Кибербезопасность
👉 от %username%
Подборка ресурсов по кибербезопасности
На русском 🇷🇺
Securitylab
последний пост 2 часа назад
Южная Корея отказывается от iPhone: армия страны запрещает смартфоны
Южная Корея отказывается от iPhone: армия страны запрещает смартфоны Южная Корея отказывается от iPhone: армия страны запрещает смартфоны

Южная Корея отказывается от iPhone: армия страны запрещает смартфоныAlexander AntipovВВС опасается за нацбезопасность из-за строгой политики Apple.

Вооружённые силы Южной Кореи планируют ввести полный запрет на использование iPhone в военных учреждениях.

Примечательно, что под запрет попадают именно устройства Apple, в то время как смартфоны на базе Android, в частности от Samsung Electronics, не подвергнутся ограничениям.

Отметим, что устройства Apple не соответствуют требованиям национальной безопасности, поскольку не позволяют внешним приложениям контролировать их основные функции, кроме камеры.

Стоит отметить, что недавно южнокорейский оператор сотовой связи SK Telecom ввел функцию запи…

2 часа назад @ securitylab.ru
Тинькофф привлекает пранкеров: Фрод-рулетка станет новым оружием против мошенников
Тинькофф привлекает пранкеров: Фрод-рулетка станет новым оружием против мошенников

Инновационный проект превратит хищников в добычу.

3 часа назад @ securitylab.ru
Без пива и телевизора: в Скандинавии наступил сухой закон после кибератаки
Без пива и телевизора: в Скандинавии наступил сухой закон после кибератаки

Полки магазинов в Швеции, Дании, Норвегии и Финляндии пустеют из-за проблем с поставками.

3 часа назад @ securitylab.ru
Миллиарды под колпаком: разработчики клавиатур шпионят за пользователями Android по всему миру
Миллиарды под колпаком: разработчики клавиатур шпионят за пользователями Android по всему миру

Уязвимости в популярных клавиатурах для смартфонов позволяют видеть, что набирает пользователь.

3 часа назад @ securitylab.ru
FROZEN#SHADOW: хладнокровные хакеры скрытно атакуют компании по всему миру
FROZEN#SHADOW: хладнокровные хакеры скрытно атакуют компании по всему миру

Вредонос SSLoad стал одним из основных инструментов в арсенале киберпреступников.

3 часа назад @ securitylab.ru
Забудьте о миллиардах лет: ученые вырастили алмазы всего за 150 минут
Забудьте о миллиардах лет: ученые вырастили алмазы всего за 150 минут

Новая техника из Южной Кореи может обвалить рынок алмазов.

4 часа назад @ securitylab.ru
Сальвадор, береги свои биткоины: хакеры выложили в сеть исходный код криптокошелька Chivo
Сальвадор, береги свои биткоины: хакеры выложили в сеть исходный код криптокошелька Chivo

Киберзащита первого в мире государственного кошелька оставляет желать лучшего.

7 часов назад @ securitylab.ru
Qualcomm бросает вызов Intel и Apple новыми процессорами Snapdragon X Plus для Windows ПК
Qualcomm бросает вызов Intel и Apple новыми процессорами Snapdragon X Plus для Windows ПК Qualcomm бросает вызов Intel и Apple новыми процессорами Snapdragon X Plus для Windows ПК

Qualcomm бросает вызов Intel и Apple новыми процессорами Snapdragon X Plus для Windows ПКAlexander AntipovSnapdragon X Elite и X Plus превосходят конкурентов на 28%.

Данный шаг последовал вскоре после анонса еще более мощного процессора Snapdragon X Elite, который был представлен в октябре прошлого года.

Snapdragon X Plus содержит 10-ядерный процессор, встроенный графический процессор и аналогичную нейронную единицу Hexagon, как и X Elite.

Кроме того, X Elite и X Plus потребляют меньше энергии по сравнению с чипами конкурентов.

Выпуск производительного Snapdragon X Plus призван ускорить этот переход и упрочить позиции Qualcomm в сегменте arm-совместимых Windows-компьютеров.

16 часов назад @ securitylab.ru
Обнаружена огромная энергетическая вспышка от магнитной нейтронной звезды
Обнаружена огромная энергетическая вспышка от магнитной нейтронной звезды

Разгадки мощных гамма-всплесков могут объяснить тайны Вселенной.

16 часов назад @ securitylab.ru
Китайский процессор Zhaoxin KX-7000 обходит Skylake в многоядерных тестах
Китайский процессор Zhaoxin KX-7000 обходит Skylake в многоядерных тестах

Процессор, который может изменить баланс сил в технологической индустрии.

16 часов назад @ securitylab.ru
Кофейная ловушка: уязвимость домена Nespresso привела к всплеску фишинговых атак
Кофейная ловушка: уязвимость домена Nespresso привела к всплеску фишинговых атак

Как известный бренд неожиданно для себя стал участником мошеннической схемы?

20 часов назад @ securitylab.ru
Заработок мечты или обман? Детали скам-схемы с TON в Telegram
Заработок мечты или обман? Детали скам-схемы с TON в Telegram

Лаборатория Касперского предупреждает о мошеннической пирамиде.

20 часов назад @ securitylab.ru
Последний полет CloudSat: какие загадки облаков ему удалось разгадать за 18 лет?
Последний полет CloudSat: какие загадки облаков ему удалось разгадать за 18 лет?

Легендарный спутник, наблюдавший за изменениями в атмосфере с 2006 года, уходит в отставку.

20 часов назад @ securitylab.ru
Голдман: генеративный ИИ погибнет от рук бюрократии
Голдман: генеративный ИИ погибнет от рук бюрократии

Новая работа эксперта в области права поднимает проблемы развития юридически спорных технологий.

20 часов назад @ securitylab.ru
Теневой бизнес адаптируется: как нелегальные казино и букмеркеры обходят ограничения ЦБ
Теневой бизнес адаптируется: как нелегальные казино и букмеркеры обходят ограничения ЦБ

Аналитики F.A.C.C.T. рассказали о методах обхода блокировок Центробанка России.

21 час назад @ securitylab.ru
Anti-Malware Anti-Malware
последний пост 3 часа назад
Тандем МТС RED Anti-DDoS — МТС RED WAF: как качественно защитить веб-приложения от атак
Тандем МТС RED Anti-DDoS — МТС RED WAF: как качественно защитить веб-приложения от атак Тандем МТС RED Anti-DDoS — МТС RED WAF: как качественно защитить веб-приложения от атак

В феврале этого года на российском рынке ИБ появился новый сервис защиты веб-приложений МТС RED WAF.

Рассказываем о том, как этот сервис совместно с МТС RED Anti-DDoS защищает компании от комплекса атак на веб-ресурсы и в чём польза такого тандема.

В апреле на Anti-Malware.ru вышел актуальный обзор рынка защиты веб-приложений (WAF), где, помимо прочих, представлен сервис защиты веб-приложений МТС RED.

Как работает сервис защиты веб-приложений от взломаПосле того как компания принимает решение о подключении к сервису защиты веб-приложений, на DNS-серверах производится смена IP-адресов владельца защищаемых веб-ресурсов на IP-адреса сервис-провайдера защиты.

Это удобно, например, если компания…

3 часа назад @ anti-malware.ru
Подводные камни Purple Teaming
Подводные камни Purple Teaming Подводные камни Purple Teaming

Расскажем о проблемах реализации Purple Teaming как со стороны заказчика, так и со стороны исполнителя.

Проблемы защитниковВ первую очередь Purple Teaming нужен для команды защиты.

Лишь Purple Teaming позволит эффективно обнаружить слепые зоны, настоящие «чёрные дыры», закрома вашей сети.

Им требуется выполнять практически те же действия, что и на Red Teaming (либо — очень редко — что и при типовом пентесте).

В таком случае с экспертами, проводящими Purple Teaming, никто не взаимодействует, никто не просит помощи.

1 day назад @ anti-malware.ru
Как организовать процесс управления уязвимостями (Vulnerability Management) в 2024 году
Как организовать процесс управления уязвимостями (Vulnerability Management) в 2024 году Как организовать процесс управления уязвимостями (Vulnerability Management) в 2024 году

Процесс управления уязвимостямиЭтапы управления уязвимостямиЧто же такое управление уязвимостями (Vulnerability Management, VM) в России?

Модель управления уязвимостями не может быть достаточно полной без такого важного этапа, как полная подготовка инфраструктуры, отметила Анастасия Кузнецова.

Внедрение Vulnerability ManagementВедущий спросил спикеров о том, как оценить готовность организации ко внедрению полноценного процесса управления уязвимостями.

В течение трёх-пяти лет заказчики станут лучше понимать свои потребности в управлении уязвимостями и разбираться в доступных им решениях.

В течение трёх-пяти лет заказчики станут лучше понимать свои потребности в управлении уязвимостями и разб…

1 day, 21 hours назад @ anti-malware.ru
SAST, DAST, SCA, SCS: как обеспечить безопасность разработки на всех этапах
SAST, DAST, SCA, SCS: как обеспечить безопасность разработки на всех этапах SAST, DAST, SCA, SCS: как обеспечить безопасность разработки на всех этапах

SAST — это набор технологий для анализа исходного кода и бинарных файлов на предмет таких условий кодирования и проектирования, которые указывают на уязвимости.

Комплексный анализ безопасности на примере Solar appScreenerРассмотрим комплексный подход к безопасной разработке ПО на примере решения Solar appScreener, разработанного ГК «Солар».

Решение Solar appScreener позволяет встраивать инструменты анализа кода в цикл безопасной разработки на разных его этапах.

Модуль SAST может быть использован на этапах разработки и тестирования в цикле SSDLC для своевременного выявления уязвимостей и НДВ.

Модуль DAST может быть использован на финальных стадиях разработки и на этапе тестирования ПО, когда…

2 days назад @ anti-malware.ru
Обзор российского рынка систем серверной виртуализации
Обзор российского рынка систем серверной виртуализации Обзор российского рынка систем серверной виртуализации

Бурный рост российского рынка систем виртуализации серверных мощностей обусловлен уходом западных вендоров и ужесточением требований регуляторов.

Этот обзор затрагивает ПО и ПАК для виртуализации серверной инфраструктуры.

Тенденции на мировом рынке систем серверной виртуализацииСогласно обновлённому исследованию, объём мирового рынка ПО для виртуализации серверов в 2022 году составил 7 878 900 000 долларов США.

Динамика объёма российского рынка систем виртуализации, млн руб.

Качественная платформа серверной виртуализации должна отличаться стабильной работой и надёжностью, поддерживать базовые функции виртуализации и в то же время отвечать узкопрофильным сценариям.

2 days, 3 hours назад @ anti-malware.ru
Почему Гарда WAF — на самом деле не WAF
Почему Гарда WAF — на самом деле не WAF Почему Гарда WAF — на самом деле не WAF

Официальный анонс «Гарда WAF»Новый продукт «Гарда WAF»Группа компаний «Гарда» представила свой продукт «Гарда WAF», назвав его отражением «нового витка эволюции межсетевых экранов для защиты веб-приложений».

Варианты развёртывания облачных WAAP-решений (Gartner)Лука Сафонов, технический директор «Гарда WAF», прокомментировал это отличие следующим образом: «специально вариант облачной поддержки “Гарда WAF” пока не рассматривается».

Как уже было отмечено, группа компаний «Гарда» делает в настоящее время акцент на размещении своего решения в локальном формате, хотя принципиальных запретов на использование «Гарда WAF» в облаке нет.

Варианты наборов правил для контроля рисков («Гарда» / Weblock)…

2 days, 23 hours назад @ anti-malware.ru
Почему в атаках на иностранные госструктуры видят след русских хакеров
Почему в атаках на иностранные госструктуры видят след русских хакеров Почему в атаках на иностранные госструктуры видят след русских хакеров

Основная функция Smoke Loader — загрузка и запуск других вредоносных программ (троянов, шпионов, шифровальщиков) на устройстве жертвы.

Особенности кибератак с использованием Smoke Loader«Достоинствами» дроппера Smoke Loader являются малобюджетность и низкозатратность для организаторов кибератак.

Из самораспаковывающегося архива извлекается BAT-файл, а тот, в свою очередь, выполняет загрузку вредоносного дроппера Smoke Loader и после этого открывает PDF.

Всё это позволяет утверждать, что в данном случае мы, скорее всего, имеем дело с фейковой операцией.

ВыводыВредоносный дроппер Smoke Loader, который может загружать дополнительные модули или ПО, получая команды после подключения к C&C-сервер…

6 days, 3 hours назад @ anti-malware.ru
Как разработать стратегию развития кибербезопасности
Как разработать стратегию развития кибербезопасности Как разработать стратегию развития кибербезопасности

Процесс стратегического менеджмента, выстроенный в компанииОпределите зрелость процесса стратегического менеджмента, принятого в компании, и изучите применяемые практики.

Также на этом шаге нужно выяснить, как в компании определяется целевое состояние: через постановку целей, закрытие рисков и / или угроз либо по-другому.

Изучите прогнозы по ИБ на ближайшее время: как будет развиваться рынок ИБ, какие угрозы и виды атак станут популярными.

Изучите прогнозы по ИБ на ближайшее время: как будет развиваться рынок ИБ, какие угрозы и виды атак станут популярными.

Для успешной реализации стратегии ИБ нужно проанализировать динамику бюджета на ИБ и загрузку ИБ-специалистов, открытые вакансии и попы…

1 week назад @ anti-malware.ru
Обзор Solar webProxy 4.0, шлюза информационной безопасности
Обзор Solar webProxy 4.0, шлюза информационной безопасности Обзор Solar webProxy 4.0, шлюза информационной безопасности

Схема интеграции Solar webProxy в корпоративную инфраструктуруВ Solar webProxy реализованы развитые механизмы для обеспечения его бесперебойной работы под большой нагрузкой.

Возможна синхронизация досье сотрудников из Solar webProxy и DLP-системы Solar Dozor.

Выгрузка событий в разделе «Статистика» Solar webProxyКак уже говорилось, в Solar webProxy реализован межсетевой экран.

Настройка NAT в Solar webProxyВ Solar webProxy можно настроить доступ без аутентификации, что актуально для ряда приложений.

Создание правила фильтрации запросов в Solar webProxyВ Solar webProxy реализован модуль разграничения прав на базе ролевой модели.

1 week назад @ anti-malware.ru
Злые аналоги ChatGPT: xxXGPT, WormGPT, WolfGPT, FraudGPT, DarkBERT
Злые аналоги ChatGPT: xxXGPT, WormGPT, WolfGPT, FraudGPT, DarkBERT Злые аналоги ChatGPT: xxXGPT, WormGPT, WolfGPT, FraudGPT, DarkBERT

В рекламных постах он описывался как «зловещее творение ИИ на Python, представляющее тёмную силу, превосходящую как ChatGPT, так и WormGPT».

Как и в случае с xxXGPT, WolfGPT широко продвигался на хакерских форумах и в телеграм-каналах, но реальных подтверждений его возможностей, помимо единичных скриншотов интерфейса, найдено не было.

FraudGPT и DarkBERTFraudGPT и DarkBERT — ещё две «злые» разработки, которые кто-то продвигал в даркнете в июле 2023 года наряду с другими ИИ-сервисами для киберпреступников.

ChatGPT и его «злые конкуренты»: сравниваем ключевые параметрыХарактеристика ChatGPT «Злые» аналоги (xxXGPT, WolfGPT, FraudGPT, DarkBERT) Этические ограничения Есть Нет или минимальны Безо…

1 week, 1 day назад @ anti-malware.ru
Обзор рынка защиты веб-приложений (WAF) — 2024
Обзор рынка защиты веб-приложений (WAF) — 2024 Обзор рынка защиты веб-приложений (WAF) — 2024

Сейчас, в условиях недоступности некоторых программных продуктов, рынок WAF в России активно меняется в пользу отечественных решений: появляются новые продукты, производители работают над конкурентными преимуществами.

На основе последних докладов компании Gartner о рынке межсетевых экранов уровня приложений, среди зарубежных продуктов стоит отметить следующие: Akamai Web Application Protector, Imperva WAF, Cloudflare WAF, F5 Big-IP WAF, Barracuda WAF и AWS WAF.

Обзор отечественного рынка WAFПродукты Web Application FirewallВ этом разделе рассмотрим «коробочные» продукты, как в программном исполнении, так и в программно-аппаратном.

«МегаФон WAF» предназначен для защиты веб-приложений от суще…

1 week, 1 day назад @ anti-malware.ru
Аутсорсинг информационной безопасности в России: страшно ли передавать ИБ в чужие руки
Аутсорсинг информационной безопасности в России: страшно ли передавать ИБ в чужие руки Аутсорсинг информационной безопасности в России: страшно ли передавать ИБ в чужие руки

Рынок аутсорсинга информационной безопасностиСовременная концепция аутсорсинга информационной безопасности на рынкеЧто же такое аутсорсинг в 2024 году?

В настоящее время многие компании отдают провайдерам построение систем как по информационной безопасности, так и по информационным технологиям.

Компании будут всё больше осознавать важность информационной безопасности и обращаться к аутсорсинговым партнёрам для обеспечения защиты своих данных и систем.

При выборе провайдера услуг по информационной безопасности важно учитывать такие факторы, как опыт, репутация и финансовая стабильность.

Прогнозы экспертов по развитию аутсорсинга информационной безопасности в целом положительны.

1 week, 1 day назад @ anti-malware.ru
Как спроектировать защиту АСУ ТП с помощью новой концепции Positive Technologies
Как спроектировать защиту АСУ ТП с помощью новой концепции Positive Technologies Как спроектировать защиту АСУ ТП с помощью новой концепции Positive Technologies

Расскажем, как упростить установку и настройку ИБ-решений с помощью OT Security Framework и соблюдать требования законодательства.

Помимо этого, на различных отраслевых конференциях обсуждаем сложности и нюансы обеспечения информационной безопасности в промышленной сфере с клиентами и партнёрами, в числе которых — системные интеграторы в области АСУ ТП.

OT Security Framework собирает вместе лучшие практики Positive Technologies для защиты компаний из индустриальной сферы и регулярно обновляется экспертизой.

Ещё одно направление — руководство по обеспечению соответствия требованиям национальных и международных отраслевых стандартов в области промышленной кибербезопасности с помощью продуктов…

1 week, 2 days назад @ anti-malware.ru
Почему отрасли ИБ нужны DevSecOps-инженеры
Почему отрасли ИБ нужны DevSecOps-инженеры Почему отрасли ИБ нужны DevSecOps-инженеры

При этом сфера информационной безопасности, по разным оценкам, испытывает нехватку минимум 100 тыс.

Поэтому стало важным повысить качество, безопасность и скорость разработки ПО за счёт формирования внутренних команд разработки и построения собственного производственного ИТ-процесса.

Также DevSecOps-инженеры участвуют в формировании общей базы знаний по вопросам безопасной разработки приложений, в создании и обновлении проектной документации, подготовке стандартов, регламентов и пользовательских инструкций и пр.

Важно соблюдать баланс между инновационными разработками и безопасностью, чтобы обеспечить надёжную работу приложений и инфраструктуры.

Российский рынок технологий активно развивает…

1 week, 2 days назад @ anti-malware.ru
Как и зачем искать секреты при помощи пользовательских правил
Как и зачем искать секреты при помощи пользовательских правил Как и зачем искать секреты при помощи пользовательских правил

В статье расскажем, что такое секреты и какие риски для безопасности они несут, а также рассмотрим, как инструмент Gitleaks справляется с поиском конфиденциальных данных самостоятельно и с применением пользовательских правил.

Теперь поговорим о том, что такое пользовательские (кастомные) правила и зачем они нужны.

Но это и не требуется, поскольку нужно проверить качество настройки правил, а не утечку секретов в пределах коммитов.

Поиск секретов с помощью Gitleaks и пользовательских правилДля применения собственных правил необходимо создать файл формата TOML, описывающий пользовательский набор правил.

Сканирование директории с использованием пользовательских правилАнализ результатовИтак, дав…

1 week, 6 days назад @ anti-malware.ru
Хабр: ИБ Хабр: ИБ
последний пост 2 часа назад
Как один опытный разработчик за три дня потерял аккаунт в Телеграме, а второй чуть не перевел «другу» 100 тысяч рублей
Как один опытный разработчик за три дня потерял аккаунт в Телеграме, а второй чуть не перевел «другу» 100 тысяч рублей Как один опытный разработчик за три дня потерял аккаунт в Телеграме, а второй чуть не перевел «другу» 100 тысяч рублей

Слава не успел сделать скриншот переписки, поэтому мы постарались восстановить содержимое на основе скриншотов других жертв подобной схемыГолос учтен.

Позже Слава поймет, что в субботу его сессию перехватили мошенники и тихо ждали три дня, чтобы «выкинуть» владельца из всех устройств и завладеть аккаунтом.

Другие жертвы в сумме перевели 300 тысяч рублей, но не по указанному номеру в чате, а на известный им номер Кости.

Придумать подсказку для облачного пароля — учтите, что мошенники ее тоже увидят, поэтому сделайте ее понятной только для вас.

Ищите такие решения, которые учат сотрудников отражать атаки и безопасно общаться и в Телеграме, и Вотсапе.

2 часа назад @ habr.com
Обзор K8s LAN Party —  сборника задач по поиску уязвимостей в кластере Kubernetes прямо в браузере
Обзор K8s LAN Party —  сборника задач по поиску уязвимостей в кластере Kubernetes прямо в браузере Обзор K8s LAN Party —  сборника задач по поиску уязвимостей в кластере Kubernetes прямо в браузере

На этот раз взглянем на продукт от разработчиков из компании Wiz Research — Kubernetes LAN Party , челлендж по выполнению CTF-сценариев.

Что такое K8s LAN Party и зачем он нуженK8s LAN Party — это набор из пяти CTF-сценариев, в которых пользователю нужно найти уязвимости в кластере Kubernetes.

В K8s LAN Party следующие правила для выполнения заданий:Выполнять сценарии можно в любом порядке.

65536 / 65536 [---------------------------------------------------------------------------------------------------------------------------------] 100.00% 985 p/sУтилита нашла сервис getflag-service.

Вставляем его в поле для ввода и завершаем наш сценарий.

3 часа назад @ habr.com
[Перевод] Настройка Kerberos аутентификации в OpenAM
[Перевод] Настройка Kerberos аутентификации в OpenAM [Перевод] Настройка Kerberos аутентификации в OpenAM

Но такой подход неудобен и для администраторов системы и для пользователей.

В текущей статье мы настроим Kerberos аутентификацию в OpenAM.

Настройка WindowsСоздайте в Active Directory учетную запись для аутентификации Kerberos.

Таким образом, вы можете аутентифицироваться по протоколу Kerberos без подключения Active Directory в User Data Store в OpenAM.

Проверка решенияНа Windows машине под аутентифицированным в Active Directory пользователем откройте в браузере url OpenAM http://openam.example.com:8080/openam/XUI/#login/&realm=/&service=ssoЕсли все настроено корректно, OpenAM сразу аутентифицирует вас без запроса учетных данных.

3 часа назад @ habr.com
Исследование веб-приложений с помощью утилиты Ffuf
Исследование веб-приложений с помощью утилиты Ffuf Исследование веб-приложений с помощью утилиты Ffuf

Разбираемся с фаззингом с Ffuf и исследуем несколько ключевых методов его применения.

Могут приниматься несколько флагов -H -X HTTP метод для использования -b Данные cookie " Name1 = Value1; Name2 = Value2" для копирования функциональности curl -d Данные POST -http2 Использовать протокол HTTP2 (по умолчанию: false) -ignore-body Не загружать содержимое ответа (по умолчанию: false) -r Следовать перенаправлениям (по умолчанию: false) -recursion Сканировать рекурсивно.

Например: http://127.0.0.1:8080 или socks5://127.0.0.1:8080 ОБЩИЕ ОПЦИИ: -V Показать информацию о версии (по умолчанию: false) -ac Автоматическая калибровка параметров фильтрации (по умолчанию: false) -acc Пользовательская строка…

6 часов назад @ habr.com
Внедряем двухфакторную аутентификацию в веб-приложения, не предусматривающие ее изначально
Внедряем двухфакторную аутентификацию в веб-приложения, не предусматривающие ее изначально Внедряем двухфакторную аутентификацию в веб-приложения, не предусматривающие ее изначально

В продуктовом каталоге Cloud.ru есть несколько вендорских сервисов, в которые не заложили возможность подключения двухфакторной аутентификации, или предлагаемая функциональность нас по ряду причин не устраивала.

Но это требует установки и настройки клиентского ПО, что в удаленном формате работы не очень дружелюбно для пользователей.

Зарегистрировать в IAM пользователя, включить для него 2FA и настроить приложение OTP (например, Google Authenticator, Яндекс Ключ и т.

Настроить сетевую связность и разрешения до IAM и защищаемого приложения.

Что в итоге?

1 day назад @ habr.com
Ландшафт угроз информационной безопасности последних лет. Часть 1
Ландшафт угроз информационной безопасности последних лет. Часть 1 Ландшафт угроз информационной безопасности последних лет. Часть 1

Что не исключает, конечно, ознакомления с угрозами через вендорские отчеты, бюллетени (IBM, Microsoft, Elastic, Acronis, SonicWALL и т.д.)

При этом только через TI-отчеты мы можем разобраться, как работают группировки, прокачиваются, как атакуют с конкретного вредоносного ПО, как используют техники и что сейчас актуально.

Шпионское ПО и некоторые формы рекламного ПО также можно отнести к вредоносному ПО.

Как и в любой другой компании, в группировке присутствуют менеджеры среднего звена, менеджеры по персоналу, различные технические, производственные команды с дорожной картой и релизами.

Причем публикации где угодно, на сайте поставщика с патчем или на черных рынках интернета.

1 day назад @ habr.com
Самые интересные задачи для безопасников — Джабба одобряет
Самые интересные задачи для безопасников — Джабба одобряет Самые интересные задачи для безопасников — Джабба одобряет

Дисклеймер: материал не обучает хакингу и не призывает к противозаконным действиям.

И предупреждает, на что нужно обратить внимание при разработке программного обеспечения.

Пробую отправить такую строку:Готово — флаг в кармане.Han Solo is frozen in carbonite!

«flag.txt»; cat ./flag.txt), окажется, что на стороне сервера работает фильтр, который ее блокирует.Это не страшно, ведь есть и другие утилиты.

Перехожу в раздели вижу текст, в котором находится флаг:Копирую флаг — и сдаю его.

1 day, 2 hours назад @ habr.com
Как пройти путь до руководителя инфобеза?
Как пройти путь до руководителя инфобеза? Как пройти путь до руководителя инфобеза?

На подкасте мы обсуждали банковскую систему безопасности: как устроена защита, как контролируются люди, и как внутри нее становятся руководителями.

Я принял решение, что это мое, и я хочу учиться.

Согласовал это с IT департаментом, согласовал это с другим департаментом, получил поддержку руководящего состава организации.

Все были в шоке: я был в шоке, подчиненные в шоке, директор департамента в шоке.

А когда данные утекут — все претензии будут к тебе, потому что «не предпринял», «не сделал вовремя».

1 day, 2 hours назад @ habr.com
Стажировки в SOC. Часть 1: как организовать обучение на 1 тыс. человек
Стажировки в SOC. Часть 1: как организовать обучение на 1 тыс. человек Стажировки в SOC. Часть 1: как организовать обучение на 1 тыс. человек

В этой мы поэтапно расскажем, как у нас получилось организовать стажировку в центре противодействия кибератакам Solar JSOC на 1,1 тыс.

К этому моменту я уже сам проводил стажировки и обучение для заказчиков, а затем ездил в командировки, где учил начинающих спецов работать по нашему воркфлоу.

В случае его успешного прохождения выпадают ссылки с приглашением в закрытый Telegram-чат и канал для стажеров.

В дополнение мы проводим лабораторные работы, и на каждую из них даем стажеру обратную связь.

Строгий отборВ середине стажировки у нас есть этап «экватор», в рамках которого мы отсеиваем совсем неактивных участников – увы, иногда попадаются и такие.

1 day, 2 hours назад @ habr.com
Тестирование PT NGFW: ранняя версия межсетевого экрана нового поколения от Positive Technologies
Тестирование PT NGFW: ранняя версия межсетевого экрана нового поколения от Positive Technologies Тестирование PT NGFW: ранняя версия межсетевого экрана нового поколения от Positive Technologies

В мае 2023 года наши партнёры из Positive Technologies объявили о скором выпуске PT NGFW и показали достаточно высокие цифры производительности.

Российский рынок, который испытывает явный дефицит высокоскоростных межсетевых экранов нового поколения, воспринял анонс с большим энтузиазмом и сейчас ждет выхода коммерческой версии PT NGFW.

Нагрузочные проверки:Пропускная способность в режиме МСЭ: L7 фильтрация (с распознаванием приложений)- от 30 Гбит/сек.

Кроме этого, вендор обещает выпустить две следующие версии в 2024 году: в мае и в ноябре.

Также в мае 2024 года ребята из Positive Technologies обещают представить собственные аппаратные платформы для межсетевого экрана российского производст…

1 day, 4 hours назад @ habr.com
Обеспечение безопасности загрузчика GRUB в Linux
Обеспечение безопасности загрузчика GRUB в Linux Обеспечение безопасности загрузчика GRUB в Linux

В этом контексте обеспечение безопасности загрузчика GRUB, используемого в операционных системах Linux, становится неотъемлемой составляющей защиты системы.

В данной статье мы рассмотрим шаги по обеспечению безопасности загрузчика GRUB, начиная с генерации зашифрованного пароля и заканчивая его внедрением в систему.

Хакер может изменить GRUB и загрузить систему в специальный режим работы (называемый режимом одиночного пользователя), где root входит автоматически без пароля.

Для решения этих проблем безопасности мы защитим загрузчик GRUB с помощью пароля.

Таким образом, ваш фактический пароль не виден в сценариях GRUB, и возможный хакер не может его увидеть.

1 day, 6 hours назад @ habr.com
Почему безопасник должен расти из программиста
Почему безопасник должен расти из программиста Почему безопасник должен расти из программиста

В моей области, то есть в области информационной безопасности, все еще обсуждают такой вопрос: «Должен ли безопасник расти из программиста?».

Для меня это не вопрос, но многие со мной не согласятся.

Специалист должен представлять, с чем он работает и с чем он должен взаимодействовать.

Программисты приучены к анализу кода на микроуровне и к тщательной проверке каждой строки кода на ошибки и уязвимости.

То есть в следующий раз он таких ошибок допускать уже не будет, и его уровень и компетенция будут постоянно расти.

1 day, 19 hours назад @ habr.com
Python-праздник на Positive Hack Days Fest 2
Python-праздник на Positive Hack Days Fest 2 Python-праздник на Positive Hack Days Fest 2

Двадцать шестого мая в рамках Positive Hack Days Fest 2 состоится Python Day, который мы проведем совместно с сообществом MoscowPython.

Импорты бинарных зависимостей в PythonИван Кривошеев, ведущий программист, Positive TechnologiesВ своем докладе хочется разобрать, как происходит импорт сишных зависимостей в Python, а также какой путь проходит интерпретатор, какие системные вызовы используются, какие механизмы задействованы.

Особенно если вам когда-нибудь хотелось самому реализовать что-то на другом языке и потом подключить внутрь любимого интерпретатора Python".

Михаил Гурбанов, fullstack-разработчик на Python, РайффайзенбанкКак давно вы проверяли свои трубы?

Чтобы послушать эти и другие …

1 day, 22 hours назад @ habr.com
Пошаговая шпаргалка по защите сервера от хакеров и другой нечисти
Пошаговая шпаргалка по защите сервера от хакеров и другой нечисти Пошаговая шпаргалка по защите сервера от хакеров и другой нечисти

Намудрите сложные пароли123456 123456789 1000000 12345678 12345 123123 12345zz qwerty Qwerty123 1234567890Шаг 2.

Используйте fail2banapt-get install fail2banyum install fail2banШаг 3.

Включите подключение по SSH$ ssh-keygen -t rsa$ cat ~/.ssh/id_rsa.pubssh -i <путь до приватного ключа> username@sudo nano /etc/ssh/sshd_configШаг 4.

Актуализируйте версии ОС и ПОБанк данных угроз безопасности информации (ФСТЭК),National Vulnerability Database,Common Vulnerabilities And Exposures,VulnDB – Vulnerability Intelligence.

Логируйте и мониторьтеВыводы

2 days назад @ habr.com
Инфраструктурный пентест по шагам: боковое перемещение и повышение привилегий в сети
Инфраструктурный пентест по шагам: боковое перемещение и повышение привилегий в сети Инфраструктурный пентест по шагам: боковое перемещение и повышение привилегий в сети

Реже, но пароли также встречаются в GPO;Кроме того, пароли некоторых учетных записей можно найти в поле Description;и просто в общедоступных сетевых папках.

secretsdump.py LOCAL -sam sam -system systemЗатем пентестер применяет атаку Hash Spraying, «распыляет»‎ хэши на действительные учетные записи в домене, или на разные компьютеры локально.

Перечисленные в статье техники и подходы, могут применяться очень по-разному в зависимости от обстоятельств, в которых оказался пентестер.

В книге раскрываются продвинутые методики и подходы (с примерами), используемые опытными пентестерами в работе с Metasploit.

Сборник статей о поиске уязвимостей и разведке в атакуемой сети, повышении привилегий, боко…

2 days назад @ habr.com
Хакер Хакер
последний пост 2 часа назад
Исследователь заявляет, что взломал DRM-технологию Microsoft
Исследователь заявляет, что взломал DRM-технологию Microsoft Исследователь заявляет, что взломал DRM-технологию Microsoft

К примеру, еще в 2022 году Говдяк сообщил инженерам Microsoft, что ему удалось скачать контент, защищенный PlayReady, с Canal+, премиальной VOD-платформы в Польше.

А в Microsoft тогда заявили СМИ, что «описанные проблемы касаются настроек, контролируемых поставщиком услуг, и безопасности стороннего клиента», подчеркнув, что речь не идет об уязвимости в службе или клиенте Microsoft.

Однако Говдяк продолжил изучать безопасность Microsoft PlayReady и теперь обратил внимание на международные стриминговые сервисы, которые используют PlayReady для защиты контента.

— Любой пользователь Windows может извлечь ключи для фильмов из стриминговых платформ, которые используют уязвимую технологию Microsof…

2 часа назад @ xakep.ru
Умный телевизор Hisense случайно вывел из строя Windows-компьютер владельца
Умный телевизор Hisense случайно вывел из строя Windows-компьютер владельца Умный телевизор Hisense случайно вывел из строя Windows-компьютер владельца

Присцилла Сноу (Priscilla Snow), музыкант и аудиодизайнер из Канады, рассказала, что ее телевизор Hisense помешал нормальной работе ее компьютера под управлением Windows.

Пользователь под ником Narayan B рассказывал на форуме Microsoft, что он нашел корень проблемы, которым оказался его телевизор Hisense, работающий на Android.

Оказалось, что телевизор Hisense генерирует «случайные UUID для обнаружения сети UPNP каждые несколько минут».

Windows, не понимая, зачем устройство это делает, видит это и добавляет все эти альтернативные устройства Hisense в свою службу Device Association Framework (DAF).

Narayan B писал, что и раньше замечал, как его телевизор Hisense заваливает обращениями систем…

16 часов назад @ xakep.ru
Количество атак на мобильные устройства в России возросло в 5,2 раза
Количество атак на мобильные устройства в России возросло в 5,2 раза Количество атак на мобильные устройства в России возросло в 5,2 раза

Так, Так, в первом квартале 2024 года их число увеличилось в 5,2 раза по сравнению с аналогичным периодом 2023 года и составило более 19 миллионов.

Количество атак Dwphon на российских пользователей выросло в марте 2024 года примерно на 25% по сравнению с декабрем прошлого года и насчитывает почти 222 000 случаев.

Однако в случае с Dwphon жертва получает зараженное устройство прямо из коробки, то есть купив его в магазине.

Однако в Mamont злоумышленники развили функциональность банковского троянца, чтобы выманивать платежные данные потенциальных жертв и получать доступ к их SMS-сообщениям.

Злоумышленники распространяют Mamont на неофициальных площадках, в том числе под видом приложений для …

22 часа назад @ xakep.ru
Картинки в водопаде. Учимся рисовать изображения радиоволнами
Картинки в водопаде. Учимся рисовать изображения радиоволнами Картинки в водопаде. Учимся рисовать изображения радиоволнами

Сигнал и его спектрСпектр — это пред­став­ление сиг­нала в час­тотной области, которое показы­вает, какие имен­но час­тоты при­сутс­тву­ют в сиг­нале.

Неп­рерыв­ный спектр — это ког­да сиг­нал содер­жит бес­конеч­ное чис­ло ком­понент, рас­пре­делен­ных в диапа­зоне час­тот.

% Амплитуда A = 1 ; % Частота в герцах f = 5 ; % Длительность нашего сигнала в секундах T = 1 ; % Частота дискретизации, или количество точек в секунду.

Это самый прос­той сиг­нал, который име­ет толь­ко одну час­тоту в спек­тре — это час­тота самой синусо­иды, то есть 5 Гц.

Уста­нав­лива­ем в нем все зна­чения в ноль и толь­ко ампли­туду час­тоты 5 Гц ста­вим в еди­ницу.

23 часа назад @ xakep.ru
Microsoft: ATP28 эксплуатировала баг в Windows Print Spooler несколько лет
Microsoft: ATP28 эксплуатировала баг в Windows Print Spooler несколько лет Microsoft: ATP28 эксплуатировала баг в Windows Print Spooler несколько лет

Уязвимость CVE-2022-38028 была обнаружена Агентством национальной безопасности США в 2022 году, и именно АНБ уведомило Microsoft о проблеме.

В итоге уязвимость исправили в октябре 2022 года, но тогда в компании не сообщали, что баг уже используют хакеры.

Он запускает исполняемый файл GooseEgg и сохраняется в скомпрометированной системе, добавляя запланированную задачу, запускающую servtask.bat, второй batch-скрипт, сохраненный на диске.

Кроме того, с помощью GooseEgg, в контексте службы PrintSpooler с правами SYSTEM, загружается embedded-DLL, в некоторых случаях называемый wayzgoose23.dll.

В Microsoft призвали клиентов применить патч для уязвимости CVE-2022-38028, выпущенный в 2022 году, а …

1 day назад @ xakep.ru
Малварь GuptiMiner распространялась через обновления антивируса eScan
Малварь GuptiMiner распространялась через обновления антивируса eScan Малварь GuptiMiner распространялась через обновления антивируса eScan

Эксперты Avast обнаружили, что северокорейские хакеры использовали механизм обновления индийского антивируса eScan для распространения вредоноса GuptiMiner, с помощью которого устанавливали бэкдоры в крупные корпоративные сети, а также доставляли криптовалютные майнеры.

Этот файл содержал необходимые обновления антивирусных баз, а также малварь GuptiMiner (в виде DLL-файла с именем version.dll).

На этом этапе происходила боковая загрузка DLL легитимными бинарниками eScan, что в итоге давало вредоносу привилегии системного уровня.

Специалисты Avast сообщают, что уведомили о проблеме разработчиков eScan и индийский CERT, и антивирусный вендор подтвердил, что в настоящее время угроза устранена…

1 day, 2 hours назад @ xakep.ru
Открыта регистрация на соревнования Киберколизей
Открыта регистрация на соревнования Киберколизей Открыта регистрация на соревнования Киберколизей

28 апреля (в 10:00 по московскому времени) команда Codeby приглашает вас принять участие в международных CTF-соревнованиях по кибербезопасности — Киберколизей.

Зарегистрироваться можно здесьПро командуМожно сделать все в одиночку или в команде, максимум — пять человек.

Если у тебя пока нет тиммейтов, загляни в группы в Telegram, Discord или на форум Codeby, там ты точно найдешь единомышленников.

Вычисление по IP-адресу и по виду из окна.

1 место : 50 000 рублей и годовая подписка на Xakep.ru: 50 000 рублей и годовая подписка на Xakep.ru 2 место : 40 000 рублей: 40 000 рублей 3 место: 30 000 рублейТакже тройка победителей получит скидку на любой курс Академии Кодебай в размере 50%, 40% и 30%…

1 day, 3 hours назад @ xakep.ru
Малварь атакует тех, кто ищет детское порно
Малварь атакует тех, кто ищет детское порно Малварь атакует тех, кто ищет детское порно

Различная малварь и вымогательское ПО, нацеленные на педофилов, начали появляться еще в 2010-х.

Также можно вспомнить, например, о громкой атаке на дакрнет-хостера Freedom Hosting II, произошедшей в 2017 году.

Как теперь пишет издание Bleeping Computer, на прошлой неделе ИБ-исследователь MalwareHunterTeam обнаружил образец исполняемого файла малвари CryptVPN, которая нацелена на педофилов.

Далее в записке сообщается, что человек должен заплатить 500 долларов на биткоин-адрес bc1q4zfspf0s2gfmuu8h5k0679sxgxjkd7aj5e6qyl в течение десяти дней, иначе информация о нем будет «слита».

На данный момент на этот адрес поступило лишь 86 долларов США, и исследователи сомневаются, что операторы CryptVPN …

1 day, 16 hours назад @ xakep.ru
Роскомнадзор сообщил, что блокирует около 150 популярных VPN-сервисов
Роскомнадзор сообщил, что блокирует около 150 популярных VPN-сервисов Роскомнадзор сообщил, что блокирует около 150 популярных VPN-сервисов

Начальник управления контроля и надзора в сфере электронных коммуникаций Роскомнадзора Евгений Зайцев рассказал, что в настоящее время Роскомнадзор блокирует около 150 популярных VPN-сервисов.

Также были заблокированы «порядка 700 материалов, которые распространяли пропаганду использования VPN для обхода блокировок».

Ранее в Роскомнадзоре уже перечисляли критерии, которые будут использоваться для внесения ресурсов в реестр в этой связи.

По словам Зайцева, под блокировку попали уже около 700 материалов, «которые распространяли пропаганду использования VPN для обхода блокировок».

Роскомнадзор регулярно обновляет перечень VPN, работающих в России, и ограничивает работу сервисов, которые наруша…

1 day, 18 hours назад @ xakep.ru
Атаки Scaly Wolf провалились из за ошибки хакеров при подмене файлов
Атаки Scaly Wolf провалились из за ошибки хакеров при подмене файлов Атаки Scaly Wolf провалились из за ошибки хакеров при подмене файлов

Считается, что эти преступники охотятся за корпоративными данными, преимущественно выбирая в качестве целей промышленные и логистические компании в РФ.

Кроме того, во время выполнения загрузчик пытается открыть множество случайных несуществующих в системе файлов и записать в них случайные данные.

Для определения процесса explorer.exe загрузчик перебирает структуры запущенных процессов и сравнивает контрольную сумму от имени процесса с сохраненным значением.

Отмечается, что в ходе неудавшейся кампании Scaly Wolf использовала последнюю версию White Snake, которая появилась в продаже в даркнете в конце марта.

Тогда же разработчики малвари объявили «весенние скидки»: приобрести доступ к малвари…

1 day, 19 hours назад @ xakep.ru
Agent Tesla. Учимся реверсить боевую малварь в Ghidra
Agent Tesla. Учимся реверсить боевую малварь в Ghidra Agent Tesla. Учимся реверсить боевую малварь в Ghidra

В этот раз я отой­ду от сво­ей тра­диции исполь­зовать IDA Pro для ревер­синга: вмес­то это­го возь­мем Ghidra.

info В прош­лый раз я пи­сал о Ghidra в 2019 году, ког­да этот инс­тру­мент толь­ко‑толь­ко стал дос­тупен широкой пуб­лике.

Для рас­паков­ки я исполь­зовал уста­рев­шую вер­сию 7-Zip (под­дер­жка извле­чения скрип­тов начина­ется с вер­сии 4.42 и прек­раща­ется в вер­сии 15.06).

В этой час­ти скрип­та мы видим спи­сок фай­лов в инстал­ляторе и парамет­ры запус­ка единс­твен­ного .exe (это инте­рес­но и при­годит­ся нам в даль­нейшем).

Мы мог­ли бы поп­робовать пой­ти «быс­трым» путем: заг­рузить вре­донос в отладчик, пос­тавить бряк на VirtualAlloc и... обло­мать­ся, потому что A…

2 days назад @ xakep.ru
Критическая уязвимость в WordPress-плагинге Forminator угрожает 300 000 сайтов
Критическая уязвимость в WordPress-плагинге Forminator угрожает 300 000 сайтов Критическая уязвимость в WordPress-плагинге Forminator угрожает 300 000 сайтов

В плагине Forminator для WordPress, который суммарно установлен на 500 000 сайтов, обнаружена критическая уязвимость, позволяющая злоумышленникам осуществлять беспрепятственную загрузку файлов на сервер.

Forminator компании WPMU DEV представляет собой конструктор для платежных форм, контактов, обратной связи, викторин, опросов и анкет для сайтов под управлением WordPress.

На прошлой неделе японский CERT опубликовал предупреждение о наличии в Forminator критической уязвимости (CVE-2024-28890, 9,8 балла по шкале CVSS), которая позволяет удаленным злоумышленникам загружать малварь на сайты, использующие плагин.

Администраторам сайтов, использующим Forminator, рекомендуется как можно скорее обн…

2 days назад @ xakep.ru
Мошенники прикидываются службой поддержки Telegram
Мошенники прикидываются службой поддержки Telegram Мошенники прикидываются службой поддержки Telegram

Специалисты компании FACCT (бывшая Group-IB в России) предупредили, что пользователям Telegram стали приходить сообщения от фейковой службы поддержки Telegram.

Злоумышленники пугают жертв, заявляя, что для их аккаунта была оформлена заявка на удаление.

Когда пользователь возражает, что не собирался удалять учетную запись, ему предлагают перейти по ссылке, чтобы отменить процедуру.

Ссылки на ресурсы для угона аккаунтов Telegram распространяются через личные сообщения, поэтому, эксперты пишут, что хакерам не требуется большое количество фишинговых страниц.

В FACCT напоминают, что сторонние лица не могут запросить удаление чужой учетной записи в Telegram.

2 days, 2 hours назад @ xakep.ru
Комментарии на GitHub используются для распространения малвари
Комментарии на GitHub используются для распространения малвари Комментарии на GitHub используются для распространения малвари

Исследователи обратили внимание, что хакеры злоупотребляют GitHub для распространения малвари.

На прошлой неделе эксперты McAfee рассказывали о фальшивом читерском ПО, которое на самом деле представляло собой модификацию инфостилера Redline.

Дело в том, что оставляя комментарий на GitHub, пользователь может прикрепить к нему файл, который в итоге будет загружен в CDN GitHub и связан с соответствующим проектом с помощью уникального URL в формате: https://www.github[.]com/{project_user}/{repo_name}/files/{file_id}/{file_name}.

Даже если компания узнает, что ее репозитории используются для распространения вредоносного ПО, не существует никаких настроек, позволяющих управлять файлами, прикрепле…

2 days, 18 hours назад @ xakep.ru
Шифровальщик HelloKitty переименован в HelloGookie и публикует данные CD Projekt Red и Cisco
Шифровальщик HelloKitty переименован в HelloGookie и публикует данные CD Projekt Red и Cisco Шифровальщик HelloKitty переименован в HelloGookie и публикует данные CD Projekt Red и Cisco

Авторы вымогателя HelloKitty объявили о смене названия на HelloGookie и опубликовал пароли к ранее выложенным в сеть данным CD Projekt Red и Cisco, а также ключи дешифрования для старых атак.

Напомним, что вымогатель HelloKitty появился еще в 2020 году и активно атаковал корпоративные сети, похищая данные и шифруя системы.

Тогда предполагаемый автор малвари, скрывающийся под kapuchin0, завил, что разрабатывает новый, более мощный шифровальщик и более не нуждается в HelloKitty.

Также была обнародована внутренняя информация, украденная у компании Cisco во время атаки 2022 года, и пароли для похищенного у CD Projekt Red исходного кода Gwent, Witcher 3 и Red Engine.

Как отмечают журналисты, дос…

2 days, 19 hours назад @ xakep.ru
In English 🇺🇸
The Hacker News The Hacker News
последний пост 4 часа назад
Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny
Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny Google Postpones Third-Party Cookie Deprecation Amid U.K. Regulatory Scrutiny

Google has once again pushed its plans to deprecate third-party tracking cookies in its Chrome web browser as it works to address outstanding competition concerns from U.K. regulators over its Privacy Sandbox initiative.

The tech giant said it's working closely with the U.K. Competition and Markets Authority (CMA) and hopes to achieve an agreement by the end of the year.

Privacy Sandbox refers to a set of initiatives that offers privacy-preserving alternatives to tracking cookies and cross-app identifiers in order to serve tailored ads to users.

Both Apple and Mozilla both discontinued support for third-party cookies in 2020.

The development comes as Google said it's updating client-side en…

4 часа назад @ thehackernews.com
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage
State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage State-Sponsored Hackers Exploit Two Cisco Zero-Day Vulnerabilities for Espionage

A new malware campaign leveraged two zero-day flaws in Cisco networking gear to deliver custom malware and facilitate covert data collection on target environments.

Cisco Talos, which dubbed the activity ArcaneDoor, attributing it as the handiwork of a previously undocumented sophisticated state-sponsored actor it tracks under the name UAT4356 (aka Storm-1849 by Microsoft).

Exactly which country is behind ArcaneDoor is unclear, however both Chinese and Russian state-backed hackers have targeted Cisco routers for cyber espionage purposes in the past.

Cisco Talos also did not specify how many customers were compromised in these attacks.

"Perimeter network devices are the perfect intrusion poi…

5 часов назад @ thehackernews.com
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks

"These actors targeted more than a dozen U.S. companies and government entities through cyber operations, including spear-phishing and malware attacks," the Treasury Department said.

Nasab, Harooni, and Salmani have also been responsible for procuring and maintaining the online network infrastructure used to facilitate the intrusions, the DoJ said.

Each of the defendants has been charged with conspiracy to commit computer fraud, conspiracy to commit wire fraud, and wire fraud.

If convicted, they face up to five years in prison for the computer fraud conspiracy, and up to 20 years in prison for each count of wire fraud and conspiracy to commit wire fraud.

Nasab, Harooni, and Salmani have als…

21 час назад @ thehackernews.com
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Cybersecurity researchers have discovered an ongoing attack campaign that's leveraging phishing emails to deliver malware called SSLoad.

The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software.

"Once inside the system, SSLoad deploys multiple backdoors and payloads to maintain persistence and avoid detection."

The initial reconnaissance phase paves the way for Cobalt Strike, a legitimate adversary simulation software, which is then used to download and install ScreenConnect, thereby allowing the threat actors to remotely commandeer the host.

"With this level of access, they could get into any…

21 час назад @ thehackernews.com
Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users
Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users

Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious actors.

The only vendor whose keyboard app did not have any security shortcomings is that of Huawei's.

Following responsible disclosure, every keyboard app developer with the exception of Honor and Tencent (QQ Pinyin) have addressed the issues as of April 1, 2024.

Users are advised to keep their apps and operating systems up-to-date and switch to a keyboard app that entirely operates on-device to mitigate these privacy issues.

Other recommendations call on app developers to use well-tested and standard encryption protocols instead of developing homegrown version…

1 day, 1 hour назад @ thehackernews.com
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

A new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks.

The intricate and elaborate infection chain, at its core, leverages a security shortcoming in the update mechanism of Indian antivirus vendor eScan to propagate the malware by means of an adversary-in-the-middle (AitM) attack.

"GuptiMiner hosts their own DNS servers for serving true destination domain addresses of C&C servers via DNS TXT responses," researchers Jan Rubín and Milánek said.

"As the malware connects to the malicious DNS servers direct…

1 day, 3 hours назад @ thehackernews.com
CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers
CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers

A new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024.

Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-origin group that came to light earlier this month.

"This threat actor is using a Content Delivery Network (CDN) cache to store the malicious files on their network edge host in this campaign, avoiding request delay," Talos researchers Joey Chen, Chetan Raghuprasad, and Alex Karkins said.

"The actor is using the CDN cache as a download server to dece…

1 day, 6 hours назад @ thehackernews.com
Apache Cordova App Harness Targeted in Dependency Confusion Attack
Apache Cordova App Harness Targeted in Dependency Confusion Attack Apache Cordova App Harness Targeted in Dependency Confusion Attack

Researchers have identified a dependency confusion vulnerability impacting an archived Apache project called Cordova App Harness.

Dependency confusion attacks take place owing to the fact that package managers check the public repositories before private registries, thus allowing a threat actor to publish a malicious package with the same name to a public package repository.

This causes the package manager to inadvertently download the fraudulent package from the public repository instead of the intended private repository.

A May 2023 analysis of npm and PyPI packages stored in cloud environments by cloud security company Orca revealed that nearly 49% of organizations are vulnerable to a de…

1 day, 20 hours назад @ thehackernews.com
Webinar: Learn Proactive Supply Chain Threat Hunting Techniques
Webinar: Learn Proactive Supply Chain Threat Hunting Techniques Webinar: Learn Proactive Supply Chain Threat Hunting Techniques

This comprehensive session, led by industry experts Rhys Arkins (VP of Product) and Jeffrey Martin (VP of Product Marketing), promises an in-depth exploration of the supply chain threat landscape.

Proactive Threat Hunting Methodologies: Uncover cutting-edge techniques tailored specifically for the software supply chain ecosystem, empowering you to identify and neutralize threats before they can strike.

Uncover cutting-edge techniques tailored specifically for the software supply chain ecosystem, empowering you to identify and neutralize threats before they can strike.

Empower yourself with the knowledge and tools to proactively hunt, identify, and neutralize threats lurking within your soft…

1 day, 23 hours назад @ thehackernews.com
Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery
Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery

The hidden cost of cyberattacksWhile the financial burden of ransomware payments and data recovery is undeniable, the true cost of a cyberattack goes far beyond immediate expenses.

Incidents such as data breaches can violate privacy regulations such as the GDPR (General Data Protection Regulation) in Europe and CCPA (California Consumer Privacy Act) in the US.

Moreover, the recovery process from a cyberattack often involves substantial investments in cybersecurity measures, legal fees, and compensations, further contributing to the overall financial impact.

By staying informed about potential cybersecurity threats and learning how to counteract them, individuals can significantly mitigate t…

2 days назад @ thehackernews.com
Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases
Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases

European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE).

They called on the industry and governments to take urgent action to ensure public safety across social media platforms.

"Privacy measures currently being rolled out, such as end-to-end encryption, will stop tech companies from seeing any offending that occurs on their platforms," Europol said.

"But the blunt and increasingly widespread rollout by major tech companies of end-to-end encryption, without sufficient consideration for public safety, is putting users in danger."

"We do not accept that there need be a binary cho…

2 days назад @ thehackernews.com
German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies
German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies

German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China.

"At the time of their arrest, the defendants were in further negotiations on research projects that could be useful for expanding China's maritime combat power," the agency said.

The development comes as the Generalbundesanwalt announced the arrest of another citizen named Jian G for acting as an agent for the Chinese Secret Service while working for a German Member of the European Parliament since 2019.

"In addition, he spied on Chinese opposition members in Germany for the intelligence service."

Last week, the Office of the Federal Prosecutor also executed an arrest warrant ag…

2 days назад @ thehackernews.com
U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse
U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or who are immediately family members of those involved in such businesses.

The names of those subjected to visa restrictions were not disclosed, but the move comes more than two months after the U.S. government said it's enacting a new policy that enforces visa constraints on people engaging in practices that could threaten privacy and freedom of expression.

It also aims to counter the misuse and proliferation of commercial spyware that has been put to use by authoritarian governments to spy on civil society…

2 days, 4 hours назад @ thehackernews.com
Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware
Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the Microsoft Windows Print Spooler component to deliver a previously unknown custom malware called GooseEgg.

"Forest Blizzard has used the tool [...] to exploit the CVE-2022-38028 vulnerability in Windows Print Spooler service by modifying a JavaScript constraints file and executing it with SYSTEM-level permissions," the company said.

"Forest Blizzard's objective in deploying GooseEgg is to gain elevated access to target systems and steal credentials and information," Microsoft said.

The GooseEgg binary supports commands to trigger the exploit and launch either a provided dynamic-link library (DLL) o…

2 days, 6 hours назад @ thehackernews.com
Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft
Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft Russian Hacker Group ToddyCat Uses Advanced Tools for Industrial-Scale Data Theft

The threat actor known as ToddyCat has been observed using a wide range of tools to retain access to compromised environments and steal valuable data.

A closer examination of the threat actor's tradecraft has since uncovered additional data exfiltration tools like LoFiSe and Pcexter to gather data and upload archive files to Microsoft OneDrive.

The latest set of programs entail a mix of tunneling data gathering software, which are put to use after the attacker has already obtained access to privileged user accounts in the infected system.

"To protect the organization's infrastructure, we recommend adding to the firewall denylist the resources and IP addresses of cloud services that provide …

2 days, 19 hours назад @ thehackernews.com
threatpost threatpost
последний пост None
DarkReading
последний пост 4 months, 4 weeks назад
Cyber Threats to Watch Out for in 2024
Cyber Threats to Watch Out for in 2024

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

4 months, 4 weeks назад @ darkreading.com
CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines
CISA, NCSC Offer a Road Map, Not Rules, in New Secure AI Guidelines

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

4 months, 4 weeks назад @ darkreading.com
Ardent Health Hospitals Disrupted After Ransomware Attack
Ardent Health Hospitals Disrupted After Ransomware Attack

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

4 months, 4 weeks назад @ darkreading.com
General Electric, DARPA Hack Claims Raise National Security Concerns
General Electric, DARPA Hack Claims Raise National Security Concerns

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

4 months, 4 weeks назад @ darkreading.com
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

4 months, 4 weeks назад @ darkreading.com
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity
Data De-Identification: Balancing Privacy, Efficacy & Cybersecurity

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

4 months, 4 weeks назад @ darkreading.com
Balancing Simplicity and Security in the Digital Experience
Balancing Simplicity and Security in the Digital Experience

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

5 months назад @ darkreading.com
Hack The Box Launches 5th Annual University CTF Competition
Hack The Box Launches 5th Annual University CTF Competition

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

5 months назад @ darkreading.com
Fake Browser Updates Targeting Mac Systems With Infostealer
Fake Browser Updates Targeting Mac Systems With Infostealer

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

5 months назад @ darkreading.com
Kiteworks' Maytech Acquisition Reaffirms Commitment to UK Market
Kiteworks' Maytech Acquisition Reaffirms Commitment to UK Market

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

5 months назад @ darkreading.com
Generative AI Takes on SIEM
Generative AI Takes on SIEM

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

5 months назад @ darkreading.com
Web Shells Gain Sophistication for Stealth, Persistence
Web Shells Gain Sophistication for Stealth, Persistence

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

5 months назад @ darkreading.com
Qatar Cyber Agency Runs National Cyber Drills
Qatar Cyber Agency Runs National Cyber Drills

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

5 months назад @ darkreading.com
Researchers Undermine 'Windows Hello' on Lenovo, Dell, Surface Pro PCs
Researchers Undermine 'Windows Hello' on Lenovo, Dell, Surface Pro PCs

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

5 months назад @ darkreading.com
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions
Mideast Oil & Gas Facilities Could Face Cyber-Related Energy Disruptions

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

5 months назад @ darkreading.com
WeLiveSecurity
последний пост 1 day, 21 hours назад
How technology drives progress – A Q&A with Nobel laureate Michel Mayor
How technology drives progress – A Q&A with Nobel laureate Michel Mayor How technology drives progress – A Q&A with Nobel laureate Michel Mayor

We spoke to Michel Mayor about the importance of public engagement with science and fostering responsibility among the youth for the preservation of our changing planetJoin us as we speak to the Nobel Prize-winning astronomer Michel Mayor about the intersection of technology and scientific discovery, the art of making science accessible to all, and the imperative of nurturing environmental stewardship among the youth.

In this short video, Professor Mayor offers his quick takes on:the role of technology in driving scientific progressstrategies for communicating complex scientific concepts to the broader publicfostering a sense of responsibility among the youth towards the preservation of pla…

1 day, 21 hours назад @ welivesecurity.com
The vision behind Starmus – A Q&A with the festival’s co-founder Garik Israelian
The vision behind Starmus – A Q&A with the festival’s co-founder Garik Israelian The vision behind Starmus – A Q&A with the festival’s co-founder Garik Israelian

Dr. Israelian talks about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the strong sense of community within the Starmus universeIn this exclusive interview, we delve into the heart of the Starmus Festival with Dr. Garik Israelian, an astrophysicist and the visionary force behind the festival.

Join us as Dr. Israelian shares his views about Starmus's vision and mission, the importance of inspiring and engaging audiences, and the sense of community within the Starmus universe.

What’s the goal of Starmus?

How is the Starmus community evolving?

What empowering messages does Starmus convey to the youth?

2 days, 1 hour назад @ welivesecurity.com
Protecting yourself after a medical data breach – Week in security with Tony Anscombe
Protecting yourself after a medical data breach – Week in security with Tony Anscombe Protecting yourself after a medical data breach – Week in security with Tony Anscombe

What are the risks and consequences of having your health data exposed and what are the steps to take if it happens to you?

Attackers behind the disruptive ransomware attack at medical firm Change Healthcare in late February have begun to leak what they claim are corporate and patient data stolen during the attack.

In this week's video, Tony looks at the risks and consequences of having your health data exposed and the steps you should take if your data is exposed.

5 days, 21 hours назад @ welivesecurity.com
The many faces of impersonation fraud: Spot an imposter before it’s too late
The many faces of impersonation fraud: Spot an imposter before it’s too late The many faces of impersonation fraud: Spot an imposter before it’s too late

This is impersonation fraud, and it’s fast becoming one of the highest earners for cybercriminals.

What does impersonation fraud look like?

Fake social media accounts are a growing challenge; used to spread scam links and too-good-to-be-true offers.

Bogus notificationUnusual messages: Phishing emails often contain inconsistencies which mark them out as impersonation fraud.

With any impersonation fraud, the key is: be skeptical, slow down, and independently verify they are who they say they are.

1 week назад @ welivesecurity.com
The ABCs of how online ads can impact children’s well-being
The ABCs of how online ads can impact children’s well-being The ABCs of how online ads can impact children’s well-being

From promoting questionable content to posing security risks, inappropriate ads present multiple dangers for children.

With the rise of social media influencers and curated online content, ads often portray an idealized version of reality that may not reflect the complexities of everyday life.

Parents or responsible adults must help children critically evaluate media messages and develop a balanced perspective.

Security and privacy risksSome ads that children may be exposed to can pose significant security and privacy risks.

From promoting questionable content to posing financial, security, and privacy risks, ads present multiple dangers for young minds.

1 week, 2 days назад @ welivesecurity.com
Bitcoin scams, hacks and heists – and how to avoid them
Bitcoin scams, hacks and heists – and how to avoid them Bitcoin scams, hacks and heists – and how to avoid them

Here’s how cybercriminals target cryptocurrencies and how you can keep your bitcoin or other crypto safeBitcoin is on a tear.

Threat actors are primed and ready to ruthlessly exploit any users lacking digital savvy – via scams and sophisticated malware.

We can divide the main threats into three types: malware, scams and third-party breaches.

Examples of scam sites (source: ESET Threat Report H1 2023)2.

Bogus play-to-earn video game (source: ESET Threat Report H1 2023)3.

1 week, 3 days назад @ welivesecurity.com
eXotic Visit includes XploitSPY malware – Week in security with Tony Anscombe
eXotic Visit includes XploitSPY malware – Week in security with Tony Anscombe eXotic Visit includes XploitSPY malware – Week in security with Tony Anscombe

Could your messaging app of choice have been authored by a threat actor known as Virtual Invaders?

As described by ESET researchers this week, this is what happened to the victims of an ongoing and targeted Android espionage campaign called eXotic Visit that began in late 2021 and pose as messaging services.

The malicious apps – which were distributed through dedicated websites and even Google Play – masqueraded as messaging services, but came bundled with the XploitSPY malware.

The campaign appears to have targeted people mainly in Pakistan and India.

To learn more, watch the video and make sure to read the full blogpost.

1 week, 5 days назад @ welivesecurity.com
Beyond fun and games: Exploring privacy risks in children’s apps
Beyond fun and games: Exploring privacy risks in children’s apps Beyond fun and games: Exploring privacy risks in children’s apps

But they could also expose them to exploitative advertising, inappropriate content, and security and privacy risks.

The challenge for parents is compounded by complex privacy settings, opaque privacy policies, regulatory loopholes, weak enforcement and our own lack of awareness.

Limited privacy information: Despite regulatory requirements in many jurisdictions, kids’ apps can feature opaque privacy/security policies which make it unclear how your child’s data will be used and protected.

Security risks: Mobile apps also pose significant security risks.

Educate your children about the importance of protecting their personal information and the potential consequences of security and privacy ri…

2 weeks назад @ welivesecurity.com
eXotic Visit campaign: Tracing the footprints of Virtual Invaders
eXotic Visit campaign: Tracing the footprints of Virtual Invaders eXotic Visit campaign: Tracing the footprints of Virtual Invaders

At that time, there were five apps available, using the names ChitChat.apk, LearnSindhi.apk, SafeChat.apk, wechat.apk, and wetalk.apk.

Dink Messenger on Google Play implemented emulator checks (just as Alpha Chat), whereas the one on the dedicated website did not.

Sim Info reached over 30 installs on Google Play; we have no information about when it was removed from the store.

The Specialist Hospital app, available on GitHub, poses as the app for Specialist Hospital in India (specialisthospital.in); see Figure 10.

However, the same GitHub account now hosts several new malicious apps available for download.

2 weeks, 1 day назад @ welivesecurity.com
The devil is in the fine print – Week in security with Tony Anscombe
The devil is in the fine print – Week in security with Tony Anscombe The devil is in the fine print – Week in security with Tony Anscombe

Many people bagged Temu's offer and went on to post 'invitation codes' across social media sites in an effort to multiply the rewards for themselves and their relatives and friends.

The company later revised the terms of the giveaway, but the issue put the spotlight on the data collection practices of popular online services these days.

Some of the questions this leads to, however, are:Did Temu's new users read the fine print?

What should you consider before agreeing to these kinds of offers?

Find out in this week's edition of Week in security.

2 weeks, 5 days назад @ welivesecurity.com
How often should you change your passwords?
How often should you change your passwords? How often should you change your passwords?

In other words, there isn’t a one-size-fits-all answer to when you should change your password(s).

The former means it is easier to store and recall long, strong and unique passwords for every account.

New passwords, especially if created every few months, are also more likely to be written down and/or forgotten, according to the NCSC.

“It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack.

We believe this reduces the vulnerabilities associated with regularly expiring passwords while doing little to increase the risk of long-term password exploitation.”When to change your passwordHowever, …

3 weeks, 1 day назад @ welivesecurity.com
Malware hiding in pictures? More likely than you think
Malware hiding in pictures? More likely than you think Malware hiding in pictures? More likely than you think

Hence, threat actors continually seek different ways to evade detection, and among those techniques is using malware hidden in images or photos.

Malware placed inside images of various formats is a result of steganography, the technique of hiding data within a file to avoid detection.

Another piece of malware must be delivered that takes care of extracting the malicious code and running it.

It might seem like both pictures are the same, but one of them includes malicious code in the alpha channel of its pixels.

From left to right: Clean image, image with malicious content, and the same malicious image enhanced to highlight the malicious code (Source: ESET Research)As you can see, the differ…

3 weeks, 2 days назад @ welivesecurity.com
RDP remains a security concern – Week in security with Tony Anscombe
RDP remains a security concern – Week in security with Tony Anscombe RDP remains a security concern – Week in security with Tony Anscombe

Much has been written about the risks that poorly-secured RDP connections entail, but many organizations continue to leave themselves at risk and get hit by data breaches as a resultRemote Desktop Protocol (RDP) turned out to be a lifeline for organizations around the world during the mass shift to remote and hybrid work arrangements.

Its popularity didn't escape the attention of cybercriminals, and RDP remains a popular attack vector among many bad actors intent on wreaking havoc on corporate networks.

While much has been written about the risks that poorly-secured RDP connections entail, reports show that many organizations continue to leave themselves exposed – and are even hit by data b…

3 weeks, 6 days назад @ welivesecurity.com
Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world
Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world Cybercriminals play dirty: A look back at 10 cyber hits on the sporting world

As anticipation builds for the upcoming 2024 Summer Olympics in Paris, let’s look at 10 cases where sports organizations fell victim to cyberattacks.

The spear phishing attack lured the victim to a bogus Office 365 login page where he unknowingly surrendered his login credentials.

Kneecapped by ransomwareIn November 2020, Manchester United fell victim to a ransomware attack that disrupted the club’s digital operations.

In October 2023, a different kind of buzzer sounded for the French basketball team ASVEL – it signaled a data breach orchestrated by the NoEscape ransomware gang.

This incident compromised servers storing sensitive data, including names, surnames, postal addresses, email addr…

4 weeks назад @ welivesecurity.com
Borrower beware: Common loan scams and how to avoid them
Borrower beware: Common loan scams and how to avoid them Borrower beware: Common loan scams and how to avoid them

Personal loan scams prey on your financial vulnerability and might even trap you in a vicious circle of debt.

In the UK, losses for loan fee fraud average £255 ($323) per victim.

Top loan fraud threatsThere are a handful of loan fraud scams, each of which uses slightly different tactics.

Loan fee (advance fee) fraudProbably the most common type of loan fraud, this usually involves a scammer posing as a legitimate lender.

Malicious loan appsIn recent years, ESET has observed a concerning rise in malicious Android apps disguised as legitimate loan apps.

1 month назад @ welivesecurity.com
Naked Security Naked Security
последний пост 7 months назад
Update on Naked Security
Update on Naked Security Update on Naked Security

Dear Naked Security readers,Firstly, thank you for your interest, your time, and your contributions to the Naked Security community.

We have recently added the extensive catalog of Naked Security articles to the Sophos News blog platform, enabling us to provide all Sophos security research, insights, and intelligence in a single location.

We are redirecting articles from Naked Security to Sophos News and you can continue to access the Naked Security article library whenever you need it.

You can find their articles in the Security Operations, Threat Research and AI Research sections of this blog.

Whether you’re a threat hunter, security administrator, IT/security generalist, home user or mor…

7 months назад @ news.sophos.com
Mom’s Meals issues “Notice of Data Event”: What to know and what to do
Mom’s Meals issues “Notice of Data Event”: What to know and what to do Mom’s Meals issues “Notice of Data Event”: What to know and what to do

Mom’s Meals issues “Notice of Data Event”: What to know and what to do

7 months, 4 weeks назад @ nakedsecurity.sophos.com
S3 Ep149: How many cryptographers does it take to change a light bulb?
S3 Ep149: How many cryptographers does it take to change a light bulb? S3 Ep149: How many cryptographers does it take to change a light bulb?

S3 Ep149: How many cryptographers does it take to change a light bulb?

8 months назад @ nakedsecurity.sophos.com
Using WinRAR? Be sure to patch against these code execution bugs…
Using WinRAR? Be sure to patch against these code execution bugs… Using WinRAR? Be sure to patch against these code execution bugs…

Using WinRAR?

Be sure to patch against these code execution bugs…

8 months назад @ nakedsecurity.sophos.com
Smart light bulbs could give away your password secrets
Smart light bulbs could give away your password secrets Smart light bulbs could give away your password secrets

Have you listened to our podcast?

8 months назад @ nakedsecurity.sophos.com
“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?
“Snakes in airplane mode” – what if your phone says it’s offline but isn’t? “Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

“Snakes in airplane mode” – what if your phone says it’s offline but isn’t?

8 months, 1 week назад @ nakedsecurity.sophos.com
S3 Ep148: Remembering crypto heroes
S3 Ep148: Remembering crypto heroes S3 Ep148: Remembering crypto heroes

Have you listened to our podcast?

8 months, 1 week назад @ nakedsecurity.sophos.com
FBI warns about scams that lure you in as a mobile beta-tester
FBI warns about scams that lure you in as a mobile beta-tester FBI warns about scams that lure you in as a mobile beta-tester

Have you listened to our podcast?

8 months, 1 week назад @ nakedsecurity.sophos.com
“Grab hold and give it a wiggle” – ATM card skimming is still a thing
“Grab hold and give it a wiggle” – ATM card skimming is still a thing “Grab hold and give it a wiggle” – ATM card skimming is still a thing

Have you listened to our podcast?

8 months, 1 week назад @ nakedsecurity.sophos.com
Crimeware server used by NetWalker ransomware seized and shut down
Crimeware server used by NetWalker ransomware seized and shut down Crimeware server used by NetWalker ransomware seized and shut down

Have you listened to our podcast?

8 months, 2 weeks назад @ nakedsecurity.sophos.com
S3 Ep147: What if you type in your password during a meeting?
S3 Ep147: What if you type in your password during a meeting? S3 Ep147: What if you type in your password during a meeting?

S3 Ep147: What if you type in your password during a meeting?

8 months, 2 weeks назад @ nakedsecurity.sophos.com
Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories
Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories Microsoft Patch Tuesday: 74 CVEs plus 2 “Exploit Detected” advisories

Have you listened to our podcast?

8 months, 2 weeks назад @ nakedsecurity.sophos.com
Help Net Security Help Net Security
последний пост 59 минут назад
56% of cyber insurance claims originate in the email inbox
56% of cyber insurance claims originate in the email inbox 56% of cyber insurance claims originate in the email inbox

The 2024 Cyber Claims Report is based on reported claims data from January 1 to December 31, 2023.

Drop in ransomware severity, frequency, and demands in 2H 2023Overall claims frequency increased 13% year-over-year (YoY), and overall claims severity increased 10% YoY, resulting in an average loss of $100,000.

As ransomware payments hit $1 billion globally, Coalition ransomware severity dropped by 54%.

Ransomware severity, frequency, and demands all dropped in 2H 2023, though not enough to offset the surge in 1H.

FTF frequency increased by 15% YoY, and severity increased by 24%, to an average loss of more than $278,000.

59 минут назад @ helpnetsecurity.com
Anatomy IT’s new Security Suite targets healthcare cybersecurity threats, improves incident response
Anatomy IT’s new Security Suite targets healthcare cybersecurity threats, improves incident response Anatomy IT’s new Security Suite targets healthcare cybersecurity threats, improves incident response

Anatomy IT has announced the launch of an expanded end-to-end cybersecurity product suite designed to safeguard healthcare delivery organizations from evolving and growing IT system threats.

This alignment reaffirms Anatomy IT’s commitment to providing its customers with a comprehensive cybersecurity approach that adheres to world-class security standards.

Anatomy IT’s expanded Security Suite not only addresses the growing cybersecurity concerns faced by healthcare organizations, but also strengthens its approach to incident response and remediation.

Rooted in a methodical approach, the Risk Discovery Tool quantifies a healthcare organization’s risk tolerance and posture through a series of…

59 минут назад @ helpnetsecurity.com
Dropbox announces a number of security and data protection features
Dropbox announces a number of security and data protection features Dropbox announces a number of security and data protection features

So, Dropbox is adding even more advanced data protection features, designed to be easy-to-use for all business teams.

: Safeguards data so only the sender and recipient can access content, which means that no one—not even Dropbox—can get into those files.

Dropbox Replay for OneDrive: Bring media files from OneDrive directly into Dropbox Replay for reviews and approvals.

Quick view, quick access, and suggested quick actions will begin rolling out globally now.

The Avid Pro Tools integration and added rich media support are available now to all Replay customers.

1 час назад @ helpnetsecurity.com
AuditBoard AI automates important tasks for security teams
AuditBoard AI automates important tasks for security teams AuditBoard AI automates important tasks for security teams

As part of the company’s innovative and award-winning connected risk platform, AuditBoard AI incorporates generative AI, and other private AI models to help audit, risk, infosec, and ESG teams work smarter while meeting the security and privacy needs of the enterprise.

The application of AI represents a significant opportunity for teams managing risk to better connect data across functions, craft content, and proactively surface issues, risks, and insights.

“AuditBoard AI has been a game-changer for me and my team,” said Melissa Pici, Senior IT Audit Manager at Syniverse.

“AuditBoard AI helps them do just that.

By taking a human-centered approach, AuditBoard also ensures that safety, transp…

1 час назад @ helpnetsecurity.com
Appdome upgrades MOBILEBot Defense for tailored WAF integration
Appdome upgrades MOBILEBot Defense for tailored WAF integration Appdome upgrades MOBILEBot Defense for tailored WAF integration

Appdome MOBILEBot Defense provides the way to avoid these complex challenges, making it easy for customers to deliver mobile anti-bot defense on top of any installed WAF.

The Appdome MOBILEBot Defense solution is fully portable across all new and old, on-premise and cloud WAFs.

Three modes of DEVICETrust are available with Appdome MOBILEBot Defense:Adaptive Trust – uses the Appdome Bot Defense Framework intelligence to dynamically adjust the evaluation model based on the responsiveness of each WAF connected to MOBILEBot defense.

– uses the Appdome Bot Defense Framework intelligence to dynamically adjust the evaluation model based on the responsiveness of each WAF connected to MOBILEBot defe…

1 час назад @ helpnetsecurity.com
Fireblocks expands DeFi suite with threat detection features
Fireblocks expands DeFi suite with threat detection features Fireblocks expands DeFi suite with threat detection features

Fireblocks introduced new security features to its DeFi suite: dApp Protection and Transaction Simulation.

Navigating the surge in DeFi: Innovations, adoptions, and security challengesDecentralized finance (DeFi) is experiencing a renewed wave of retail adoption and institutional capital allocation.

That’s why, Fireblocks launched new threat-detection features within DeFi suite: dApp Protection and Transaction Simulation.

Leveraging real-time threat detection, dApp Protection analyzes key threat vectors to identify malicious patterns such as imitative URLs, harmful javascript elements, and suspicious registrars.

Now, every user along the DeFi transaction lifecycle can gain the same level of…

2 часа назад @ helpnetsecurity.com
Nagomi Security raises $30 million to help security teams improve their level of protection
Nagomi Security raises $30 million to help security teams improve their level of protection Nagomi Security raises $30 million to help security teams improve their level of protection

Nagomi Security emerged from stealth with $30 million in funding to fundamentally redefine how security teams optimize effectiveness and drive efficiency from their existing security tools.

“We have our sights set on solving one of the most pervasive problems in cybersecurity today,” said Emanuel Salmona, CEO, Nagomi Security.

“Nagomi is leading the charge on proactive security,” said Morgan Gerlak, Partner, TCV.

“Security teams are constantly deploying new tools and maintaining old ones.

“The time to value with Nagomi’s Proactive Defense Platform is remarkable.

2 часа назад @ helpnetsecurity.com
BforeAI raises $15 million to prevent attacks before they occur
BforeAI raises $15 million to prevent attacks before they occur BforeAI raises $15 million to prevent attacks before they occur

BforeAI autonomously maps and predicts malicious infrastructure through the ingestion of massive datasets, analyzing Internet metadata and establishing baselines to detect anomalies, deterring them before they turn into attacks.

This unique capability empowers customers with a preemptive active defense posture that enables security teams to stop attacks before they are executed.

With multiple AI/ML patents behind its technology, BforeAI specializes in predictive attack intelligence and automated digital risk protection services.

BforeAI is the first company to bring a predictive approach to improve organizations’ cyber posture.

This learning technology is constantly improving anomaly identi…

3 часа назад @ helpnetsecurity.com
Applying DevSecOps principles to machine learning workloads
Applying DevSecOps principles to machine learning workloads Applying DevSecOps principles to machine learning workloads

That’s where machine learning security operations (MLSecOps) enters the picture.

It extends DevSecOps principles into AI and across the machine learning lifecycle.

Unlike in a conventional software development environment with an integrated development environment (IDE), data scientists typically write code using Jupyter Notebooks.

In the machine learning space, the focus is iterative, building a trainable model that leads to better outcomes.

The ultimate goal is transparency and traceability across the machine learning supply chain.

6 часов назад @ helpnetsecurity.com
Overcoming GenAI challenges in healthcare cybersecurity
Overcoming GenAI challenges in healthcare cybersecurity Overcoming GenAI challenges in healthcare cybersecurity

In this Help Net Security interview, Assaf Mischari, Managing Partner, Team8 Health, discusses the risks associated with GenAI healthcare innovations and their impact on patient privacy.

What are the key cybersecurity challenges in healthcare in the context of GenAI, and how can they be effectively addressed?

Improved privacy-preserving techniques that allow for the training of GenAI models without directly accessing or sharing raw patient data, should be utilized.

Storing healthcare data in secure, encrypted databases with strict access controls and strict authentication methods, such as multi-factor authentication (MFA) is necessary.

The decision-making process of GenAI models should be t…

6 часов назад @ helpnetsecurity.com
25 cybersecurity AI stats you should know
25 cybersecurity AI stats you should know 25 cybersecurity AI stats you should know

Zscaler | AI Security Report 2024 | March 2024Today, enterprises block 18.5% of all AI transactions, a 577% increase from April to January, for a total of more than 2.6 billion blocked transactions.

Some of the most popular AI tools are also the most blocked.

HiddenLayer | AI Threat Landscape Report 2024 | March 202498% of companies surveyed view some of their AI models as vital for business success, and 77% have experienced breaches in their AI systems over the past year.

The survey revealed that 12% of respondents said their organizations had blocked all access to generative AI tools in the workplace.

Netskope | Cloud and Threat Report 2024 | January 2024

7 часов назад @ helpnetsecurity.com
73% of SME security pros missed or ignored critical alerts
73% of SME security pros missed or ignored critical alerts 73% of SME security pros missed or ignored critical alerts

SME and midmarket companies are facing increasing volumes and complexity of cyberattacks, yet lack the resources and expertise for adequate defense.

According to the survey, 73% of SME security professionals have missed, ignored or failed to act on critical security alerts, with respondents noting a lack of staff and a lack of time as the top two reasons.

On average, respondents manage 2029.91 endpoint security agents installed across 655.92 endpoint devices.

“The reality is that enterprise security tools – designed for large teams with endless resources – have failed SMEs.

With limited staff, SMEs struggle with the complexity of managing their security, torn between budget constraints, lim…

7 часов назад @ helpnetsecurity.com
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)

A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day vulnerabilities (CVE-2024-20353, CVE-2024-20359) to install backdoors on them, Cisco Talos researchers have shared on Wednesday.

“The actor overrides the pointer to the default host-scan-reply code to instead point to the Line Dancer shellcode interpreter.

Patch, investigate, respondCisco has released patches for CVE-2024-20353 and CVE-2024-20359, provided indicators of compromise, Snort signatures, and has outlined several methods for locating the Line Runner backdoor on ASA devices.

Organizations using Cisco ASA are advised to …

16 часов назад @ helpnetsecurity.com
1Kosmos CSP enables government agencies to digitally verify resident identity
1Kosmos CSP enables government agencies to digitally verify resident identity 1Kosmos CSP enables government agencies to digitally verify resident identity

1Kosmos has expanded its offerings for the identity verification and passwordless market with the introduction of a new Credential Service Provider (CSP) managed service based on the privacy-by-design 1Kosmos platform.

The 1Kosmos CSP offering enables government agencies to offer residents who are requesting services an elegant, automated process that simultaneously digitally verifies their identity up to certified NIST Identity Assurance Level 2 (IAL2) and then issues a strong, phishing-resistant, multi-factor authentication (MFA) credential, up to certified NIST Authentication Assurance Level 2 (AAL2).

“Virtually every government agency at the federal, state, tribal, and local level is mo…

20 часов назад @ helpnetsecurity.com
Cyberint platform enhancements boost protection against external threats
Cyberint platform enhancements boost protection against external threats Cyberint platform enhancements boost protection against external threats

Cyberint has unveiled a series of platform updates aimed at bolstering client protection against external threats.

Cyberint’s recent platform innovations provide several new capabilities that support a range of strategic security initiatives, from regional threat landscape analysis and proactive threat hunting to executive-level risk reporting and continuous threat exposure management.

“What’s needed is a continuous threat exposure management (CTEM) program that surfaces and actively prioritizes whatever most threatens your business.”Cyberint’s latest enhancements enable organizations to implement an effective continuous exposure management program.

In addition, enhancements to the Attack S…

20 часов назад @ helpnetsecurity.com
IT Security Guru IT Security Guru
последний пост 19 часов назад
Expert Insight: ‘Minding the Gap’: How can we work to make cyber accessible for women?
Expert Insight: ‘Minding the Gap’: How can we work to make cyber accessible for women? Expert Insight: ‘Minding the Gap’: How can we work to make cyber accessible for women?

According to the Department for Science, Innovation and Technology (DSIT), only 17% of the UK cyber sector workforce is female, and this is down from 22% in 2022.

As we know, the cyber sector is a male-dominated space, and therefore women aren’t necessarily presented with the same opportunities.

For instance, they might shy away from applying to a cybersecurity role unless they match every single piece of criteria.

Is there anything that can be used to incentivise women to work in the cyber sector?

Prominent female role models and leaders are crucial when it comes to making cyber more attractive for women.

19 часов назад @ itsecurityguru.org
KnowBe4 acquires UK’s Egress to create advanced AI-driven platform to manage human risk
KnowBe4 acquires UK’s Egress to create advanced AI-driven platform to manage human risk KnowBe4 acquires UK’s Egress to create advanced AI-driven platform to manage human risk

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, today announced it has entered into a definitive agreement to acquire Egress, a leader in adaptive and integrated cloud email security.

Egress’ Intelligent Email Security suite provides a set of scaled, AI-enabled security tools with adaptive learning capabilities to help prevent, protect and defend organisations against sophisticated email cybersecurity threats.

By acquiring Egress, KnowBe4 plans to deliver a single platform that aggregates threat intelligence dynamically, offering AI-based email security and training that is automatically tailored relative to risk.

KnowBe4 recently an…

22 часа назад @ itsecurityguru.org
Google’s Core Update is ‘Biggest’ Algorithm Update in History
Google’s Core Update is ‘Biggest’ Algorithm Update in History Google’s Core Update is ‘Biggest’ Algorithm Update in History

Search giant Google is currently undergoing one of its biggest algorithm updates in its history, sources are told.

Why Does Google Update its Algorithms?

Certain algorithm updates address particularly search issues, including mobile quality, site speed, trust and authority (E-E-A-T), spam and general quality.

This low quality content should thus be removed or majorly de-valued in the upcoming core update.

The algorithm update concludes on 5th May 2024 with dramatic shifts in search positions expected in the run up to this core update.

1 day, 1 hour назад @ itsecurityguru.org
Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army
Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army Expert Insight: Outdated Recruitment Methods Are Impeding The Global Cyber Army

There’s a major paradox at play here: the industry needs more people, yet entire groups of individuals are currently being overlooked.

The main piece of information that is impossible to grasp from a CV is the candidate’s potential to succeed in the specific role being recruited for.

With cybersecurity skills in high demand, it’s time we encourage the pursuit of non-traditional candidates to drastically expand talent pipelines and plug the global skills gap.

Also, almost a third (32%) of neurodivergent individuals score higher in spatial awareness and 10% higher in digit symbol coding.

Hiring needs to consider more than just experience – it needs to assess potential.

1 day, 19 hours назад @ itsecurityguru.org
Mandiant’s M-Trends Report Reveals New Insights from Frontline Cyber Investigations
Mandiant’s M-Trends Report Reveals New Insights from Frontline Cyber Investigations Mandiant’s M-Trends Report Reveals New Insights from Frontline Cyber Investigations

Mandiant, part of Google Cloud, today released the findings of its M-Trends 2024 report.

Now in its 15th year, this annual report provides expert trend analysis based on Mandiant frontline cyber attack investigations and remediations conducted in 2023.

The 2024 report reveals evidence that organizations globally have made meaningful improvements in their defensive capabilities, identifying malicious activity affecting their organization more quickly than in previous years.

Dwell Time By RegionA closer examination reveals that median dwell time varies by region.

Targeting By Industry VerticalThe M-Trends 2024 report highlights key trends in industry targeting by cyber attackers.

1 day, 20 hours назад @ itsecurityguru.org
#MIWIC2024: Melissa Chambers, CEO and Co-Founder of Sitehop
#MIWIC2024: Melissa Chambers, CEO and Co-Founder of Sitehop #MIWIC2024: Melissa Chambers, CEO and Co-Founder of Sitehop

As the CEO of Sitehop, a cutting-edge cybersecurity company, I lead our team in revolutionizing data protection with our innovative solutions.

How did you get into the cybersecurity industry?

It’s utterly thrilling to be a woman in cybersecurity amidst this exhilarating era of technological progress and digital innovation.

The cybersecurity industry is witnessing unparalleled growth and importance, rendering it an immensely exciting period for all those engaged.

What is one piece of advice you would give to girls/women looking to enter the cybersecurity industry?

2 days, 18 hours назад @ itsecurityguru.org
ACDS Launches Revolutionary OBSERVATORY Solution: Redefining Attack Surface Management
ACDS Launches Revolutionary OBSERVATORY Solution: Redefining Attack Surface Management ACDS Launches Revolutionary OBSERVATORY Solution: Redefining Attack Surface Management

Advanced Cyber Defence Systems (ACDS) has unveiled its groundbreaking Attack Surface Management (ASM) solution: OBSERVATORY.

To address this critical challenge, ACDS has created OBSERVATORY, a pioneering solution that equips security teams with lightening-fast, comprehensive, and contextualised threat data at internet scale.

Unlike conventional vulnerability scanning methods, OBSERVATORY employs proprietary algorithms to map an organisation’s entire vulnerability landscape.

Insights: OBSERVATORY doesn’t stop at discovery and validation; it empowers IT leaders with actionable insights to remediate pressing vulnerabilities efficiently.

Elliott Wilkes, CTO at Advanced Cyber Defence Systems, sa…

3 days назад @ itsecurityguru.org
UK’s Cydea introduces new way to quantify risk management
UK’s Cydea introduces new way to quantify risk management UK’s Cydea introduces new way to quantify risk management

Cydea, the cyber risk management provider, has announced the Cydea Risk Platform, set to quantify threats in financial terms to businesses, allowing them to visualise the consequences of different business security-related scenarios.

Allow organisations to manage and communicate their cyber risk internally to make efficient, informed, measured decisions to regulators and partners in a fast-moving, unpredictable risk landscape.

“We’ve witnessed the many varied approaches that CISOs and business leaders have taken to understand cyber risk.

The Cydea Risk Platform cuts through the noise and closes the loop on cyber risk.

By presenting risk in financial terms, we enable organisations to focus o…

6 days назад @ itsecurityguru.org
Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyberattacks
Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyberattacks Report Reveals Healthcare Industry is Disillusioned in its Preparedness for Cyberattacks

Despite this high sense of self-confidence, only 3% of healthcare organizations surveyed actually have mature cyber processes in place.

Healthcare organizations are 65% less likely to fully outsource their cybersecurity services than the average organization.

Outsourced managed security could help the healthcare industry close the self-diagnosis gap and better protect themselves in the future.

In-house security services: Healthcare organizations are 65% less likely to outsource their cybersecurity services than other sectors due to the dynamic nature of these work environments.

Credential access fears: Healthcare respondents selected credential access as their number one fear—more than rans…

6 days, 21 hours назад @ itsecurityguru.org
Goldilock Partners with organisation behind NATO’s largest cyber defence exercise
Goldilock Partners with organisation behind NATO’s largest cyber defence exercise Goldilock Partners with organisation behind NATO’s largest cyber defence exercise

Goldilock, the British cybersecurity startup behind a unique physical network isolation solution, has partnered with CR14, a cyber defence organisation established by the Estonian ministry of defence and host of NATO’s operative Cyber Defence Centre of Excellence (CCDCOE), to conduct testing activities with the aim of increasing the resilience of critical national infrastructure (CNI).

Testing will be supported through NATO DIANA’s Test, Evaluation, Validation and Verification (TEVV) grant programme to tackle problems with CNI security architecture.

“The global cyber threat landscape continues to grow, and as critical national infrastructure remains the focus of brazen cybercriminals – espe…

6 days, 22 hours назад @ itsecurityguru.org
Police apprehend global cyber gang implicated in large-scale fraud
Police apprehend global cyber gang implicated in large-scale fraud Police apprehend global cyber gang implicated in large-scale fraud

This kind of incident would most likely have started from the intelligence gathered by law enforcement and investigative agencies.

Law enforcement must reduce the accessibility and attractiveness of online fraud schemes.

We must put a stop to the increasing trend of cybercrime turning into an opportunity business for aspiring cyber criminals.

Sending out videos to all 800 users of the illegal services to scare them off is therefore a good step by law enforcement.

This is a fantastic result demonstrating the importance of international collaboration between law enforcement agencies around the world.

6 days, 22 hours назад @ itsecurityguru.org
Keeper Security Offers Built-In Passphrase Generator to Strengthen Security
Keeper Security Offers Built-In Passphrase Generator to Strengthen Security Keeper Security Offers Built-In Passphrase Generator to Strengthen Security

Today Keeper Security have announced the addition of a passphrase generator to Keeper Web Vault, with support on mobile and for the browser extension coming soon.

The release also includes an update to the existing password generator which provides users with new options to meet specific password requirements.

Keeper’s integrated password and passphrase generator helps users create strong, unique credentials for each account.

Keeper’s new passphrase generator is incorporated within the existing password generator and allows users and admins to choose which generator they prefer to use or enforce for their organisation.

Key benefits of the passphrase generator include enhanced security, cust…

1 week назад @ itsecurityguru.org
Human Risk: An Organisation’s Biggest Problem and Greatest Opportunity
Human Risk: An Organisation’s Biggest Problem and Greatest Opportunity Human Risk: An Organisation’s Biggest Problem and Greatest Opportunity

Human risk is incurred by the compromising behaviours of those inside the organisation, both accidental and purposeful.

So where does human risk come from, and how can it be managed?

The sources of human risk are numerous and complex, based on company culture, individual disposition, and immediate circumstances.

Where to Start: Building a Human Risk ResponseMitigating human risk requires a strong security culture instilled across every level of the business – from C-Suite to factory floor workers.

Without considered and purposeful training, an enterprise is under-equipping and under-valuing the ability of its workforce to combat human risk.

1 week назад @ itsecurityguru.org
Flyfish Review – How Reliable are this Company’s Payroll Management Solutions?
Flyfish Review – How Reliable are this Company’s Payroll Management Solutions? Flyfish Review – How Reliable are this Company’s Payroll Management Solutions?

They specialize in corporate payroll solutions and offer a range of financial solutions to support your growth.

So, take advantage of the advanced features offered by this financial management service and streamline your payroll management with ease and peace of mind.

Plenty of Personalized Solutions on OfferOpting for a corporate payroll solutions provider like Flyfish opens up a world of personalized financial services.

Whether you’re seeking payroll management solutions or automated solutions to take care of your finances, Flyfish has you covered.

By choosing this company’s corporate payroll solutions, you can say goodbye to manual headaches and hello to streamlined financial management …

1 week, 1 day назад @ itsecurityguru.org
Pentest People Becomes the First Leeds-based Cybersecurity Company to Achieve NCSC’s Cyber Advisor (Cyber Essentials) Accreditation
Pentest People Becomes the First Leeds-based Cybersecurity Company to Achieve NCSC’s Cyber Advisor (Cyber Essentials) Accreditation Pentest People Becomes the First Leeds-based Cybersecurity Company to Achieve NCSC’s Cyber Advisor (Cyber Essentials) Accreditation

Pentest People, the Penetration Testing as a Service (PTaaS®) and cybersecurity experts, today announces it is the first Leeds-based cybersecurity company to become a qualified and approved Cyber Advisor (Cyber Essentials) on the NCSC’s Cyber Advisor scheme.

These measures include:Knowledge and understanding of the Cyber Essentials’ technical controls.

As an accredited Cyber Advisor, Pentest People is required to meet the NCSC’s rigorous standards and be accepted as an Assured Service Provider.

“Every one of our Cyber Advisors (Cyber Essentials) has excelled in the Certificate of Competence in Cyber Essentials Implementation independent assessment.

To find out more about Pentest People’s Cy…

1 week, 1 day назад @ itsecurityguru.org
SecurityTrails
последний пост None
Блоги 👨‍💻
Бизнес без опасности Бизнес без опасности
последний пост None
Жизнь 80 на 20 Жизнь 80 на 20
последний пост 7 months, 1 week назад
ISO Survey 2022: ISO 27001 certificates (ISMS)
ISO Survey 2022: ISO 27001 certificates (ISMS) ISO Survey 2022: ISO 27001 certificates (ISMS)

ISO Survey 2022: ISO 27001 certificates (ISMS) from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001ISO опубликовала свежую стаистику по выданным сертификатам. Я же обновил свою презентацию по сертификатам ISO 27001 (ISMS).Всего в 2022 году было зарегистрировано 71 549 сертификатов ISO 27001. Это на 22% больше, чем в 2021 году.ТОП 10 стран по количеству сертификатов:1. China - 263012. Japan - 69873. United Kingdom of Great Britain and Northern Ireland - 60844. India - 29695. Italy - 24246. United States of America - 19807. Netherlands - 17418. Germany - 15829. Spain - 156110. Israel - 1467Для сравнения, в РФ в 2022 году было зарегистрировано (осталось) только 30 сертификатов, а в 2021 было 95…

7 months, 1 week назад @ 80na20.blogspot.com
Мой первый курс на Udemy. Подготовка к сертификационному аудиту СУИБ
Мой первый курс на Udemy. Подготовка к сертификационному аудиту СУИБ Мой первый курс на Udemy. Подготовка к сертификационному аудиту СУИБ

Выложил на Udemy свой первый курс по подготовке к сертификационному аудиту СУИБ по ISO 27001, "ISO 27001:2022. How to prepare for a certification audit"На нем я разбираю задачи, которые надо сделать До. Во время и После сертификационного аудита. Курс на английском языке.

7 months, 1 week назад @ 80na20.blogspot.com
Cybersecurity Frameworks
Cybersecurity Frameworks Cybersecurity Frameworks

Cybersecurity Frameworks for DMZCON23 230905.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

7 months, 3 weeks назад @ 80na20.blogspot.com
Еще одна моя презентация про майндкарты
Еще одна моя презентация про майндкарты Еще одна моя презентация про майндкарты

My 15 Years of Experience in Using Mind Maps for Business and Personal Purposes from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

8 months назад @ 80na20.blogspot.com
NIST CSF 2.0, draft
NIST CSF 2.0, draft NIST CSF 2.0, draft

From NIST CSF 1.1 to 2.0.pdf from Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001

8 months назад @ 80na20.blogspot.com
ZLONOV ZLONOV
последний пост None
Блог Артема Агеева Блог Артема Агеева
последний пост None
Киберпиздец Киберпиздец
последний пост 7 months, 4 weeks назад
Всем привет. Пропал, каюсь, работы слишком много :(А пока принес вам 40% скидку на все курсы и сертификации от Linux Foundation. Скидка действует только сегодня.Если кто давно планировал сдать что-то серьезное по k8s, Linux или из DevOps — самое время. Нап
Всем привет. Пропал, каюсь, работы слишком много :(А пока принес вам 40% скидку на все курсы и сертификации от Linux Foundation. Скидка действует только сегодня.Если кто давно планировал сдать что-то серьезное по k8s, Linux или из DevOps — самое время. Нап Всем привет. Пропал, каюсь, работы слишком много :(А пока принес вам 40% скидку на все курсы и сертификации от Linux Foundation. Скидка действует только сегодня.Если кто давно планировал сдать что-то серьезное по k8s, Linux или из DevOps — самое время. Нап

Всем привет. Пропал, каюсь, работы слишком много :(А пока принес вам 40% скидку на все курсы и сертификации от Linux Foundation. Скидка действует только сегодня.Если кто давно планировал сдать что-то серьезное по k8s, Linux или из DevOps — самое время. Например Certified Kubernetes Administrator (CKA) и Certified Kubernetes Security Specialist (CKS) бандлом стоит $435 вместо $725.Экзамен можно сдать в течении года после покупки> https://training.linuxfoundation.org/end-of-summer-2023/

7 months, 4 weeks назад @ t.me
Schneier on Security Schneier on Security
последний пост 23 часа назад
Dan Solove on Privacy Regulation
Dan Solove on Privacy Regulation Dan Solove on Privacy Regulation

The law can’t stop privacy consent from being a fairy tale, but the law can ensure that the story ends well.

In the European Union, the General Data Protection Regulation (GDPR) uses the express consent approach, where people must voluntarily and affirmatively consent.

Because it conceptualizes consent as mostly fictional, murky consent recognizes its lack of legitimacy.

To return to Hurd’s analogy, murky consent is consent without magic.

Murky consent should be subject to extensive regulatory oversight with an ever-present risk that it could be deemed invalid.

23 часа назад @ schneier.com
Microsoft and Security Incentives
Microsoft and Security Incentives Microsoft and Security Incentives

Former senior White House cyber policy director A. J. Grotto talks about the economic incentives for companies to improve their security—in particular, Microsoft:Grotto told us Microsoft had to be “dragged kicking and screaming” to provide logging capabilities to the government by default, and given the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.

[…]“The government needs to focus on encouraging and catalyzing competition,” Grotto said.

He believes it also needs to publicly scrutinize Microsoft and make sure everyone knows when it messes up.

“At the end of the day, Microsoft, any company, is going to respond mo…

1 day, 23 hours назад @ schneier.com
Using Legitimate GitHub URLs for Malware
Using Legitimate GitHub URLs for Malware Using Legitimate GitHub URLs for Malware

Using Legitimate GitHub URLs for MalwareInteresting social-engineering attack vector:McAfee released a report on a new LUA malware loader distributed through what appeared to be a legitimate Microsoft GitHub repository for the “C++ Library Manager for Windows, Linux, and MacOS,” known as vcpkg.

The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL.

What this means is that someone can upload malware and “attach” it to a legitimate and trusted project.

For example, a threat actor could upload a malware executable in NVIDIA’s driver installer repo that pretends to be a new driver fixing i…

2 days, 19 hours назад @ schneier.com
Friday Squid Blogging: Squid Trackers
Friday Squid Blogging: Squid Trackers Friday Squid Blogging: Squid Trackers

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

5 days, 13 hours назад @ schneier.com
Other Attempts to Take Over Open Source Projects
Other Attempts to Take Over Open Source Projects Other Attempts to Take Over Open Source Projects

Surprising no one, the incident is not unique:The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails.

These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics.

The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement.

This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor.

[…]The OpenJS team also recognized a similar suspicious pattern in two …

6 days, 23 hours назад @ schneier.com
Using AI-Generated Legislative Amendments as a Delaying Technique
Using AI-Generated Legislative Amendments as a Delaying Technique Using AI-Generated Legislative Amendments as a Delaying Technique

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week назад @ schneier.com
X.com Automatically Changing Link Text but Not URLs
X.com Automatically Changing Link Text but Not URLs X.com Automatically Changing Link Text but Not URLs

X.com Automatically Changing Link Text but Not URLsBrian Krebs reported that X (formerly known as Twitter) started automatically changing twitter.com links to x.com links.

The problem is: (1) it changed any domain name that ended with “twitter.com,” and (2) it only changed the link’s appearance (anchortext), not the underlying URL.

So if you were a clever phisher and registered fedetwitter.com, people would see the link as fedex.com, but it would send people to fedetwitter.com.

Thankfully, the problem has been fixed.

Posted on April 16, 2024 at 7:00 AM • 0 Comments

1 week, 1 day назад @ schneier.com
New Lattice Cryptanalytic Technique
New Lattice Cryptanalytic Technique New Lattice Cryptanalytic Technique

New Lattice Cryptanalytic TechniqueA new paper presents a polynomial-time quantum algorithm for solving certain hard lattice problems.

This could be a big deal for post-quantum cryptographic algorithms, since many of them base their security on hard lattice problems.

There is a wide gulf between quantum algorithms in theory and in practice.

And until we can actually code and test these algorithms, we should be suspicious of their speed and complexity claims.

We don’t have nearly enough analysis of lattice-based cryptosystems to be confident in their security.

1 week, 2 days назад @ schneier.com
Upcoming Speaking Engagements
Upcoming Speaking Engagements Upcoming Speaking Engagements

Upcoming Speaking EngagementsThis is a current list of where and when I am scheduled to speak:I’m speaking twice at RSA Conference 2024 in San Francisco.

I’ll be on a panel on software liability on May 6, 2024 at 8:30 AM, and I’m giving a keynote on AI and democracy on May 7, 2024 at 2:25 PM.

The list is maintained on this page.

Posted on April 14, 2024 at 12:02 PM • 0 Comments

1 week, 3 days назад @ schneier.com
Friday Squid Blogging: The Awfulness of Squid Fishing Boats
Friday Squid Blogging: The Awfulness of Squid Fishing Boats Friday Squid Blogging: The Awfulness of Squid Fishing Boats

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 5 days назад @ schneier.com
Smuggling Gold by Disguising it as Machine Parts
Smuggling Gold by Disguising it as Machine Parts Smuggling Gold by Disguising it as Machine Parts

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

1 week, 5 days назад @ schneier.com
Backdoor in XZ Utils That Almost Happened
Backdoor in XZ Utils That Almost Happened Backdoor in XZ Utils That Almost Happened

You’ve likely never heard of an open-source library called XZ Utils, but it’s on hundreds of millions of computers.

On March 25, Hans Jansen—another fake name—tried to push the various Unix systems to upgrade to the new version of XZ Utils.

And there’s no way to know how many of the unpaid and unappreciated maintainers of critical software libraries are vulnerable to pressure.

Certainly the security of these libraries needs to be part of any broad government cybersecurity initiative.

The U.S. government needs to recognize this as a national security problem and start treating it as such.

1 week, 6 days назад @ schneier.com
History of RSA Conference. Bruce Schneier. The First ‘Exhibitor’ in 1994.
History of RSA Conference. Bruce Schneier. The First ‘Exhibitor’ in 1994. History of RSA Conference. Bruce Schneier. The First ‘Exhibitor’ in 1994.

History of RSA Conference.

Bruce Schneier.

Listen to the Audio on SoundCloud.comBruce Schneier was at the first ever RSA Conference in 1991, and he was the first ‘exhibitor’ in 1994 when he asked Jim Bidzos, Creator of the RSA Conference, if he could sell copies of his book “Applied Cryptography.” Bidzos set Schneier up in the hotel lobby where the conference was being held—and the rest is history.

Listen to some great RSA Conference memories on this episode of the History of RSA Conference.

Posted on April 11, 2024 at 1:52 AM • 0 Comments

2 weeks назад @ schneier.com
In Memoriam: Ross Anderson, 1956-2024
In Memoriam: Ross Anderson, 1956-2024 In Memoriam: Ross Anderson, 1956-2024

About Bruce SchneierI am a public-interest technologist, working at the intersection of security, technology, and people.

I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

I'm a fellow and lecturer at Harvard's Kennedy School, a board member of EFF, and the Chief of Security Architecture at Inrupt, Inc.

This personal website expresses the opinions of none of those organizations.

2 weeks назад @ schneier.com
US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack
US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

US Cyber Safety Review Board on the 2023 Microsoft Exchange HackUS Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China.

It was a serious attack thatFrom the executive summary:The Board finds that this intrusion was preventable and should never have occurred.

The Board also concludes that Microsoft’s security culture was inadequate and requires an overhaul, particularly in light of the company’s centrality in the technology ecosystem and the level of trust customers place in the company to protect their data and operations.

The board was established in early 2022, modeled in spirit after the National Transportation Safety Board.

Posted on April …

2 weeks, 1 day назад @ schneier.com
Krebs On Security
последний пост 2 days, 14 hours назад
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme
Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme Russian FSB Counterintelligence Chief Gets 9 Years in Cybercrime Bribery Scheme

The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump’s Dumps.

Tsaregorodtsev was head of the counterintelligence department for a division of the FSB based in Perm, Russia.

In February 2022, Russian authorities arrested six men in the Perm region accused of selling stolen payment card data.

The FSB arrested Tsaregorodtsev, and seized $154,000 in cash, 100 gold bars, real estate and expensive cars.

The stolen customer payment card details were then sold on sites like Trump’s Dumps and Sky-Fraud.

2 days, 14 hours назад @ krebsonsecurity.com
Who Stole 3.6M Tax Records from South Carolina?
Who Stole 3.6M Tax Records from South Carolina? Who Stole 3.6M Tax Records from South Carolina?

Rescator said the data exposed included employer, name, address, phone, taxable income, tax refund amount, and bank account number.

KrebsOnSecurity sought comment from the Secret Service, South Carolina prosecutors, and Mr. Keel’s office.

The AP says South Carolina paid $12 million to Experian for identity theft protection and credit monitoring for its residents after the breach.

Mr. Keel’s assertion that somehow the efforts of South Carolina officials following the breach may have lessened its impact on citizens seems unlikely.

It remains unclear why Shefel has never been officially implicated in the breaches at Target, Home Depot, or in South Carolina.

1 week, 1 day назад @ krebsonsecurity.com
Crickets from Chirp Systems in Smart Lock Key Leak
Crickets from Chirp Systems in Smart Lock Key Leak Crickets from Chirp Systems in Smart Lock Key Leak

The lock’s maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021.

Meanwhile, Chirp’s parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents.

On March 7, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned about a remotely exploitable vulnerability with “low attack complexity” in Chirp Systems smart locks.

Neither August nor Chirp Systems responded to requests for comment.

It’s unclear exactly how many apartments and other residences are using the vulnerable Chirp locks, but multiple articles about the company from 2020 state t…

1 week, 2 days назад @ krebsonsecurity.com
Why CISA is Warning CISOs About a Breach at Sisense
Why CISA is Warning CISOs About a Breach at Sisense Why CISA is Warning CISOs About a Breach at Sisense

CISA urged all Sisense customers to reset any credentials and secrets that may have been shared with the company, which is the same advice Sisense gave to its customers Wednesday evening.

It is clear, however, that unknown attackers now have all of the credentials that Sisense customers used in their dashboards.

Beyond that, it is largely up to Sisense customers to decide if and when they change passwords to the various third-party services that they’ve previously entrusted to Sisense.

But when confronted with the details shared by my sources, Sisense apparently changed its mind.

“If they are hosting customer data on a third-party system like Amazon, it better damn well be encrypted,” Weave…

1 week, 6 days назад @ krebsonsecurity.com
Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers

On April 9, Twitter/X began automatically modifying links that mention “twitter.com” to read “x.com” instead.

Those include carfatwitter.com, which Twitter/X will now truncate to carfax.com when the domain appears in user messages or tweets.

A number of these new domains including “twitter.com” appear to be registered defensively by Twitter/X users in Japan.

The domain netflitwitter.com (netflix.com, to Twitter/X users) now displays a message saying it was “acquired to prevent its use for malicious purposes,” along with a Twitter/X username.

Some of the domains registered recently and ending in “twitter.com” currently do not resolve and contain no useful contact information in their registr…

2 weeks назад @ krebsonsecurity.com
April’s Patch Tuesday Brings Record Number of Fixes
April’s Patch Tuesday Brings Record Number of Fixes April’s Patch Tuesday Brings Record Number of Fixes

Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

Microsoft today released updates to address 147 security holes in Windows, Office, Azure, .NET Framework, Visual Studio, SQL Server, DNS Server, Windows Defender, Bitlocker, and Windows Secure Boot.

Childs said one ZDI’s researchers found this vulnerability being exploited in the wild, although Microsoft doesn’t currently list CVE-2024-29988 as being exploited.

“BlackLotus can bypass functionality called secure boot, which is designed to block malware from being able to load when booting up.

Adobe has since clar…

2 weeks, 1 day назад @ krebsonsecurity.com
Fake Lawsuit Threat Exposes Privnote Phishing Sites
Fake Lawsuit Threat Exposes Privnote Phishing Sites Fake Lawsuit Threat Exposes Privnote Phishing Sites

Fory66399 insisted that their website — privnote[.

The tornote.io website has a different color altogetherThe privatenote,io website also has a different color!

Other Privnote phishing domains that also phoned home to the same Internet address as pirwnote[.

A review of the passive DNS records tied to this address shows that apart from subdomains dedicated to tornote[.

How profitable are these private note phishing sites?

2 weeks, 6 days назад @ krebsonsecurity.com
‘The Manipulaters’ Improve Phishing, Still Fail at Opsec
‘The Manipulaters’ Improve Phishing, Still Fail at Opsec ‘The Manipulaters’ Improve Phishing, Still Fail at Opsec

Since that story ran, KrebsOnSecurity has heard from this Saim Raza identity on two occasions.

“Hello, we already leave that fud etc before year,” the Saim Raza identity wrote.

I already leave everything.”Asked to elaborate on the police investigation, Saim Raza said he was freshly released from jail.

Now I want to start my new work.”Exactly what that “new work” might entail, Saim Raza wouldn’t say.

“After your article our police put FIR on my [identity],” Saim Raza explained.

3 weeks назад @ krebsonsecurity.com
Thread Hijacking: Phishes That Prey on Your Curiosity
Thread Hijacking: Phishes That Prey on Your Curiosity Thread Hijacking: Phishes That Prey on Your Curiosity

Thread hijacking attacks.

Here’s the story of a recent thread hijacking attack in which a journalist was copied on a phishing email from the unwilling subject of a recent scoop.

Thread hijacking attacks are hardly new, but that is mainly true because many Internet users still don’t know how to identify them.

In contrast, thread hijacking campaigns tend to patiently prey on the natural curiosity of the recipient.

“We call these mutli-persona phishing scams, and they’re often paired with thread hijacking,” Kalember said.

3 weeks, 6 days назад @ krebsonsecurity.com
Recent ‘MFA Bombing’ Attacks Targeting Apple Users
Recent ‘MFA Bombing’ Attacks Targeting Apple Users Recent ‘MFA Bombing’ Attacks Targeting Apple Users

Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature.

“All of my devices started blowing up, my watch, laptop and phone,” Patel told KrebsOnSecurity.

They can also then remotely wipe all of the user’s Apple devices.

The engineer assured Ken that turning on an Apple Recovery Key for his account would stop the notifications once and for all.

After that, the page will display the last two digits of the phone number tied to the Apple account.

4 weeks, 1 day назад @ krebsonsecurity.com
Mozilla Drops Onerep After CEO Admits to Running People-Search Networks
Mozilla Drops Onerep After CEO Admits to Running People-Search Networks Mozilla Drops Onerep After CEO Admits to Running People-Search Networks

The move comes just days after a report by KrebsOnSecurity forced Onerep’s CEO to admit that he has founded dozens of people-search networks over the years.

Mozilla only began bundling Onerep in Firefox last month, when it announced the reputation service would be offered on a subscription basis as part of Mozilla Monitor Plus.

Launched in 2018 under the name Firefox Monitor, Mozilla Monitor also checks data from the website Have I Been Pwned?

“I knew Mozilla had this in the works and we’d casually discussed it when talking about Firefox monitor,” Hunt told KrebsOnSecurity.

Those include voting registries, property filings, marriage certificates, motor vehicle records, criminal records, cou…

1 month назад @ krebsonsecurity.com
The Not-so-True People-Search Network from China
The Not-so-True People-Search Network from China The Not-so-True People-Search Network from China

But it’s not every day you run across a US-focused people-search network based in China whose principal owners all appear to be completely fabricated identities.

“Employees can set a special league for themselves and regularly check and compare their scores against one another.”Imagine that: Two different people-search companies mentioned in the same story about fantasy football.

Sally Stevens’ LinkedIn profile photo is identical to a stock image titled “beautiful girl” from Adobe.com.

The photo next to Ms. Fairly’s quote in Entrepreneurs matches that of a LinkedIn profile for Lynda Fairly.

ANALYSISIt appears the purpose of this network is to conceal the location of people in China who are …

1 month назад @ krebsonsecurity.com
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms
CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites.

Historic registration records indexed by DomainTools.com say Mr. Shelest was a registrant of onerep.com who used the email address [email protected].

Constella found that Minsk telephone number (375-292-702786) has been used multiple times in connection with the email address [email protected].

Domaintools.com finds that all of the domains mentioned in the last paragraph were registered to the email address [email protected].

Anderson said it is concerning to see a direct link between between a data removal service and …

1 month, 1 week назад @ krebsonsecurity.com
Patch Tuesday, March 2024 Edition
Patch Tuesday, March 2024 Edition Patch Tuesday, March 2024 Edition

Apple and Microsoft recently released software updates to fix dozens of security holes in their operating systems.

Meanwhile, Apple’s new macOS Sonoma addresses at least 68 security weaknesses, and its latest updates for iOS fixes two zero-day flaws.

The security updates are available in iOS 17.4, iPadOS 17.4, and iOS 16.7.6.

Apple’s macOS Sonoma 14.4 Security Update addresses dozens of security issues.

Finally, Adobe today issued security updates that fix dozens of security holes in a wide range of products, including Adobe Experience Manager, Adobe Premiere Pro, ColdFusion 2023 and 2021, Adobe Bridge, Lightroom, and Adobe Animate.

1 month, 1 week назад @ krebsonsecurity.com
Incognito Darknet Market Mass-Extorts Buyers, Sellers
Incognito Darknet Market Mass-Extorts Buyers, Sellers Incognito Darknet Market Mass-Extorts Buyers, Sellers

“We got one final little nasty surprise for y’all,” reads the message to Incognito Market users.

Incognito Market deals primarily in narcotics, so it’s likely many users are now worried about being outed as drug dealers.

Creating a new account on Incognito Market presents one with an ad for 5 grams of heroin selling for $450.

Incognito Market has priced its extortion for vendors based on their status or “level” within the marketplace.

“Shadowcrew was the precursor to today’s Darknet Markets and laid the foundation for the way modern cybercrime channels still operate today,” Johnson said.

1 month, 2 weeks назад @ krebsonsecurity.com
Graham Cluley Graham Cluley
последний пост 11 часов назад
Smashing Security podcast #369: Keeping the lights on after a ransomware attack
Smashing Security podcast #369: Keeping the lights on after a ransomware attack Smashing Security podcast #369: Keeping the lights on after a ransomware attack

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Smashing Security listeners get 20% off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

11 часов назад @ grahamcluley.com
City street lights “misbehave” after ransomware attack
City street lights “misbehave” after ransomware attack City street lights “misbehave” after ransomware attack

But the ransomware attack on Leicester City Council's infrastructure doesn't stop there.

As local media reports, residents have noticed that some street lights have been constantly shining, 24 hours a day, ever since.

He was told by the council that the ransomware attack had affected the city's "central management system" and had resulted in the street lights "misbehaving".

Perhaps it is surprising to some of us that street lights would be centrally controlled at all.

Even if the Leicester City Council wanted to pay the ransom (it says it will not),The City Council says it will not be paying any ransom.

23 часа назад @ bitdefender.com
Change Healthcare data for sale on dark web as fallout from ransomware attack spirals out of control
Change Healthcare data for sale on dark web as fallout from ransomware attack spirals out of control Change Healthcare data for sale on dark web as fallout from ransomware attack spirals out of control

February's crippling ransomware attack against Change Healthcare, which saw prescription orders delayed across the United States, continues to have serious consequences.

RansomHub claims 4TB of stolen data are up for sale to the highest bidder unless Change Healthcare pays a ransom.

The haul is said to also contain contracts and legal agreements between Change Healthcare and its business partners.

The ransomware attack was initially attributed to the BlackCat ransomware gang (also known as ALPHV).

None of which is good news, and raises an interesting question - how will Change Healthcare respond to the latest ransom demand?

6 days, 20 hours назад @ bitdefender.com
3.5 million Omni Hotel guest details held to ransom by Daixin Team
3.5 million Omni Hotel guest details held to ransom by Daixin Team 3.5 million Omni Hotel guest details held to ransom by Daixin Team

The international hotel chain Omni Hotels & Resorts has confirmed that a cyberattack last month saw it shut down its systems, with hackers stealing personal information about its customers.

According to the firm, it took eleven days to restore systems across its properties, with staff working "tirelessly around the clock."

Omni Hotels hasn't shared details of the specific nature of the cyberattack in its official advisory, but it resembles a ransomware attack.

Sure enough, a ransomware group called the Daixin Team has claimed responsibility.

Daixin Team has been responsible for a number of high-profile attacks.

6 days, 20 hours назад @ exponential-e.com
Police smash LabHost international fraud network, 37 arrested
Police smash LabHost international fraud network, 37 arrested

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

6 days, 20 hours назад @ tripwire.com
Smashing Security podcast #368: Gary Barlow, and a scam turns deadly
Smashing Security podcast #368: Gary Barlow, and a scam turns deadly Smashing Security podcast #368: Gary Barlow, and a scam turns deadly

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing.

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the excl…

1 week назад @ grahamcluley.com
Zambia arrests 77 people in swoop on “scam” call centre
Zambia arrests 77 people in swoop on “scam” call centre Zambia arrests 77 people in swoop on “scam” call centre

Law enforcement officers in Zambia have arrested 77 people at a call centre company they allege had employed local school-leavers to engage in scam internet users around the world.

According to Zambian authorities, Chinese-run Golden Top Support Services, based in an upmarket area of capital city Lusaka, recruited Zambian youths between the ages of 20-25, who believed they were being hired as call centre agents.

Please the people of Zambia report to us every time you are scammed.

Six properties linked to the company at the centre of the investigation have also been seized by authorities, including a luxury lakeside residence.

17 Zambian suspects have since been released, but the remainder o…

1 week, 3 days назад @ bitdefender.com
East Central University suffers BlackSuit ransomware attack
East Central University suffers BlackSuit ransomware attack East Central University suffers BlackSuit ransomware attack

The East Central University (ECU) of Ada, Oklahoma, has revealed that a ransomware gang launched an attack against its systems that left some computers and servers encrypted and may have also seen sensitive information stolen.

In an advisory posted on its website, ECU claims that the BlackSuit ransomware gang was unsuccessful in taking down the university's critical services but were "able to conduct a successful attack on a variety of campus computers."

This is far from the first time the BlackSuit ransomware has targeted the education sector.

The BlackSuit ransomware gang most recently claimed responsibility for a cyber attack against California's Select Education Group, having compromise…

1 week, 6 days назад @ bitdefender.com
DragonForce ransomware – what you need to know
DragonForce ransomware – what you need to know

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

1 week, 6 days назад @ tripwire.com
When a breach goes from 25 documents to 1.3 terabytes…
When a breach goes from 25 documents to 1.3 terabytes… When a breach goes from 25 documents to 1.3 terabytes…

But on Wednesday April 3, Leicester City Council confirmed that about 25 documents had been shared online by attackers, including people’s confidential information.

And the council described the data breach as a “very serious matter.”Well, yes, it is serious if malicious hackers steal 25 documents.

But now we know that Leicester City Council’s attackers didn’t limit themselves to 25 documents.

The latest FAQ from the council reveals that a gobsmacking 1.3 terabytes of data was stolen during the data breach and published on the dark web.

If 25 documents stolen is “very serious,” I’m not sure the words exist to describe 1.3 terabytes of leaked data…Found this article interesting?

1 week, 6 days назад @ grahamcluley.com
Smashing Security podcast #367: WhatsApp at Westminster, unhealthy AI, and Drew Barrymore
Smashing Security podcast #367: WhatsApp at Westminster, unhealthy AI, and Drew Barrymore Smashing Security podcast #367: WhatsApp at Westminster, unhealthy AI, and Drew Barrymore

All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.

Smashing Security listeners get 20% off!

Support the show:You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Follow us:Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Follow Graham Cluley on Twitter, Mastodon, or Threads to read more of the exclusive content we post.

2 weeks назад @ grahamcluley.com
Targus business operations disrupted following cyber attack
Targus business operations disrupted following cyber attack Targus business operations disrupted following cyber attack

Targus, the well-known laptop bag and case manufacturer, has been hit by a cyber attack that has interrupted its normal business operations.

In short, in order to lock the bad guys out of its network, Targus has been forced to disable large parts of its infrastructure.

The one question everyone probably has right now is - so, was this a ransomware attack?

Without SEC regulations that came into effect late last year, we might not have known so quickly about the problems Targus was experiencing.

At the time of writing, no hacking groups have publicly claimed responsibility for the attack against Targus.

2 weeks, 1 day назад @ bitdefender.com
Google sues crypto investment app makers over alleged massive “pig butchering” scam
Google sues crypto investment app makers over alleged massive “pig butchering” scam Google sues crypto investment app makers over alleged massive “pig butchering” scam

Two China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake cryptocurrency and other investment apps.

The company is taking action after scammers reportedly tricked victims with bogus promises of high returns from Android apps offering cryptocurrency investment opportunities.

According to Google, victims were asked to pay additional "fees" or "taxes" before a withdrawal, which the scammers would pocket.

Bogus investment platforms like TrionRT appeared legitimate through a variety of methods, including distributing press releases.

Although it has removed offending apps from Google Play when discovered, the scammers are al…

2 weeks, 5 days назад @ bitdefender.com
Google patches Pixel phone zero-days after exploitation by “forensic companies”
Google patches Pixel phone zero-days after exploitation by “forensic companies”

This website is using a security service to protect itself from online attacks.

The action you just performed triggered the security solution.

There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data.

You can email the site owner to let them know you were blocked.

Please include what you were doing when this page came up and the Cloudflare Ray ID found at the bottom of this page.

2 weeks, 6 days назад @ tripwire.com
What makes a ransomware attack eight times as costly? Compromised backups
What makes a ransomware attack eight times as costly? Compromised backups What makes a ransomware attack eight times as costly? Compromised backups

Any organisation that has tried to recover from a ransomware attack knows that it can be time-consuming and costly.

Companies hit by an attack must choose between paying a ransom or recovering encrypted data from a backup.

Unfortunately, ransomware gangs are too aware that they can leverage significantly higher ransoms from their corporate victims if they have also compromise the company's backups.

For this reason, we are seeing more and more cyber attacks targeting backups because they know that organisations desperately need them to recover if they want to avoid paying a ransom to cybercriminals.

3 weeks назад @ exponential-e.com
Компании 🏢
Блог Касперского Блог Касперского
последний пост 1 day назад
Мошенничество с криптовалютой Toncoin в Telegram | Блог Касперского
Мошенничество с криптовалютой Toncoin в Telegram | Блог Касперского Мошенничество с криптовалютой Toncoin в Telegram | Блог Касперского

Сегодня расскажем про мошенническую схему «заработка с Toncoin» — криптовалютой, созданной на основе технологий Telegram.

Этап первый: подготовьсяДля начала мошенники предлагают зарегистрировать криптокошелек в неофициальном боте для хранения крипты в Telegram, а после указать данные своего вновь созданного кошелька в боте для «заработка» с помощью покупки ускорителей.

Дальше по инструкции скамеров жертве требуется купить 5,5–501 тонкойн (TON), при этом один TON по текущему курсу эквивалентен примерно пяти-шести долларам.

Чем круче тариф, тем выше комиссионный процент, — «байк» стоит пять тонкойнов и дает 30% комиссии, «ракета» — 500 TON и 70%.

После этого, по задумке мошенников, жертва дол…

1 day назад @ kaspersky.ru
Фильтринг контента в KSMG 2.1 | Блог Касперского
Фильтринг контента в KSMG 2.1 | Блог Касперского Фильтринг контента в KSMG 2.1 | Блог Касперского

В результате в почтовый ящик падает огромное количество подтверждений, ссылок для активации аккаунта и тому подобных писем.

В частности, в приведенном примере атаки через механизмы регистрации оператор может заблокировать письма по наличию в поле Subject слова «регистрация» на различных языках (Registrace | Registracija | Registration | Registrierung | Regisztráció).

В результате письма будут автоматически отправляться в карантин, не доходя до папки «входящие» и не перегружая почтовый сервер.

Гибкая фильтрация бизнес-рассылокРазумеется, новые возможности нашего решения можно применять не только для защиты от почтовых DDoS-атак.

Подробнее узнать о Kaspersky Secure Mail Gateway, части решения…

1 day, 21 hours назад @ kaspersky.ru
Как можно прочитать зашифрованные сообщения от ChatGPT и других чат-ботов | Блог Касперского
Как можно прочитать зашифрованные сообщения от ChatGPT и других чат-ботов | Блог Касперского Как можно прочитать зашифрованные сообщения от ChatGPT и других чат-ботов | Блог Касперского

Какую информацию можно извлечь из перехваченных сообщений чат-ботов на основе ИИРазумеется, чат-боты отправляют сообщения в зашифрованном виде.

Чтобы понять, что же происходит в ходе этой атаки, придется слегка погрузиться в детали механики LLM и чат-ботов.

Так что для дальнейшего восстановления текста исходного сообщения из полученной последовательности длин токенов исследователи использовали именно LLM.

Как минимум два разработчика чат-ботов с ИИ — Cloudflare и OpenAI — уже отреагировали на публикацию исследования и начали использовать упомянутый выше метод дополнения (padding), который как раз и придуман для противодействия такого рода атакам.

Вероятно, остальные разработчики чат-ботов с…

3 days, 5 hours назад @ kaspersky.ru
Кампания SubdoMailing: угон доменов для рассылки спама | Блог Касперского
Кампания SubdoMailing: угон доменов для рассылки спама | Блог Касперского Кампания SubdoMailing: угон доменов для рассылки спама | Блог Касперского

А может быть, даже задавались закономерным вопросом, не рассылает ли кто-нибудь вредоносные письма и от имени вашей компании.

Вредоносная кампания SubdoMailing и угон доменов у организацийИсследователи из Guardio Labs обнаружили масштабную кампанию по рассылке спама, которую они назвали SubdoMailing.

Угон доменов с настроенной записью CNAMEКак же именно злоумышленники используют захват чужих доменов?

Примеры угона доменов в ходе кампании SubdoMailingКак вообще могут возникать подобные проблемы, легко понять по случаю с сайтом msnmarthastewartsweeps.com .

Как защититься от SubdoMailingЧтобы предотвратить угон доменов и рассылку спама от имени вашей компании, мы рекомендуем следующее:

1 week назад @ kaspersky.ru
Безопасно ли переписываться со сторонними мессенджерами из WhatsApp | Блог Касперского
Безопасно ли переписываться со сторонними мессенджерами из WhatsApp | Блог Касперского Безопасно ли переписываться со сторонними мессенджерами из WhatsApp | Блог Касперского

О том, как эта совместимость будет реализована в WhatsApp и Messenger*, недавно написали инженеры Meta*.

Можно ли переписываться в WhatsApp с пользователями других мессенджеров?

Теперь эти партнеры должны появиться, разработать мост между своим сервисом и WhatsApp и запустить его.

Пока об этом известно только из бета-версий WhatsApp — для переписок со сторонними сервисами будет отдельный подраздел в приложении, чтобы отделить их от чатов с пользователями WhatsApp.

Если вы пользуетесь WhatsApp и обдумываете общение с абонентами других сервисовОцените, сколько людей в вашем окружении не используют WhatsApp, но пользуются иными сервисами, объявившими о совместимости с WhatsApp.

1 week, 1 day назад @ kaspersky.ru
EM Eye: кража данных с камеры видеонаблюдения | Блог Касперского
EM Eye: кража данных с камеры видеонаблюдения | Блог Касперского EM Eye: кража данных с камеры видеонаблюдения | Блог Касперского

Они нашли способ кражи данных из камер видеонаблюдения путем анализа паразитного электромагнитного излучения и назвали эту атаку EM Eye.

Этот «приемник» собирает данные, последующая обработка которых позволяет реконструировать картинку с камеры наблюдения в соседней секретной комнате.

В результате из состояния «почти ничего не видно» получается прекрасное изображение, не хуже, чем в оригинале, разве что с традиционными для нейросетей артефактами.

Но что, если подарить потенциальной жертве, ну, например, слегка модифицированный переносной аккумулятор?

Они разрабатываются не для того, чтобы подсматривать за кем-то уже завтра.

1 week, 5 days назад @ kaspersky.ru
Устранение бизнес-рисков, связанных с домашними прокси
Устранение бизнес-рисков, связанных с домашними прокси Устранение бизнес-рисков, связанных с домашними прокси

Конечно, что все это выполнимо при помощи коммерческих VPN и прокси на базе дата-центров.

Серый рынок proxywareСитуация с домашними прокси сложна, потому что на этом рынке и продавцы, и покупатели, и участники, бывают как абсолютно легитимные (добровольные, соблюдающие лучшие практики), так и откровенно незаконные.

Иногда это связано с тем, что некоторые ПДП покупают инфраструктуру у субподрядчиков и о происхождении прокси не знают сами.

Злоумышленники все чаще пытаются арендовать домашние прокси в регионе, близком к офису атакуемой организации.

Применение прокси для целей бизнеса.

2 weeks назад @ kaspersky.ru
Как проверить достоверность и происхождение фото и видео | Блог Касперского
Как проверить достоверность и происхождение фото и видео | Блог Касперского Как проверить достоверность и происхождение фото и видео | Блог Касперского

Подделка изображений в фоторедакторах встречалась и ранее, но появление генеративного ИИ вывело подделки на новый уровень.

Подделка изображений и видео имеет прямое отношение к кибербезопасности.

На сайтах знакомств и в других соцсетях жулики тоже активно используют сгенерированные изображения для своего профиля.

Начнем со случаев, когда изображение не генерируется и не редактируется, — например, настоящий снимок из региона боевых действий выдается за фотографию из другого региона или кадр из художественного фильма преподносится как документальный.

Настоящие фото и видео, сделанные камерой или смартфоном, с метками даты, времени и геопозиции, будет практически невозможно выдать за изображен…

2 weeks, 2 days назад @ kaspersky.ru
Менеджеры заметок и записей с функцией сквозного шифрования | Блог Касперского
Менеджеры заметок и записей с функцией сквозного шифрования | Блог Касперского Менеджеры заметок и записей с функцией сквозного шифрования | Блог Касперского

А после масштабных ransomware-инцидентов последних лет не стоит сбрасывать со счетов и возможность взлома сервисов заметок и массовой утечки пользовательских (ваших!)

Сохранить все удобства цифровых заметок и уберечь их от посторонних глаз поможет сквозное шифрование.

Поэтому для по-настоящему конфиденциальных заметок существуют отдельные, хоть и менее известные приложения, которые мы сегодня рассмотрим и сравним.

Сквозное шифрование для синхронизации включено по умолчанию, заметки зашифрованы и на самом устройстве, для входа в сервис используется двухфакторная аутентификация.

Поэтому в дополнение к одному из конфиденциальных приложений для заметок обязательно используйте комплексную систем…

2 weeks, 5 days назад @ kaspersky.ru
Как предотвратить слежку через рекламные баннеры | Блог Касперского
Как предотвратить слежку через рекламные баннеры | Блог Касперского Как предотвратить слежку через рекламные баннеры | Блог Касперского

Кроме телефонов и компьютеров, в этом участвуют смарт-часы, умные ТВ и колонки и даже автомобили.

Как выясняется, эти залежи информации используются не только рекламными агентствами, для того чтобы предложить вам лучший пылесос или страховку.

За кулисами контекстной рекламыРанее мы подробно описывали, как данные собираются на веб-страницах и в приложениях, но не уделяли внимания механизму их использования.

Затем DSP вступает в аукцион за нужные виды рекламы (баннер, видео и тому подобное), отображаемые на этих сайтах и в приложениях.

Как защититься от слежки через рекламуПоскольку все вышеописанные компании используют для сбора данных «центральные узлы» рекламной сети — большие рекламные би…

3 weeks назад @ kaspersky.ru
Хакеры сорвали киберспортивный турнир по Apex Legends | Блог Касперского
Хакеры сорвали киберспортивный турнир по Apex Legends | Блог Касперского Хакеры сорвали киберспортивный турнир по Apex Legends | Блог Касперского

Но в последнее время кибератаки зашли слишком далеко: недавно злоумышленники сорвали крупный турнир по Apex Legends.

При этом потенциальный виновник не уточнил, где была уязвимость: в самой игре Apex Legends, в обязательном для кибертурниров ПО Easy Anti-Cheat или же в какой-либо другой программе.

Представители античита заявили, что их ПО в порядке.

Посреди матча Иван зашел на трансляцию своей же игры на Twitch — таким образом он мог получить преимущество, ведь на трансляции отображается расстановка сил обеих команд.

Также скептики любят приводить примеры, когда в важнейший момент игры на экране появлялось надоедливое уведомление антивируса.

3 weeks, 2 days назад @ kaspersky.ru
The Beekeeper: кибербезопасность и пасечник | Блог Касперского
The Beekeeper: кибербезопасность и пасечник | Блог Касперского The Beekeeper: кибербезопасность и пасечник | Блог Касперского

Я знаю, что это звучит как бред, но таков сюжет фильма, это не первоапрельская шутка.

А на месте дочери разумно было бы заранее установить на машину надежное защитное решение, которое и от вирусов убережет, и внезапно открывающиеся окна заблокирует.

Кроме оружия и амуниции Клэй также завладевает ее паролем (DR07Z, напечатан на бумажке) и проникает в информационные системы пасечников.

Применяемые в ней эксплойт EternalBlue и бэкдор DoublePulsar предположительно были украдены у разведывательных структур и выложены в открытый доступ.

А значит, следует быть готовыми ко всему и использовать надежные защитные инструменты и на личных устройствах, и для защиты компаний.

3 weeks, 3 days назад @ kaspersky.ru
CVE-2024-3094: вредоносный код в Linux-дистрибутивах | Блог Касперского
CVE-2024-3094: вредоносный код в Linux-дистрибутивах | Блог Касперского CVE-2024-3094: вредоносный код в Linux-дистрибутивах | Блог Касперского

Неизвестные злоумышленники встроили вредоносный код в набор утилит для компрессии с открытым исходным кодом XZ Utils версий 5.6.0 и 5.6.1.

Что еще хуже, утилиты с бэкдором успели попасть в несколько популярных мартовских сборок Linux, так что данную закладку можно расценивать как атаку на цепочку поставок.

Бэкдор перехватывает функцию RSA_public_decrypt, проверяет подпись хоста с использованием фиксированного ключа Ed448 и, в случае успешной проверки, через функцию system() выполняет вредоносный код, переданный хостом, не оставляя следов в логах sshd.

Откуда вредоносный код взялся в утилитах?

А тот, в какой-то момент, добавил в код проекта бэкдор.

3 weeks, 3 days назад @ kaspersky.ru
GoFetch: Взлом шифрования на процессорах Apple | Блог Касперского
GoFetch: Взлом шифрования на процессорах Apple | Блог Касперского GoFetch: Взлом шифрования на процессорах Apple | Блог Касперского

Исследователи показали это на практике, используя сразу две популярных библиотеки для шифрования данных.

Это Go Crypto, стандартная библиотека для разработчиков ПО на языке Go, и OpenSSL, используемая для шифрования сетевого трафика и многих других задач.

Алгоритм DMP иногда по ошибке загружает данные по определенному адресу, который на самом деле является куском этого ключа.

На практике, чтобы извлечь ключ шифрования, нужно провести десятки и сотни тысяч вычислений, подавая на вход алгоритма данные и наблюдая за состоянием кэш-памяти неявным образом.

Прямо сейчас угрозы для данных, хранящихся на устройствах Apple, нет — вряд ли они будут украдены таким сложным способом.

3 weeks, 5 days назад @ kaspersky.ru
Как распознать в сообщении от начальника начало мошеннической атаки? | Блог Касперского
Как распознать в сообщении от начальника начало мошеннической атаки? | Блог Касперского Как распознать в сообщении от начальника начало мошеннической атаки? | Блог Касперского

Но есть и разновидности схемы, в которых мошенники обращаются от имени коллеги из подходящего подразделения, например из бухгалтерии или юридического отдела.

Как защититься от мошенниковОт подобных атак вас защитят в первую очередь внимательность и смелость, чтобы проверить информацию, несмотря на угрозы мошенников.

Не торопитесь и не паникуйте.

Если начальник или коллега требует срочно сделать что-то необычное, да еще сохраняя это в тайне, то это почти всегда признак мошенничества.

Невзирая на требования «хранить все в тайне», в зависимости от того, какого рода просьба озвучена, информацию полезно проверить с другими коллегами.

4 weeks назад @ kaspersky.ru
Блог Group-IB
последний пост None
Cisco Security Blog Cisco Security Blog
последний пост 1 week назад
Cisco Hypershield: A New Era of Distributed, AI-Native Security
Cisco Hypershield: A New Era of Distributed, AI-Native Security Cisco Hypershield: A New Era of Distributed, AI-Native Security

I’m proud to announce Cisco Hypershield, the first truly distributed, AI-native system that puts security wherever it needs to be: in every software component of every application running on your network; on every server; and in your public or private cloud deployments.

They converted these products into thousands of pieces of software — including security software — that could run on every server.

Built within the Cisco Security Cloud, Hypershield, plus the processing, protection, and data capabilities within Splunk, will create a transformative hyperscale datacenter that not only leads the AI revolution, but protects it.

We’ll share more soon, but for now, you can expect Cisco Hypershield…

1 week назад @ blogs.cisco.com
Cisco Hypershield: Reimagining Security
Cisco Hypershield: Reimagining Security Cisco Hypershield: Reimagining Security

Cisco has created such a fabric — Cisco Hypershield — that we discuss in the paragraphs below.

Virtual/Container Network Enforcement Point: Here, a software network enforcement point runs inside a virtual machine or container.

Centralized security policyThe usual retort to distributed security enforcement is the nightmare of managing independent security policies per enforcement point.

The administrator’s faith in the security fabric — Cisco Hypershield — deepens after a few successful runs through the segmentation process.

ConclusionIn both the examples discussed above, we see Cisco Hypershield function as an effective and efficient security fabric.

1 week назад @ blogs.cisco.com
Supercharging Cisco XDR with AI and Identity Intelligence at RSAC 2024
Supercharging Cisco XDR with AI and Identity Intelligence at RSAC 2024 Supercharging Cisco XDR with AI and Identity Intelligence at RSAC 2024

Cisco XDR is a leader in providing comprehensive threat detection and response across the entire attack surface.

Cutting-Edge Innovations in Cisco XDRAt the heart of these innovations is the Cisco AI Assistant in XDR.

The Cisco AI Assistant gives analysts contextual insights, guided responses, and best next steps.

We will also show Cisco Identity Intelligence capabilities.

Cisco XDR can detect and respond to sophisticated identity-based attacks with accuracy and speed by incorporating identity as a source of telemetry.

1 week назад @ blogs.cisco.com
Synergizing Advanced Identity Threat Detection & Response Solutions
Synergizing Advanced Identity Threat Detection & Response Solutions Synergizing Advanced Identity Threat Detection & Response Solutions

Two leading players in this space, Cisco’s Duo Security and Cisco Identity Intelligence, have emerged as champions in Identity Threat Detection & Response.

The Power of Identity Threat Detection & ResponseIdentity Threat Detection & Response (ITDR) has become a vital aspect of modern cybersecurity.

Cisco Identity Intelligence: Elevating Cybersecurity PreparednessCisco Identity Intelligence brings an additional layer of protection to the table with its advanced capabilities in anomaly detection and behavioral analytics.

How Cisco Identity Intelligence Complements Cisco’s Duo SecurityEnhanced Anomaly Detection: While Cisco’s Duo Security provides robust MFA and access controls, Cisco Identity…

1 week, 1 day назад @ blogs.cisco.com
Cisco Telemetry Broker (CTB) 2.1 Launch
Cisco Telemetry Broker (CTB) 2.1 Launch Cisco Telemetry Broker (CTB) 2.1 Launch

Cisco Telemetry Broker (CTB) Release 2.1.3 is generally available as of March 25, 2024.

Cisco Telemetry Broker is the answer.

It can broker hybrid cloud data, filter unneeded data, and transform data into a more usable format.

Produces Telemetry for Devices that Cannot Generate NetFlow NativelyTo support the notion of an intelligent telemetry plane, there is a need to generate NetFlow for devices that might not be capable of generating the protocol natively.

Additionally, the CTB Broker to CTB Manager data bandwidth was optimized which improves overall performance significantly and allows scalability of the Manager node.

1 week, 2 days назад @ blogs.cisco.com
Cisco Secure Access Wins Global Security Service Edge Customer Value Leadership Award
Cisco Secure Access Wins Global Security Service Edge Customer Value Leadership Award Cisco Secure Access Wins Global Security Service Edge Customer Value Leadership Award

It’s one thing to claim leadership in cloud security; it’s another to have that leadership acknowledged by industry experts.

That’s why we’re thrilled to announce our recent recognition by Frost & Sullivan as the 2024 Customer Value Leader in the Global Security Service Edge Industry.

Frost & Sullivan’s Customer Value Leadership Award recognizes the company that offers products or services customers find superior for the overall price, performance, and quality.

Vendors are evaluated on business impact criteria (including financial performance, customer acquisition, operational efficiency, growth potential, and human capital) and customer impact criteria (price/performance value, customer pu…

1 week, 6 days назад @ blogs.cisco.com
Defusing the threat of compromised credentials
Defusing the threat of compromised credentials Defusing the threat of compromised credentials

These attackers used compromised credentials to repeatedly attempt to sign in to the company’s real Microsoft 365 page, triggering the series of MFA notifications—an attack technique known as MFA exhaustion.

According to this quarter’s Talos IR report, using compromised credentials on valid accounts was one of two top initial access vectors.

How credentials are compromisedPhishing, while one of the most popular methods, isn’t the only way that attackers gather compromised credentials.

Reducing the impact of compromised credentialsIt goes without saying that protecting credentials from being compromised and abused is important.

To illustrate, let’s look at when the threat actor begins hammer…

2 weeks, 1 day назад @ blogs.cisco.com
Cryptocurrency and Blockchain security due diligence: A guide to hedge risk
Cryptocurrency and Blockchain security due diligence: A guide to hedge risk Cryptocurrency and Blockchain security due diligence: A guide to hedge risk

Blockchain security, by its very nature, often diverges from standard cybersecurity practices originating from its decentralized, immutable, and cryptographic nature.

The hashrate originates from the processing power of validator nodes that lend their computational power to validate and secure blockchain transactions.

There are four main types of blockchains:Public : Anyone can read and write (transact) on a public blockchain such as Bitcoin.

In evaluating blockchain risk levels, public blockchains typically present the lowest risk.

Proof-of-work is extensively used in cryptocurrency and is generally a secure method for validating blockchain transactions .

3 weeks, 2 days назад @ blogs.cisco.com
Balancing agility and predictability to achieve major engineering breakthroughs
Balancing agility and predictability to achieve major engineering breakthroughs Balancing agility and predictability to achieve major engineering breakthroughs

Let’s look at this from the lens of a customer-impacting factor that may make security operations less predictable: security incidents.

According to our latest Security Outcomes Report:According to our 2024 Cybersecurity Readiness Index, 54% of organizations said they have experienced a cybersecurity incident in the last 12 months.

The latest Security Outcomes Report shows preventing incidents and mitigating losses are the top priorities for security resilience overall.

Ensuring leadership is aligned with the organization’s approach to balancing agility and predictability.

In our goal to balance agility with predictability, we have implemented some specific aspects to processes that work be…

4 weeks назад @ blogs.cisco.com
Hiding in Plain Sight: How Subdomain Attacks Use Your Email Authentication Against You
Hiding in Plain Sight: How Subdomain Attacks Use Your Email Authentication Against You Hiding in Plain Sight: How Subdomain Attacks Use Your Email Authentication Against You

For years, analysts, security specialists, and security architects alike have been encouraging organizations to become DMARC compliant.

These attacks were initially reported by Guardio Labs who reported the discovery of 8,000 domains and 13,000 subdomains being used for these types of attacks since 2022.

In the customer’s instance of Red Sift OnDMARC, they noticed email was coming from a sender with a poor reputation and a subdomain that appeared unrelated to their customer’s main domain.

But these emails had fully passed SPF checks with the customer’s current SPF record.

If you’re a Cisco Secure Email customer, find out how you can quickly add Red Sift domain protection to your security su…

4 weeks, 1 day назад @ blogs.cisco.com
Introducing Cisco XDR Playbooks: Finding the balance in automating and guiding incident response
Introducing Cisco XDR Playbooks: Finding the balance in automating and guiding incident response Introducing Cisco XDR Playbooks: Finding the balance in automating and guiding incident response

In Cisco XDR, “Playbooks” are the strategic guides for robust incident response, designed to streamline the identify, contain, and eradicate processes for cyber threats.

The Playbook EditorWhen you open the Editor for the first time, only the Cisco Managed Incident Playbook is displayed and is designated as the “Default” Playbook.

If the Incident does not match any rules assigned to playbooks, the default playbook is assigned to the Incident.

Once a playbook is assigned to an Incident, the assignment Incident cannot be changed, even if the playbook is edited.

In this blog post, we have discussed the evolution and significance of Cisco XDR in standardizing the incident response process, enha…

1 month назад @ blogs.cisco.com
Cisco and Nvidia: Redefining Workload Security
Cisco and Nvidia: Redefining Workload Security Cisco and Nvidia: Redefining Workload Security

Cisco Secure Workload allows enterprise customers to proactively microsegment their applications in an infrastructure, location, and form factor agnostic manner.

With Cisco Secure Workload 3.9, we introduced the Nvidia Bluefield DPU integration which allows the offloading of Secure Workload Agent functionality from hosts to Nvidia Bluefield DPUs.

Under the hood, the control plane logic of the Cisco Secure Workload agent operates on the ARMv8+ CPUs.

Cisco Secure Workload – Nvidia DPU integration fosters a flexible deployment approach which reduces organizational barriers, greatly enhances practitioner experiences, and accelerates the time to value.

Cisco Secure Workload tackles the complexit…

1 month назад @ blogs.cisco.com
Cisco Secure Access named Leader in Zero Trust Network Access
Cisco Secure Access named Leader in Zero Trust Network Access Cisco Secure Access named Leader in Zero Trust Network Access

Zero Trust Network Access (ZTNA) is a critical component to increase productivity and reduce risk in today’s hyper-distributed environments.

Cisco Secure Access provides a modern form of zero trust access that utilizes a new architecture to deliver a unique level of security and user convenience.

We’re proud to announce that our innovative security service edge (SSE) solution, Cisco Secure Access, has been named an Overall Leader in the KuppingerCole Zero Trust Network Access (ZTNA) Leadership Compass.

Recognizing the shift towards distributed and hybrid work models, Cisco Secure Access is engineered to modernize cybersecurity strategies, enabling organizations to implement zero trust with …

1 month назад @ blogs.cisco.com
Sign up for a Tour at the RSA Conference 2024 SOC
Sign up for a Tour at the RSA Conference 2024 SOC Sign up for a Tour at the RSA Conference 2024 SOC

Join the guided tour outside the Security Operations Center, where we’ll discuss real time network traffic of the RSA Conference, as seen in the NetWitness platform.

Engineers will be using Cisco Security Cloud in the SOC, comprised of Cisco Breach Protection Suite, User Protection Suite, Cloud Protection Suite and Secure Firewall.

Please fill out the RSAC SOC Tour Request Form to request your spot.

Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!

Cisco Security Social ChannelsInstagramFacebookTwitterLinkedInShareShare:

1 month, 1 week назад @ blogs.cisco.com
Complexity drives more than security risk. Secure Access can help with that too.
Complexity drives more than security risk. Secure Access can help with that too. Complexity drives more than security risk. Secure Access can help with that too.

In response, organizations have adopted security service edge (SSE) solutions, such as Cisco Secure Access, to protect users regardless of where they are located or what they are accessing.

Experience insights is a core component of Secure Access, which means all its data and alerts are provided in the same management portal as the rest of Secure Access’ capabilities.

In addition, all Secure Access capabilities, including Experience Insights, rely on the Cisco Secure Client, a single agent on the end-user’s machine.

Experience insights is just one capability of an incredible solutionWhile experience insights is our latest announcement, Secure Access includes many capabilities, including a s…

1 month, 1 week назад @ blogs.cisco.com
Microsoft Security Microsoft Security
последний пост 18 часов назад
5 ways a CNAPP can strengthen your multicloud security environment
5 ways a CNAPP can strengthen your multicloud security environment 5 ways a CNAPP can strengthen your multicloud security environment

Insight #3: Effective cybersecurity takes a good partnerThe next wave of multicloud security with Microsoft Defender for Cloud Read moreKeeping user needs in mind, Microsoft has its own CNAPP solution—Microsoft Defender for Cloud.

Operationalizing Microsoft Defender for Cloud takes both integrating it into daily operations and satisfying your users’ needs by continuously evolving cloud security.

Strengthening the SOC even further is a new Microsoft Defender for Cloud integration with Microsoft Defender XDR.

The future holds significant promise for CNAPP, and Microsoft is leading in this effort with solutions like Microsoft Defender for Cloud.

Also, follow us on LinkedIn (Microsoft Security)…

18 часов назад @ microsoft.com
New Microsoft Incident Response guide helps simplify cyberthreat investigations
New Microsoft Incident Response guide helps simplify cyberthreat investigations New Microsoft Incident Response guide helps simplify cyberthreat investigations

To help like-minded defenders tackle this difficult task, Microsoft Incident Response experts have created a guide on using Windows Internals for forensic investigations.

Guidance for Incident Responders The new guide from the Microsoft Incident Response team helps simplify forensic investigations.

Understanding these artifacts will strengthen your ability to conduct Windows forensic analysis.

Shimcache’s forensic evolution : The Shimcache has long served as a source of forensic information, particularly as evidence of program execution.

Forensic insights with SRUM : SRUM’s tracking of application execution, network activity, and resource consumption is a boon for forensic analysts.

1 day, 18 hours назад @ microsoft.com
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials
Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials Analyzing Forest Blizzard’s custom post-compromise tool for exploiting CVE-2022-38028 to obtain credentials

Microsoft Threat Intelligence is publishing results of our longstanding investigation into activity by the Russian-based threat actor Forest Blizzard (STRONTIUM) using a custom tool to elevate privileges and steal credentials in compromised networks.

Forest Blizzard often uses publicly available exploits in addition to CVE-2022-38028, such as CVE-2023-23397.

In addition to patching, this blog details several steps users can take to defend themselves against attempts to exploit Print Spooler vulnerabilities.

Forest Blizzard primarily targets government, energy, transportation, and non-governmental organizations in the United States, Europe, and the Middle East.

To hear stories and insights f…

2 days, 18 hours назад @ microsoft.com
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters

Microsoft recently uncovered an attack that exploits new critical vulnerabilities in OpenMetadata to gain access to Kubernetes workloads and leverage them for cryptomining activity.

Attack flowFor initial access, the attackers likely identify and target Kubernetes workloads of OpenMetadata exposed to the internet.

Once they identify a vulnerable version of the application, the attackers exploit the mentioned vulnerabilities to gain code execution on the container running the vulnerable OpenMetadata image.

In this specific case, the attackers’ actions triggered Microsoft Defender for Containers alerts, identifying the malicious activity in the container.

Microsoft Defender Cloud Security Pos…

1 week назад @ microsoft.com
New Microsoft guidance for the DoD Zero Trust Strategy
New Microsoft guidance for the DoD Zero Trust Strategy New Microsoft guidance for the DoD Zero Trust Strategy

Today, we are excited to announce Zero Trust activity-level guidance for DoD Components and DIB partners implementing the DoD Zero Trust Strategy.

In this blog, we’ll review the DoD Zero Trust Strategy and discuss how our new guidance helps DoD Components and DIB partners implement Zero Trust.

We’ll cover the Microsoft Zero Trust platform and relevant features for meeting DoD’s Zero Trust requirements, and close with real-world DoD Zero Trust deployments.

Microsoft supports the DoD’s Zero Trust StrategyThe DoD released its formal Zero Trust Strategy in October 2022.1 The strategy is a security framework and mindset that set a path for achieving Zero Trust.

There are 152 Zero Trust activitie…

1 week, 1 day назад @ microsoft.com
​​Microsoft recognized as a Leader in the Forrester Wave™: Workforce Identity Platform, Q1 2024
​​Microsoft recognized as a Leader in the Forrester Wave™: Workforce Identity Platform, Q1 2024 ​​Microsoft recognized as a Leader in the Forrester Wave™: Workforce Identity Platform, Q1 2024

We’re thrilled to announce that Forrester has recognized Microsoft as a Leader in the Forrester Wave™: Workforce Identity Platforms, Q1 2024 report.

In The Forrester Wave™ report, Forrester recognized Microsoft Entra for its adaptive policy engine, well-integrated identity lifecycle management, and end-to-end approach to identity threat detection.

Bookmark the Microsoft Entra blog to keep up with our expert coverage on workforce identity matters.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Forrester Wave™: Workforce Identity Platforms, Q1 2024, Geoff Cairns, Merrit Maxim, Lok Sze Sung, Pater Harrison.

1 week, 2 days назад @ microsoft.com
How Microsoft discovers and mitigates evolving attacks against AI guardrails
How Microsoft discovers and mitigates evolving attacks against AI guardrails How Microsoft discovers and mitigates evolving attacks against AI guardrails

You can read more about Microsoft’s approach to securing generative AI with new tools we recently announced as available or coming soon to Microsoft Azure AI Studio for generative AI app developers.

While Crescendo attacks were a surprising discovery, it is important to note that these attacks did not directly pose a threat to the privacy of users otherwise interacting with the Crescendo-targeted AI system, or the security of the AI system, itself.

Microsoft Azure AI Content Safety is an example of this approach.

Microsoft Azure AI Content Safety is an example of this approach.

Microsoft’s own procedure is explained here: Microsoft AI Bounty.

1 week, 6 days назад @ microsoft.com
Explore Microsoft’s AI innovations at RSA Conference 2024
Explore Microsoft’s AI innovations at RSA Conference 2024 Explore Microsoft’s AI innovations at RSA Conference 2024

Join us a day early, on Sunday, May 5, 2024, at Microsoft Pre-Day to kick-off RSA Conference 2024, and hear directly from our Microsoft Security Business leaders, including Vasu Jakkal, Corporate Vice President, Microsoft Security Business, and Charlie Bell, Executive Vice President, Microsoft Security.

Plus, view live demos at a variety of Microsoft sessions happening throughout the conference in breakout rooms and at our booth #6044N.

They’ll reflect on the latest developments in cybersecurity, AI, and how the global community of cyber professionals can work together for a more secure future.

Check out one or all of our Microsoft Security sessions included in the RSA Conference agenda.

Vi…

2 weeks, 6 days назад @ microsoft.com
Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview
Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview

Today, I am excited to announce the public preview of our unified security operations platform.

Onboarding a Microsoft Sentinel workspace only takes a few minutes, and customers can continue to use their Microsoft Sentinel in Azure.

Unified security operations platform The new platform brings together the capabilities of XDR and SIEM.

Fortunately, the Microsoft Security Exposure Management solution, built right into the new unified platform experience, consolidates silos into a contextual and risk-based view.

If you’d like to join the public preview, view the prerequisites and how to connect your Microsoft Sentinel workplace.

3 weeks назад @ microsoft.com
Microsoft Priva announces new solutions to help modernize your privacy program
Microsoft Priva announces new solutions to help modernize your privacy program Microsoft Priva announces new solutions to help modernize your privacy program

Microsoft Priva Privacy AssessmentsBuild the foundation of your privacy posture with Microsoft Priva Privacy Assessments—a solution that automates the discovery, documentation, and evaluation of personal data use across your entire data estate.

Embed your custom privacy risk framework into each assessment to programmatically identify the factors contributing to privacy risk.

Microsoft Priva Privacy Risk ManagementMicrosoft Priva Privacy Risk Management is here to empower you to simplify the identification of unstructured personal data usage.

Key featuresEfficiently manage subject rights requests : Streamline the fulfillment of subject rights request tasks using configurable settings within …

3 weeks, 1 day назад @ microsoft.com
The foundation for responsible analytics with Microsoft Purview
The foundation for responsible analytics with Microsoft Purview The foundation for responsible analytics with Microsoft Purview

The future of compliance and data governance is here: Introducing Microsoft Purview Read moreIn 2022, we introduced Microsoft Purview, a comprehensive set of solutions that let you secure, govern, and ensure compliance across your data estate.

Confidently activate your data with modern data governanceWe are thrilled to introduce the new Microsoft Purview Data Governance experience.

This new reimagined software as a service (SaaS) solution offers sophisticated yet simple business-friendly interaction, integration across your multicloud data estate, and actionable insights that help data leaders to responsibly unlock business value within their data estate.

If you’re attending, don’t miss the…

4 weeks, 1 day назад @ microsoft.com
​​Frost & Sullivan names Microsoft a Leader in the Frost Radar™: Managed Detection and Response, 2024
​​Frost & Sullivan names Microsoft a Leader in the Frost Radar™: Managed Detection and Response, 2024 ​​Frost & Sullivan names Microsoft a Leader in the Frost Radar™: Managed Detection and Response, 2024

We are excited to share that Microsoft has been named a Leader by Frost & Sullivan in the Frost Radar™: Managed Detection and Response, 2024, leading in innovation and among the top two in growth.

Frost RadarTM for Managed Detection and Response 2024 showing Microsoft as a leader.

Learn moreTo learn more about our service, visit the Microsoft Defender Experts for XDR web page, read the Defender Experts for XDR docs page, and subscribe to our ongoing news at the Microsoft Security Experts blog home.

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

1Frost & Sullivan, Frost Radar™: Managed Detection and Response, 2024, Luc…

1 month назад @ microsoft.com
How Microsoft Incident Response and Microsoft Defender for Identity work together to detect and respond to cyberthreats
How Microsoft Incident Response and Microsoft Defender for Identity work together to detect and respond to cyberthreats How Microsoft Incident Response and Microsoft Defender for Identity work together to detect and respond to cyberthreats

Microsoft Incident Response Strengthen your security with an end-to-end portfolio of proactive and reactive cybersecurity incident response services.

In this incident, one click on a malicious link led a large customer to reach out to Microsoft Incident Response for help.

Then, by leveraging Microsoft Defender for Endpoint alongside Defender for Identity, Microsoft Incident Response was able to trace the threat actor’s movements and disrupt their attempts to use compromised accounts to reenter the environment.

Microsoft Incident Response works with the tools and teams available to support incident response—like Defender for Identity, Defender for Endpoint, and now Copilot for Security—to de…

1 month назад @ microsoft.com
Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season
Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season

At the end of January 2024, Microsoft Threat Intelligence observed a campaign using lures masquerading as tax-related documents provided by employers.

Tax season cybersecurity best practicesThe best defense against cybercriminals, both at tax season and throughout the year, is education and good cyber hygiene.

To learn more about the latest observed tax season phishing campaigns, social engineering fraud, and tips on how to stay ahead of these types of attacks during tax season and other holidays, read the Microsoft Threat Intelligence tax season report.

Microsoft Threat Intelligence Read the new tax season report to learn about the techniques that threat actors use to mislead taxpayers.

Al…

1 month назад @ microsoft.com
Microsoft Sentinel delivered 234% ROI, according to new Forrester study
Microsoft Sentinel delivered 234% ROI, according to new Forrester study Microsoft Sentinel delivered 234% ROI, according to new Forrester study

To evaluate the benefits of Microsoft Sentinel, Microsoft commissioned Forrester Consulting to conduct a Total Economic Impact™ (TEI) study.

It took us two months to set up Microsoft Sentinel and another two months to be at data-ingestion parity.

Microsoft Sentinel was one of the tools in our Microsoft tool bag that really kept us running as an organization.

Essentially one year of [legacy solution] costs are three years of Microsoft Sentinel costs.” —CISO, financial servicesInterviewees also shared that Microsoft Sentinel helped them decrease compliance costs.

Explore the Total Economic Impact™ Of Microsoft Sentinel Study for more analyst findings as well as to read the perspectives of Sen…

1 month назад @ microsoft.com
Google Online Security Blog Google Online Security Blog
последний пост 6 days, 18 hours назад
Prevent Generative AI Data Leaks with Chrome Enterprise DLP
Prevent Generative AI Data Leaks with Chrome Enterprise DLP Prevent Generative AI Data Leaks with Chrome Enterprise DLP

Generative AI has emerged as a powerful and popular tool to automate content creation and simple tasks.

In this blog post, we'll explore reporting and enforcement policies that enterprise security teams can implement within Chrome Enterprise Premium for data loss prevention (DLP).

Chrome Enterprise DLP rules give IT admins granular control over browser activities, such as entering financial information in Gen AI websites.

As enterprises work through their policies and processes involving GenAI, Chrome Enterprise Premium empowers them to strike the balance that works best.

Learn more about how Chrome Enterprise can secure businesses just like yours here.

6 days, 18 hours назад @ security.googleblog.com
How we built the new Find My Device network with user security and privacy in mind
How we built the new Find My Device network with user security and privacy in mind How we built the new Find My Device network with user security and privacy in mind

How location crowdsourcing works on the Find My Device networkThe Find My Device network locates devices by harnessing the Bluetooth proximity of surrounding Android devices.

Nearby Android devices participating in the Find My Device network report the location of the Bluetooth tag.

With end-to-end encrypted location data, Google cannot decrypt, see, or otherwise use the location data.

The Find My Device network is also compliant with the integration version of the joint industry standard for unwanted tracking.

We have an unwavering commitment to continue to improve user protections on Find My Device and prioritize user safety.

2 weeks, 2 days назад @ security.googleblog.com
Google Public DNS’s approach to fight against cache poisoning attacks
Google Public DNS’s approach to fight against cache poisoning attacks Google Public DNS’s approach to fight against cache poisoning attacks

In this post, we will look at DNS cache poisoning attacks and how Google Public DNS addresses the risks associated with them.

DNS Cache Poisoning AttacksDNS lookups in most applications are forwarded to a caching resolver (which could be local or an open resolver like.

For an excellent introduction to cache poisoning attacks, please see “An Illustrated Guide to the Kaminsky DNS Vulnerability”.

Cache poisoning mitigations in Google Public DNSImproving DNS security has been a goal of Google Public DNS since our launch in 2009.

To enhance DNS security, we recommend that DNS server operators support one or more of the security mechanisms described here.

3 weeks, 6 days назад @ security.googleblog.com
Address Sanitizer for Bare-metal Firmware
Address Sanitizer for Bare-metal Firmware Address Sanitizer for Bare-metal Firmware

Address Sanitizer (ASan) overviewAddress sanitizer is a compiler-based instrumentation tool used to identify invalid memory access operations during runtime.

The KASan runtime routines implemented in the Linux kernel serve as a great example of how to define a KASan runtime for targets which aren’t supported by default with -fsanitize=address .

Memory access checkThe routines __asan_loadXX_noabort , __asan_storeXX_noabort perform verification of memory access at runtime.

This routine takes as input a target memory address and sets the corresponding byte in shadow memory to the value of YY .

Essentially, we would need to instrument the memory allocator with the code which unpoisons KASan sha…

4 weeks, 1 day назад @ security.googleblog.com
Real-time, privacy-preserving URL protection
Real-time, privacy-preserving URL protection Real-time, privacy-preserving URL protection

That’s why we're excited to announce a new version of Safe Browsing that will provide real-time, privacy-preserving URL protection for people using the Standard protection mode of Safe Browsing in Chrome.

Introducing real-time, privacy-preserving Safe BrowsingHow it worksIn order to transition to real-time protection, checks now need to be performed against a list that is maintained on the Safe Browsing server.

With OHTTP, Safe Browsing does not see your IP address, and your Safe Browsing checks are mixed amongst those sent by other Chrome users.

Since the privacy server doesn’t know the private key, it cannot decrypt the hash prefixes, which offers privacy from the privacy server itself.

I…

1 month, 1 week назад @ security.googleblog.com
Vulnerability Reward Program: 2023 Year in Review
Vulnerability Reward Program: 2023 Year in Review Vulnerability Reward Program: 2023 Year in Review

To further our engagement with top security researchers, we also hosted our yearly security conference ESCAL8 in Tokyo.

Android and Google DevicesIn 2023, the Android VRP achieved significant milestones, reflecting our dedication to securing the Android ecosystem.

The Google Play Security Reward Program continued to foster security research across popular Android apps on Google Play.

All of this resulted in $2.1M in rewards to security researchers for 359 unique reports of Chrome Browser security bugs.

Thank you to the Chrome VRP security researcher community for your contributions and efforts to help us make Chrome more secure for everyone!

1 month, 1 week назад @ security.googleblog.com
Secure by Design: Google’s Perspective on Memory Safety
Secure by Design: Google’s Perspective on Memory Safety Secure by Design: Google’s Perspective on Memory Safety

The latest news and insights from Google on security and safety on the Internet

1 month, 3 weeks назад @ security.googleblog.com
Piloting new ways of protecting Android users from financial fraud
Piloting new ways of protecting Android users from financial fraud Piloting new ways of protecting Android users from financial fraud

Google Play, for example, carries out rigorous operational reviews to ensure app safety, including proper high-risk API use and permissions handling.

We recently launched enhanced Google Play Protect real-time scanning to help better protect users against novel malicious Internet-sideloaded apps.

This feature, now deployed on Android devices with Google Play Services in India, Thailand, Singapore and Brazil, has already made a significant impact on user safety.

To help better protect Android users from these financial fraud attacks, we are piloting enhanced fraud protection with Google Play Protect.

Our commitment to protecting Android usersWe believe industry collaboration is essential to …

2 months, 2 weeks назад @ security.googleblog.com
Improving Interoperability Between Rust and C++
Improving Interoperability Between Rust and C++ Improving Interoperability Between Rust and C++

At the time, Rust was already in wide use across Android and other Google products.

Our announcement emphasized our commitment to improving the security reviews of Rust code and its interoperability with C++ code.

Rust is one of the strongest tools we have to address memory safety security issues.

We’re also furthering our existing commitment to the open-source Rust community by aggregating and publishing audits for Rust crates that we use in open-source Google projects.

As these improvements have continued, we’ve seen a reduction in the barriers to adoption and accelerated adoption of Rust.

2 months, 2 weeks назад @ security.googleblog.com
UN Cybercrime Treaty Could Endanger Web Security
UN Cybercrime Treaty Could Endanger Web Security UN Cybercrime Treaty Could Endanger Web Security

Google takes the threat of cybercrime very seriously, and dedicates significant resources to combating it.

Such safeguards aren’t just important to ensuring free expression and human rights, they are also critical to protecting web security.

The Cybercrime Treaty should not criminalize the work of legitimate cybersecurity researchers and penetration testers, which is designed to protect individual systems and the web as a whole.

At the same time, Member States should avoid attempts to criminalize activities that raise significant freedom of expression issues, or that actually undercut the treaty’s goal of reducing cybercrime.

We urge Member States to heed calls from civil society groups to …

2 months, 3 weeks назад @ security.googleblog.com
Scaling security with AI: from detection to solution
Scaling security with AI:  from detection to solution Scaling security with AI: from detection to solution

The AI world moves fast, so we’ve been hard at work keeping security apace with recent advancements.

One of our approaches, in alignment with Google’s Safer AI Framework (SAIF), is using AI itself to automate and streamline routine and manual security tasks, including fixing security bugs.

Last year we wrote about our experiences using LLMs to expand vulnerability testing coverage, and we’re excited to share some updates.

We’ll also show you how we’re using AI to speed up the bug patching process.

If you’re interested in using LLMs to patch bugs, be sure to read our paper on building an AI-powered patching pipeline.

2 months, 3 weeks назад @ security.googleblog.com
Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager
Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager Effortlessly upgrade to Passkeys on Pixel phones with Google Password Manager

This is why the Pixel team has been especially excited about passkeys—the easier, safer alternative to passwords.

As part of last December’s Pixel Feature Drop, we introduced a new feature to Google Password Manager: passkey upgrades.

With this new feature, Google Password Manager will let you discover which of your accounts support passkeys, and help you upgrade with just a few taps.

This new passkey upgrade experience is now available on Pixel phones (starting from Pixel 5a) as well as Pixel Tablet.

Google Password manager will incorporate these updates for other platforms in the future.

2 months, 3 weeks назад @ security.googleblog.com
MiraclePtr: protecting users from use-after-free vulnerabilities on more platforms
MiraclePtr: protecting users from use-after-free vulnerabilities on more platforms MiraclePtr: protecting users from use-after-free vulnerabilities on more platforms

Welcome back to our latest update on MiraclePtr, our project to protect against use-after-free vulnerabilities in Google Chrome.

Our analysis is based on two primary information sources: incoming vulnerability reports and crash reports from user devices.

MiraclePtr effectively mitigated 57% of these use-after-free vulnerabilities in privileged processes, exceeding our initial estimate of 50%.

Impressively, five of the six were discovered while investigating MiraclePtr crash reports!

ConclusionIn summary, MiraclePtr has proven to be effective in mitigating use-after-free vulnerabilities and enhancing the overall security of the Chrome browser.

3 months, 2 weeks назад @ security.googleblog.com
Hardening cellular basebands in Android
Hardening cellular basebands in Android Hardening cellular basebands in Android

Beyond security, addressing the issues uncovered by these sanitizers improves code health and overall stability, reducing resources spent addressing bugs in the future.

Baseband security and exploitation has been a recurring theme in security conferences for the last decade.

For example, we consider vulnerabilities allowing Remote Code Execution (RCE) in the cellular baseband to be of CRITICAL severity.

Aside from uncovering security vulnerabilities, this stage is highly effective at uncovering code quality and stability bugs that could result in instability on user devices.

There is no need to rewrite everything in Rust, as Rust provides a strong C FFI support and easily interfaces with ex…

4 months, 2 weeks назад @ security.googleblog.com
Improving Text Classification Resilience and Efficiency with RETVec
Improving Text Classification Resilience and Efficiency with RETVec Improving Text Classification Resilience and Efficiency with RETVec

Systems such as Gmail, YouTube and Google Play rely on text classification models to identify harmful content including phishing attacks, inappropriate comments, and scams.

To help make text classifiers more robust and efficient, we’ve developed a novel, multilingual text vectorizer called RETVec (Resilient & Efficient Text Vectorizer) that helps models achieve state-of-the-art classification performance and drastically reduces computational cost.

RETVec-based Gmail Spam filter improvements.

RETVec is a novel open-source text vectorizer that allows you to build more resilient and efficient server-side and on-device text classifiers.

The Gmail spam filter uses it to help protect Gmail inboxe…

4 months, 3 weeks назад @ security.googleblog.com