, 3 hours назад @ grahamcluley.com
Smashing Security podcast #402: Hackers get hacked, the British Museum IT shutdown, and social media kidnaps
Smashing Security podcast #402: Hackers get hacked, the British Museum IT shutdown, and social media kidnaps Smashing Security podcast #402: Hackers get hacked, the British Museum IT shutdown, and social media kidnaps

And join us as we explore the alarming trend of social media influencers staging fake kidnappings.

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Lianne Potter from the “Compromising Positions” podcast.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive …

1 week назад @ grahamcluley.com
Ex-worker arrested after ‘shutdown’ of British Museum computer systems
Ex-worker arrested after ‘shutdown’ of British Museum computer systems Ex-worker arrested after ‘shutdown’ of British Museum computer systems

The Metropolitan Police confirmed that it had been called to the museum at 8:25pm on Thursday, following reports that "a man entered the British Museum and caused damage to the museum’s security and IT systems."

Police attended and he was arrested at the scene," a spokesperson for the British Museum told the media on Friday.

The British Museum says that it has initiated a thorough assessment of its security protocols to prevent similar attacks occurring in the future.

Taking the opportunity to review its cybersecurity certainly makes a lot of sense, as the British Museum is not alone in facing challenges related to cybersecurity.

The British Museum is filled with treasures from around the w…

1 week, 1 day назад @ bitdefender.com
The AI Fix #35: Project Stargate, the AI emergency, and batsh*t AI cryonics
The AI Fix #35: Project Stargate, the AI emergency, and batsh*t AI cryonics The AI Fix #35: Project Stargate, the AI emergency, and batsh*t AI cryonics

In episode 35 of The AI Fix, our hosts learn who the 175th best programmer in the world is, the AI supervillains put on suits for President Trump, a “not imaginary” AI turns out to be imaginary, OpenAI releases Operator and teases o3-mini, and Anthropic predicts that superintelligence is only three years away.

Graham considers giving his money, pets, and vital organs to a YouTuber with an AI, and Mark looks into Project Stargate and the geo-politics of AI.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode…

1 week, 2 days назад @ grahamcluley.com
Hacked buses blare out patriotic pro-European anthems in Tbilisi, attack government
Hacked buses blare out patriotic pro-European anthems in Tbilisi, attack government Hacked buses blare out patriotic pro-European anthems in Tbilisi, attack government

Residents of Tbilisi, the capital city of Georgia, experienced an unexpected and unusual start to their Friday morning commute.

These protests were sparked by a general election that was marred by allegations of electoral fraud against the ruling Georgian Dream party.

In light of these events, the Georgian Dream party has since stalled the country's progress towards European Union membership.

The Georgia Dream party has since halted the country's ascension to the European Union.

This incident follows another concerning event just a day prior, when the website of Tbilisi City Mall was reportedly defaced with an anti-Semitic message.

1 week, 3 days назад @ bitdefender.com
Be careful what you say about data leaks in Turkey, new law could mean prison for reporting hacks
Be careful what you say about data leaks in Turkey, new law could mean prison for reporting hacks

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

1 week, 6 days назад @ tripwire.com
Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose
Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose Smashing Security podcast #401: Hacks on the high seas, and how your home can be stolen under your nose

An Italian hacker makes the grade and ends up in choppy waters, and hear true stories of title deed transfer scams.

All this and more is discussed in the latest edition of the award-winning “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or join us on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Bluesky or Mastodon to read more of the exclusive content we post.

2 weeks назад @ grahamcluley.com
Half a million hotel guests at risk after hackers accessed sensitive data
Half a million hotel guests at risk after hackers accessed sensitive data Half a million hotel guests at risk after hackers accessed sensitive data

The personal information of almost half a million people is now in the hands of hackers after a security breach of a company used by some of the world's best known hotel brands.

The hackers used the stolen credentials to scoop up data, which included the login information for Otelier's S3 buckets.

The hackers claimed to Bleeping Computer that they had downloaded huge amounts of data, including millions of documents from S3 buckets managed by Otelier that belonged to the Marriott hotel chain.

It is hard, however, to think of Marriott and the pther famous hotel brands, however, appear to be innocent parties.

You also need to consider how well the data is being secured by the third-parties and…

2 weeks, 1 day назад @ bitdefender.com
The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs
The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs

Meanwhile Graham isn’t tempted by NVIDIA’s $3000 supercomputer, and Mark explains his emergency manoeuvre for avoiding karaoke.

All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.

Powered by RedCircleHosts:Graham Cluley:@grahamcluley.com@[email protected]Mark Stockley:@ai-fix-mark.bsky.socialEpisode links:Support the show:You can help the podcast by telling your friends and colleagues about “The AI Fix”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Bluesky, or subscribe for free in your favourite podcast app such as Apple Podcasts or Spotify, or visit our website for more information.

F…

2 weeks, 2 days назад @ grahamcluley.com
Medusa ransomware: what you need to know
Medusa ransomware: what you need to know

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

2 weeks, 2 days назад @ tripwire.com
No, Brad Pitt isn’t in love with you
No, Brad Pitt isn’t in love with you No, Brad Pitt isn’t in love with you

While browsing the site, she saw a picture of Hollywood actor Brad Pitt and hit "Like."

Anne received a message from a woman introducing herself as Jane Etta Hillhouse, the mother of William Bradley Pitt - known to the world as Hollywood heartthrob Brad Pitt.

Initially, "Brad Pitt" acted uninterested in Anne's messages, embarrassed that his mother had put them in touch.

Next, Anne received a fake “breaking news” report that Brad Pitt had declared his love for a woman named "Anne."

According to Anne, she wired a total of 830,000 Euros (approximately US $850,000) to the person she believed was Brad Pitt.

2 weeks, 6 days назад @ bitdefender.com
UK government proposes ransomware payment ban for public sector
UK government proposes ransomware payment ban for public sector UK government proposes ransomware payment ban for public sector

If there was simply no way to unlock its systems and recover its data, what is an organisation supposed to do?

And that, undoubtedly unpleasant as it is, it may be a better choice to pay the ransom than to not pay it.

For instance, take the impact on healthcare services when they are hit by a determined ransomware attack.

A ban on ransomware payments may have the very best of intentions – but still have serious and costly unintended consequences.

But currently, the decision as to pay or not remains in the hands of most companies and individuals in the UK.

3 weeks назад @ exponential-e.com
Компании 🏢
Блог Касперского Блог Касперского
последний пост 11 часов назад
SparkCat — первый троян-стилер, пробравшийся в App Store | Блог Касперского
SparkCat — первый троян-стилер, пробравшийся в App Store | Блог Касперского SparkCat — первый троян-стилер, пробравшийся в App Store | Блог Касперского

И если в Google Play вредоносные приложения не единожды обнаруживались и до этого, то в App Store троян-стилер обнаружен впервые.

В зависимости от языка, установленного в ОС смартфона, SparkCat загружает модели, обученные находить и распознавать на фото символы латиницы, а также корейского, китайского и японского языков.

Масштаб и жертвы атакиНам удалось обнаружить 10 вредоносных приложений в Google Play и 11 — в App Store.

На момент публикации все вредоносные приложения из App Store (но не из Google Play) были удалены.

Поэтому критерии благонадежности стоит повысить: загружайте только приложения с высоким рейтингом, с тысячами, а лучше — с миллионами загрузок, опубликованные хотя бы нескол…

11 часов назад @ kaspersky.ru
Защита от спама: как его распознать и как с ним бороться | Блог Касперского
Защита от спама: как его распознать и как с ним бороться | Блог Касперского Защита от спама: как его распознать и как с ним бороться | Блог Касперского

Сейчас на смену «богатым нигерийским четвероюродным дядям по маминой линии» приходят фейковые представители банков, онлайн-магазинов, служб доставок и даже президенты.

Сегодня расскажем про самые популярные виды спама и ответим на вопрос, что делать, если на почту пришел спам.

Письма от инвесторов, меценатов и прочих богачейЭто, пожалуй, самый древний и вместе с тем популярный сценарий спама.

Проблема тоже вариативна: от смертельной болезни до желания пожертвовать все свои деньги на благотворительность — и сделать это нужно обязательно с вашей помощью.

тоже вариативна: от смертельной болезни до желания пожертвовать все свои деньги на благотворительность — и сделать это нужно обязательно с в…

1 day, 7 hours назад @ kaspersky.ru
Заметные атаки на цепочку поставок в 2024 году | Блог Касперского
Заметные атаки на цепочку поставок в 2024 году | Блог Касперского Заметные атаки на цепочку поставок в 2024 году | Блог Касперского

Атака на цепочку поставок может свести на нет все усилия по обеспечению безопасности инфраструктуры компании.

Сегодня мы поговорим о масштабных инцидентах такого рода, которые привлекли наше внимание в 2024 году.

Январь 2024: вредоносные npm-пакеты на GitHub воровали SSH-ключи у сотен разработчиковПервой значительной атакой на цепочку поставок в 2024 году стал инцидент с вредоносными npm-пакетами, которые в начале января были загружены на GitHub.

Также троянизированная версия jQuery обнаружилась и на других площадках: на GitHub и даже в jsDelivr, CDN-сервисе для доставки JavaScript-кода.

Как защититься от атак на цепочку поставокПодробные рекомендации о том, что следует делать для предотвра…

2 days, 2 hours назад @ kaspersky.ru
Новый стилер Tria перехватывает SMS на Android | Блог Касперского
Новый стилер Tria перехватывает SMS на Android | Блог Касперского Новый стилер Tria перехватывает SMS на Android | Блог Касперского

Особенностями традиций пользуются и кибернегодяи — они используют приглашения на свадьбу в качестве приманки для дальнейшей атаки на пользователей смартфонов на Android.

Рассказываем, что на этот раз придумали злоумышленники и как от этого защититься.

В ней в 2024 году мы заметили несколько подозрительных и однозначно вредоносных образцов APK-файлов, распространявшихся в Малайзии и Брунее.

Связав две эти истории воедино, мы поняли: злоумышленники отправляют пользователям Android в Брунее и Малайзии приглашения на свадьбы в виде… APK-файла, который необходимо самостоятельно установить на свой смартфон.

Вредоносу нужно 10 разрешений: доступ к сетевой активности, на отправку и чтение SMS и ряд…

3 days, 8 hours назад @ kaspersky.ru
Атаки шифровальщиков в 2024 году | Блог Касперского
Атаки шифровальщиков в 2024 году | Блог Касперского Атаки шифровальщиков в 2024 году | Блог Касперского

В последние годы в блоге Kaspersky Daily мы стали уделять ransomware заметно меньше внимания, чем в былые времена.

Январь 2024: атака вымогателей на зоопарк ТоронтоОдним из первых значительных инцидентов 2024 года, связанных с ransomware, стала январская атака на крупнейший канадский зоопарк, расположенный в Торонто.

Февраль 2024: атака на UnitedHealth ценой $3,09 миллиардаВ феврале произошла атака на гиганта американского медицинского страхования, UnitedHealth Group, которую можно смело назвать ransomware-инцидентом года.

Май 2024: серьезные сбои в работе американской сети больниц AscensionОдной из крупнейших сетей больниц в США, Ascension, в начале мая пришлось перевести в офлайн часть св…

6 days, 4 hours назад @ kaspersky.ru
Как зловред-стилер Banshee заражает пользователей macOS | Блог Касперского
Как зловред-стилер Banshee заражает пользователей macOS | Блог Касперского Как зловред-стилер Banshee заражает пользователей macOS | Блог Касперского

Еще один троян для macOS, ворующий криптовалюту, маскировался под PDF-документ, озаглавленный «Криптоактивы и их риски для финансовой стабильности».

Часто атакующие целились одновременно в пользователей как macOS, так и Windows — при этом Banshee «аккомпанировал» Windows-стилер под названием Lumma.

Таким образом, вот уже несколько месяцев этим весьма серьезным стилером для macOS может воспользоваться любой желающий, причем совершенно бесплатно.

Как защититься от стилера Banshee и других угроз для macOSВот несколько рекомендаций для пользователей macOS, которые помогут оставаться в безопасности:Не устанавливайте на свой «Мак» пиратское программное обеспечение.

Как вы убедились, зловреды для …

1 week назад @ kaspersky.ru
Scareware: что это такое и как защититься от данной угрозы | Блог Касперского
Scareware: что это такое и как защититься от данной угрозы | Блог Касперского Scareware: что это такое и как защититься от данной угрозы | Блог Касперского

В этом посте мы расскажем, что такое scareware и чем опасен этот тип угроз.

А также объясняем, как не попасться на уловки распространителей таких зловредов и защитить от подобных атак себя и своих близких.

Scareware с элементами секс-шантажаИногда мошенники используют гибридную схему — сочетание scareware с тактикой секс-шантажа.

При этом поверх имитации неработающего дисплея, который для пущей тревожности еще и мигает, выводится вполне разборчивое и качественно отрисованное сообщение о том, что поломка как раз и вызвана вирусом.

Как защититься от scarewareКонечно же, лучшая защита от фейковой «защиты» — это защита настоящая.

1 week, 1 day назад @ kaspersky.ru
Как перейти на SASE и Zero Trust и в чем преимущества
Как перейти на SASE и Zero Trust и в чем преимущества Как перейти на SASE и Zero Trust и в чем преимущества

Многие «громкие» взломы начались с эксплуатации дефектов в VPN-решениях: CVE-2023-46805, CVE-2024-21887 и CVE-2024-21893 в Ivanti Connect Secure, CVE-2023-4966 в решениях Citrix.

Этот подход применим как к сервисам во внутренней сети, так и к публичным и облачным сервисам.

Zero TrustМодель Zero Trust создана для предотвращения несанкционированного доступа к данным и службам благодаря детальному, точному контролю доступа.

Каждый запрос на доступ к ресурсу или микросервису отдельно анализируется, и решение принимается на основе ролевой модели доступа и принципа наименьших привилегий.

Zero Trust Network AccessРешение ZTNA обеспечивает безопасный удаленный доступ к данным и сервисам организации…

1 week, 2 days назад @ kaspersky.ru
Удаляем метаданные из фотографий, видео и других файлов: зачем и как | Блог Касперского
Удаляем метаданные из фотографий, видео и других файлов: зачем и как | Блог Касперского Удаляем метаданные из фотографий, видео и других файлов: зачем и как | Блог Касперского

Разберемся, как с помощью встроенных средств удалить метаданные фото, видео, DOC- и PDF-файлов.

Фото и видеоНа WindowsВ Проводникe Windows нажмите правой кнопкой на файл, выберите Свойства и перейдите во вкладку Подробно.

При этом местоположение будет указано только у тех фото- и видеоматериалов, в момент создания которых были включены службы геолокации.

Пользователи Windows могут удалить метаданные DOC-файлов с помощью Проводника Windows по аналогии с фото и видео.

Избавиться от метаданных PDF-файлов с помощью Проводника Windows можно по аналогии с фото и видео.

1 week, 6 days назад @ kaspersky.ru
CVE-2025-0411 — уязвимость в 7-Zip | Блог Касперского
CVE-2025-0411 — уязвимость в 7-Zip | Блог Касперского CVE-2025-0411 — уязвимость в 7-Zip | Блог Касперского

В популярном архиваторе 7-Zip была обнаружена уязвимость CVE-2025-0411, позволяющая злоумышленникам обходить защитный механизм Mark-of-the-Web.

Уязвимость была оперативно исправлена, однако, поскольку в программе отсутствует механизм автоматического обновления, у некоторых пользователей могла остаться уязвимая версия.

Злоумышленники неоднократно были замечены за попытками избавиться от отметки MOTW для того, чтобы ввести пользователя в заблуждение.

CVE-2025-0411 позволяет злоумышленникам создать архив таким образом, что при его распаковке программой 7-Zip файлы не унаследуют пометку MOTW.

В результате атакующий может эксплуатировать эту уязвимость для запуска вредоносного кода с правами пол…

2 weeks, 1 day назад @ kaspersky.ru
Как загрузить, установить и обновить приложения Kaspersky для Android | Блог Касперского
Как загрузить, установить и обновить приложения Kaspersky для Android | Блог Касперского Как загрузить, установить и обновить приложения Kaspersky для Android | Блог Касперского

Также эти приложения можно установить вручную из APK-файлов, доступных на нашем сайте или в вашем аккаунте My Kaspersky.

В этой статье мы дадим подробные инструкции, как установить Kaspersky на Android в 2025 году.

Вы также можете установить приложения из APK-файла, загруженного с официального сайта или из аккаунта My Kaspersky.

Для этого перейдите в раздел Профиль и под иконкой Kaspersky Free нажмите Поехали!, затем выберите подписку — Kaspersky Standard, Kaspersky Plus или Kaspersky Premium, количество устройств, которое вам необходимо защитить, и завершите оформление заказа.

Также вы можете установить приложение Kaspersky по описанному выше сценарию из альтернативного магазина или APK-фа…

2 weeks, 2 days назад @ kaspersky.ru
Анонсы новых гаджетов на CES 2025 и их влияние на безопасность | Блог Касперского
Анонсы новых гаджетов на CES 2025 и их влияние на безопасность | Блог Касперского Анонсы новых гаджетов на CES 2025 и их влияние на безопасность | Блог Касперского

На Consumer Electronics Show уделяют внимание и кибербезопасности, но она, мягко скажем, не является первым и главным вопросом повестки дня.

Bosch Revol не только автоматически укачивает младенца, но и ведет за ним непрерывное видеонаблюдение и звукозапись, одновременно с помощью миллиметрового радара сканируя пульс и частоту дыхания малыша.

Но, в отличие от компьютеров и смартфонов, в поток информации с очков попадут голоса, фото и видео всех окружающих.

BenjiLock: амбарный замок с биометриейТеперь пристегнуть свой велосипед или запереть дверь сарая можно, не запоминая коды и не плодя ключи.

Устройство устойчиво к влаге и пыли и, по заявлению производителя, работает на одной зарядке до год…

3 weeks, 1 day назад @ kaspersky.ru
Хайп и путаница вокруг квантовых компьютеров в криптографии
Хайп и путаница вокруг квантовых компьютеров в криптографии Хайп и путаница вокруг квантовых компьютеров в криптографии

В реальности ситуация и спокойней, и сложней, но в медиа об этом писать не так интересно.

Компания прогнозировала, что в 2009 году можно будет арендовать квантовый компьютер для вычислений через облако, применяя его для анализа рисков в страховом деле, для моделирования в химии и материаловедении, а также для «правительственных и военных нужд».

Интернет-гигантыКвантовыми вычислениями интересуются (и инвестируют в них) многие крупные IT-компании, в том числе Google и IBM.

Авторы утверждают, что в чипе удалось решить одну из ключевых проблем масштабирования квантовых вычислений — коррекцию ошибок.

Добро пожаловать в реальностьОставляя в стороне математическую и техническую сторону дела, подыт…

3 weeks, 2 days назад @ kaspersky.ru
Простые советы для защиты от кражи паролей для электронной почты, соцсетей и сервисов госуслуг | Блог Касперского
Простые советы для защиты от кражи паролей для электронной почты, соцсетей и сервисов госуслуг | Блог Касперского Простые советы для защиты от кражи паролей для электронной почты, соцсетей и сервисов госуслуг | Блог Касперского

Но мошенники могут выманить ваш пароль от почты, сервисов госуслуг, банковских сервисов или соцсетей, сымитировав форму ввода логина-пароля известного сервиса на своем (постороннем) сайте.

Не попадайтесь — пароль от почты может проверять только сам почтовый сервис и никто другой!

Это самый простой вариант, но нужно убедиться, что вы действительно заходите на легитимный сайт и в его адресе нет никакой ошибки.

На рисунке ниже — примеры оригинальных страниц входа на разные сервисы, на которых можно смело вводить имя и пароль от этого сервиса.

Схема работает так: внешний сервис проверяет, что вы — это вы, и подтверждает это сайту, на который вы входите.

3 weeks, 3 days назад @ kaspersky.ru
Легитимные расширения Chrome крадут пароли Facebook*
Легитимные расширения Chrome крадут пароли Facebook* Легитимные расширения Chrome крадут пароли Facebook*

Сразу после католического Рождества стало известно о многоэтапной атаке на разработчиков популярных расширений Google Chrome.

Атака на разработчиков: злоупотребление OAuthЧтобы внедрить троянскую функциональность в популярные расширения Chrome, преступники разработали оригинальную систему фишинга.

Эта стандартная процедура проходит на легитимных страницах Google, только приложение Privacy Policy Extension запрашивает права на публикацию расширений в Web Store.

Они просто злоупотребляют системой Google по делегированию прав, чтобы выманить у разработчика разрешение на обновление его расширения.

Вредоносные функции в принципе позволяют похищать данные и от других сайтов, поэтому стоит провери…

3 weeks, 6 days назад @ kaspersky.ru
Блог Group-IB
последний пост None
Cisco Security Blog Cisco Security Blog
последний пост 9 часов назад
Quantum Key Distribution and the Path to Post-Quantum Computing
Quantum Key Distribution and the Path to Post-Quantum Computing Quantum Key Distribution and the Path to Post-Quantum Computing

Today’s Quantum Safe SolutionsWhile the quantum threat remains in the future, tech companies, standards bodies, and government entities have sought its mitigation for some time.

QKD, SKIP, ETSI, and the Ability to Share Keys Between EndpointsCisco then turned its attention to creating quantum-safe network transport protocols.

SKIP is an API enabling network devices to obtain quantum safe keys from an external key management system, such as QKD.

Key issues to consider include:How well do specific QKD solutions work?

Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

9 часов назад @ blogs.cisco.com
Cybersecurity for Businesses of All Sizes: A Blueprint for Protection
Cybersecurity for Businesses of All Sizes: A Blueprint for Protection Cybersecurity for Businesses of All Sizes: A Blueprint for Protection

Network Security: Network security is all about keeping the connections between devices safe from threats.

Regular checks for vulnerabilities help identify weaknesses that could be exploited by cybercriminals, making it essential for maintaining a secure network.

Security Staffing: Having knowledgeable staff is key to a strong security strategy.

By maintaining detailed logs over an extended period, businesses can better investigate security incidents, understand their root causes, and improve their overall cybersecurity posture.

Check out our whitepaper, ‘Cybersecurity for businesses of all sizes: A blueprint for protection.’ShareShare:

2 days, 9 hours назад @ blogs.cisco.com
AI Cyber Threat Intelligence Roundup: January 2025
AI Cyber Threat Intelligence Roundup: January 2025 AI Cyber Threat Intelligence Roundup: January 2025

At Cisco, AI threat research is fundamental to informing the ways we evaluate and protect models.

This regular threat roundup consolidates some useful highlights and critical intel from ongoing third-party threat research efforts to share with the broader AI security community.

As always, please remember that this is not an exhaustive or all-inclusive list of AI cyber threats, but rather a curation that our team believes is particularly noteworthy.

Notable Threats and Developments: January 2025Single-Turn Crescendo AttackIn previous threat analyses, we’ve seen multi-turn interactions with LLMs use gradual escalation to bypass content moderation filters.

They evaluated the technique against …

5 days, 9 hours назад @ blogs.cisco.com
Evaluating Security Risk in DeepSeek and Other Frontier Reasoning Models
Evaluating Security Risk in DeepSeek and Other Frontier Reasoning Models Evaluating Security Risk in DeepSeek and Other Frontier Reasoning Models

Executive SummaryThis article investigates vulnerabilities in DeepSeek R1, a new frontier reasoning model from Chinese AI startup DeepSeek.

The results were alarming: DeepSeek R1 exhibited a 100% attack success rate, meaning it failed to block a single harmful prompt.

Compared to other frontier models, DeepSeek R1 lacks robust guardrails, making it highly susceptible to algorithmic jailbreaking and potential misuse.

With their models, DeepSeek has shown comparable results to leading frontier models with an alleged fraction of the resources.

MethodologyWe performed safety and security testing against several popular frontier models as well as two reasoning models: DeepSeek R1 and OpenAI O1-p…

6 days, 3 hours назад @ blogs.cisco.com
Harnessing AI to Simplify Cloud Configuration Drift Detection
Harnessing AI to Simplify Cloud Configuration Drift Detection Harnessing AI to Simplify Cloud Configuration Drift Detection

Unless these changes are carefully tracked, they could lead to configuration drift, a situation in which the runtime state of a resource deviates from its intended baseline configuration.

How AI Powers Drift DetectionAI-driven drift detection uses machine learning techniques to monitor and analyze cloud configurations in real-time.

This approach provides a scalable, effective, and accurate solution to configuration drift challenges in dynamic cloud environments.

Benefits of AI in Drift DetectionAI offers several advantages over traditional drift detection methods:Scalability: Monitors thousands of resources across multiple cloud environments efficiently.

As technology matures, its potential…

6 days, 9 hours назад @ blogs.cisco.com
Top Threat Tactics and How to Address Them
Top Threat Tactics and How to Address Them Top Threat Tactics and How to Address Them

Escalate Access: Once attackers gained access, remote access tools were used in 100% of ransomware engagements (up from 13% last quarter), enabling lateral movement.

With these strong protections on trusted users, organizations can block attacks and protect trusted users from getting locked out of their accounts.

Cisco’s User Protection Suite also includes Secure Access, which includes both Secure Internet Access and Zero Trust Network Access (ZTNA) capabilities.

With Secure Internet Access, users are protected from malicious content with both Intrusion Prevention System (IPS) and Remote Browser Isolation (RBI).

Talk to an expert to discover how the Breach and User Protection Suites can pro…

1 week назад @ blogs.cisco.com
Black Hat Europe 2024 NOC/SOC: Security Cloud
Black Hat Europe 2024 NOC/SOC: Security Cloud Black Hat Europe 2024 NOC/SOC: Security Cloud

Black Hat has unlimited access to the Cisco Security Cloud and its capabilities.

We started with a Proof-of-Concept (PoC) in Black Hat Asia 2024 and turned it into a full deployment at Black Hat Europe.

At Black Hat Europe 2024, over 12,000 supported samples were submitted.

Both these workflows were spruced up and used extensively at Black Hat Europe 2024.

At Black Hat Europe 2024, we had a problem where the ThousandEyes agents were showing a high latency time to Azure.

1 week, 2 days назад @ blogs.cisco.com
Simplifying Zero Trust Security for the Modern Workplace
Simplifying Zero Trust Security for the Modern Workplace Simplifying Zero Trust Security for the Modern Workplace

The upgraded suite is designed to provide comprehensive workplace security and help organizations implement zero trust access.

User Protection Suite Capabilities:Cisco’s User Protection Suite includes the key capabilities necessary to protect users and devices.

Zero Trust Access: Ease the transition to ZTNACisco Secure Access allows organizations to adopt Security Service Edge (SSE) with integrated Zero Trust Network Access (ZTNA) and VPN-as-a-service.

ISE assigns tags to these devices, including corporate devices, BYOD, and IoT devices, like cameras and printers.

Learn MoreTo explore the different tiers of Cisco’s User Protection Suite, check out the User Protection Suite At-A-Glance.

2 weeks, 1 day назад @ blogs.cisco.com
Cisco AI Defense: Comprehensive Security for Enterprise AI Adoption
Cisco AI Defense: Comprehensive Security for Enterprise AI Adoption Cisco AI Defense: Comprehensive Security for Enterprise AI Adoption

Last year, we published our Cisco AI Readiness Index, which provided critical insights into the state of enterprise AI adoption.

I’m proud to announce Cisco AI Defense, the first truly comprehensive solution for enterprise AI security.

To accomplish this, it comprises four main components: AI Access, AI Cloud Visibility, AI Model & Application Validation, and AI Runtime Protection.

Cisco AI Defense gives security teams comprehensive visibility and control over the rapidly growing threat of shadow AI.

Cisco AI Defense addresses AI risk from beginning to end, giving business and security leaders the confidence to bring AI applications to market.

3 weeks, 1 day назад @ blogs.cisco.com
Advancing AI Security and Contributing to CISA’s JCDC AI Efforts
Advancing AI Security and Contributing to CISA’s JCDC AI Efforts Advancing AI Security and Contributing to CISA’s JCDC AI Efforts

A few months ago this year, I wrote about an AI Security Incident tabletop exercise led by the Cybersecurity and Infrastructure Security Agency’s (CISA) Joint Cyber Defense Collaborative (JCDC).

CISA used the insights gained from these exercises to develop an AI Security Incident Collaboration Playbook, which serves as a guide for enhancing effective operational collaboration among government agencies, private industry and international stakeholders.

Enables collaboration among the U.S. federal government, private industry, international government counterparts and the AI community to raise awareness of AI cybersecurity risks across critical infrastructure, enhancing the security and resili…

3 weeks, 2 days назад @ blogs.cisco.com
From Chaos to Clarity: Navigating Threats With Cisco XDR
From Chaos to Clarity: Navigating Threats With Cisco XDR From Chaos to Clarity: Navigating Threats With Cisco XDR

By providing comprehensive visibility and actionable insights across entire networks, Cisco XDR empowers organizations to detect and respond to threats more effectively and efficiently.

Why Cisco XDR MattersCisco XDR isn’t just another security tool.

When every second counts, Cisco XDR can automatically respond to identified threats, significantly reducing the time to mitigate security incidents.

From safeguarding critical systems to helping protect sensitive data, Cisco XDR provides a holistic approach to cybersecurity.

Discover how Cisco XDR can address the unique challenges in your industry:We’d love to hear what you think.

3 weeks, 2 days назад @ blogs.cisco.com
Strengthening Docker Security: Best Practices for Resilient Containers
Strengthening Docker Security: Best Practices for Resilient Containers Strengthening Docker Security: Best Practices for Resilient Containers

However, the rapid proliferation and wide adoption of Docker technology has increased a number of serious security vulnerabilities.

The items below enumerate some key approaches towards optimal security in Docker containers.

Key security areas in DockerImage security:Base images are the foundation of Docker containers, and ensuring their integrity is paramount.

Network security:Without proper network segmentation, lateral movement can quickly occur with attackers inside containerized environments, creating a significant security risk.

Docker Security Best Practices: A Holistic Approach to Container ProtectionConclusionWhile Docker scales up and deploys just about any application, you can’t …

1 month, 2 weeks назад @ blogs.cisco.com
The Impacts of Government Regulations on PQC Product Availability
The Impacts of Government Regulations on PQC Product Availability The Impacts of Government Regulations on PQC Product Availability

This blog, the third in a series on post-quantum computing, takes on the important issue of U.S. government regulation and its impact on PQC product availability.

CSfC solutions align with the NSA’s Commercial National Security Algorithm (CNSA) requirements.

However, they cannot be used in certain U.S. government applications until the certification requirements are updated to allow CNSA 2.0 capabilities.

The government is taking action to speed up the creation of new certification requirements for CC and CSfC.

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

1 month, 3 weeks назад @ blogs.cisco.com
GenAI to Advanced Microsegmentation: Secure Workload 3.10 Has It All!
GenAI to Advanced Microsegmentation: Secure Workload 3.10 Has It All! GenAI to Advanced Microsegmentation: Secure Workload 3.10 Has It All!

The platform for microsegmentation has taken a significant leap forward with the launch of its 3.10 release earlier this month.

Harnessing eBPF: Elevating Secure Workload visibility and efficiencyAs part of its commitment to scalability and resilience, the Secure Workload 3.10 release introduces a major innovation by replacing the traditional “libpcap” method with the cutting-edge eBPF technology.

Secure Workload Agent architectureFrom task-centric to outcome-centric: Unlocking GenAI with Secure Workload 3.10The Secure Workload 3.10 release takes a bold step forward by integrating GenAI, transforming the platform from task-focused to outcome-driven.

Secure Workload 3.10 sets the stage for G…

1 month, 3 weeks назад @ blogs.cisco.com
A New Approach to Network Troubleshooting in the Multicloud World
A New Approach to Network Troubleshooting in the Multicloud World A New Approach to Network Troubleshooting in the Multicloud World

1: Observability and network troubleshooting with Isovalent Enterprise, Amazon CloudWatch Network Monitoring and SplunkThe deep integration in practiceLet’s see how the Cisco and AWS integration would work in the real world.

Their network team had sophisticated tools for monitoring on-premises performance but found that they had gaps in their network visibility when traffic moved to the cloud.

When users complained about performance, the network team couldn’t tell if the problem was their application, the AWS network or somewhere in between.

This new solution extends ThousandEyes’ well known path visualization capabilities into the AWS network and also correlates how traffic flow impacts ap…

2 months назад @ blogs.cisco.com
Microsoft Security Microsoft Security
последний пост 4 часа назад
Code injection attacks using publicly disclosed ASP.NET machine keys
Code injection attacks using publicly disclosed ASP.NET machine keys Code injection attacks using publicly disclosed ASP.NET machine keys

In this blog, we share more information about ViewState code injection attacks and provide recommendations for securing machine keys and monitoring configuration files.

To protect ViewState against tampering and information disclosure, the ASP.NET page framework uses machine keys: ValidationKey and DecryptionKey.

Microsoft also recommends the following best practices for securing machine keys and web servers:Follow secure DevOps standards and securely generate machine keys.

ReferencesLearn moreFor the latest security research from the Microsoft Threat Intelligence community, check out the Microsoft Threat Intelligence Blog: https://aka.ms/threatintelblog.

To hear stories and insights from t…

4 часа назад @ microsoft.com
Hear from Microsoft Security experts at these top cybersecurity events in 2025
Hear from Microsoft Security experts at these top cybersecurity events in 2025 Hear from Microsoft Security experts at these top cybersecurity events in 2025

So if you’re looking to boost your skills and stay ahead of the threat landscape, join Microsoft Security at the top cybersecurity events in 2025.

Be among the first to hear about Microsoft Security innovations, such as Microsoft’s Secure Future Initiative and XSPA (cross-site port attack) updates attendees of Microsoft Ignite 2024 heard.

Over the past few years, we’ve really boosted Microsoft Security experiences at Microsoft Ignite.

Microsoft will host a booth where attendees can connect with Microsoft Security experts and leaders.

It will showcase exciting updates and innovations from Microsoft Security for developers to create AI-enabled security solutions for their organizations.

3 days, 5 hours назад @ microsoft.com
3 priorities for adopting proactive identity and access security in 2025
3 priorities for adopting proactive identity and access security in 2025 3 priorities for adopting proactive identity and access security in 2025

Employ risk-based Conditional Access policies and continuous access evaluation : Configure strong Conditional Access policies that initiate additional security measures, such as step-up authentication, automatically for high-risk sign-ins.

Augment Conditional Access with continuous access evaluation to ensure ongoing access checks and to protect against token theft.

Augment Conditional Access with continuous access evaluation to ensure ongoing access checks and to protect against token theft.

Converge access policies for identity security tools and network security tools to eliminate coverage gaps and enforce more robust access controls.

Converge access policies for identity security tools …

1 week, 2 days назад @ microsoft.com
Fast-track generative AI security with Microsoft Purview
Fast-track generative AI security with Microsoft Purview Fast-track generative AI security with Microsoft Purview

This includes Microsoft AI, like Microsoft 365 Copilot, AI that an organization builds in-house, and AI from third parties like Google Gemini or ChatGPT.

These Microsoft Purview solutions are:Microsoft Purview Data Security Posture Management for AIMicrosoft Purview Information ProtectionMicrosoft Purview Data Loss PreventionMicrosoft Purview Communications ComplianceMicrosoft Purview Insider Risk ManagementMicrosoft Purview Data Lifecycle ManagementMicrosoft Purview Audit and Microsoft Purview eDiscoveryMicrosoft Purview Compliance ManagerHere are short term steps you can take while the comprehensive data governance program is underway.

Microsoft Purview Data Security Posture Management fo…

1 week, 3 days назад @ microsoft.com
New Star Blizzard spear-phishing campaign targets WhatsApp accounts
New Star Blizzard spear-phishing campaign targets WhatsApp accounts New Star Blizzard spear-phishing campaign targets WhatsApp accounts

In mid-November 2024, Microsoft Threat Intelligence observed the Russian threat actor we track as Star Blizzard sending their typical targets spear-phishing messages, this time offering the supposed opportunity to join a WhatsApp group.

Targeting WhatsApp account dataStar Blizzard’s new spear-phishing campaign, while novel in that it uses and targets WhatsApp for the first time, exhibits familiar spear-phishing TTPs for Star Blizzard, with the threat actor initiating email contact with their targets, to engage them, before sending them a second message containing a malicious link.

Star Blizzard initial spear-phishing email with broken QR codeWhen the recipient responds, Star Blizzard sends …

3 weeks назад @ microsoft.com
Innovating in line with the European Union’s AI Act
Innovating in line with the European Union’s AI Act Innovating in line with the European Union’s AI Act

You can consult our EU AI Act documentation on the Microsoft Trust Center to stay up to date.

This includes the EU AI Act.

Our framework for guiding engineering teams building Microsoft AI solutions—the Responsible AI Standard—was drafted with an early version of the EU AI Act in mind.

We expect that several of the secondary regulatory efforts under the EU AI Act will provide additional guidance on model- and system-level documentation.

Tags: AI, AI safety policies, Azure OpenAI Service, EU, European Union, Responsible AI

3 weeks, 1 day назад @ blogs.microsoft.com
Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions
Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions Analyzing CVE-2024-44243, a macOS System Integrity Protection bypass through kernel extensions

Microsoft Threat Intelligence discovered a new macOS vulnerability that could allow attackers to bypass Apple’s System Integrity Protection (SIP) in macOS by loading third party kernel extensions.

In this blog post, we detail the connection between entitlements and SIP and explain how CVE-2024-44243 could be used to bypass SIP security measures.

Modifying sensitive files on the file system can bypass SIP, for instance, by modifying the list of allowed kernel extensions and then loading that kernel extension.

macOS comes pre-shipped with several such filesystem implementations, each appears as a file system bundle (*.fs) under /System/Library/Filesystems and /Library/Filesystems.

Registered …

3 weeks, 3 days назад @ microsoft.com
3 takeaways from red teaming 100 generative AI products
3 takeaways from red teaming 100 generative AI products 3 takeaways from red teaming 100 generative AI products

Microsoft’s AI red team is excited to share our whitepaper, “Lessons from Red Teaming 100 Generative AI Products.”The AI red team was formed in 2018 to address the growing landscape of AI safety and security risks.

Eight main lessons learned from our experience red teaming more than 100 generative AI products.

Lessons from Red Teaming 100 Generative AI Products Discover more about our approach to AI red teaming.

Read the whitepaperMicrosoft AI red team tackles a multitude of scenariosOver the years, the AI red team has tackled a wide assortment of scenarios that other organizations have likely encountered as well.

Advance your AI red teaming expertiseThe “Lessons From Red Teaming 100 Genera…

3 weeks, 3 days назад @ microsoft.com
Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response
Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response Why security teams rely on Microsoft Defender Experts for XDR for managed detection and response

Our proven service brings together in-house security professionals and industry-leading protection with Microsoft Defender XDR to help security teams rapidly stop cyberthreats and keep their environments secure.2Frost & Sullivan names Microsoft Defender Experts for XDR a leader in the Frost Radar™ Managed Detection and Response for 2024.1Microsoft Defender Experts for XDR Give your security operations center team coverage with end-to-end protection and expertise.

Microsoft Defender Experts for XDR reinforces your security team with Microsoft security professionals to help reduce talent gap concerns.

Microsoft Defender Experts for XDR is a managed extended detection and response service (MXD…

1 month назад @ microsoft.com
New Microsoft guidance for the CISA Zero Trust Maturity Model
New Microsoft guidance for the CISA Zero Trust Maturity Model New Microsoft guidance for the CISA Zero Trust Maturity Model

The Cybersecurity Infrastructure Security Agency (CISA) Zero Trust Maturity Model (ZTMM) assists agencies in development of their Zero Trust strategies and continued evolution of their implementation plans.

And now, we are excited to share new Microsoft Guidance for CISA Zero Trust Maturity Model.

We’ll also share the Microsoft Zero Trust platform and relevant solutions that help meet CISA’s Zero Trust requirements, and close with two examples of real-world deployments.

CISA Zero Trust Maturity Model Use this guidance to help meet the goals for ZTMM functions and make progress through maturity stages.

Establishing it as your organization’s Zero Trust identity provider lets you configure, en…

1 month, 2 weeks назад @ microsoft.com
Foundry study highlights the benefits of a unified security platform in new e-book
Foundry study highlights the benefits of a unified security platform in new e-book Foundry study highlights the benefits of a unified security platform in new e-book

You can read up on the full results in the e-book The unified security platform era is here.

The unified security platform era is here Read the e-book to gain research-driven insights into securing your organization with a unified security platform.

Setting out on your unified security platform journeyReducing and consolidating security tools around a unified security platform is no small feat, either technologically or culturally.

Moving to a unified security platform is not just about improving defenses, so don’t forget to lend some of your time to maintaining positive employee experiences.

Learn moreLearn more about the Microsoft unified security operations platform.

1 month, 2 weeks назад @ microsoft.com
Microsoft Defender for Cloud named a Leader in Frost Radar™ for CNAPP for the second year in a row!
Microsoft Defender for Cloud named a Leader in Frost Radar™ for CNAPP for the second year in a row!

In the ever-evolving landscape of cloud security, Microsoft continues to assert its dominance with its comprehensive and innovative solutions. The Frost Radar™: Cloud-Native Application Protection Platforms, 2024 report underscores Microsoft’s leadership in both – the innovation and growth index, highlighting several key strengths that set it apart from the competition. Frost and Sullivan states in […]

The post Microsoft Defender for Cloud named a Leader in Frost Radar™ for CNAPP for the second year in a row! appeared first on Microsoft Security Blog.

1 month, 3 weeks назад @ techcommunity.microsoft.com
Agile Business, agile security: How AI and Zero Trust work together
Agile Business, agile security: How AI and Zero Trust work together Agile Business, agile security: How AI and Zero Trust work together

AI security and Zero Trust Agile security for agile businesses.

This means you need a Zero Trust approach to effectively secure AI.

Key strategies to help manage AI security risksThese strategies from the whitepaper illustrate how to manage the risks associated with AI.

Zero Trust and AI: A symbiotic relationshipWe have found that there is a symbiotic relationship between Zero Trust and Generative AI where:AI requires a Zero Trust approach to effectively protect data and AI applications.

The Zero Trust approach to security helps you keep up with continuously changing threats as well as the rapid evolution of technology that AI represents.

1 month, 3 weeks назад @ microsoft.com
Convincing a billion users to love passkeys: UX design insights from Microsoft to boost adoption and security
Convincing a billion users to love passkeys: UX design insights from Microsoft to boost adoption and security Convincing a billion users to love passkeys: UX design insights from Microsoft to boost adoption and security

To make sure we got our passkey experience right, we adopted a simple methodology: Start small, experiment, then scale like crazy.

Step 3: ScaleAs our users began to enroll passkeys at scale, our sign-in experience needed to behave more intelligently to encourage passkey use.

As we redesigned the experience, we followed these guiding principles:Secure : A great sign-in experience should prioritize security without sacrificing usability.

Learning from our experienceHere are a few suggestions based on our learnings:Don’t be shy about inviting users to enroll passkeys.

Together, we can convince billions and billions of users to enroll passkeys for trillions of accounts!

1 month, 3 weeks назад @ microsoft.com
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine

This information was encrypted using the same RC4 function and transmitted to the previously referenced Secret Blizzard C2 server at hxxps://citactica[.]com/wp-content/wp-login.php.

Secret Blizzard Actor activity detectedHunting queriesMicrosoft Defender XDRSurface instances of the Secret Blizzard indicators of compromise file hashes.

]com/wp-content/wp-login.php C2 domain Survey Tool and Amadey dropper Secret Blizzard April 2024 a56703e72f79b4ec72b97c53fbd8426eb6515e3645cb02e7fc99aaaea515273e Tavdig payload (rastls.dll) Secret Blizzard April 2024 hxxps://icw2016.coachfederation[.

]br/wp-includes/fonts/icons/ Tavdig C2 domain Secret Blizzard April 2024 f9ebf6aeb3f0fb0c29bd8f3d652476cd1fe8bd…

1 month, 3 weeks назад @ microsoft.com
Google Online Security Blog Google Online Security Blog
последний пост 1 week, 1 day назад
How we kept the Google Play & Android app ecosystems safe in 2024
How we kept the Google Play & Android app ecosystems safe in 2024 How we kept the Google Play & Android app ecosystems safe in 2024

Google Play’s multi-layered protections against bad appsTo create a trusted experience for everyone on Google Play, we use our SAFE principles as a guide, incorporating multi-layered protections that are always evolving to help keep Google Play safe.

Google Play Protect automatically scans every app on Android devices with Google Play Services, no matter the download source.

In 2024, Google Play Protect’s real-time scanning identified more than 13 million new malicious apps from outside Google Play1.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled during phone or video calls.

To prevent this, the Play Protect app scanning toggle is now temporarily disabled …

1 week, 1 day назад @ security.googleblog.com
How we estimate the risk from prompt injection attacks on AI systems
How we estimate the risk from prompt injection attacks on AI systems How we estimate the risk from prompt injection attacks on AI systems

This type of attack is commonly referred to as an "indirect prompt injection," a term first coined by Kai Greshake and the NVIDIA team.

One of these tools is a robust evaluation framework we have developed to automatically red-team an AI system’s vulnerability to indirect prompt injection attacks.

Threat model and evaluation frameworkOur threat model concentrates on an attacker using indirect prompt injection to exfiltrate sensitive information, as illustrated above.

Based on this probability, the attack model refines the prompt injection.

This process repeats until the attack model converges to a successful prompt injection.

1 week, 1 day назад @ security.googleblog.com
Android enhances theft protection with Identity Check and expanded features
Android enhances theft protection with Identity Check and expanded features Android enhances theft protection with Identity Check and expanded features

This is why we recently launched Android theft protection, a comprehensive suite of features designed to protect you and your data at every stage – before, during, and after device theft.

As part of enabling Identity Check, you can designate one or more trusted locations.

Theft Detection Lock: expanding AI-powered protection to more usersOne of the top theft protection features introduced last year was Theft Detection Lock, which uses an on-device AI-powered algorithm to help detect when your phone may be forcibly taken from you.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help …

2 weeks назад @ security.googleblog.com
OSV-SCALIBR: A library for Software Composition Analysis
OSV-SCALIBR: A library for Software Composition Analysis OSV-SCALIBR: A library for Software Composition Analysis

Today, we’re excited to release OSV-SCALIBR (Software Composition Analysis LIBRary), an extensible library for SCA and file system scanning.

We offer OSV-SCALIBR primarily as an open source Go library today, and we're working on adding its new capabilities into OSV-Scanner as the primary CLI interface.

OSV-Scanner + OSV-SCALIBRUsers looking for an out-of-the-box vulnerability scanning CLI tool should check out OSV-Scanner, which already provides comprehensive language package scanning capabilities using much of the same extraction as OSV-SCALIBR.

Some of OSV-SCALIBR’s capabilities are not yet available in OSV-Scanner, but we’re currently working on integrating OSV-SCALIBR more deeply into O…

3 weeks назад @ security.googleblog.com
Google Cloud expands vulnerability detection for Artifact Registry using OSV
Google Cloud expands vulnerability detection for Artifact Registry using OSV Google Cloud expands vulnerability detection for Artifact Registry using OSV

Fortunately, they can now improve their image and container security by harnessing Google-grade vulnerability scanning, which offers expanded open-source coverage.

A significant benefit of utilizing Google Cloud Platform is its integrated security tools, including Artifact Analysis.

This integration provides industry-leading insights into open source vulnerabilities—a crucial capability as software supply chain attacks continue to grow in frequency and complexity, impacting organizations reliant on open source software.

Open source vulnerabilities, with more reachArtifact Analysis pulls vulnerability information directly from OSV, which is the only open source, distributed vulnerability dat…

1 month, 4 weeks назад @ security.googleblog.com
Announcing the launch of Vanir: Open-source Security Patch Validation
Announcing the launch of Vanir: Open-source Security Patch Validation Announcing the launch of Vanir: Open-source Security Patch Validation

Today, we are announcing the availability of Vanir, a new open-source security patch validation tool.

In collaboration with the Google Open Source Security Team, we have incorporated feedback from our early adopters to improve Vanir and make it more useful for security professionals.

These algorithms have low false-alarm rates and can effectively handle broad classes of code changes that might appear in code patch processes.

The Vanir signatures for Android vulnerabilities are published through the Open Source Vulnerabilities (OSV) database.

You can also contribute to Vanir by providing vulnerability data with Vanir signatures to OSV.

2 months назад @ security.googleblog.com
Leveling Up Fuzzing: Finding more vulnerabilities with AI
Leveling Up Fuzzing: Finding more vulnerabilities with AI Leveling Up Fuzzing: Finding more vulnerabilities with AI

But these particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets.

The ideal solution would be to completely automate the manual process of developing a fuzz target end to end:Drafting an initial fuzz target.

Running the corrected fuzz target for a longer period of time, and triaging any crashes to determine the root cause.

In January 2024, we open sourced the framework that we were building to enable an LLM to generate fuzz targets.

New results: More code coverage and discovered vulnerabilitiesWe’re now able to automatically gain more coverage in 272 C/C++ projects on OSS-Fuzz (up from 160), …

2 months, 2 weeks назад @ security.googleblog.com
Retrofitting Spatial Safety to hundreds of millions of lines of C++
Retrofitting Spatial Safety to hundreds of millions of lines of C++ Retrofitting Spatial Safety to hundreds of millions of lines of C++

Based on an analysis of in-the-wild exploits tracked by Google's Project Zero, spatial safety vulnerabilities represent 40% of in-the-wild memory safety exploits over the past decade:Breakdown of memory safety CVEs exploited in the wild by vulnerability classGoogle is taking a comprehensive approach to memory safety.

This leads to an exponential decline in memory safety vulnerabilities and quickly improves the overall security posture of a codebase, as demonstrated by our post about Android's journey to memory safety.

We’ve begun by enabling hardened libc++, which adds bounds checking to standard C++ data structures, eliminating a significant class of spatial safety bugs.

This improves spat…

2 months, 3 weeks назад @ security.googleblog.com
Safer with Google: New intelligent, real-time protections on Android to keep you safe
Safer with Google: New intelligent, real-time protections on Android to keep you safe Safer with Google: New intelligent, real-time protections on Android to keep you safe

That’s why we’re using the best of Google AI to identify and stop scams before they can do harm with Scam Detection.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Scam Detection is off by default, and you can decide whether you want to activate it for future calls.

Cutting-edge AI protection, now on more Pixel phones: Gemini Nano, our advanced on-device AI model, powers Scam Detection on Pixel 9 series devices.

We look forward to learning from this beta and your feedback, and we’ll share more about Scam Detection in the months ahead.

2 months, 3 weeks назад @ security.googleblog.com
5 new protections on Google Messages to help keep you safe
5 new protections on Google Messages to help keep you safe 5 new protections on Google Messages to help keep you safe

Every day, over a billion people use Google Messages to communicate.

That’s why we’ve made security a top priority, building in powerful on-device, AI-powered filters and advanced security that protects users from 2 billion suspicious messages a month.

With end-to-end encrypted1 RCS conversations, you can communicate privately with other Google Messages RCS users.

We're committed to constantly developing new controls and features to make your conversations on Google Messages even more secure and private.

As part of cybersecurity awareness month, we're sharing five new protections to help keep you safe while using Google Messages on Android:

3 months, 2 weeks назад @ security.googleblog.com
Safer with Google: Advancing Memory Safety
Safer with Google: Advancing Memory Safety Safer with Google: Advancing Memory Safety

Our internal analysis estimates that 75% of CVEs used in zero-day exploits are memory safety vulnerabilities.

Our Secure by Design commitment emphasizes integrating security considerations, including robust memory safety practices, throughout the entire software development lifecycle.

This post builds upon our previously reported Perspective on Memory Safety, and introduces our strategic approach to memory safety.

By open-sourcing these tools, we've empowered developers worldwide to reduce the likelihood of memory safety vulnerabilities in C and C++ codebases.

Migration to Memory-Safe Languages (MSLs)The first pillar of our strategy is centered on further increasing the adoption of memory-s…

3 months, 3 weeks назад @ security.googleblog.com
Bringing new theft protection features to Android users around the world
Bringing new theft protection features to Android users around the world Bringing new theft protection features to Android users around the world

Situations like Janine’s highlighted the need for a comprehensive solution to phone theft that exceeded existing tools on any platform.

These advanced theft protection features are now available to users around the world through Android 15 and a Google Play Services update (Android 10+ devices).

These theft protection features are just one example of how Android is working to provide real-world protection for everyone.

You can turn on the new Android theft features by clicking here on a supported Android device.

Learn more about our theft protection features by visiting our help center.

3 months, 3 weeks назад @ security.googleblog.com
Using Chrome's accessibility APIs to find security bugs
Using Chrome's accessibility APIs to find security bugs Using Chrome's accessibility APIs to find security bugs

If only the whole tree of Chrome UI controls were exposed, somehow, such that we could enumerate and interact with each UI control automatically.

We need to amortize that cost over thousands of test cases by running a batch of them within each browser invocation.

Yet this is tricky, since Chrome UI controls are deeply nested and often anonymous.

This approach has proven to be about 80% as quick as the original ordinal-based mutator, while providing stable test cases.

If you’d like to follow along, keep an eye on our coverage dashboard as it expands to cover UI code.

3 months, 4 weeks назад @ security.googleblog.com
Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems
Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems Pixel's Proactive Approach to Security: Addressing Vulnerabilities in Cellular Modems

Most smartphones use cellular baseband processors with tight performance constraints, making security hardening difficult.

The Cellular BasebandThe cellular baseband within a smartphone is responsible for managing the device's connectivity to cellular networks.

The firmware within the cellular baseband, similar to any software, is susceptible to bugs and errors.

For example, 0-day exploits in the cellular baseband are being used to deploy the Predator malware in smartphones.

Pixel's proactive approach to security demonstrates a commitment to protecting its users across the entire software stack.

4 months назад @ security.googleblog.com
Evaluating Mitigations & Vulnerabilities in Chrome
Evaluating Mitigations & Vulnerabilities in Chrome Evaluating Mitigations & Vulnerabilities in Chrome

The Chrome Security Team is constantly striving to make it safer to browse the web.

We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to exploit a security bug, and sandboxing to reduce the capability exposed by an isolated security issue.

Historically the Chrome Security Team has made major investments and driven the web to be safer.

In the longer-term the Chrome Security Team advocates for operating system improvements like less-capable lightweight processes, less-privileged GPU and NPU containers, improved application isolation, and support for hardware-based isolation, memory safety and flow control enforcement.

Good Bugs and Ba…

4 months назад @ security.googleblog.com